Lucene search
+L

118 matches found

Kitploit
Kitploit
added 2025/04/21 12:30 p.m.51 views

Bytesrevealer - Online Reverse Enginerring Viewer

Bytes Revealer is a powerful reverse engineering and binary analysis tool designed for security researchers, forensic analysts, and developers. With features like hex view, visual representation, string extraction, entropy calculation, and file signature detection, it helps users uncover hidden...

7.1AI score
Exploits0References3
GoogleProjectZero
GoogleProjectZero
added 2024/12/19 12:0 a.m.45 views

The Windows Registry Adventure #5: The regf file format

Posted by Mateusz Jurczyk, Google Project Zero As previously mentioned in the second installment of the blog post series "A brief history of the feature", the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special,...

7.8CVSS8.1AI score0.24325EPSS
Exploits1
NVD
NVD
added 2024/10/01 5:15 p.m.34 views

CVE-2024-47608

Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2...

9.8CVSS0.00659EPSS
Exploits0References2
CVE
CVE
added 2024/10/01 5:1 p.m.56 views

CVE-2024-47608

CVE-2024-47608 applies to Logicytics, a data-harvesting/forensic-analysis tool. Connected sources confirm a shell/OS command injection vulnerability in versions prior to 2.3.2, with the root cause being shell injection points that could allow arbitrary command execution on compromised devices. Th...

9.8CVSS9.3AI score0.00659EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/10/01 12:0 a.m.7 views

Logicytics 操作系统命令注入漏洞

Logicytics is a tool from Shahm Najeeb's personal developer. Designed to carefully gather and collect large amounts of Windows system data for forensic analysis. Logicytics 2.3.1 and earlier versions suffer from an operating system command injection vulnerability that stems from the presence of a...

9.8CVSS7.5AI score0.00659EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2024/08/09 1:0 p.m.12 views

Key Takeaways From The Take Command Summit: Unlocking Security Success

As cybersecurity threats continue to evolve, so must our defenses. The recent Rapid7 Take Command Summit provided invaluable insights into preparing for, responding to, and recovering from ransomware attacks. Here are three essential takeaways from the session, "Before, During, & After Ransomware...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/01 2:25 p.m.18 views

Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds

A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet marke...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/17 10:22 a.m.41 views

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator. Kaspersky, which analyzed a set of iPhones that were...

6.3AI score
Exploits0
Talos Blog
Talos Blog
added 2023/10/17 4:0 p.m.17 views

Why logging is one of the most overlooked aspects of incident response, and how Cisco Talos IR can help

By Rami Altalhi and David Roman. Logs are fundamental to strengthening an organizations digital defenses. Many logs within an organization contain records related to computer security. These computer security logs are generated by many sources, including security software, workstations, servers,...

6.9AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/10/12 5:8 a.m.101 views

Using Velociraptor for large-scale endpoint visibility and rapid threat hunting

TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks 150k+ Deployments aren’t unheard of Boasts many features that your commercial EDR has, and a few more Flexible querying language that can adapt to new threats and encourages...

7.1AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/04/11 5:0 p.m.95 views

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer...

4.9CVSS7.1AI score0.05979EPSS
Exploits1
Microsoft Secure
Microsoft Secure
added 2023/04/11 5:0 p.m.83 views

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer...

4.9CVSS7.1AI score0.05979EPSS
Exploits1
Microsoft Secure
Microsoft Secure
added 2023/03/24 6:30 p.m.67 views

Guidance for investigating attacks using CVE-2023-23397

This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397. A successful exploit of this vulnerability can result in unauthorized access to an organization’s environment by triggering a Net-NTLMv2 hash leak...

9.6AI score0.97408EPSS
Exploits18
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/03/24 6:30 p.m.314 views

Guidance for investigating attacks using CVE-2023-23397

This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397. A successful exploit of this vulnerability can result in unauthorized access to an organization’s environment by triggering a Net-NTLMv2 hash leak...

9.6AI score0.97408EPSS
Exploits18
Packet Storm
Packet Storm
added 2023/03/16 12:0 a.m.405 views

Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure

Title: Microsoft SQL Server Password Hash Exposure Product: Database Manufacturer: Microsoft Affected Versions: 2012-2022 Risk Level: Medium CVE Reference: N/A Author of Advisory: Emad Al-Mousa Overview: SQL Server is a popular database system, and database systems are a vital backbone in IT...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/03/16 12:0 a.m.994 views

Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure Vulnerability

Microsoft SQL Server 2014, 2016, 2017, 2019, and 2022 appears to ignore audit rules for sys.sysxlgns allowing an attacker with administrative permissions to extract password hashes under the radar. Microsoft told the researcher they are not willing to fix it but acknowledge it as a security...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/10 2:2 p.m.81 views

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

1.9AI score
Exploits0
Kitploit
Kitploit
added 2022/11/05 11:30 a.m.25 views

Prefetch-Hash-Cracker - A Small Util To Brute-Force Prefetch Hashes

Motivation During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch file. While its content may not be recoverable, the filename itself is often enough to find the full path of the executable for which the prefetch file was created. Using the tool The followi...

7AI score
Exploits0References2
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/09/08 3:0 p.m.79 views

Microsoft investigates Iranian attacks against the Albanian government

Shortly after the destructive cyberattacks against the Albanian government in mid-July, the Microsoft Detection and Response Team DART was engaged by the Albanian government to lead an investigation into the attacks. At the time of the attacks and our engagement by the Albanian government,...

7.5CVSS1.2AI score0.99999EPSS
Exploits92
Malwarebytes
Malwarebytes
added 2022/08/09 12:0 p.m.21 views

Can your EDR handle a ransomware attack? 6-point checklist for an anti-ransomware EDR

Most cybersecurity experts agree that having Endpoint Detection and Response software is essential to fighting ransomware today--but not every EDR is equal. Businesses, especially small-to-medium sized ones with limited budget or IT resources, need to make sure that their EDR is cost-effective,...

7.2AI score
Exploits0
Rows per page
Query Builder