EUVD-2018-12467

Malware in sbrugna...

EUVD-2015-1888

Malware in sbrugna...

EUVD-2016-4967

Malware in sbrugna...

EUVD-2019-19004

Malware in sbrugna...

LightsOut - Generate An Obfuscated DLL That Will Disable AMSI And ETW

LightsOut will generate an obfuscated DLL that will disable AMSI & ETW while trying to evade AV. This is done by randomizing all WinAPI functions used, xor encoding strings, and utilizing basic sandbox checks. Mingw-w64 is used to compile the obfuscated C code into a DLL that can be loaded into a...

ModuleShifting - Stealthier Variation Of Module Stomping And Module Overloading Injection Techniques That Reduces Memory IoCs

ModuleShifting is stealthier variation of Module Stomping and Module overloading injection technique. It is actually implemented in Python ctypes so that it can be executed fully in memory via a Python interpreter and Pyramid, thus avoiding the usage of compiled loaders. The technique can be used...

TFTP Fetch, Windows x64 LoadLibrary Path

Fetch and execute an x64 payload from a TFTP server. Load an arbitrary x64 library path Module Options msf use payload/cmd/windows/tftp/x64/loadlibrary msf payloadloadlibrary show actions ...actions... msf payloadloadlibrary set ACTION msf payloadloadlibrary show options ...show and set options...

HTTP Fetch, Windows x64 LoadLibrary Path

Fetch and execute an x64 payload from an HTTP server. Load an arbitrary x64 library path Module Options msf use payload/cmd/windows/http/x64/loadlibrary msf payloadloadlibrary show actions ...actions... msf payloadloadlibrary set ACTION msf payloadloadlibrary show options ...show and set options...

GO-2022-0220 DLL injection on Windows in runtime and syscall

Go on Windows misused certain LoadLibrary functionality, leading to DLL injection...

GHSA-F478-XWV9-P93Q Duplicate Advisory: Kerberos for NodeJS allows DLL Injection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m2mx-rfpw-jghv. This link is maintained to preserve external references. Original Description The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection ...

Duplicate Advisory: Kerberos for NodeJS allows DLL Injection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m2mx-rfpw-jghv. This link is maintained to preserve external references. Original Description The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection ...

Powershell Exec, Windows x64 LoadLibrary Path

Execute an x64 payload from a command via PowerShell. Load an arbitrary x64 library path Module Options msf use payload/cmd/windows/powershell/x64/loadlibrary msf payloadloadlibrary show actions ...actions... msf payloadloadlibrary set ACTION msf payloadloadlibrary show options ...show and set...

Security advisory: QLockFile, QAuthenticator, Windows platform plugin

Recently, the Qt Project's security team was made aware of an issue regarding Qt's usage of LoadLibrary in a few locations and determined it to be a security issue on Windows only. Specifically, the problem is connected to when LoadLibrary is used to load a system library, such as opengl.dll as...

PT-2022-6843

Name of the Vulnerable Software and Affected Versions Qt versions 5.15.8 and earlier Qt versions 6.x through 6.2.3 Description The issue is related to the LoadLibrary function in the Qt cross-platform framework, which can be exploited to bypass directory restrictions. This could allow a remote...

GO-2021-0163 Privilege escalation on Windows via malicious DLL in syscall

Untrusted search path vulnerability on Windows related to LoadLibrary allows local users to gain privileges via a malicious DLL in the current working directory...

Jektor - A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses

This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victim system Dynamically resolves API functions to evade IAT inclusion Includes usage of undocumented NT Windows API functions Supports local shellcode execution via...

aDLL - Adventure of Dinamic Link Library

aDLL is abinary analysis tool focused on the automatic discovery of DLL Hijacking vulnerabilities. The tool analyzes the image of the binary loaded in memory to search for DLLs loaded at load-time and makes use of the Microsoft Detours library to intercept calls to the LoadLibrary/LoadLibraryEx...

GHSA-V726-3VG9-CP34 Missing Authorization in FastReport

An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...

Missing Authorization in FastReport

An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle for example GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress...

VMware ThinApp DLL Hijacking

A few months ago I disclosed IBMR Db2R Windows client DLL Hijacking Vulnerability0day I found: https://seclists.org/fulldisclosure/2021/Feb/73 In that post I mentioned the vulnerability did not get fully patched. After I told IBM on hackerone that I disclosed it, hackerone asked me to delete the...