147 matches found
EUVD-2004-0207
Malware in sbrugna...
EUVD-2007-2722
Malware in sbrugna...
EUVD-2015-3486
Malware in sbrugna...
charlotte
This is a C++ shellcode launcher, fully undetected as of May 13th, 2021. It dynamically invokes Windows API functions, XOR encrypts shellcode and function names, and uses random XOR keys and variables per run. The code is designed to be stealthy and evade detection. The code is written in C++ and...
On Automating Security Policies with Contemporary LLMs
The complexity of modern computing environments and the growing sophistication of cyber threats necessitate a more robust, adaptive, and automated approach to security enforcement. In this paper, we present a framework leveraging large language models LLMs for automating attack mitigation policy...
Malicious code in windows-api-codec-pack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92245ebaf3540c628e01a2ec1741659ca0285f765539581481af03e857d4d31f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3658 Malicious code in windows-api-codec-pack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92245ebaf3540c628e01a2ec1741659ca0285f765539581481af03e857d4d31f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads
An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scannin...
Exploit for Heap-based Buffer Overflow in Microsoft
Exploit-PoC-para-CVE-2024-30085 Exploit en Python diseñado par...
Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API
Cisco Talos' Vulnerability Research team discovered two vulnerabilities have been disclosed and fixed over the past few weeks. Talos discovered a time-of-check time-of-use vulnerability in Adobe Acrobat Reader, one of the most popular PDF readers currently available, and an information disclosure...
Malicious code in WindowsAPICodePack.Net (NuGet)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-34332
An issue in SiSoftware SANDRA v31.66 SANDRA.sys 15.18.1.1 and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API...
CVE-2024-34332
CVE-2024-34332 describes a local privilege-escalation in SiSoftware SANDRA up to v31.66 (SANDRA.sys 15.18.1.1 or earlier) where a crafted buffer sent to the Windows kernel driver via DeviceIoControl can elevate privileges. The issue affects the kernel driver component and enables an attacker with...
CVE-2024-34332
An issue in SiSoftware SANDRA v31.66 SANDRA.sys 15.18.1.1 and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API...
CVE-2024-34332
An issue in SiSoftware SANDRA v31.66 SANDRA.sys 15.18.1.1 and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API...
Gftrace - A Command Line Windows API Tracing Tool For Golang Binaries
A command line Windows API tracing tool for Golang binaries. Note: This tool is a PoC and a work-in-progress prototype so please treat it as such. Feedbacks are always welcome! How it works? Although Golang programs contains a lot of nuances regarding the way they are built and their behavior in...
CVE-2024-24576
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...
BIT-TOMCAT-2021-24122 Apache Tomcat information disclosure
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 9.0.0 through 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API...
How To Hunt For UEFI Malware Using Velociraptor
UEFI threats have historically been limited in number and mostly implemented by nation state actors as stealthy persistence. However, the recent proliferation of Black Lotus on the dark web, Trickbot enumeration module late 2022, and Glupteba November 2023 indicates that this historical trend may...
Dynmx - Signature-based Detection Of Malware Features Based On Windows API Call Sequences
dynmx spoken dynamics is a signature-based detection approach for behavioural malware features based on Windows API call sequences. In a simplified way, you can think of dynmx as a sort of YARA for API call traces so called function logs originating from malware sandboxes. Hence, the data basis f...