15 matches found
EUVD-2024-41443
Malicious code in bioql PyPI...
CVE-2024-45335
Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection...
New details on TinyTurla’s post-compromise activity reveal full kill chain
Cisco Talos is providing an update on its two recent reports on a new and ongoing campaign where Turla, a Russian espionage group, deployed their TinyTurla-NG TTNG implant. We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures TTPs...
Jektor - A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses
This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victim system Dynamically resolves API functions to evade IAT inclusion Includes usage of undocumented NT Windows API functions Supports local shellcode execution via...
Adwind Spyware-as-a-Service Attacks Utility Grid Operators
A phishing campaign that spoofs a PDF attachment to deliver Adwind spyware has been taking aim at national grid utilities infrastructure. Adwind, a.k.a. JRAT or SockRat, is being used in a malware-as-a-service model in this campaign, researchers said. It offers a full cadre of info-gathering...
New Dridex Variant Slips By Anti-Virus Detection
Researchers have spotted a variant of the Dridex banking trojan with new obfuscation capabilities that help it skirt anti-virus detection. While Dridex has been around since 2011, researchers told Threatpost Friday that they recently spotted phishing emails distributing a never-before-seen varian...
Unprotect Project: Classify Malwares Based on Known Evasion Techniques
PenTestIT RSS Feed One of the first steps in learning about a malware is to see if it is evasive in any sense and then proceed accordingly. The Unprotect Project helps you do this easily. It is an open source project in Python that proposes a malware classification techniques based on their evasi...
SharpShooter - Payload Generation Framework
SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw's DotNetToJavaScript tool to invoke methods from the...
Payload Generation Framework: SharpShooter
SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code. SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw’s DotNetToJavaScript tool to invoke methods from the...
Hackers Targeting Servers Running Database Services for Mining Cryptocurrency
Security researchers have discovered multiple attack campaigns conducted by an established Chinese criminal group that operates worldwide, targeting database servers for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. The researchers from security firm GuardiCore...
The Malicious Macro Generator!
PenTestIT RSS Feed I'm sure you remember my older post about the malicious office document generator and the office exploitation toolkit. Just a refresher - Luckystrike is the open source script that helps you create malicious Microsoft Office documents using PowerShell and MicroSploit is an open...
Shylock Trojan Going Global with New Features, Resilient Infrastructure
The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report. To this point, Shylock has made its money via man-in-the-browser attack...
New 'Drive-By Email' Attack Found in Wild
A new email-based threat is capable of infecting a machine even without opening any attachments within, according to a report from the Daily Mail. The emails, which reportedly download their payload once opened, are not directly infected and therefore will not trigger detection by anti-virus...
Multi-layer unzip the ZIP package to evade anti-virus-vulnerability warning-the black bar safety net
BK group of large cattle are in the discussion of the mollusc, suddenly thought of in the cloud Shu BLOG once saw a infinite unzip the bag to let the soft kill loop of the article, the article mentioned some of the stupid anti-virus may occur an infinite loop, so smart why not die? Because some...
hook NtReadVirtualMemory interfere with anti-virus scanning-vulnerability warning-the black bar safety net
Article author: asmhttp://www.sbasm.cn Wrote a against scan something with you to share! The technical content is not high, large cow floating by.! Always write is a ring3 code, now very carefully put together a copycat version of the drive code, a long time not so seriously. Hope a big cow can...