KB4343892: Windows 10 August 2018 Security Update (Foreshadow)

The remote Windows host is missing security update 4343892. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an...

KB4343887: Windows 10 Version 1607 and Windows Server 2016 August 2018 Security Update (Foreshadow)

The remote Windows host is missing security update 4343887. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtai...

Oracle Weblogic Server Deserialization Remote Code Execution Exploit

Exploit for multiple platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Oracle Weblogic Server Deserialization RCE',...

New Actor DarkHydrus Targets Middle East with Open-Source Phishing

Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work. T...

Granular permissions for Microsoft Azure user

Challenge When adding an Azure account to Veeam Backup & Replication, you would use the Add Microsoft Azure compute account... then, on the Subscription tab of the wizard that opens, select the "Create a new account" option. Doing this will register a new Azure AD Application. The account used to...

Remote Desktop Caching - Tool To Recover Old RDP (mstsc) Session Information In The Form Of Broken PNG Files

This tool allows one to recover old RDP mstsc session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an...

Win-PortFwd - Powershell Script To Setup Windows Port Forwarding Using Native Netsh Client

Powershell script to setup windows port forwarding using native netsh client. Install: git clone https://github.com/deepzec/Win-PortFwd.git Usage: .\win-portfwd.ps1 or powershell.exe -noprofile -executionpolicy bypass -file .\win-portfwd.ps1 Note: This script require admin privileges to run, this...

Unable to deploy custom receiver from Store front. Getting " An error occurred while saving changes on the "Deploy Citrix Receiver" property dialog. Please check the log in event viewer and try again."

While trying to add customized "receiver.exe" to deploy receiver option in Storefront, you might get following error while saving it. "An error occurred while saving changes on the "Deploy Citrix Receiver" property dialog. Please check the log in event viewer and try again". It works fine with...

Case Study: A Cryptomining Attack — With an Assist From Advanced Malware Techniques

In Carbon Black's Quarterly Incident Response Threat Report QIRTR, some of the world’s leading incident response IR professionals reported seeing an uptick in lateral movement, counter incident response, and island-hopping attacks from motivated nation-states. In the case study below, Kroll notes...

How to enable the Firewall rules required by Veeam ONE on the Windows Server Core OS

Challenge Veeam ONE cannot collect any data due to closed Firewall rules on the Windows Server Core OS side. Cause Due to the Windows Server Core OS limitations, it is impossible to enable the necessary Firewall rules required by Veeam ONE using Windows Firewall UI. Solution Enable the rules CMD...

sRDI - Shellcode Implementation Of Reflective DLL Injection

sRDI allows for the conversion of DLL files to position independent shellcode. Functionality is accomplished via two components: C project which compiles a PE loader implementation RDI to shellcode Conversion code which attaches the DLL, RDI, and user data together with a bootstrap This project i...

A mining multitool

Recently, an interesting miner implementation appeared on Kaspersky Lab's radar. The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers. This type of hidden consolidati...

Unidesk Appliance Backup Utility scheduled task must be run as the same user who ran the tool

When you make a scheduled appliance backup task with the utility, the task must specify the same Run As user as the one you're logged in with when you run the tool. Otherwise, your encrypted passwords for vCenter and the MA will be unavailable. You will see errors like this in the Appliance Backu...

System Center Virtual Machine Manager, version 1807

System Center Virtual Machine Manager, version 1807 Applies to:System Center Virtual Machine Manager, version 1807 Introduction This article describes the issues that are fixed in System Center Virtual Machine Manager, version 1807. There are three downloads available for Virtual Machine Manager:...

PoshC2

!PoshC2 Logohttps://raw.githubusercontent.com/nettitude/PoshC...

Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

A widespread spam campaign from the well-known financial criminal group TA505 is spreading the FlawedAmmyy RAT using a brand-new vector: Weaponized PDFs containing malicious SettingContent-ms files. The SettingContent-ms file format was introduced in Windows 10; it allows a user to create...

Microsoft Releases PowerShell Core for Linux as a Snap Package

Microsoft's love for Linux continues… Microsoft has released its command-line shell and scripting language PowerShell Core for Linux operating system as a Snap package, making it easier for Linux users to install Microsoft PowerShell on their system. Yes, you heard me right. Microsoft has made...

Microsoft Releases PowerShell Core for Linux as a Snap Package

Microsoft's love for Linux continues… Microsoft has released its command-line shell and scripting language PowerShell Core for Linux operating system as a Snap package, making it easier for Linux users to install Microsoft PowerShell on their system. Yes, you heard me right. Microsoft has made...

Microsoft PowerShell Core Security Feature Bypass Vulnerability (Jul 2018) - Windows

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2018-8356. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft PowerShell Core Security Feature Bypass Vulnerability (Jul 2018) - Linux

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2018-8356. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...