DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEADVAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan RAT known as AsyncRAT. "The attack...

R77-Rootkit - Fileless Ring 3 Rootkit With Installer And Persistence That Hides Processes, Files, Network Connections, Etc...

Ring 3 rootkit r77 is a ring 3 Rootkit that hides following entities from all processes: Files, directories, junctions, named pipes, scheduled tasks Processes CPU usage Registry keys & values Services TCP & UDP connections It is compatible with Windows 7 and Windows 10 in both x64 and x86 edition...

PowerShell: In-Memory Injection Using CertUtil.exe

Have you ever heard the old saying," The only constant in life is change?" Nothing is truer in the world of penetration testing and information security than the certainty of change. New defenses are always emerging, and the guys and gals in the red team game are always having to evolve our effor...

Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' class MetasploitModule 'Windows Escalate UAC Protection Bypass In Memory Injection abusing WinSXS', 'Description' = %q This module will...

Windows Escalate UAC Protection Bypass (In Memory Injection)

This module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off. This module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binari...