CVE-2023-31447

userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...

CVE-2023-31447

userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...

Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities

While DLL sideloading can be used for legitimate purposes, such as loading necessary libraries for a program to function, it can also be used for malicious purposes. Attackers can use DLL sideloading to execute arbitrary code on a target system, often by exploiting vulnerabilities in legitimate...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

Citrix ADC RCE CVE-2023-3519 This exploit uses addresses and s...

Exploit for CVE-2022-24500

CVE-2022-24500 RCE Exploit Windows SMB Remote Code Execut...

General Device Manager 2.5.2.2 Buffer Overflow

Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Date: 30.07.2023 Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested...

Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)

import ctypes, struct from keystone import Shellcode Author: Senzee Shellcode Title: Windows/x64 - PIC Null-Free Calc.exe Shellcode 169 Bytes Date: 07/26/2023 Platform: Windows x64 Tested on: Windows 11 Home/Windows Server 2022 Standard/Windows Server 2019 Datacenter OS Version respectively:...

General Device Manager 2.5.2.2 - Buffer Overflow (SEH) Exploit

Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested on: Windows 10...

General Device Manager 2.5.2.2 - Buffer Overflow (SEH)

Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Date: 30.07.2023 Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

Citrix ADC RCE CVE-2023-3519 This exploit uses addresses and s...

Exploit for Out-of-bounds Write in Fortinet Fortios

CVE-2022-42475 Background This is the exploit for the blog...

Predator Android Spyware: Researchers Uncover New Data Theft Capabilities

Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa previously Cytrox. Predator was first documented by Google's Threat Analysis Group TAG in May 2022 as part of attacks leveraging five differe...

New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East

An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020. Fortinet Fortiguard Labs, which dubbed the artifact WINTAPIX WinTapix.sys, attributed the malware with low confidence to an Iranian threat...

Hades - Go Shellcode Loader That Combines Multiple Evasion Techniques

Hades is a proof of concept loader that combines several evasion technques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRs. Usage The easiest way, is probably building the project on Linux using make. git clone https://github.com/f1zm0/hades && cd hades make The...

TFTP Fetch, Windows shellcode stage, Windows x64 Reverse Named Pipe (SMB) Stager

Fetch and execute an x64 payload from a TFTP server. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/tftp/x64/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set ACTIO...

TFTP Fetch, Windows shellcode stage, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from a TFTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/tftp/x64/custom/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options...

TFTP Fetch, Windows shellcode stage, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from a TFTP server. Custom shellcode stage. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/custom/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTI...

HTTP Fetch, Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an HTTP server. Custom shellcode stage. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/http/x64/custom/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...

HTTPS Fetch, Windows shellcode stage, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/https/x64/custom/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set...

HTTPS Fetch, Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an HTTPS server. Custom shellcode stage. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/https/x64/custom/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...