Security feature bypass

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019...

CVE-2018-8292

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0...

CVE-2018-8492

CVE-2018-8492 is a Device Guard Code Integrity Policy Security Feature Bypass vulnerability in Windows. Affected products include Windows Server 2016, Windows 10, Windows Server 2019, and Windows 10 Server editions. The root cause is a security feature bypass in Device Guard that could allow an a...

CVE-2018-8292

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0...

CVE-2018-8492

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019...

Core: information disclosure due to authentication information exposed in a redirect

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0...

Clrinject - Injects C# EXE Or DLL Assembly Into Every CLR Runtime And AppDomain Of Another Process

Injects C EXE or DLL Assembly into any CLR runtime and AppDomain of another process. The injected assembly can then access static instances of the injectee process's classes and therefore affect it's internal state. Usage clrinject-cli.exe -p -a Opens process with id or name , inject EXE and...

ThreatList: Microsoft IIS Sees Triple-Digit Spike in Cyberattack Volume

Internet Information Services IIS, an extensible web server originally created by Microsoft for use with the Windows NT family, saw a whopping 782x increase in cyberattacks during the second quarter, according to analysis. According to eSentire’s latest threat report based on data gathered from...

Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...

KB4462917: Windows 10 Version 1607 and Windows Server 2016 October 2018 Security Update

The remote Windows host is missing security update 4462917. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker...

360 3.5.0.1033 - Sandbox Escape

360 3.5.0.1033 - Sandbox Escape. Local exploit for Windows platform Exploit Title: 360 3.5.0.1033 - Sandbox Escape Date: 2018-10-08 Exploit Author: vrsystem Vendor Homepage: https://www.360.cn/ Software Link: https://dl.360safe.com/360/inst.exe Version: 3.5.0.1033 Tested on: 3.5.0.1033 CVE : None...

DbgShell - A PowerShell Front-End For The Windows Debugger Engine

A PowerShell front-end for the Windows debugger engine. Ready to tab your way to glory? For a quicker intro, take a look at Getting Started. Disclaimers 1. This project is not produced, endorsed, or monitored by the Windows debugger team. While the debugger team welcomes feedback about their API...

Shedding Skin – Turla’s Fresh Faces

Turla, also known as Venomous Bear, Waterbug, and Uroboros, may be best known for what was at the time an "ultra complex" snake rootkit focused on NATO-related targets, but their malware set and activity is much broader. Our current focus is on more recent and upcoming activity from this APT, whi...

Threat Roundup Sept 21 - 28

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 21 and 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

October 27, 2016 — KB3197954 (OS Build 14393.351)

October 27, 2016 — KB3197954 OS Build 14393.351 This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Internet Explorer 11, Start, File Explorer, action center, graphics, and the Windows kernel...

August 23, 2016 — KB3176934 (OS Build 14393.82)

August 23, 2016 — KB3176934 OS Build 14393.82 This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Network Controller, DNS server, gateways, Storage Spaces Direct, Group Managed Service...

December 9, 2016 — KB3201845 (OS Build 14393.479)

December 9, 2016 — KB3201845 OS Build 14393.479 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Improved the reliability of mobile device management MDM disenrollment, Distributed Componen...

Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT

A variant of a remote code execution vulnerability with Internet Explorer's scripting engine known as CVE-2018-8373 patched last August has been found in the wild. Looking at the IOCs posted by our colleagues at TrendMicro, we recognized the infrastructure serving this exploit. The same static...

SharpSploit - A .NET Post-Exploitation Library Written In C#

SharpSploit is a .NET post-exploitation library written in C that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers. SharpSploit is named, in part, as a homage to the PowerSploit project, a personal favorite of mine! While SharpSploit does port...

Threat Roundup for September 14 to September 21

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 14 and 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...