How generate a Citrix Cloud bearer token and use it on a PowerShell API query

This article outlines the steps to generate a Citrix Cloud bearer tokenand use it on a PowerShell API query...

AD_Enumeration_Hunt - Collection Of PowerShell Scripts And Commands That Can Be Used For Active Directory (AD) Penetration Testing And Security Assessment

Description Welcome to the AD Pentesting Toolkit! This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory AD penetration testing and security assessment. The scripts cover various aspects of AD enumeration, user and group management, computer...

PT-2023-27313 · Shescape · Shescape

Name of the Vulnerable Software and Affected Versions: Shescape versions prior to 1.7.4 Description: The issue affects users of Shescape on Windows in a threaded context, allowing attackers to bypass protections by exploiting Shescape's failure to correctly escape for the expected shell. This can...

Delivery Controller fails to connect to local SQL Express database

Migrating databases for existing site from a full SQL server to a SQL Express instance running in the same VM as one of the Delivery Controllers causes the controller hosting the SQL Express not to be able to connect to the database, even after the correct machine account permissions and login...

Unable to enter multi-factor authentication with Citrix DaaS Remote PowerShell SDK

After installing and running the Virtual Apps and Desktops Remote PowerShell SDK, explicit authentication is required using the Get-XdAuthentication cmdlet. After entering the username and password, multi-factor authentication dialog is displayed,but the 6-digit OTP code input items are not...

Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks

Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry's users. "These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a...

Leaving non-persistent virtual machines of the provisioning scheme at the hypervisor is not allowed.

Unable to delete orphaned VMs by using Powershell from catalog which has already been removed via Powershell. When running command: Remove-ProvScheme The below error is seen: "Leaving the non-persistent virtual machines of the provisioning scheme 'provisioning scheme name' at the hypervisor is no...

Trawler - PowerShell Script To Help Incident Responders Discover Adversary Persistence Mechanisms

Dredging Windows for Persistence What is it? Trawler is a PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts, primarily focused on persistence mechanisms including Scheduled Tasks, Services, Registry Modifications, Startup Items,...

New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

Malicious actors are using a legitimate Rust-based injector called Freeze.rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It...

CVE-2023-29299

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to...

CVE-2023-29299

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to...

CVE-2023-29299

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to...

CVE-2023-29299 Adobe Acrobat Reader Untrusted Search Path Application denial-of-service

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to...

Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT

Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT By Jonell Baltazar and Antonio Ribeiro · August 10, 2023 Trellix detected an ongoing campaign using fake Chrome browser updates to lure victims to install a remote administration software tool called NetSupport Manager...

PT-2023-5323 · Microsoft +1 · Powershell +2

Name of the Vulnerable Software and Affected Versions: Adobe Acrobat Reader versions 23.003.20244 and earlier Adobe Acrobat Reader versions 20.005.30467 and earlier Adobe Acrobat 2020 Adobe Acrobat Reader 2020 Description: The issue is related to an Untrusted Search Path vulnerability and imprope...

CVE-2023-39520

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

Code injection

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

CVE-2023-39520 Cryptomator vulnerable to Local Elevation of Privileges

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

CVE-2023-39520 Cryptomator vulnerable to Local Elevation of Privileges

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

PT-2023-26992 · Unknown · Cryptomator

Name of the Vulnerable Software and Affected Versions: Cryptomator version 1.9.2 Description: Cryptomator encrypts data being stored on cloud infrastructure. The issue allows local privilege escalation for low privileged users via the repair function. This occurs because the repair function of th...