1579 matches found
CVE-2018-8212
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...
CVE-2018-8201
CVE-2018-8201 describes a security feature bypass in Microsoft Device Guard that could allow a local attacker to inject malicious code into a Windows PowerShell session. Affected products include Windows Server 2016 and Windows 10 (including Windows 10 servers). The vulnerability stems from bypas...
CVE-2018-8212
The CVE-2018-8212 entry describes a security feature bypass in Microsoft Device Guard (Code Integrity Policy) that could allow an attacker to inject malicious code into a Windows PowerShell session. Affected products include Windows Server 2016 and Windows 10/Windows 10 Servers. The underlying is...
CVE-2018-8215
CVE-2018-8215 (and related CVEs) is described in CNVD-2018-12041 as a security feature bypass in Microsoft Device Guard that could let a local attacker inject malicious code into a Windows PowerShell session, affecting Windows Server 2016 and Windows 10 variants. The CNVD entry confirms the vulne...
CVE-2018-8221
The connected CNVD entry CNVD-2018-12041 confirms a security feature bypass in Microsoft Device Guard that could let a local attacker inject malicious code into a Windows PowerShell session, affecting Windows 10 and Windows Server 2016 . The underlying issue is a bypass of the Device Guard/Code I...
Microsoft Windows Device Guard Local Security Bypass Vulnerability (CNVD-2018-12564)
Microsoft Windows 10 and Windows Server Version 1709 are both products of Microsoft Corporation.Microsoft Windows 10 is a cross-platform operating system for PCs and laptops, tablets, and cell phones.Windows Server Version 1709 is a server operating system. Server Version 1709 is a server operati...
Microsoft Windows Multiple Vulnerabilities (KB4284874)
This host is missing a critical security update according to Microsoft KB4284874 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code...
Excerpts from Modern Bank Heists – Non Malware Attack Methods
Carbon Black recently published a report on the latest non-malware attack methods, and how to counteract them. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live Demo,...
ClassLink OneClick Browser Extension / Agent Universal XSS / Remote Code Execution
The ClassLink OneClick Browser Extension and the ClassLink Agent are vulnerable to Universal XSS and Remote Code Execution. Vendor has released software updates to fix both vulnerabilities on 3 June 2018. === Vendor === ClassLink: https://www.classlink.com === Vulnerability 1: Universal XSS throu...
Malware analysis: decoding Emotet, part 2
In part two of our series on decoding Emotet, you can catch up on part 1 here, we'll cover analysis of the PowerShell code. Before we do that, however, it is a good idea to list some of the functions and calls that are used in the code for the execution. System.Runtime.InteropServices.Marshal: us...
Carbon Black TAU Threat Analysis: Emotet Banking Trojan Leverages MS Office Word Docs, PowerShell to Deliver Malware
Emotet is a family of banking malware, which has been around since at least 2014. Attackers continue to leverage variants of Emotet and are becoming increasingly shrewd in the techniques they employ to deliver the malware onto an infected system. In the spring of 2018 Carbon Black's Threat Analys...
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule 'Windows UAC Protection Bypass Via Slui File Handler Hijack', 'Description' =...
PowerShell: In-Memory Injection Using CertUtil.exe
Have you ever heard the old saying," The only constant in life is change?" Nothing is truer in the world of penetration testing and information security than the certainty of change. New defenses are always emerging, and the guys and gals in the red team game are always having to evolve our effor...
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Exploit Title: Nanopool Claymore Dual Miner = 7.3 Remote Code Execution Date: 2018/02/09 Exploit Author: ReverseBrain Vendor Homepage: https://nanopool.org/ Software Link: https://github.com/nanopool/Claymore-Dual-Miner Version: 7.3 and lat...
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Vulnerability
Exploit for windows platform in category remote exploits Exploit Title: Nanopool Claymore Dual Miner = 7.3 Remote Code Execution Exploit Author: ReverseBrain Vendor Homepage: https://nanopool.org/ Software Link: https://github.com/nanopool/Claymore-Dual-Miner Version: 7.3 and later Tested on:...
Nanopool Claymore Dual Miner 7.3 Remote Code Execution
Exploit Title: Nanopool Claymore Dual Miner = 7.3 Remote Code Execution Date: 2018/02/09 Exploit Author: ReverseBrain Vendor Homepage: https://nanopool.org/ Software Link: https://github.com/nanopool/Claymore-Dual-Miner Version: 7.3 and later Tested on: Windows, Linux CVE : 2018-1000049 Suppose t...
Vega Stealer Malware Takes Aim at Chrome, Firefox
A malware dubbed Vega Stealer has been uncovered, looking to make off with saved credentials and credit-card information in the Chrome and Firefox browsers. While it’s a simple payload for now, researchers said it has the ability to evolve into something more concerning in the future. Proofpoint,...
SpookFlare v2.0 - Loader, Dropper Generator With Multiple Features For Bypassing Client-Side And Network-Side Countermeasures
SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader/dropper generator for Meterpreter, Empire, Koadic etc. SpookFlare has...