17 matches found
EUVD-2018-0019
Malware in sbrugna...
PowerShell logging feature is available in Web Studio
This article describes the new feature "PowerShell logging" in Citrix DaaS Web Studio...
Z9 - PowerShell Script Analyzer
Abstract This tools detects the artifact of the PowerShell based malware from the eventlog of PowerShell logging. Online Demo Install git clone https://github.com/Sh1n0g1/z9 How to use usage: z9.py -h --output OUTPUT -s --no-viewer --utf8 input positional arguments: input Input file path options:...
July 12, 2022—KB5015827 (OS Build 20348.825)
July 12, 2022—KB5015827 OS Build 20348.825 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when ne...
July 12, 2022—KB5015808 (OS Build 14393.5246) - EXPIRED
July 12, 2022—KB5015808 OS Build 14393.5246 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 11/19/20 For...
GHSA-V735-2PP6-H86R Ansible Logs Passwords If PowerShell ScriptBlock is Enabled
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext passwor...
DetectionLabELK - A Fork From DetectionLab With ELK Stack Instead Of Splunk
DetectionLabELK is a fork from Chris Long's DetectionLab with ELK stack instead of Splunk. Description: DetectionLabELK is the perfect lab to use if you would like to build effective detection capabilities. It has been designed with defenders in mind. Its primary purpose is to allow blueteams to...
Xeca - PowerShell Payload Generator
xeca is a project that creates encrypted PowerShell payloads for offensive purposes. Creating position independent shellcode from DLL files is also possible. Install Firstly ensure that rust is installed, then build the project with the following command: cargo build How It Works 1. Identify and...
2019: Looking Back at Malware
In 2019, attacker behavior evolved, becoming more evasive. The most common behaviors seen across all attack data—mapped to the MITRE ATT&CK™ Framework—were: Software Packing for Defense Evasion, Hidden Windows for Defense Evasion, Standard Application Layer Protocol for Command and Control C2,...
ansible: become password logged in plaintext when used with PowerShell on Windows
Execution of Ansible content on Microsoft's Windows platform with Powershell 5 or higher may disclose sensitive execution details including 'become' passwords, Ansible module arguments, and return values via Powershell's 'suspicious scriptblock logging' feature, which is enabled by default. The...
ansible: become password logged in plaintext when used with PowerShell on Windows
Execution of Ansible content on Microsoft's Windows platform with Powershell 5 or higher may disclose sensitive execution details including 'become' passwords, Ansible module arguments, and return values via Powershell's 'suspicious scriptblock logging' feature, which is enabled by default. The...
CVE-2018-16859
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext passwor...
ALPINE-CVE-2018-16859
Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext passwor...
SharpSploit - A .NET Post-Exploitation Library Written In C#
SharpSploit is a .NET post-exploitation library written in C that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers. SharpSploit is named, in part, as a homage to the PowerSploit project, a personal favorite of mine! While SharpSploit does port...
Malicious PowerShell Detection via Machine Learning
Introduction Cyber security vendors and researchers have reported for years how PowerShell is being used by cyber threat actors to install backdoors, execute malicious code, and otherwise achieve their objectives within enterprises. Security is a cat-and-mouse game between adversaries, researcher...
Microsoft Windows: PowerShell Script Block Logging
This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. If you enable this policy setting, Windows PowerShell will log the processing of commands, script blocks, functions, and scripts - whether invoked interactively, or throug...
Intrusion Detection Avoidance Payload Generator: NPS_Payload
This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources. Written by Larry Spohn @Spoonman1091 Payload written by Ben Mauch @Ben0xA aka dirtyben. This tool provides a way to generate a PowerShell payloa...