PPLdump - Dump The Memory Of A PPL With A Userland Exploit

This tool implements a userland exploit that was initially discussed by James Forshaw a.k.a. @tiraniddo - in this blog post - for dumping the memory of any PPL as an administrator. I wrote two blog posts about this tool. The first part is about Protected Processes concepts while the second one...

Microsoft Windows - 'WSReset' UAC Protection Bypass (Registry)

Fileless UAC bypass WSReset.exe @404death base on : https://www.activecyber.us/activelabs/windows-uac-bypass EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47754.zip import sys, os from ctypes import import winreg CMD =...

Magnitude exploit kit switches to GandCrab ransomware

The GandCrab ransomware is reaching far and wide via malspam, social engineering schemes, and exploit kit campaigns. On April 16, we discovered that Magnitude EK, which had been loyal to its own Magniber ransomware, was now being leveraged to push out GandCrab, too. While Magnitude EK remains...