1579 matches found
Microsoft Windows - UAC Protection Bypass via FodHelper Registry Key (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule 'Windows UAC Protection Bypass Via FodHelper Registry Key', 'Description' = %q...
Zusy Malware Installs Via Mouseover – No Clicking Required
Researchers are warning of several recent spam campaigns delivering PowerPoint files that when opened contain a mouseover link that installs a variant of the Zusy malware. The malware is novel because it does not rely on macros, JavaScript or VBA macros to be enabled for the dropper file to...
Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros
"Disable macros and always be extra careful when you manually enable it while opening Microsoft Office Word documents." You might have heard of above-mentioned security warning multiple times on the Internet as hackers usually leverage this decade old macros-based hacking technique to hack...
PowerShell Script Encoding Evasion
Certain evasion tools obfuscate powershell scripts in order to circumvent inspection by security software. An attacker could use such evasion methods in order to execute arbitrary code on the target...
Windows UAC Protection Bypass (Via FodHelper Registry Key)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule 'Windows UAC Protection Bypass Via FodHelper Registry Key', 'Description' = %q...
WMI Event Subscription Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using one of five methods. The EVENT method will create an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified...
Parallels Desktop - Virtual Machine Escape
Parallels Desktop - Virtual Machine Escape + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp...
Parallels Desktop - Virtual Machine Escape Vulnerability
Exploit for windows platform in category local exploits + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Ma...
Parallels Desktop - Virtual Machine Escape
Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website :...
Parallels Desktop 12.2.0 Virtual Machine Escape
Title:A Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website...
EternalBlue Exploit Spreading Gh0st RAT, Nitol
EternalBlue, the exploit used in the WannaCry ransomware outbreak, is now being leveraged to distribute the Nitol backdoor and Gh0st RAT malware. Security researchers at FireEye said, just as WannaCry criminals did, threat actors are leveraging the same Microsoft Server Message Block SMB protocol...
Octopus Deploy - (Authenticated) Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'json' class MetasploitModule 'Octopus Deploy Authenticated Code Execution', 'Description' = %q This module can be used to...
Octopus Deploy Authenticated Code Execution Exploit
This Metasploit module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment. This module requires Metasploit: http://metasploit.com/download Current...
Octopus Deploy Authenticated Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'json' class MetasploitModule 'Octopus Deploy Authenticated Code Execution', 'Description' = %q This module can be used to...
Octopus Deploy Authenticated Code Execution
This module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment. This module requires Metasploit: https://metasploit.com/download Current source:...
Release Notes for Veeam Backup & Replication 9.5 Update 2
More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge Release Notes for Veeam Backup & Replication 9.5 Update 2 Cause Please confirm you are running version 9.5.0.580, 9.5.0.711, 9.5.0.802, or 9.5.0.823 prior to...
PowerStager - A payload stager using PowerShell
This script creates an executable stager that downloads a selected powershell payload, loads it into memory and executes it using obfuscated EC methods. The script will also encrypt the stager for dynamic signatures and some additional obfuscation. This enables the actual payload to be executed...
PowerShell Payload Stager: PowerStager
PowerShell Payload Stager This script creates an executable stager that downloads a selected powershell payload, loads it into memory and executes it using obfuscated EC methods. The script will also encrypt the stager for dynamic signatures and some additional obfuscation. This enables the actua...
FIN7 Evolution and the Phishing LNK
FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishin...
Nvidia GeForce Experience Node.js security vulnerability
Application Whitelisting Application whitelisting is an important security concept which can be found in many environments during penetration testing. The basic idea is to create a whitelist of allowed applications and after that only allow the execution of applications which can be found in that...