81 matches found
emlog 跨站脚本漏洞
emlog is emlog open source a PHP and MySQL based CMS website builder. A cross-site scripting vulnerability exists in emlog pro-2.5.17 and earlier versions, which stems from insufficient cleanup of the comment and comname parameters and could lead to a remote attacker injecting reflective cross-si...
PowerSploit
This is an offensive tool for Windows PowerShell exploitation. It is a collection of PowerShell modules, specifically PowerSploit, which provides various functions for code execution, DLL injection, and antivirus bypass. The tool is designed to be used by penetration testers and red teamers to te...
PowerSploit
This is an offensive tool for Windows PowerShell exploitation. The repository contains a PowerShell post-exploitation framework called PowerSploit, which provides various tools for exploiting vulnerabilities in Windows systems. The framework includes modules for antivirus bypass, code execution,...
Windows Inject Reflective PE Files, Reverse TCP Stager with UUID Support (Windows x64)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
PowerSploit
This is a PowerShell module repository called PowerSploit, which is a collection of tools for penetration testing and red teaming. The repository contains several modules, including AntivirusBypass and CodeExecution. The AntivirusBypass module is designed to help evade antivirus detection, and it...
TAU Threat Analysis: Medusa Locker Ransomware
In recent weeks Carbon Black’s Threat Analysis Unit TAU has seen an increase in the number of infections attributed to the Medusa Locker ransomware family. There were notable traits exhibited by Medusa Locker in these attacks that warranted further investigation to determine behavioral tactics th...
TAU Threat Analysis: Medusa Locker Ransomware
In recent weeks Carbon Black’s Threat Analysis Unit TAU has seen an increase in the number of infections attributed to the Medusa Locker ransomware family. There were notable traits exhibited by Medusa Locker in these attacks that warranted further investigation to determine behavioral tactics th...
TAU Technical Report: New Attack Combines TinyPOS With Living-off-the-Land Techniques for Scraping Credit Card Data
In April of 2020 VMware Carbon Black Threat Analysis Unit TAU researchers worked with an Incident Response IR partner on a piece of malware that was discovered during an ongoing PCI investigation. The combined analysis showed that attackers who previously leveraged a malware family called TinyPOS...
PowerSploit
This is an offensive tool for Windows PowerShell exploitation. It is a PowerShell post-exploitation framework called PowerSploit, which includes various modules for code execution, DLL injection, and antivirus bypass. The framework is designed to be used by penetration testers and red teamers to...
Windows x64 VNC Server (Reflective Injection), Bind TCP Stager (RC4 Stage Encryption, Metasm)
Inject a VNC Dll via a reflective loader Windows x64 staged. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 616 include...
Windows Meterpreter (Reflective Injection x64), Bind TCP Stager (RC4 Stage Encryption, Metasm)
Inject the meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Windows Meterpreter (Reflective Injection), Windows x86 Bind Named Pipe Stager
Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Listen for a pipe connection Windows x86 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module...
VNC Server (Reflective Injection), Windows x86 Bind Named Pipe Stager
Inject a VNC Dll via a reflective loader staged. Listen for a pipe connection Windows x86 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 349 include Msf::Payload::Stager include...
Windows x64 VNC Server (Reflective Injection), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Inject a VNC Dll via a reflective loader Windows x64 staged. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 585 include...
Windows Meterpreter (Reflective Injection x64), Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Inject the meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Connect back to the attacker -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Windows x64 VNC Server (Reflective Injection), Windows x64 Bind Named Pipe Stager
Inject a VNC Dll via a reflective loader Windows x64 staged. Listen for a pipe connection Windows x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 481 include Msf::Payload::Stag...
Pupy - Opensource, Cross-Platform (Windows, Linux, OSX, Android) Remote Administration And Post-Exploitation Tool
Pupy is an opensource, cross-platform Windows, Linux, OSX, Android, multi function RAT Remote Administration Tool and post-exploitation tool mainly written in python. It features a all-in-memory execution guideline and leaves very low footprint. Pupy can communicate using various transports,...
VNC Server (Reflective Injection), Reverse UDP Stager with UUID Support
Inject a VNC Dll via a reflective loader staged. Connect back to the attacker with UUID Support This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 312 include Msf::Payload::Stager...
Windows Meterpreter (Reflective Injection), Reverse UDP Stager with UUID Support
Inject the meterpreter server DLL via the Reflective Dll Injection payload staged. Connect back to the attacker with UUID Support This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 31...
Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse Named Pipe (SMB) Stager
Inject the meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Connect back to the attacker via a named pipe pivot This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...