KLA12385 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Visual Studio Code WSL...

Microsoft PowerShell Utility 安全漏洞

Microsoft PowerShell Utility is a utility module from Microsoft Corporation USA. The module includes many of the basic administrative commands for PowerShell. A security vulnerability exists in Microsoft PowerShell Utility. No information about this vulnerability is available at this time, so...

Metasploit Wrap-Up

Word and Javascript are a rare duo. Thanks to thesunRider. you too can experience the wonder of this mystical duo. The sole new metasploit module this release adds a file format attack to generate a very special document. By utilizing Javascript embedded in a Word document to trigger a chain of...

Apache Log4j JAR Detection (Windows)

Binary data apachelog4jwininstalled.nbin...

MTPutty 1.0.1.21 - SSH Password Disclosure Vulnerability

Exploit Title: MTPutty 1.0.1.21 - SSH Password Disclosure Exploit Author: Sedat Ozdemir Version: 1.0.1.21 Date: 06/12/2021 Vendor Homepage: https://ttyplus.com/multi-tabbed-putty/ Tested on: Windows 10 Proof of Concept ================ Step 1: Open MTPutty and add a new SSH connection. Step 2:...

MTPutty 1.0.1.21 SSH Password Disclosure

Exploit Title: MTPutty 1.0.1.21 - SSH Password Disclosure Exploit Author: Sedat Ozdemir Version: 1.0.1.21 Date: 06/12/2021 Vendor Homepage: https://ttyplus.com/multi-tabbed-putty/ Tested on: Windows 10 Proof of Concept ================ Step 1: Open MTPutty and add a new SSH connection. Step 2:...

Windows Interactive Powershell Session, Reverse TCP SSL

Listen for a connection and spawn an interactive powershell session over SSL Module Options msf use payload/windows/x64/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show optio...

Windows Interactive Powershell Session, Reverse TCP SSL

Listen for a connection and spawn an interactive powershell session over SSL Module Options msf use payload/windows/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show options...

Windows Interactive Powershell Session, Reverse TCP SSL

Interacts with a powershell session on an established SSL socket connection Module Options msf use payload/cmd/windows/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show option...

XC - A Small Reverse Shell For Linux And Windows

Netcat like reverse shell for Linux & Windows. Features Windows Usage: └ Shared Commands: !exit !upload uploads a file to the target !download downloads a file from the target !lfwd local portforwarding like ssh -L !rfwd remote portforwarding like ssh -R !lsfwd lists active forwards !rmfwd remove...

WIRTE Hacker Group Targets Government, Law, Financial Entities in Middle East

Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents. Russian cybersecurity compa...

ScarCruft surveilling North Korean defectors and human rights activists

The ScarCruft group also known as APT37 or Temp.Reaper is a nation-state sponsored APT actor we first reported in 2016. ScarCruft is known to target North Korean defectors, journalists who cover North Korea-related news and government organizations related to the Korean Peninsula, between others...

DetectionLabELK - A Fork From DetectionLab With ELK Stack Instead Of Splunk

DetectionLabELK is a fork from Chris Long's DetectionLab with ELK stack instead of Splunk. Description: DetectionLabELK is the perfect lab to use if you would like to build effective detection capabilities. It has been designed with defenders in mind. Its primary purpose is to allow blueteams to...

Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware

A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a previously undocumented PowerShell-based information stealer designed to harvest extensive details from infected machines. "The...

Sitecore Experience Platform (XP) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sitecore Experience Platform XP PreAuth Deserialization RCE', 'Description' = %q This module exploits a deserialization vulnerability in the...

Canadian Furious Beaver - A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities

Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: 1. the "Broker" combines both a user-land agent and a self-extractable driver IrpDumper.sys that will install itself on the targeted system. Once running it will expose depending on the...

A multi-stage PowerShell based attack targets Kazakhstan

This blog post was authored by Hossein Jazi. On November 10 we identified a multi-stage PowerShell attack using a document lure impersonating the Kazakh Ministry of Health Care, leading us to believe it targets Kazakhstan. A threat actor under the user name of DangerSklif perhaps in reference to...

CVE-2021-34420

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer...

Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs

Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important. The flaws are found in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge Chromium-based, Exchange Server,...

Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs

Over the weekend of November 6, 2021, Rapid7’s Incident Response IR and Managed Detection and Response MDR teams began seeing opportunistic exploitation of two unrelated CVEs: CVE-2021-40539, a REST API authentication bypass in Zoho’s ManageEngine ADSelfService Plus product that Rapid7 has...