Lucene search
+L

29 matches found

Malwarebytes
Malwarebytes
added 2023/04/27 3:0 a.m.28 views

Fileless attacks: How attackers evade traditional AV and how to stop them

When you hear about malware, theres a good chance you think of sketchy executables or files with extensions like .DOCX or .PDF that, once opened, execute malicious code. These are examples of file-based attacks--and while they can be bad, theyre nothing compared to their fileless cousins. As the...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2022/03/23 12:0 a.m.6 views

ASUS RT-AC68U和ASUS RT-AC5300 安全漏洞

The ASUS RT-AC68U and ASUS RT-AC5300 are both routers from the Chinese company ASUS. A command injection vulnerability exists in the Asus RT-AC68U prior to version 3.0.0.4.385.20633 and RT-AC5300 prior to version 3.0.0.4.384.82072, which stems from a failure to properly validate data boundaries...

9.8CVSS6.1AI score0.01213EPSS
Exploits1References4
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/11/03 6:53 a.m.28 views

DCOM abuse and lateral movement with Cobalt Strike

Introduction When researching lateral movement techniques I came across a post from Raphael Mudge of Cobalt Strike fame. He details scripting an Aggressor Script for Matt Nelson’s MMC20.Application Lateral Movement technique. Reading that post spurred me to make my own DCOM based lateral movement...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/27 6:24 a.m.131 views

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used t...

9.8CVSS0.3AI score0.9198EPSS
Exploits3
The Hacker News
The Hacker News
added 2020/12/22 9:14 a.m.9 views

A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says

As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the...

5.8AI score
Exploits0
Kitploit
Kitploit
added 2020/08/07 12:30 p.m.26 views

Chalumeau - Automated, Extendable And Customizable Credential Dumping Tool

Chalumeau is automated,extendable and customizable credential dumping tool based on powershell and python. Main Features Write your own Payloads In-Memory execution Extract Password List Dashboard reporting / Web Interface Parsing Mimikatz Dumping Tickets Screenshots Known Issues Parsing Mimikatz...

7.3AI score
Exploits0References5
Carbon Black Blog
Carbon Black Blog
added 2020/07/29 1:52 p.m.40 views

Carbon Black EDR’s All-New Live Query Capability and Enhanced Fileless Visibility

VMware Carbon Black is excited to announce that VMware Carbon Black EDR formerly CB Response, recently named by Gartner as a 2020 Customers’ Choice for Endpoint Detection and Response solutions, now features enhanced insight into fileless activity via Microsoft’s AMSI and a brand new Live Query...

1.1AI score
Exploits0
GithubExploit
GithubExploit
added 2018/07/23 8:53 a.m.8 views

PoshC2

!PoshC2 Logohttps://raw.githubusercontent.com/nettitude/PoshC...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/17 12:0 a.m.45 views

Authenticated WMI Exec Via Powershell

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/powershell' require 'msf/core/post/windows/priv' require 'msf/core/exploit/powershell/dotnet' class MetasploitModule...

0.6AI score
Exploits0
Rows per page
Query Builder