The vulnerability of the PowerShell command line interface on Windows operating systems, which allows attackers to exploit their privileges

The vulnerability of the PowerShell command line interface on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain increased privileges...

BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook

Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs fail to scan scripting files, treating them merely as text files. While this might be unfortunate for them, it's an opportunity for us to profit. Flashy methods like residing in memory or...

Psobf - PowerShell Obfuscator

Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels of obfuscation, from basic obfuscation to script fragmentation. This allows users to tailor the...

Windows Escalate UAC Execute RunAs Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Execute RunAs', 'Description' = %q This module will attempt to elevate execution level using the ShellExecute undocumented...

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister's Office and the Ministry of Foreign Affairs, cybersecurity compa...

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication 2FA mandatorily. The enforcement is expected to come into effect starting October 1, 2024. "Accounts with commit access can pu...

CVE-2024-38046

PowerShell Elevation of Privilege Vulnerability...

CVE-2024-38046

PowerShell Elevation of Privilege Vulnerability...

CVE-2024-38046 PowerShell Elevation of Privilege Vulnerability

...

CVE-2024-38046 PowerShell Elevation of Privilege Vulnerability

...

CVE-2024-38046

CVE-2024-38046 is described as a local privilege-escalation vulnerability in PowerShell. The primary public documentation (NVD/NCSC) confirms a local attacker with low privileges could elevate privileges on affected Windows components, with a CVSS v3.1 base score of 7.8 (LOCAL, Privileges Require...

PowerShell Elevation of Privilege Vulnerability

...

Description of the security update for SharePoint Server 2019: September 10, 2024 (KB5002639)

Description of the security update for SharePoint Server 2019: September 10, 2024 KB5002639 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, and Microsoft SharePoint Server denial of service vulnerability. To learn more about the...

Microsoft Windows PowerShell 安全漏洞

Microsoft Windows PowerShell is a command line shell program and scripting environment from Microsoft Corporation USA that enables command line users and script writers to take advantage of the power of . A security vulnerability exists in Microsoft Windows PowerShell. An attacker could exploit t...

PT-2024-6244 · Microsoft · Powershell +1

Name of the Vulnerable Software and Affected Versions: PowerShell affected versions not specified Description: The vulnerability is related to insufficient input validation in the PowerShell command-line shell for Windows operating systems. Exploitation of the vulnerability may allow an attacker ...

CVE-2023-36756

creationtimestamp| type| source ---|---|--- 2024-09-05 15:39:37+00:00| seen| https://www.thezdi.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty 2024-09-12 15:00:00+00:00| seen|...

Gather electerm Passwords

This module will determine if electerm is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible. Module Options msf use post/multi/gather/electerm msf postelecte...

New LummaC2 Malware Variant Uses PowerShell, Obfuscation to Steal Data

Ontinue has discovered a new LummaC2 malware variant with increased activity, using PowerShell for initial infection and employing…...

PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader,"...

New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data

The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascadi...