ProLock Ransomware Teams Up With QakBot Trojan to Infect Victims

A relatively new ransomware, ProLock, has paired up with the QakBot banking trojan to access victims’ networks. ProLock’s leveraging of QakBot gives it bolstered persistence, anti-detection and credential-dumping techniques. ProLock ransomware first emerged in March as a successor to another rece...

Failed to call RPC function: Error code: 0x80131500

Challenge Backup of Remote Desktop Server VMs with Application-Aware Processing may fail with an Unknown error, error code 0x80131500. You will see error messages similar to: "Failed to call RPC function 'Vss.GetSqlInfoForLastSnapshot2': Error code: 0x80131500. Failed to invoke func...

Kali Linux 2020.2 Release - Penetration Testing and Ethical Hacking Linux Distribution

We are incredibly excited to announce the second release of 2020, Kali Linux 2020.1.2 A quick overview of what’s new since January: KDE Plasma Makeover & Login PowerShell by Default. Kind of. Kali on ARM Improvements Lessons From The Installer Changes New Key Packages & Icons Behind the Scenes,...

Powerob - An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements

An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity. Installation git clone https://github.com/cwolff411/powerob Usage python3 powerob.py obfuscate originalfile.ps1 obfuscatedfile.ps1 Takes an INPUTFILE obfuscates it and dumps the obfuscated version...

Microsoft researchers work with Intel Labs to explore new deep learning approaches for malware classification

The opportunities for innovative approaches to threat detection through deep learning, a category of algorithms within the larger framework of machine learning, are vast. Microsoft Threat Protection today uses multiple deep learning-based classifiers that detect advanced threats, for example,...

How to configure antivirus configuration XML file for secure restore

Challenge The article provides information on adding additional antivirus options to Veeam Backup & Replication Secure Restore. NOTE : When adding an antivirus that is not already predefined, you may need to contact the antivirus vendor for assistance to gather the required attributes and exit...

Kentico CMS 12.0.14 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kentico CMS Staging SyncServer Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the Kentico CMS...

Kentico CMS Staging SyncServer Unserialize Remote Command Execution

This module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote Command Execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passe...

Invoker - Penetration Testing Utility

Penetration testing utility. The goal is to use this tool when access to some Windows OS features through GUI is restricted. Some features require administrative privileges. Capabilities: invoke the Command Prompt and PowerShell, download a file, schedule a task, add a registry key, connect to a...

Powershell-Reverse-Tcp - PowerShell Script For Connecting To A Remote Host.

PowerShell script for connecting to a remote host. Remote host will have full control over client's PowerShell and all its underlying commands. Tested with PowerShell v5.1.18362.752 on Windows 10 Enterprise OS 64 bit. Made for educational purposes. I hope it will help! How to Run Change the IP...

PowerSploit

This is an offensive tool for Windows PowerShell. It is a module for PowerSploit, a PowerShell framework for penetration testing and red teaming. The module contains several functions for code execution, including reflective DLL injection and DLL injection into a process. The functions can be use...

tater

It is an offensive tool for Windows Privilege Escalation. The tool is called Tater, a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. The target product/service or framework is Windows, and the vulnerability class/vector is Privilege Escalation. The probable entr...

PowerShell-Suite

This is an exploit module/toolkit targeting Windows UAC User Account Control bypass. The module, named "Bypass-UAC," provides a framework for performing UAC bypasses based on auto-elevating IFileOperation COM object method calls. It implements a function that rewrites PowerShell's PEB Process...

Burp Exporter - A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. You can export as: cURL Wget Python Request Perl LWP PHP HTTPRequest2 Go Native NodeJS Request jQuery AJAX PowerShell Requirements Jython = 2.7.1 Burp Suite import In Burp Suite, und...

PSKernel-Primitives

This repository contains a collection of PowerShell primitives for exploitation, specifically targeting Windows systems. The code is written in PowerShell and utilizes various Windows APIs to achieve its goals. The repository includes several functions, each with a specific purpose: 1...

Microsoft security advisory: Update to harden use of DES encryption: July 14, 2015

Microsoft security advisory: Update to harden use of DES encryption: July 14, 2015 INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, go to...

Audix - A PowerShell Tool To Quickly Configure The Windows Event Audit Policies For Security Monitoring

Audix will allow for the SIMPLE configuration of Windows Event Audit Policies. Window's Audit Policies are restricted by default. This means that for Incident Responders, Blue Teamers, CISO's & people looking to monitor their environment through use of Windows Event Logs, must configure the audit...

System Center Operations Manager, version 1807

System Center Operations Manager, version 1807 Applies to: System Center Operations Manager, version 1807 Introduction This article describes the issues that are fixed and the improvements that are included in System Center Operations Manager, version 1807. This article also contains the...

Description of Update Rollup 4 for System Center 2012 Operations Manager Service Pack 1

Description of Update Rollup 4 for System Center 2012 Operations Manager Service Pack 1 Symptoms Issues that Update Rollup 4 fixes are as follows. Operations Manager KB2880799 Issue 1 Windows PowerShell scripts or modules cannot be executed in an AllSigned environment. Symptom You receive the...

Update Rollup 5 for System Center 2016 Operations Manager

Update Rollup 5 for System Center 2016 Operations Manager Introduction This article describes the issues that are fixed and the improvements that are included in Update Rollup 5 for Microsoft System Center 2016 Operations Manager. This article also contains the installation instructions for this...