Lucene search
K

14 matches found

Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.6 views

PT-2025-44224

Name of the Vulnerable Software and Affected Versions Supermicro BMC firmware on Supermicro MBD-X12STW-F affected versions not specified Description An issue exists in the firmware validation logic of Supermicro BMC firmware. An attacker can potentially update the system firmware using a speciall...

7.2CVSS5.4AI score0.00277EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2025/04/17 3:22 p.m.34 views

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. Thi...

9.1CVSS9.5AI score0.99999EPSS
Exploits23
Kitploit
Kitploit
added 2024/01/21 11:30 a.m.36 views

DllNotificationInjection - A POC Of A New "Threadless" Process Injection Technique That Works By Utilizing The Concept Of DLL Notification Callbacks In Local And Remote Processes

DllNotificationInection is a POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes. An accompanying blog post with more details is available here: https://shorsec.io/blog/dll-notification-injection/ Ho...

7.8AI score
Exploits0References6
hivepro
hivepro
added 2024/01/08 6:50 a.m.21 views

Decoding UAC-0050’s Cyber Espionage Playbook

Summary: UAC-0050, a threat actor focused on Ukraine, is using new tactics to spread the Remcos RAT. In their latest move, UAC-0050 shows advanced adaptability by cleverly avoiding detection through a hidden data transfer method and outsmarting EDR systems. Threat Level - Amber | Attack Report Fo...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2023/08/14 12:30 p.m.109 views

Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities

While DLL sideloading can be used for legitimate purposes, such as loading necessary libraries for a program to function, it can also be used for malicious purposes. Attackers can use DLL sideloading to execute arbitrary code on a target system, often by exploiting vulnerabilities in legitimate...

8.1AI score
Exploits0References4
Kitploit
Kitploit
added 2023/06/15 12:30 p.m.21 views

Killer - Is A Tool Created To Evade AVs And EDRs Or Security Tools

It's a AV/EDR Evasion tool created to bypass security tools for learning, until now the tool is FUD. Features: Module Stomping for Memory scanning evasion DLL Unhooking by fresh ntdll copy IAT Hiding and Obfuscation & API Unhooking ETW Patchnig for bypassing some security controls Included sandbo...

7.6AI score
Exploits0References3
Kitploit
Kitploit
added 2023/05/23 12:30 p.m.193 views

Acheron - Indirect Syscalls For AV/EDR Evasion In Go Assembly

Acheron is a library inspired by SysWhisper3/FreshyCalls/RecycledGate, with most of the functionality implemented in Go assembly. acheron package can be used to add indirect syscall capabilities to your Golang tradecraft, to bypass AV/EDRs that makes use of usermode hooks and instrumentation...

7.5AI score
Exploits0References13
Kitploit
Kitploit
added 2022/12/13 11:30 a.m.81 views

Codecepticon - .NET Application That Allows You To Obfuscate C#, VBA/VB6 (Macros), And PowerShell Source Code

Codecepticon is a .NET application that allows you to obfuscate C, VBA/VB6 macros, and PowerShell source code, and is developed for offensive security engagements such as Red/Purple Teams. What separates Codecepticon from other obfuscators is that it targets the source code rather than the compil...

7.2AI score
Exploits0References17
The Hacker News
The Hacker News
added 2022/11/03 5:40 p.m.54 views

Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers

A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 aka Carbanak group. This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups,...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2022/06/25 12:30 p.m.178 views

Nim-Loader - WIP Shellcode Loader In Nim With EDR Evasion Techniques

a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common EDR/AV evasion techniques. This is a mess and is forresearch purposes only! Please don't expect it to compile and run without your own modifications...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2020/09/02 12:30 p.m.56 views

LOLBITS v2.0.0 - C2 Framework That Uses Background Intelligent Transfer Service (BITS) As Communication Protocol And Direct Syscalls + Dinvoke For EDR User-Mode Hooking Evasion

LOLBITS is a C2 framework that uses Microsoft's Background Intelligent Transfer Service BITS to establish the communication channel between the compromised host and the backend. The C2 backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP...

7.8AI score
Exploits0References7
Kitploit
Kitploit
added 2020/08/31 9:30 p.m.74 views

DVS - D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife

Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs? Let's assume that we have a valid credentials, or an active session with access to a remote machine, but we are without an option for executing a process remotely in a...

7.9AI score
Exploits0References2
Kitploit
Kitploit
added 2020/07/06 1:0 p.m.39 views

Faxhell - A Bind Shell Using The Fax Service And A DLL Hijack

A Proof-of-Concept bind shell using the Fax service and a DLL hijack based on Ualapi.dll. See our writeup at: https://windows-internals.com/faxing-your-way-to-system/ How to use Build Ualapi.dll and place in c:\windows\system32 Start the Fax service, which will load the DLL and call the export...

7.1AI score
Exploits0References1
Kitploit
Kitploit
added 2020/01/03 8:30 p.m.428 views

SysWhispers - AV/EDR Evasion Via Direct System Calls

SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are supported from Windows XP to 10. Example generated files available in example-output/. Introduction Various security products place hooks in user-mode APIs which allow...

7.5AI score
Exploits0References5
Rows per page
Query Builder