10 matches found
Memhunter - Live Hunting Of Code Injection Techniques
Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, improving the threat hunter analysis process and remediation times. The tool detects and reports memory-resident malware living on endpoint processes. Memhunter detects known malicious memory injection...
Sojobo - A Binary Analysis Framework
Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don't need to install or compile any other external libraries the project is self contained. With Sojobo you can: Emulate a 32 bit PE binary...
MIG - Distributed And Real Time Digital Forensics At The Speed Of The Cloud
MIG is Mozilla's platform for investigative surgery of remote endpoints. Quick Start w/ Docker You can spin up a local-only MIG setup using docker. The container is not suitable for production use but lets you experiment with MIG quickly, providing a single container environment that has most of...
Authentication flaw
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN...
CVE-2019-1573
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow a local authenticated attacker who has compromised the end-user account and gained the ability to inspect memory, to access authentication and/or session tokens and replay them to spoof the VPN...
Heap overflow
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 in 4.0.x and prior to 4.1.6.1 in 4.1.x, contains an Improper Clearing of Heap Memory Before Release 'Heap Inspection' vulnerability. Decoded PKCS 12 data in heap memory is not zeroized by MES before releasing the memory internally and a...
Apple macOS Sierra 10.12.1 - 'physmem' Local Privilege Escalation
physmem physmem is a physical memory inspection tool and local privilege escalation targeting macOS up through 10.12.1. It exploits either CVE-2016-1825 or CVE-2016-7617 depending on the deployment target. These two vulnerabilities are nearly identical, and exploitation can be done exactly the...
Mimikittenz - Post-Exploitation Powershell Tool for Extracting Juicy info from Memory
mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory in order to extract plain-text passwords from various target processes. mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but no...
Modular visual interface for GDB: GDB dashboard
Modular visual interface for GDB in Python This comes as a standalone single-file .gdbinit which, among the other things, enables a configurable dashboard showing the most relevant information during the program execution. Its main goal is to reduce the number of GDB commands issued to inspect th...
Oracle TNS Listener DoS and/or remote memory inspection
NGSSoftware Insight Security Research Advisory Name: Oracle TNS Listener DoS and/or remote memory inspection Systems Affected: Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9 Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 22nd June 2006...