201 matches found
FIN7 Evolution and the Phishing LNK
FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishin...
'Events data collection failure' Issue
Challenge Veeam ONE raises Events data collection failure against Veeam Backup & Replication or Hyper-V server. Cause Permissions, UAC configuration, and firewall settings need to be configured. Solution Troubleshooting Checks Verify that the account used to connect to Veeam Backup & Replication ...
Sherlock - Tool to find missing Windows patches for Local Privilege Escalation Vulnerabilities
PowerShell script to quickly find missing Microsoft patches for local privilege escalation vulnerabilities. Currently looks for: MS10-015 : User Mode to Ring KiTrap0D MS10-092 : Task Scheduler MS13-053 : NTUserMessageCall Win32k Kernel Pool Overflow MS13-081 : TrackPopupMenuEx Win32k NULL Page...
The vulnerability of the Windows operating system, which allows a hacker to bypass the certificate verification process
The vulnerability of the PowerShell script for the Windows operating system exists due to insufficient checking of input data. Exploiting this vulnerability allows a local attacker to bypass certificate verification...
CVE-2017-0007
Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability."...
Device Guard Security Feature Bypass Vulnerability
A security feature bypass exists when Device Guard does not properly validate certain elements of a signed PowerShell script. An attacker who successfully exploited this vulnerability could modify the contents of a PowerShell script without invalidating the signature associated with the file...
Microsoft Device Guard Security Feature Bypass (MS17-012: CVE-2017-0007)
A security feature bypass vulnerability has been reported in Microsoft Windows Device Guard. The vulnerability is due to the way Device Guard improperly validates certain elements of a signed PowerShell script. A remote attacker could exploit this vulnerability by enticing a target user to open a...
NTDS Grabber
This module uses a powershell script to obtain a copy of the ntds,dit SAM and SYSTEM files on a domain controller. It compresses all these files in a cabinet file called All.cab. This module requires Metasploit: https://metasploit.com/download Current source:...
Locky Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns
Researchers at Microsoft’s Malware Protection Center have spotted malicious email campaigns using .lnk attachments to spread Locky ransomware and the Kovter click-fraud Trojan, the first time criminals have simultaneously distributed both pieces of malware. According to Microsoft, the .lnk file n...
CVE-2016-0321
IBM Personal Communications aka PCOMM 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script...
CVE-2016-0321
IBM Personal Communications aka PCOMM 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script...
Design/Logic Flaw
IBM Personal Communications aka PCOMM 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script...
Error Windows API: There is not enough space on the disk. Error number 0xE00000070
When trying to merge a vDisk, the following error is seen: The error is not seen when adding a vDisk or a new vDisk version to the store, just when merging the vDisk versions. Windows Explorer shows a sufficient amount of free space for the merge process in the vDisk store and running the...
Veeam Backup & Replication add-on for Kaseya compatibility with Veeam Backup & Replication 9.x
The Kaseya plug-in for Veeam Backup & Replication was discontinued in 2019 and is no longer available nor supported by Veeam. Challenge Veeam Backup & Replication add-on for Kaseya needs to support Veeam Backup & Replication 9.x monitoring. Cause The names of Veeam Backup & Replication services...
Microsoft Windows PowerShell Script Information Disclosure
An information disclosure exploitation can be executed via a malicious Microsoft Windows PowerShell script. Successful exploitation would allow a remote attacker to copy restricted files with privileged information from the affected system...
Required Group Policy Preference Actions for Microsoft Security Bulletin MS14-025
US-CERT is aware of continued exploitation of insecurely stored passwords in Group Policy Preferences, due to incomplete implementations of Microsoft Security Bulletin MS14-025. Systems may still be vulnerable to exploitation if administrators have not cleared all previously stored passwords from...
Windows Gather User Credentials (phishing)
This module is able to perform a phishing attack on the target by popping up a loginprompt. When the user fills credentials in the loginprompt, the credentials will be sent to the attacker. The module is able to monitor for new processes and popup a loginprompt when a specific process is starting...
How To Export Windows Event Logs
Purpose When submitting a support case for technical assistance, it is sometimes necessary to upload relevant Windows event logs in addition to the Veeam logs. Event logs exported using default settings can be missing important information. This article describes three different methods of...
How to Collect Guest Processing Log Files
Purpose This article documents how to locate and gather guest-level log files associated with Application-Aware Processing or VM Guest OS File Indexing that occurs with Veeam Backup & Replication VM backup jobs. While investigating issues related to Guest Processing, additional logs must be...
Veeam ONE Fails to Collect Performance Data from a Hyper-V Host
Challenge Veeam ONE fails to collect performance data from one or multiple Hyper-V hosts despite being able to collect infrastructure and topology data. This issue may occur with or without an alarm being triggered. When an alarm is triggered, it will display the message: Performance data...