Windows Escalate UAC Execute RunAs Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Execute RunAs', 'Description' = %q This module will attempt to elevate execution level using the ShellExecute undocumented...

Uninitialized GPU Register Access

AMD ID: AMD-SB-6013 Potential Impact: Data Leakage Severity: Medium Summary AMD is aware of a publicly available paper titled “Whispering Pixels: Exploiting Uninitialized Register Accesses in Modern GPUs” which describes a technique for potentially leaking pixel data from GPU registers...

SoumniBot: the new Android banker’s unique techniques

The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very...

Persistence – DLL Proxy Loading

DLL Proxy Loading is a technique which an arbitrary DLL exports the same functions as the legitimate DLL and forwards the calls to the legitimate… Continue reading - Persistence - DLL Proxy Loading...

Metasploit Framework 6.4 Released

Today, Metasploit is pleased to announce the release of Metasploit Framework 6.4. It has been just over a year since the release of version 6.3 and the team has added many new features and improvements since then. For news reporters, please reach out to [email protected]. Kerberos Improvements...

NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes

NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes. Install git clone https://github.com/MatheuZSecurity/NullSection cd NullSection gcc nullsection.c -o nullsection ./nullsection Advantage When running nullsection on any ELF, it could ...

TA4557 Targets Recruiters by Delivering Malware Disguised as Job Applicant

Summary: Threat actor TA4557 has been focusing on recruiters by posing as job applicants to distribute malware. While this approach is not unprecedented, there have been notable shifts in both technique and attack vectors compared to their previous methods. The attackers have demonstrated an...

Bouncy Castle For Java LDAP injection vulnerability

Bouncy Castle provides the X509LDAPCertStoreSpi.java class which can be used in conjunction with the CertPath API for validating certificate paths. Pre-1.73 the implementation did not check the X.500 name of any certificate, subject, or issuer being passed in for LDAP wild cards, meaning the...

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry

An advanced persistent threat APT actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an...

Following the Lazarus group by tracking DeathNote campaign

The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. We have previously published information about the connections of each cluster of this group. In this blog, well focus on an active cluster that we dubbed DeathNote because the malware responsible for...

Akamai Mitigates Hop-by-Hop Header Abuse Leading to Request Smuggling

Security researchers identified and disclosed a new technique of hop-by-hop header attacks, leading to request smuggling, which Akamai successfully mitigated...

What is User Flow and how to make one?

By Owais Sultan User Flow is a technique that allows you to quickly map the entire flow of screens on your… This is a post from HackRead.com Read the original post: What is User Flow and how to make one?...

RefleXXion - A Utility Designed To Aid In Bypassing User-Mode Hooks Utilised By AV/EPP/EDR Etc

Introduction RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature arra...

Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying

In the world of mobile malware, simply shutting down a device can often wipe out any bad code, given that persistence after rebooting is a challenge for traditional malicious activity. But a new iPhone technique can hijack and prevent any shut-down process that a user initiates, simulating a real...

What Is a Watering Hole Attack?

It's a technique that can hit thousands of victims—through no fault of their own...

Lazarus APT conceals malicious code within BMP image to drop its RAT

This blog was authored by Hossein Jazi Lazarus APT is one of the most sophisticated North Korean Threat Actors that has been active since at least 2009. This actor is known to target the U.S., South Korea, Japan and several other countries. In one of their most recent campaigns Lazarus used a...

AdvPhishing - This Is Advance Phishing Tool! OTP PHISHING

This Is Advance Phishing Tool! OTP PHISHING SPECIAL OTP BYPASS VIDEO WORKED Social Media Hack | Link ---|--- Installation Termux | https://www.youtube.com/watch?v=LO3hX1lLBjI Whatsapp OTP | https://www.youtube.com/watch?v=pyB63ym3QYs Google OTP | https://www.youtube.com/watch?v=MhSb4My1lZo Paytm...

Broad, Ongoing Cyberattacks Targeting Australia Underscore Need for Behavioral-Based Cybersecurity

On Friday the Australian Federal Government detailed sustained ‘copy-paste’ threats on government and business throughout the country. According to the Government: “‘Copy-paste compromises’ is derived from … heavy use of proof-of-concept exploit code, web shells and other tools copied almost...

Execute .net Assembly (x64 only)

This module executes a .NET assembly in memory. It reflectively loads a dll that will host CLR, then it copies the assembly to be executed into memory. Credits for AMSI bypass to Rastamouse @RastaMouse This module requires Metasploit: https://metasploit.com/download Current source:...

Phishing-Simulation - Aims To Increase Phishing Awareness By Providing An Intuitive Tutorial And Customized Assessment

Phishing Simulation mainly aims to increase phishing awareness by providing an intuitive tutorial and customized assessment without any actual setup - no domain, no infrastructure, no actual email address to assess people's action on any given situation and gives ability to understand what is the...