5 matches found
pocFlexiPwn
It is an offensive tool for web exploitation. The repository con...
Amazon Linux 2023 : python3-flask (ALAS2023-2023-183)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-183 advisory. Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy t...
Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI
A malicious Python package uploaded to the Python Package Index PyPI has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind...
LOLBITS v2.0.0 - C2 Framework That Uses Background Intelligent Transfer Service (BITS) As Communication Protocol And Direct Syscalls + Dinvoke For EDR User-Mode Hooking Evasion
LOLBITS is a C2 framework that uses Microsoft's Background Intelligent Transfer Service BITS to establish the communication channel between the compromised host and the backend. The C2 backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP...
LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol
LOLBITS is a C reverse shell that uses Microsoft's Background Intelligent Transfer Service BITS to communicate with the Command and Control backend. The Command and Control backend is hidden behind an apparently harmless flask web application and it's only accesible when the HTTP requests receive...