CVE-2020-14974

CVE-2020-14974 affects IOBit Unlocker 1.1.2 (driver). A low-privilege user can obtain a handle-leak unlock and terminate processes (even SYSTEM) holding a handle via IOCTL code 0x222124. Root cause is tied to the driver interface exposed by IOCTL 0x222124, enabling unlocking of files and terminat...

CVE-2020-14974

The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes even ones running as SYSTEM that hold a handle, via IOCTL code 0x222124...

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and anti-kill tools. The primary...

MITRE ATT&CK APT 29 evaluation proves Microsoft Threat Protection provides deeper end to end view of advanced threats

As attackers use more advanced techniques, it’s even more important that defenders have visibility not just into each of the domains in their environment, but also across them to piece together coordinated, targeted, and advanced attacks. This level of visibility will allow us to get ahead of...

Apple Safari Flaws Enable One-Click Webcam Access

A security researcher has disclosed vulnerabilities in Apple’s Safari browser that can be used to snoop on iPhones, iPads and Mac computers using their microphones and cameras. To exploit the flaws in a real-world attack, all an attacker would need to do is convince a victim to click one maliciou...

UPDATE: Octopus v1.0

Octopus v1.0 is now available. A brief mention about this tool can be found in my previous post titled List of Open Source C2 Post-Exploitation Frameworks. This is the first stable version of Octopus C2 which now supports Cobalt Strike deployment, auto kill functionality, command logging, bug fix...

Threat Analysis: CVE-2020-0796 – EternalDarkness (ghostSMB)

On March 10, 2020 analysis of a SMB vulnerability was inadvertently shared, under the assumption that Microsoft was releasing a patch for that vulnerability CVE-2020-0796. As of March 12, Microsoft has since released a patch for CVE-2020-0796, which is a vulnerability specifically affecting SMB3...

CVE-2019-17549

ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop kill ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack...

CVE-2019-15609

The kill-port-process package version 2.2.0 is vulnerable to a Command Injection vulnerability...

CVE-2019-15609

The kill-port-process package version 2.2.0 is vulnerable to a Command Injection vulnerability...

CVE-2019-15609

The kill-port-process package version 2.2.0 is vulnerable to a Command Injection vulnerability...

CVE-2019-15609

CVE-2019-15609 affects the Node.js module kill-port-process: any version

Evaluating Your Security Controls? Be Sure to Ask the Right Questions

Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to the threat landscape you face...

Rethinking cyber scenarios—learning (and training) as you defend

In two recent posts I discussed with Circadence the increasing importance of gamification for cybersecurity learning and how to get started as a practitioner while being supported by an enterprise learning officer or security team lead. In this third and final post in the series, Keenan and I...

DEBIAN-CVE-2011-3585

Multiple race conditions in the 1 mount.cifs and 2 umount.cifs programs in Samba 3.6 allow local users to cause a denial of service mounting outage via a SIGKILL signal during a time window when the /etc/mtab file exists...

tree-kill code injection vulnerability (CNVD-2020-03698)

tree-kill is a package for killing processes in the process tree. A code injection vulnerability exists in tree-kill Windows. The vulnerability arises from a network system or product that does not properly filter specific elements of externally input data during the construction of a code segmen...

tree-kill code injection vulnerability (CNVD-2019-46973)

tree-kill is a package for killing processes in the process tree. A code injection vulnerability exists in tree-kill Windows. The vulnerability arises from a network system or product that does not properly filter specific elements of externally input data during the construction of a code segmen...

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

Command injection

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...