Exploit for Unsafe Reflection in Vmware Vcenter_Server

CVE-2021-21985 Checker. Simple Powershell imple...

CheeseTools - Self-developed Tools For Lateral Movement/Code Execution

This repository has been made basing onto the already existing MiscTool, so big shout-out to rasta-mouse for releasing them and for giving me the right motivation to work on them. CheeseExec Command Exec / Lateral movement via PsExec-like functionality. Must be running in the context of a...

Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer

Cybersecurity researchers on Wednesday publicized the disruption of a "clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign, which is believed to have...

DNS-Black-Cat(DBC) - Multi Platform Toolkit For An Interactive DNS Shell Commands Exfiltration, By Using DNS-Cat You Will Be Able To Execute System Commands In Shell Mode Over DNS Protocol

Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel. Server ported as a python script, which acts as DNS server with required functionalities to provide interactive shell...

AMSITrigger - The Hunt For Malicious Strings

Hunting for Malicious Strings Usage: AMSI calls xmas tree mode -d, --debug Show Debug Info -m, --maxsiglength=VALUE Maximum signature Length to cater for, default=2048 -c, --chunksize=VALUE Chunk size to send to AMSIScanBuffer, default=4096 -h, -?, --help Show Help " -i, --inputfile=VALUE...

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension...

Microsoft Windows TokenMagic Privilege Escalation Exploit

This Metasploit module leverages a UAC bypass TokenMagic in order to spawn a process/conduct a DLL hijacking attack to gain SYSTEM-level privileges. Windows 7 through Windows 10 1803 are affected. This module requires Metasploit: https://metasploit.com/download Current source:...

Microsoft Windows TokenMagic Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Privilege Escalation via TokenMagic UAC Bypass', 'Description' = %q This module leverages a UAC bypass TokenMagic in order to spawn a...

DFIR-O365RC - PowerShell Module For Office 365 And Azure AD Log Collection

PowerShell module for Office 365 and Azure AD log collection Module description The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and retrieved...

Description of the security update for Skype for Business Server and Lync Server: May 11, 2021 (KB5003729)

Description of the security update for Skype for Business Server and Lync Server: May 11, 2021 KB5003729 Summary This security update resolves vulnerabilities in Microsoft Skype for Business Server and Microsoft Lync Server. To learn more about these vulnerabilities, see Microsoft Common...

Phishing Attacks Spawn Three New Malware Strains

Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye’s Mandiant cybersecurity team. On Tuesday, the team said that they’ve dubbed the hitherto-unseen malware strains...

MeterPwrShell - Automated Tool That Generate The Perfect Powershell Payload

Automated Tool That Generate A Powershell Oneliner That Can Create Meterpreter Shell On Metasploit,Bypass AMSI,Bypass Firewall,Bypass UAC,And Bypass Any AVs. This tool is powered by Metasploit-Framework and amsi.fail Notes NEVER UPLOAD THE PAYLOAD THAT GENERATED BY THIS PROGRAM TO ANY ONLINE...

Invoke-Stealth - Simple And Powerful PowerShell Script Obfuscator

Invoke-Stealth is a Simple & Powerful PowerShell Script Obfuscator. This tool helps you to automate the obfuscation process of any script written in PowerShell with different techniques. You can use any of them separately, together or all of them sequentially with ease, from Windows or Linux...

Prometei Botnet Could Fire Up APT-Style Attacks

A heretofore little-seen botnet dubbed Prometei is taking a page from advanced persistent threat APT cyberattackers: The malware is exploiting two of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon, in order to drop a Monero cryptominer on its targets. It’s also highly...

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate...

GHSA-7JGJ-8WVC-JH57 .NET Core Information Disclosure

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0...

.NET Core Information Disclosure

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0...

BetterXencrypt - A Better Version Of Xencrypt - Xencrypt It Self Is A Powershell Runtime Crypter Designed To Evade AVs

A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs. cause Xencrypt is not FUD anymore and easily get caught by AMSI,i recode the stub and now it FUD again. And the original Xencrypt,if you see on the screenshot proof,he's tested on Windows 8,and if...

Attackers Target ProxyLogon Exploit to Install Cryptojacker

Cryptojacking can be added to the list of threats that face any unpatched Exchange servers that remain vulnerable to the now-infamous ProxyLogon exploit, new research has found. Researchers discovered the threat actors using Exchange servers compromised using the highly publicized exploit...

COVID-Related Threats, PowerShell Attacks Lead Malware Surge

Surging numbers of COVID-themed attacks, PowerShell trojans, along with the SolarWinds compromise and the continued spread of Sunburst malware were major contributors to a massive spike in the number of observed attacks in the wild during the last half of 2020, which McAfee’s said averaged 588...