CVE-2021-41022

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts...

Fortinet FortiSIEM Windows Agent安全漏洞

Fortinet FortiSIEM Windows Agent is an agent program for collecting logs and other behaviors from Windows servers from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSIEM Windows Agent versions 4.1.4 and below, which can be exploited by an attacker to execute privileged code or...

GridPro Request Management For Windows Azure Pack 2.0.7905 Directory Traversal Vulnerability

GridPro Request Management for Windows Azure Pack versions 2.0.7905 and below suffer from a traversal vulnerability that can allow for arbitrary execution of Powershell scripts. PRODUCT : GridPro Request Management for Windows Azure Pack VENDOR : GridPro Software SEVERITY : Critical AFFECTED...

'Lone Wolf' Hacker Group Targeting Afghanistan and India with Commodity RATs

A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans RATs that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the...

Active-Directory-Exploitation-Cheat-Sheet

This is a cheat sheet for Windows Active Directory exploitation, containing common enumeration and attack methods. The repository is a collection of PowerShell scripts and modules that can be used to perform various attacks on Active Directory, including domain enumeration, lateral movement, and...

Redpill - Assist Reverse Tcp Shells In Post-Exploration Tasks

Project Description The redpill project aims to assist reverse tcp shells in post-exploration tasks. Often in redteam engagements we need to use unconventional ways to access target system, such as reverse tcp shells not metasploit in order to bypass the defenses implemented by the system...

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension...

Exploit for Path Traversal in Microsoft

I will continue to add any new code or modify existing code ba...

Citrix App Layering: Mass Edit of VMX Advanced Settings

Introduction Sometimes there are special settings that Unidesk customers must add to their desktop VMX files based on recommendations by VMware. This script was developed in order to ease the administrative burden of this requirement. The script can also set memory or CPU reservations, as these a...

nishang

This repository is an offensive tool for Windows systems, specifically for adding backdoors and executing malicious scripts. The primary vulnerability class is privilege escalation, as the tools aim to gain elevated privileges on the target system. The probable entry points include PowerShell...

Description of Update Rollup 5 for System Center 2012 R2 Operations Manager

Description of Update Rollup 5 for System Center 2012 R2 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 R2 Operations Manager. This article also contains the installation instructions for Update Rollup 5 for...

WindowsFirewallRuleset - Windows Firewall Ruleset Powershell Scripts

About WindowsFirewallRuleset Windows firewall rulles organized into individual powershell scripts according to: 1. Rule group 2. Traffic direction 3. IP version IPv4 / IPv6 4. Further sorted according to programs and services such as for example: 2. ICMP traffic 3. Browser rules 4. rules for...

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector

Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East. Dubbed ZeroCleare , the data wiper malware has been linked to not one...

Deep learning rises: New methods for detecting malicious PowerShell

Scientific and technological advancements in deep learning, a category of algorithms within the larger framework of machine learning, provide new opportunities for development of state-of-the art protection technologies. Deep learning methods are impressively outperforming traditional methods on...

Windows PowerShell ISE / Filename Parsing Flaw Remote Code Execution Exploit

Microsoft Windows PowerShell ISE will execute wrongly supplied code when debugging specially crafted PowerShell scripts that contain array brackets as part of the filename. This can result in ISE executing attacker supplied scripts pointed to by the filename and not the "trusted" PS file currentl...

RatVermin Spyware Targets Ukraine Gov Agencies

Researchers have uncovered an ongoing spear-phishing campaign, targeting the Ukraine government and military with emails aiming to distribute the RatVermin malware, which carries out various info-gathering activities. Researchers said that an infrastructure analysis of the attack indicates that t...

Lazarus Group Widens Tactics in Cryptocurrency Attacks

North Korea-linked APT Lazarus Group has been spotted targeting the cryptocurrency business again, adding Apple users to the mix by using PowerShell scripts to control macOS malware, and honing its Windows strategy. The campaign has been active since at least November 2018, according to an analys...

Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP

In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine...

ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery

Attacks using malicious Microsoft macros, always a popular method for compromising target machines, are more virulent than ever, accounting for 45 percent of all delivery mechanisms analyzed in August. Top Malware Delivery Mechanisms in August Just behind this tried-and-true method lies the...

Threat Roundup for August 31 to September 7

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 31 and Sept. 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed b...