7257 matches found
Powershell Exec, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager
Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf...
Powershell Exec, Windows shellcode stage, Reverse UDP Stager with UUID Support
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/powershell/custom/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...
Powershell Exec, Windows shellcode stage, Windows Reverse HTTPS Stager (wininet)
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTPS Windows wininet Module Options msf use payload/cmd/windows/powershell/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...
Powershell Exec, Windows shellcode stage, Reverse TCP Stager (IPv6)
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/powershell/custom/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf...
WebRTC Heap Buffer Overflow Vulnerability
WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome...
DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities
The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previousl...
OffensiveVBA - Code Execution And AV Evasion Methods For Macros In Office Documents
In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates - so this repo can be used for such. It is very far away from being...
Maldev-For-Dummies - A Workshop About Malware Development
In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such,malware development is becoming a vital skill for any operator. Getting started with maldev may seem daunting, but is actually very easy. This workshop will show you all you need to get started...
Dlinject - Inject A Shared Library (I.E. Arbitrary Code) Into A Live Linux Process, Without Ptrace
Inject a shared library i.e. arbitrary code into a live linux process, without ptrace. Inspired by Cexigua and linux-inject, among other things. Usage .. . | /| | || || / | .. / | | | | |/ \ | |/ / \ \ \ | \ | |/|| /| |\ \ | /| // | / /| / / /|| / source:...
VulnCheck KEV: CVE-2022-2294
WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome...
Nim-Loader - WIP Shellcode Loader In Nim With EDR Evasion Techniques
a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common EDR/AV evasion techniques. This is a mess and is forresearch purposes only! Please don't expect it to compile and run without your own modifications...
Frostbyte - FrostByte Is A POC Project That Combines Different Defense Evasion Techniques To Build Better Redteam Payloads
FrostByte Progolue: In the past few days I've been experimenting with the AppDomain manager injection technique had a decent success with it in my previous Red Team engagements against certain EDRs. Although, this is really good for initial access vector, I wanted to release a POC which will help...
SharpEventPersist - Persistence By Writing/Reading Shellcode From Event Log
Persistence by writing/reading shellcode from Event Log. Usage The SharpEventPersist tool takes 4 case-sensitive parameters: -file "C:\path\to\shellcode.bin" -instanceid 1337 -source Persistence -eventlog "Key Management Service". The shellcode is converted to hex and written to the "Key Manageme...
Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware
A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. "The malware is notable for the unusual way it is delivered to target PCs â using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at...
Snake Keylogger Spreads Through Malicious PDFs
While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found. The campaignâdiscovered by researchers at HP Wolf...
Tetanus - Mythic C2 Agent Targeting Linux And Windows Hosts Written In Rust
Tetanus is a Windows and Linux C2 agent written in rust. Installation To install Tetanus, you will need Mythic set up on a machine. In the Mythic root directory, use mythic-cli to install the agent. payload start tetanus" sudo ./mythic-cli install github https://github.com/MythicAgents/tetanus su...
Cisco RV340 SSL VPN Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco RV340 SSL VPN Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a stack buffer overflow in the Cisco RV serie...
Google Chrome 78.0.3904.70 Remote Code Execution
Exploit Title: Google Chrome 78.0.3904.70 - Remote Code Execution Date: 2022-05-03 Exploit Author: deadlock Forrest Orr Type: RCE Platform: Windows Website: https://forrest-orr.net Twitter: https://twitter.com/ForrestOrr Vendor Homepage: https://www.google.com/chrome/ Software Link:...
This New Fileless Malware Hides Shellcode in Windows Event Logs
A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. "It allows the 'fileless' last stage trojan to be hidden from plain sight in the file system," Kaspersky researcher Denis Legezo said in a technical write-...
PEzor-Docker - With The Help Of This Docker Image, You Can Easily Access PEzor On Your System!
With the help of this kali linux image, you can easily access PEzor on your system! Basically, this image is built from the kalilinux/kali-rolling image and then the PEzor shellcode and PE packer is installed on top of it. Sometimes, it's vital to have access to PEzor, specially in a post exploit...