Exploit for Download of Code Without Integrity Check in Trueconf

🔓 CVE-2026-3502 - TrueConf Client Update Hijacking Exploit !...

📄 Malicious Windows Registration Entries (.reg) File

This Metasploit module creates a Windows Registration Entries .reg file which adds the specified payload to the Windows Registry. The payload runs upon Windows login for the current user. If the user has elevated privileges when opening the file, the payload will run upon login when any user logs...

The five-day job: A BlackByte ransomware intrusion case study

As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response previously known as Microsoft Detection and Response Team – DART of an...

Mustang Panda targets European diplomats using enhanced PlugX backdoor

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...

Monitor Windows Registry Changes with Qualys File Integrity Monitoring

With Windows registries storing a large number of programs and OS security settings and a large amount of raw data, threat actors have begun to use those registries as a data store for their malicious activity. It is therefore imperative for organizations to monitor changes in Windows registries ...

2019: Looking Back at Malware

In 2019, attacker behavior evolved, becoming more evasive. The most common behaviors seen across all attack data—mapped to the MITRE ATT&CK™ Framework—were: Software Packing for Defense Evasion, Hidden Windows for Defense Evasion, Standard Application Layer Protocol for Command and Control C2,...

Microsoft Windows Server 2012 Group Policy Remote Code Execution

Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution Date: 2019-10-28 Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows...

Microsoft Windows Server 2012 - (Group Policy) Remote Code Execution Exploit

Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and...

Persistence – Registry Run Keys

Getting an initial foothold inside a network during a red team operation is a time consuming task. Therefore persistence is key to a successful red team operation as will enable the team to focus on the objectives of the engagement without losing the communication with the command and control...