PT-2025-31932 · Emsisoft · Emsisoft Anti-Malware

Name of the Vulnerable Software and Affected Versions: Emsisoft Anti-Malware versions prior to 2024.12 Description: A vulnerability in the scanning module of Emsisoft Anti-Malware allows attackers on a remote server to obtain Net-NTLMv2 hash information by using a specially crafted A2S Emsisoft...

CVE-2025-29745

A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S Emsisoft Custom Scan extension file...

Emsisoft Anti-Malware Net-NTLMv2 Hash Information Disclosure

A vulnerability affecting the scanning module in Emsisoft Anti-Malware versions prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S Emsisoft Custom Scan extension file. Title: Emsisoft Anti-Malware 2024.12 - ".A2S" Net-NTLMv2 Hash...

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called...

Exploit for Improper Input Validation in Microsoft

PoC exploit for CVE-2023-23397, a vulnerability in the Apache HT...

Guidance for investigating attacks using CVE-2023-23397

This guide provides steps organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2023-23397. A successful exploit of this vulnerability can result in unauthorized access to an organization’s environment by triggering a Net-NTLMv2 hash leak...

Two Vulnerabilities discovered in AWS Client VPN

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Two flaws have been discovered in the AWS VPN Client. One of them CVE-2022-25166 was discovered due to a time-of-check to time-of-use TOCTOU condition, which could lead to privilege escalation. Another vulnerability...

Amazon AWS VPN Client has an unspecified vulnerability

Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com, Inc. A security vulnerability exists in Amazon AWS VPN Client for Windows version 2.0.0, which stems from the disclosure of a user's Net-NTLMv2 hash when importing VPN configuration files. information, an attacke...

Amazon AWS VPN Client Information Disclosure Vulnerability

Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com. Amazon AWS VPN Client for Windows version 2.0.0 is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to disclose a user's Net-NTLMv2 hash to an external server...

CVE-2020-15931

Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator that is configured within the product in its installation state by generating a single Kerberos Pre-Authentication Failed ID 4771 event on a...

Authentication flaw

Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator that is configured within the product in its installation state by generating a single Kerberos Pre-Authentication Failed ID 4771 event on a...

CVE-2020-15931

Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator that is configured within the product in its installation state by generating a single Kerberos Pre-Authentication Failed ID 4771 event on a...

Microsoft Windows Net-NTLMv2 Reflection DCOM/RPC Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC Juicy', 'Description' = %q This module utilizes the...

Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC', 'Description' = %q Module utilizes the Net-NTLMv2...

Windows Net-NTLMv2 Reflection DCOM/RPC Exploit

This Metasploit module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. Currently the module does not spawn as SYSTEM, however once achieving a shell, one can easily use incognito to impersonate the token. This module requires Metasploit:...

Windows Net-NTLMv2 Reflection DCOM/RPC

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC', 'Description' = %q Module utilizes the Net-NTLMv2...

Windows Net-NTLMv2 Reflection DCOM/RPC

Module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. Currently the module does not spawn as SYSTEM, however once achieving a shell, one can easily use incognito to impersonate the token. This module requires Metasploit:...