muddyc3-Revived

This is a working POC the leaked MuddyC3 C2 . its include below...

CHAPS - Configuration Hardening Assessment PowerShell Script

CHAPS is a PowerShell script for checking system security settings where additional software and assessment tools, such as Microsoft Policy Analyzer, cannot be installed. The purpose of this script is to run it on a server or workstation to collect configuration information about that system. The...

Install OpenSSH for Windows

This module installs OpenSSH server and client for Windows using PowerShell. SSH on Windows can provide pentesters persistent access to a secure interactive terminal, interactive filesystem access, and port forwarding over SSH. This module requires Metasploit: https://metasploit.com/download...

TrickBot Adds Custom, Stealthy Backdoor to its Arsenal

The Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets. According to research from SentinelLabs, released on Thursday, PowerTrick is designed to execute commands and return the results in...

SAIGON, the Mysterious Ursnif Fork

Ursnif aka Gozi/Gozi-ISFB is one of the oldest banking malware families still in active distribution. While the first major version of Ursnif was identified in 2006, several subsequent versions have been released in large part due source code leaks. FireEye reported on a previously unidentified...

Drake Lyrics Used as Calling Card in Malware Attack

A hacker with the handle “Master X” leverages a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” and ultimately delivers a malicious payload to its victims. The campaign is email based; with missives containing a malicious PowerPoint attachment...

WindowsFirewallRuleset - Windows Firewall Ruleset Powershell Scripts

About WindowsFirewallRuleset Windows firewall rulles organized into individual powershell scripts according to: 1. Rule group 2. Traffic direction 3. IP version IPv4 / IPv6 4. Further sorted according to programs and services such as for example: 2. ICMP traffic 3. Browser rules 4. rules for...

Exploring VBO365 backups: Understanding Different Restore Scopes

Challenge You can explore backups in three different scopes: Backup Job , Organization , All organizations. Consider the following organizations added to the Veeam Backup for Microsoft 365 backup infrastructure; each of these organizations uses its own backup repository to store data: Organizatio...

OilRig’s Poison Frog – old samples, same trick

After we wrote our private report on the OilRig leak, we decided to scan our archives with our YARA rule, to hunt for new and older samples. Aside from finding some new samples, we believe we also succeeded in finding some of the first Poison Frog samples. Poison Frog We're not quite sure whether...

Calling Local Windows RPC Servers from .NET

Posted by James Forshaw, Project Zero As much as I enjoy finding security vulnerabilities in Windows, in many ways I prefer the challenge of writing the tools to make it easier for me and others to do the hunting. This blog post gives an overview of using some recent tooling I’ve released as part...

How to Migrate Backup Data Between Repositories for Veeam Backup for Microsoft 365

Purpose This article provides information regarding migrating backup data between JET-based backup repositories and from a JET-based backup repository to a non-immutable object storage repository when using Veeam Backup for Microsoft 365. This article documents how to migrate backup data between...

Elegant sLoad Carries Out Spying, Payload Delivery in BITS

A fresh analysis of the trojan sLoad sheds light on the growing trend of advanced malware “living off the land” of a targeted system and successfully evading detection and carrying out malicious activities. SLoad is a PowerShell downloader type of malware and is known for its impressive...

New Zeppelin Ransomware Targeting Tech and Health Companies

A new variant of Vega ransomware family, dubbed Zeppelin , has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada. However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan,...

SYS.2.2.2.A16

Ziel des Bausteins SYS.2.2.2 ist der Schutz von Informationen, die durch und auf Windows 8.1-Clients verarbeiten werden. Die Kern-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector

Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East. Dubbed ZeroCleare , the data wiper malware has been linked to not one...

Attack Monitor - Endpoint Detection And Malware Analysis Software

Attack Monitor is Python application written to enhance security monitoring capabilites of Windows 7/2008 and all later versions workstations/servers and to automate dynamic analysis of malware. Current modes mutually exclusive: Endpoint detection ED Malware analysis on dedicated Virtual Machine...

Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines

Graphs help to spot anomalies and patterns in large datasets. This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j. Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and...

Kali Linux 2019.4 Release - Penetration Testing and Ethical Hacking Linux Distribution

We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4. 2019.4 includes some exciting new updates: A new default desktop environment, Xfce New GTK3 theme for Gnome and Xfce Introduction of “Kali Undercover” mode Kali Documentation has a new home and is now G...

Latest Kali Linux OS Added Windows-Style Undercover Theme for Hackers

You can relate this: While working on my laptop, I usually prefer sitting at a corner in the room from where no one should be able to easily stare at my screen, and if you're a hacker, you must have more reasons to be paranoid. Let's go undercover: If you're in love with the Kali Linux operating...

Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Vulnerability

Exploit Title: Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Exploit Author: Abdelhamid Naceri Vendor Homepage: www.microsoft.com Tested on: Windows 10 1903 CVE : CVE-2019-1385 Windows: "AppX Deployment Service" AppXSVC elevation of privilege vulnerability Class: Local...