Design/Logic Flaw

An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell...

CVE-2021-42098

An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager, which stems from incomplete permission checking of entries in the "Transfer Remote Desktop...

Active-Directory-Exploitation-Cheat-Sheet

This is a cheat sheet for Windows Active Directory exploitation, containing common enumeration and attack methods. The repository is a collection of PowerShell scripts and modules that can be used to perform various attacks on Active Directory, including domain enumeration, lateral movement, and...

PowerShx - Run Powershell Without Software Restrictions

Unmanaged PowerShell execution using DLLs or a standalone executable. Introduction PowerShx is a rewrite and expansion on the PowerShdll project. PowerShx provide functionalities for bypassing AMSI and running PS Cmdlets. Features Run Powershell with DLLs using rundll32.exe, installutil.exe,...

Azur3Alph4 - A PowerShell Module That Automates Red-Team Tasks For Ops On Objective

Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach RCE achieved position. Token extraction and many other tools will not execute successfully without starting in this position. This module should be used for further...

Exploit for CVE-2021-1675

CVE-2021-1675-PrintNightmare Working PowerShell POC Powershel...

Encrypted & Fileless Malware Sees Big Growth

A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive. That’s according to WatchGuard Technologies’ latest report on findings within its telemetry, which also found that these detections come primarily...

AutomatedLab - A Provisioning Solution And Framework That Lets You Deploy Complex Labs On HyperV And Azure With Simple PowerShell Scripts

AutomatedLab AL enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. Requirements Apart fr...

The vulnerability of the .NET Core runtime, the PowerShell Core automation tool, and the Visual Studio software development environment is related to insufficient input validation. This allows attackers to trigger service failures.

The vulnerability of the .NET Core runtime, the PowerShell Core automation tool, and the Visual Studio software development environment is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

A New Jupyter Malware Version is Being Distributed via MSI Installers

Cybersecurity researchers have charted the evolution of Jupyter, a .NET infostealer known for singling out healthcare and education sectors, which make it exceptional at defeating most endpoint security scanning solutions. The new delivery chain, spotted by Morphisec on September 8, underscores...

September 27, 2021—KB5005619 (OS Build 20348.261) Preview

September 27, 2021—KB5005619 OS Build 20348.261 Preview Improvements and fixes This non-security update includes quality improvements. Key changes include: Addresses an issue that might prevent users from opening phone apps that are pinned to the taskbar. This issue occurs after they update to th...

PS2EXE - Module To Compile Powershell Scripts To Executables

Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one switch, real windows executables are generated. With Powershell 5.x support and graphical front end. Module version. You find the script based version here...

New Malware Targets Windows Subsystem for Linux to Evade Detection

A number of malicious samples have been created for the Windows Subsystem for Linux WSL with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft"...

ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender

A targeted campaign delivering the ZLoader banking trojan is spreading via Google AdWords, and is using a mechanism to disable all Windows Defender modules on victim machines, researchers have found. That’s according to SentinelLabs, which said that to lower the rates of detection, the infection...

September 14, 2021—KB5005568 (OS Build 17763.2183)

September 14, 2021—KB5005568 OS Build 17763.2183 11/17/20 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. To view other notes and messages, see the Windows 10, version 1809 update history home page...

September 14, 2021—KB5005575 (OS Build 20348.230)

September 14, 2021—KB5005575 OS Build 20348.230 Improvements and fixes This security update includes quality improvements. Key changes include: Addresses an issue that causes Windows to generate many AppLocker or SmartLocker success events in the AppLocker EXE and DLL event channel. Addresses an...

Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection

Exploit Title: Apartment Visitor Management System AVMS 1.0 - 'username' SQL Injection Date: 2021-08-13 Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...

Citrix gateway plugin executes PowerShell script obfuscated code which might be blocked by Antivirus software

We might see errors somewhat like below in AntiVirus : Event type: Process action blocked Component: Adaptive Anomaly Control Rule name: PowerShell executes obfuscated code Source process: c:\windows\system32\windowspowershell\v1.0\powershell.exe Application : "C:\Program Files\Citrix\Secure Acce...

Metasploit Wrap-Up

Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...