EUVD-2023-12307

Malicious code in bioql PyPI...

nishang

This repository is an offensive tool for Windows systems. It contains a collection of PowerShell scripts that can be used to exploit various vulnerabilities and gain unauthorized access to a system. The scripts are designed to be used by attackers to gain a foothold on a system and then escalate...

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks

An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...

CVE-2023-0221

Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program...

CVE-2023-0221

Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program...

CVE-2023-0221

Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program...

CVE-2023-0221

Trellix ACC (Trellix Application and Change Control) vulnerability CVE-2023-0221 affects versions prior to 8.3.4. A locally logged-in attacker with administrator privileges can bypass ACC’s execution controls via the utilman program. Impact is the circumvention of restricted execution paths. Reme...

PT-2023-16094 · Microsoft +1 · Utilman +1

Name of the Vulnerable Software and Affected Versions: ACC versions prior to 8.3.4 Description: The issue allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. Recommendations: For versions prior to 8.3.4,...

Trellix Application and Change Control 安全漏洞

Trellix Application and Change Control Trellix ACC is an application and change control program from American FireEye Trellix. A security vulnerability exists in Trellix Application and Change Control versions prior to 8.3.4, which stems from a vulnerability that allows a locally logged-in attack...

stickyKeysHunter - A Script to Test an RDP Host for Sticky Keys and Utilman Backdoor

This bash script tests for sticky keys and utilman backdoors. The script will connect to an RDP server, send both the sticky keys and utilman triggers and screenshot the result. How does it work? 1. Connects to RDP using rdesktop 2. Sends shift 5 times using xdotool to trigger sethc.exe backdoors...

Sticky Keys Persistence Module

This module makes it possible to apply the 'sticky keys' hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certain...