3099 matches found
PowerSploit
This is an offensive tool for Windows PowerShell exploitation. It is a collection of PowerShell scripts that can be used to exploit vulnerabilities in Windows systems. The repository contains several modules, including AntivirusBypass, CodeExecution, and others. The AntivirusBypass module contain...
CVE-2018-8204
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...
CVE-2018-8204
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...
CVE-2018-8200
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...
CVE-2018-8200
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...
Security feature bypass
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...
CVE-2018-8200
CVE-2018-8200 is a local security bypass in Windows Device Guard, enabling an attacker to inject malicious code into a PowerShell session by bypassing the Code Integrity Policy. Affected: Windows Server 2016, Windows 10 (and variants). Root cause: Device Guard Code Integrity Policy bypass vulnera...
Microsoft Windows Device Guard Local Security Bypass Vulnerability (CNVD-2018-19386)
Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical model GUI. A local security bypass vulnerability exists in Microsoft Windows Device Guard. An attacker can exploit this vulnerability to inject malicious code into a Windows...
Microsoft Windows Device Guard Local Security Bypass Vulnerability (CNVD-2018-19387)
Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. A local security bypass vulnerability exists in Microsoft Windows Device Guard. An attacker can exploit this vulnerability to inject malicious code into a Windows...
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...
KB4343892: Windows 10 August 2018 Security Update (Foreshadow)
The remote Windows host is missing security update 4343892. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an...
KB4343887: Windows 10 Version 1607 and Windows Server 2016 August 2018 Security Update (Foreshadow)
The remote Windows host is missing security update 4343887. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtai...
Oracle Weblogic Server Deserialization Remote Code Execution Exploit
Exploit for multiple platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Oracle Weblogic Server Deserialization RCE',...
New Actor DarkHydrus Targets Middle East with Open-Source Phishing
Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work. T...
Granular permissions for Microsoft Azure user
Challenge When adding an Azure account to Veeam Backup & Replication, you would use the Add Microsoft Azure compute account... then, on the Subscription tab of the wizard that opens, select the "Create a new account" option. Doing this will register a new Azure AD Application. The account used to...
Remote Desktop Caching - Tool To Recover Old RDP (mstsc) Session Information In The Form Of Broken PNG Files
This tool allows one to recover old RDP mstsc session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an...
Win-PortFwd - Powershell Script To Setup Windows Port Forwarding Using Native Netsh Client
Powershell script to setup windows port forwarding using native netsh client. Install: git clone https://github.com/deepzec/Win-PortFwd.git Usage: .\win-portfwd.ps1 or powershell.exe -noprofile -executionpolicy bypass -file .\win-portfwd.ps1 Note: This script require admin privileges to run, this...
Unable to deploy custom receiver from Store front. Getting " An error occurred while saving changes on the "Deploy Citrix Receiver" property dialog. Please check the log in event viewer and try again."
While trying to add customized "receiver.exe" to deploy receiver option in Storefront, you might get following error while saving it. "An error occurred while saving changes on the "Deploy Citrix Receiver" property dialog. Please check the log in event viewer and try again". It works fine with...
Case Study: A Cryptomining Attack — With an Assist From Advanced Malware Techniques
In Carbon Black's Quarterly Incident Response Threat Report QIRTR, some of the world’s leading incident response IR professionals reported seeing an uptick in lateral movement, counter incident response, and island-hopping attacks from motivated nation-states. In the case study below, Kroll notes...