Turla's 'Crutch' Backdoor Leverages Dropbox in Espionage Attacks

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat APT espionage group. The malware, which researchers call “Crutch,” is able to bypass security measures by abusing legitimate tools –...

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla aka Venomous Bear or Snake, a...

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with urgency. Recent...

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with urgency. Recent...

Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign

A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook. According to Check Point Research, Bandook was last spotted being used in 2015 and 2017/2018, in the “Operation Manul” and “Dark Caracal”...

Quick Guide — How to Troubleshoot Active Directory Account Lockouts

Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of...

Quick Guide — How to Troubleshoot Active Directory Account Lockouts

Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of...

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors

A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark Caracal in a...

Microsoft Windows: Get RSOP_SecuritySettings

The RSOPUserPrivilegeRight WMI class represents the security setting for a local Group Policy that relates to the assignment of a particular user privilege. This class was added for Windows XP. The RSOPSecuritySettings WMI class is the abstract class from which other RSoP security classes derive...

Invoke-Antivm - Powershell Tool For VM Evasion

Invoke-AntiVM is a set of modules to perform VM detection and fingerprinting with exfiltration via Powershell. Compatibility Run the script check-compatibility.ps1 to check what modules or functions are compatibile with the powershell version. Our goal is to achieve compatibility from 2.0 but we...

Oracle WebLogic Server Administration Console Handle RCE

This module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against 12.2.1.3.0...

Oracle WebLogic Server Administration Console Handle Remote Code Execution Exploit

This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against...

nishang

This repository is an offensive tool for Windows exploitation, specifically for adding backdoors to Windows systems. It contains a collection of PowerShell scripts that can be used to add various types of backdoors, including constrained delegation backdoors, registry backdoors, and screensaver...

Citrix App Layering 4.x: PVS Connector (BootPrivate)

Introduction When publishing an image to PVS the PVS Connector allows for running a PowerShell script after an image is uploaded to the PVS Store and added as a vDisk. This sample script is intended to show Citrix customers how this scripting can be used to increase administrative productivity...

Microsoft Exchange Attack Exposes New xHunt Backdoors

Two never-before-seen Powershell backdoors have been uncovered, after researchers recently discovered an attack on Microsoft Exchange servers at an organization in Kuwait . The activity is tied back to the known xHunt threat group, which was first discovered in 2018 and has previously launched an...

Profile Management Configuration Checking Tool - UPMConfigCheck

Please note: You can download the required file from the Citrix downloads website by visiting the following link: https://www.citrix.com/downloads/citrix-tools Profile Management Configuration Check Tool UPMConfigCheck Created Date: February 27, 2012 Updated Date: August 23, 2023 Description...

Fix Incorrect Service Endpoint in XA/XD sites

Note: This script applies to XA/XD 7.0 and above. Overview This PowerShell script attempts to fix any bad, missing,changed, or incorrect service endpoints in a site. Please note: You can download the required file from the Citrix downloads website by visiting the following...

Citrix App Layering 4.x: PVS Connector Script to Convert VHD to VHDX

Introduction When publishing an image to PVS the Citrix App Layering PVS Connector allows for running a PowerShell script after an image in uploaded to the PVS Store and Added as a vDisk. This sample script is intended to show Citrix customers how this scripting can be used to increase...

Citrix App Layering: Mass Edit of VMX Advanced Settings

Introduction Sometimes there are special settings that Unidesk customers must add to their desktop VMX files based on recommendations by VMware. This script was developed in order to ease the administrative burden of this requirement. The script can also set memory or CPU reservations, as these a...

Self-Service Password Reset Central Store Creation Tool

SSPR Central Store Creation Tool Created Date: Sept 23, 2016 Updated Date: Sept 23, 2016 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to t...