Canadian Furious Beaver - A Tool For Monitoring IRP Handler In Windows Drivers, And Facilitating The Process Of Analyzing, Replaying And Fuzzing Windows Drivers For Vulnerabilities

Furious Beaver is a distributed tool for capturing IRPs sent to any Windows driver. It operates in 2 parts: 1. the "Broker" combines both a user-land agent and a self-extractable driver IrpDumper.sys that will install itself on the targeted system. Once running it will expose depending on the...

ImpulsiveDLLHijack - C# Based Tool Which Automates The Process Of Discovering And Exploiting DLL Hijacks In Target Binaries

C based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during RedTeam Operations to evade EDR's. 1. Methodological Approach : The tool basically acts on automating following stages performed for...

Acronis: Local Privilege Escalation via EXE hijacking with Acronis True Image 2021 - Acronis Scheduler2 Service

Vulnerability description not provided...

Acronis: Arbitrary DLL injection in mmsminisrv (Acronis Managed Machine Service Mini)

During initialization, mmsmini.exe service binary of mmsminisrv loads library C:\Program Files x86\Common Files\Acronis\Home\libssl10.dll. The library then tries to load non-existing file: C:\bshudson\workspace\mod-openssl-fips-win\205\product\out\standard\vs2013release\OpenSSL\ssl\openssl.cnf. T...

Microsoft Windows 10 (17763.379) - Install DLL

Microsoft Windows 10 17763.379 - Install DLL edit: Figure out how this works for yourself. I can't be bothered. It's a really hard race, doubt anyone will be able to repro anyway. Could be used with malware, you could programmatically trigger the rollback. Maybe you can even pass the silent flag ...

Setting ProcMon to run at a lower altitude to capture other filter drivers

If you need to get Procmon's filter to run below us in the filter stack, it has a setting for that. Procmon is usually used to figure out what is happening on the machine, but you do not get to see the activity of things such as virus scanners and unifiltr because they happen at a lower level tha...

Visual Malware Analysis: ProcDOT

Visual Malware Analysis There are plenty of tools for behavioral malware analysis. The defacto standard ones, though, are Sysinternals’s Process Monitor also known as Procmon and PCAP generating network sniffers like Windump, Tcpdump, Wireshark, and the like. These “two” tools cover almost...

Portable Malware Analysis Sandbox: Noriben

Portable Malware Analysis Sandbox Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of...

Noriben - Portable, Simple, Malware Analysis Sandbox

Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities. Noriben...

Noriben - Your Personal, Portable Malware Sandbox

Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample's activities. Noriben...

Google Chrome Browser (ChromeHTML://) Remote Parameter Injection

No description provided by source. !-- Google Chrome Browser ChromeHTML:// remote parameter injection POC by Nine:Situations:Group::bellick&strawdog Site: http://retrogod.altervista.org/ tested against: Internet Explorer 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3 List of command...

Google Chrome - ChromeHTML: Remote Parameter Injection

Google Chrome - ChromeHTML: Remote Parameter Injection click me milw0rm.com 2008-12-23...