Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution RCE through Outlook Web Access OWA. "The new exploit method bypasses...

CheeseTools - Self-developed Tools For Lateral Movement/Code Execution

This repository has been made basing onto the already existing MiscTool, so big shout-out to rasta-mouse for releasing them and for giving me the right motivation to work on them. CheeseExec Command Exec / Lateral movement via PsExec-like functionality. Must be running in the context of a...

January 8, 2019—KB4480975 (Monthly Rollup)

January 8, 2019—KB4480975 Monthly Rollup Improvements and fixes This security update addresses the following issues: Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass CVE-2018-3639 for AMD-based computers. The...

January 8, 2019—KB4480962 (OS Build 10240.18094)

January 8, 2019—KB4480962 OS Build 10240.18094 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that affects PowerShell remoting loop back using non-administrator account...

January 8, 2019—KB4480116 (OS Build 17763.253)

January 8, 2019—KB4480116 OS Build 17763.253 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that affects PowerShell remoting loop back using non-administrator accounts...

January 8, 2019—KB4480963 (Monthly Rollup)

January 8, 2019—KB4480963 Monthly Rollup Improvements and fixes This security update addresses the following issues: Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass CVE-2018-3639 for AMD-based computers. The...

January 8, 2019—KB4480957 (Security-only update)

January 8, 2019—KB4480957 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against an additional subclass of speculative execution...

January 8, 2019—KB4480972 (Security-only update)

January 8, 2019—KB4480972 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against an additional subclass of speculative execution...

January 8, 2019—KB4480970 (Monthly Rollup)

January 8, 2019—KB4480970 Monthly Rollup Improvements and fixes This security update addresses the following issues: Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass CVE-2018-3639 for AMD-based computers. The...

January 8, 2019—KB4480964 (Security-only update)

January 8, 2019—KB4480964 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against an additional subclass of speculative execution...

January 8, 2019—KB4480960 (Security-only update)

January 8, 2019—KB4480960 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against an additional subclass of speculative execution...

January 8, 2019—KB4480968 (Monthly Rollup)

January 8, 2019—KB4480968 Monthly Rollup Improvements and fixes This security update addresses the following issues: Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass CVE-2018-3639 for AMD-based computers. The...

January 8, 2019—KB4480973 (OS Build 15063.1563)

January 8, 2019—KB4480973 OS Build 15063.1563 Windows 10, version 1703, reached end of service on October 8, 2018 . Devices running Windows 10 Home, Pro, Pro for Workstation, and IoT Core editions will no longer receive monthly security and quality updates that contain protection from the latest...

January 8, 2019—KB4480978 (OS Build 16299.904)

January 8, 2019—KB4480978 OS Build 16299.904 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that affects PowerShell remoting loop back using non-administrator accounts...

January 8, 2019—KB4480966 (OS Build 17134.523)

January 8, 2019—KB4480966 OS Build 17134.523 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that affects PowerShell remoting loop back using non-administrator accounts...

drchrono: node.drchrono.com - Information Disclosure and Windows Host Exposed

This host has the following TCP ports open; 21 - FTP 22 - SSH 135 - Windows RPC Dynamic 445 - Microsoft DS 3389 - Remote Desktop 5986 - PowerShell Remoting 47001 - WinRM The server appears to be secured well on the whole. However the services SSH and FTP do all give out some information. Please s...

Powershell Remoting Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'Powershell Remoting Remote Command Execution', 'Description' = %q Uses Powershell Remoting TCP 47001 to inject payload...