FBI: Spike in Hacked Police Emails, Fake Subpoenas

The Federal Bureau of Investigation FBI is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to...

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions EDRs and thwart detection in what's called a Bring Your Own Vulnerable Driver BYOVD attack. Elastic Security Labs is tracking the campaign under the name...

LOLSpoof - An Interactive Shell To Spoof Some LOLBins Command Line

LOLSpoof is a an interactive shell program that automatically spoof the command line arguments of the spawned process. Just call your incriminate-looking command line LOLBin e.g. powershell -w hidden -enc ZwBlAHQALQBwAHIAbwBjAGUA.... and LOLSpoof will ensure that the process creation telemetry...

Hades - Go Shellcode Loader That Combines Multiple Evasion Techniques

Hades is a proof of concept loader that combines several evasion technques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRs. Usage The easiest way, is probably building the project on Linux using make. git clone https://github.com/f1zm0/hades && cd hades make The...

Pyramid - A Tool To Help Operate In EDRs' Blind Spots

What is it Pyramid is a set of Python scripts and module dependencies that can be used to evade EDRs. The main purpose of the tool is to perform offensive tasks by leveraging some Python evasion properties and looking as a legit Python application usage. This can be achieved because: 1. the Pytho...

Fighting Fake EDRs With ‘Credit Ratings’ for Police

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests EDRs from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. But do...

EDRHunt - Scan Installed EDRs And AVs On Windows

EDRHunt scans Windows services, drivers, processes, registry for installed EDRs Endpoint Detection And Response. Read more about EDRHunt here. Install Binary Download the latest release from the release section. Releases are built for windows/amd64. Go Requires Go to be installed on system. Teste...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

vuln4japi A vulnerable Java based REST API for demonstrating C...

ThreadStackSpoofer - PoC For An Advanced In-Memory Evasion Technique Allowing To Better Hide Injected Shellcode'S Memory Allocation From Scanners And Analysts

A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based memory examination rules and better hide shellcodes while in-process memory. Intro This is an example implementation for Thread Stack Spoofing technique...

SigFlip - A Tool For Patching Authenticode Signed PE Files (Exe, Dll, Sys ..Etc) Without Invalidating Or Breaking The Existing Signature

SigFlip is a tool for patching authenticode signed PE files exe, dll, sys ..etc in a way that doesn't affect or break the existing authenticode signature, in other words you can change PE file checksum/hash by embedding data i.e shellcode without breaking the file signature, integrity checks or P...

UnhookMe - An Universal Windows API Resolver And Unhooker Addressing Problem Of Invoking Unmonitored System Calls From Within Of Your Red Teams Malware

In the era of intrusive AVs and EDRs that introduce hot-patches to the running processes for their enhanced optics requirements, modern adversaries must have a robust tool to slide through these watchguards. The propsed implementation of dynamic imports resolver that would be capable of unhooking...

SharpEDRChecker - Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Metadata, All For The Presence Of Known Defensive Products Such As AV's, EDR's And Logging Tools

New and improved C Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for...

Chalumeau - Automated, Extendable And Customizable Credential Dumping Tool

Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Screenshots Known Issues Parsing Mimikatz...

Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function an...