Exploit for Out-of-bounds Write in Google Android

AutomatedRoot !GitHubhttps://img.shields.io/github/license/...

CB Threat Analysis Unit Technical Breakdown: GermanWiper Ransomware

Editor's Note: The TAU-TIN related to this write up can be located here. GermanWiper Ransomware was found distributed via spam email campaign in Germany. It’s a data-wiping malware and the ransom note was written in German language. The malware pretends to be ransomware but is actually a wiper th...

PyFuscation - Obfuscate Powershell Scripts By Replacing Function Names, Variables And Parameters

PyFuscation Requires python3 usage: PyFuscation.py -h -f -v -p --ps SCRIPT Optional arguments: • -h, --help show this help message and exit • -f Obfuscate functions ○ Do this First ... Its probably the most likely to work well • -v Obfuscate variables ○ If your going to obfuscate variables do the...

Deep learning rises: New methods for detecting malicious PowerShell

Scientific and technological advancements in deep learning, a category of algorithms within the larger framework of machine learning, provide new opportunities for development of state-of-the art protection technologies. Deep learning methods are impressively outperforming traditional methods on...

Kaseya VSA agent 9.5 - Privilege Escalation

Exploit Title: Kaseya VSA agent CVE-2017-12410 found by Filip Palian. A a fix was put in place for the original CVE, however it was specific to binaries and not scripts. The root cause for both issues is allowing a low privileged group excessive permissions to a folder used by a elevated process...

Kaseya VSA Agent 9.5 Privilege Escalation

Exploit Title: Kaseya VSA agent CVE-2017-12410 found by Filip Palian. A a fix was put in place for the original CVE, however it was specific to binaries and not scripts. The root cause for both issues is allowing a low privileged group excessive permissions to a folder used by a elevated process...

GGPowerShell / Windows PowerShell Remote Command Execution

from base64 import b64encode from base64 import b64decode from socket import import argparse,sys,socket,struct,re GGPowerShell Microsoft Windows PowerShell - Unsantized Filename RCE Dirty File Creat0r. Original advisory:...

GGPowerShell / Windows PowerShell Remote Command Execution Exploit

This python script mints a .ps file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. from base64 import b64encode from base64 import b64decode from socket import import argparse,sys,socket,struct,re GGPowerShell Microsoft Windows...

FIN6 Switches Up PoS Tactics to Target E-Commerce

The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale PoS data in the U.S. and Europe, has changed up its tactics to target e-commerce sites. According to researchers at IBM X-Force Incident Response and Intelligence Services IRIS, FIN6 a.k.a. ITG08...

Power-Response Path Traversal Vulnerability

Power-Response is a modular PowerShell framework for event response . A path traversal vulnerability exists in versions of Power-Response prior to 2019-02-02, which can be exploited by an attacker to access locations outside of a restricted directory...

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection Exploit Title: Wordpress Plugin Import Export WordPress Users = 1.3.1 - CSV Injection Exploit Author: Javier Olmedo Contact: @jjavierolmedo Website: https://sidertia.com Date: 2018-08-22 Google Dork:...

How To Stop All Veeam Backup & Replication Activities

Purpose This article documents the procedure for halting all Veeam Backup & Replication activities. Solution Stopping Veeam Activity on Veeam Backup Server 1. Open the Veeam Backup & Replication Console. 2. Disable all Jobs. Note which jobs were already disabled so you know which ones may not nee...

AutoRDPwn v5.0 - The Shadow Attack Framework

AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This vulnerability listed as a feature by Microsoft allows a remote attacker to view his victim's desktop without his consent, and even control it...

PoshC2 - C2 Server and Implants

PoshC2 is a proxy aware C2 framework that utilises Powershell and/or equivalent System.Management.Automation.dll to aid penetration testers with red teaming, post-exploitation and lateral movement. Powershell was chosen as the base implant language as it provides all of the functionality and rich...

Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016...

Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

Silence APT , a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 201...

Microsoft Windows PowerShell - Unsanitized Filename Command Execution

''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor www.microsoft.com Product Windows PowerShell Windows PowerShell...

Windows PowerShell - Unsanitized Filename Command Execution Exploit

''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor www.microsoft.com Product Windows PowerShell Windows PowerShell...

Windows PowerShell - Unsanitized Filename Command Execution

Windows PowerShell - Unsanitized Filename Command Execution ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor...

Steam Windows Client Local Privilege Escalation

$SteamRegKey = "HKLM:\SOFTWARE\WOW6432Node\Valve\Steam\NSIS" $MSIRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\msiserver" $RegDir = "C:\Windows\Temp\RegLN.exe" $PayDir = "C:\Windows\Temp\payload.exe" $Payload = "c:\windows\system32\cmd.exe /c c:\windows\temp\payload.exe 127.0.0.1 4444 -e...