9 matches found
Backdoor.Win32.Amatu.a MVID-2024-0698 Arbitrary File Write
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/1e2d0b90ffc23e00b743c41064bdcc6b.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Amatu.a Vulnerability: Remote Arbitrary File Write RCE Family: Amatu Type: PE32...
Exploit for CVE-2021-1675
CVE-2021-1675 - PrintNightmare LPE PowerShell Caleb Stewa...
Exploit for CVE-2021-1675
CVE-2021-1675 - PrintNightmare LPE PowerShell Caleb Stewa...
Exploit for CVE-2021-34527
CVE-2021-34527 - PrintNightmare LPE PowerShell Caleb Stew...
Exploit for CVE-2021-1675
CVE-2021-1675 - PrintNightmare LPE PowerShell Caleb Stewa...
XLM + AMSI: New runtime defense against Excel 4.0 macro malware
We have recently expanded the integration of Antimalware Scan Interface AMSI with Office 365 to include the runtime scanning of Excel 4.0 XLM macros, to help antivirus solutions tackle the increase in attacks that use malicious XLM macros. This integration, an example of the many security feature...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a PoC exploit for CVE-2020-0796, a buffer overflow vulne...
Windows Exploitation Tricks: Abusing the User-Mode Debugger
Posted by James Forshaw, Google Project Zero I've recently been adding native user-mode debugger support to NtObjectManager. Whenever I add new functionality I have to do some research and reverse engineering to better understand how it works. In this case I wondered what access you need to debug...
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1260 MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT AUTHORITY\SYSTEM and isn't sandboxed. Browsing the list of win32 APIs that the...