21 matches found
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: drm/nouveau: fixed a use-after-free in nouveaugemprimeimportsgtable nouveauboinit is backed by ttmboinit and passes its return code to the caller. In case of failures, ttm will call nouveaubodelttm and free the memory. Thus,...
H2O 安全漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O 3.46.08 and earlier versions, which stems from an incorrect manipulation of the parameter connectionurl in the file /99/ImportSQLTable in the H2 JDBC Driver...
H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...
PT-2022-35559 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: A use-after-free issue exists in the nouveau gem prime import sg table function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...
Process-Dump - Windows Tool For Dumping Malware PE Files From Memory Back To Disk For Analysis
Process Dump is a Windows reverse-engineering command-line tool to dump malware memory components back to disk for analysis. Often malware files are packed and obfuscated before they are executed in order to avoid AV scanners, however when these files are executed they will often unpack or inject...
DLLHSC - DLL Hijack SCanner A Tool To Assist With The Discovery Of Suitable Candidates For DLL Hijacking
DLL Hijack SCanner - A tool to generate leads and automate the discovery of candidates for DLL Search Order Hijacking Contents of this repository This repository hosts the Visual Studio project file for the tool DLLHSC, the project file for the API hooking functionality detour, the project file f...
PE-Packer - A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly
PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry...
Windows Inject Reflective PE Files, Windows x64 Reverse TCP Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Reverse TCP Stager (DNS)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Bind IPv6 TCP Stager (Windows x86)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Find Tag Ordinal Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Reverse All-Port TCP Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool
We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from...
10-Strike Bandwidth Monitor 3.9 Buffer Overflow Exploit
10-Strike Bandwidth Monitor version 3.9 ROP VirtualAlloc buffer overflow exploit with SEH, DEP, and ASLR. Exploit Title: 10-Strike Bandwidth Monitor 3.9 - ROP VirtualAlloc - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/...
10-Strike Bandwidth Monitor 3.9 Buffer Overflow
Exploit Title: 10-Strike Bandwidth Monitor 3.9 - ROP VirtualAlloc - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pr...
WordPress pricing-table-by-supsystic insecure permissions vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security issue exists in WordPress pricing-table-by-supsystic prior to version 1.8.2, which stems from the...
Windows/x64 - Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode 232 bytes
Shellcode Title: Windows\x64 Dynamic MessageBoxA or MessageBoxW PEB & Import Table Method Shellcode 232 bytes Shellcode Author: Bobby Cooke Date: March 2020-03-17 Tested On: Windows 10 Pro 1909 x86: HelpPane.exe, notepad.exe, certutil.exe Windows 10 Pro 1909 x8664: mmc.exe, xwizard.exe ! Will onl...
Robber - Tool For Finding Executables Prone To DLL Hijacking
Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies. What is DLL hijacking ?! Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path triggering this search...
Microsoft Research Detours Package
Detours is a software package for monitoring and instrumenting API calls on Windows. Detours has been used by many ISVs and is also used by product teams at Microsoft. Detours is now available under a standard open source license MIT. This simplifies licensing for programmers using Detours and...