ClickFix Server

This creates a Web Server which hosts a ClickFix type exploit. When a user visits the site they are given instructions on pasting our payload into a run dialog. When using a custom html page, please use INSERTPAYLOADHERE as the spot to put the generated payload in. Module Options msf use...

ClickFix Server Creation

This Metasploit module creates a web server which hosts a ClickFix type exploit. When a user visits the site they are given instructions on pasting our payload into a run dialog. When using a custom html page, please use INSERTPAYLOADHERE as the spot to put the generated payload in...

📄 dcontrol 1.0.9 Keyboard Injection Remote Code Execution

dcontrol version 1.0.9 is vulnerable to an unauthenticated remote code execution via keyboard input injection. The /control-api/monitor/sendkey and /control-api/monitor/sendtext endpoints allow an unauthenticated attacker to simulate keyboard input on the target system. By chaining these endpoint...

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a "critical" Windows security update. "Campaign leverages fake adult websites xHamster,...

Researchers Expose TA585's MonsterV2 Malware Capabilities and Attack Chain

Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveragi...

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale...

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA...

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Over the past year, Microsoft Threat Intelligence and Microsoft Defender Experts have observed the ClickFix social engineering technique growing in popularity, with campaigns targeting thousands of enterprise and end-user devices globally every day. Since early 2024, we’ve helped multiple custome...

Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Over the past year, Microsoft Threat Intelligence and Microsoft Defender Experts have observed the ClickFix social engineering technique growing in popularity, with campaigns targeting thousands of enterprise and end-user devices globally every day. Since early 2024, we’ve helped multiple custome...

SharpRDP - Remote Desktop Protocol .NET Console Application For Authenticated Command Execution

To compile open the project in Visual Studio and build for release. Two DLLs will be output to the Release directory, you do not need those because the DLLs are in the assembly. If you do not want to use the provided DLLs you will need to .NET SDK to create the AxMSTSCLib.dll DLL. To create it...

August 23, 2016 — KB3176934 (OS Build 14393.82)

August 23, 2016 — KB3176934 OS Build 14393.82 This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Network Controller, DNS server, gateways, Storage Spaces Direct, Group Managed Service...