100 matches found
Design/Logic Flaw
Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's...
RdpThief - Extracting Clear Text Passwords From Mstsc.Exe Using API Hooking
RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials and save them to a file. An aggressor script accompanies it, which is responsible for managing the state, monitoring for new processes and injecting the...
DOUBLEPULSAR (x64) - Hooking srv!SrvTransactionNotImplemented in srv!SrvTransaction2DispatchTable
DOUBLEPULSAR x64 - Hooking srv!SrvTransactionNotImplemented in srv!SrvTransaction2DispatchTable EDB Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47685.zip...
DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable'
EDB Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47685.zip...
Safer Restriction Bypass
Ghostscript is vulnerable to safer restriction bypass. The attack is possible due to a flaw of exposing .forceput in setsystemparams when hooking errors...
The Twists and Turns on the Road to Binee
On August 10, we introduced Binee—a binary emulation environment—to the world at DEFCON and, in an earlier blog, we shared a little bit of how and why we created this tool. Today, Binee is a tool that malware researchers can use as part of their reverse engineering processes. It’s an open-sourced...
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits include include / EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47176.zip / / PREPROCESSOR DEFINITIONS / define MNSELECTITEM 0x1E5 define MNSELECTFIRSTVALIDITEM 0x1E7 define...
AndroidSecNotes
It is an offensive tool for Android. The repository contains learning notes about Android Security, specifically about the Android Runtime ART and its debugging tools. The notes cover the format of Dex files, the ART runtime, and the Hook framework. The notes mention the use of the "oatdump" tool...
VMware Workstation DLL Hijacking
--------------------------------------------------------- Title: VMware Workstation DLL hijacking DLLIMPORT void SHGetFolderPathW MessageBox0, "s1kr10s", "VMWare-Poc", MBICONINFORMATION; exit0; -------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0007.html...
Design/Logic Flaw
DISPUTED CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their...
UBUNTU-CVE-2018-20200
DISPUTED CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their...
IDArling - Collaborative Reverse Engineering Plugin For IDA Pro & Hex-Rays
IDArling is a collaborative reverse engineering plugin for IDA Pro and Hex-Rays. It allows to synchronize in real-time the changes made to a database by multiple users, by connecting together different instances of IDA Pro. The main features of IDArling are: hooking general user events structure...
Design/Logic Flaw
A vulnerability in Trend Micro Maximum Security's Consumer 2018 versions 12.0.1191 and below User-Mode Hooking UMH driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes...
CVE-2018-3608
A vulnerability in Trend Micro Maximum Security's Consumer 2018 versions 12.0.1191 and below User-Mode Hooking UMH driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes...
CVE-2018-3608
A vulnerability in Trend Micro Maximum Security's Consumer 2018 versions 12.0.1191 and below User-Mode Hooking UMH driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes...
CVE-2018-3608
A vulnerability in Trend Micro Maximum Security's Consumer 2018 versions 12.0.1191 and below User-Mode Hooking UMH driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes...
CVE-2018-3608
CVE-2018-3608 affects Trend Micro Maximum Security (Consumer) for 2018, specifically affected versions 12.0.1191 and below. The vulnerability resides in the User-Mode Hooking (UMH) driver and could allow a crafted network packet to cause code to be injected into other processes on a vulnerable sy...
Trend Micro Maximum Security Multiple Vulnerabilities (May 2018) - Windows
Trend Micro Maximum Security is prone to multiple vulnerabilities. This VT has been deprecated and split into multiple VTs based on vendor advisories: - Trend Micro Maximum Security 12.0 Build 1226 Multiple Vulnerabilities tmka-20066 OID: 1.3.6.1.4.1.25623.1.0.118643 - Trend Micro Maximum Securit...
AXIS Communications - Cross-Site Scripting / Content Injection(CVE-2015-8258)
Technical Details The variable "imagePath=" that is prone to XSS in a large range of products also can be used to resource injection intents. If inserted a URL in this variable will be made an GET request to this URL, so this an interesting point to request malicious codes from the attacker...
New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection
Researchers have identified what they are calling an Early Bird code injection technique used by the Iranian group APT33 to burrow the TurnedUp malware inside infected systems while evading anti-malware tools. The Early Bird code injection technique, highlighted in a Wednesday report by Cyberbit,...