Flerken - Obfuscated Command Detection Tool

Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are "living off the land". To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile,...

CVE-2018-6342

react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server either via CSRF or by direct reque...

Obfuscated Command Line Detection Using Machine Learning

This blog post presents a machine learning ML approach to solving an emerging security problem: detecting obfuscated Windows command line invocations on endpoints. We start out with an introduction to this relatively new threat capability, and then discuss how such problems have traditionally bee...

Open-AudIT CSV Injection Vulnerability

Open-AudIT is a network discovery and auditing program. The program intelligently scans networks and network devices and provides status reports. A security vulnerability exists in the export function in versions prior to Open-AudIT 2.2. An attacker can exploit the vulnerability to inject Windows...

China-Linked APT15 Used Myriad of New Tools To Hack UK Government Contractor

CANCUN, Mexico – Researchers at NCC Group have discovered multiple backdoors on a UK government contractor’s computer systems designed to steal sensitive government and military data. The hack is tied to China-linked cyber espionage group APT15, which researchers said is utilizing many new tools ...

Windows Command Shell, Reverse UDP Stager with UUID Support

Spawn a piped command shell staged. Connect back to the attacker with UUID Support This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 312 include Msf::Payload::Stager include...

WinRM Command Runner

This module runs arbitrary Windows commands using the WinRM Service This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/winrm/connection' class MetasploitModule 'WinRM Command Runner', 'Description' = %q This...

Google Finance was traced to reflected File Download(RFD)vulnerabilities-vulnerability warning-the black bar safety net

! A Portuguese network security expert David Sopas found the impact of Google Finance a reflected File DownloadRFDvulnerabilities. I'm in audits of other clients time to discover this vulnerability, through RFD, you need to establish a page to force the download. This Google JSON file of the...

Input validation

Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors...

Successful Shell Attack Detected - Windows 'date' Command

Binary data 6188.prm...

Trojan/Backdoor Detection - Windows Command Shell as Service

Binary data 6229.prm...

Successful Shell Attack Detected - Windows 'route print' Command

Binary data 6195.prm...

Successful Shell Attack Detected - Windows 'net user' Command

Binary data 6198.prm...

Windows Command Shell, Reverse TCP Stager (DNS)

Spawn a piped command shell staged. Connect back to the attacker This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 321 include Msf::Payload::Stager include...

Microsoft Internet Explorer 8 - Denial of Service

Microsoft Internet Explorer 8 - Denial of Service ======================================================================= Internet Explorer 8 Multitudinous looping Denial of Service Exploit ======================================================================= by Asheesh Kumar Mani Tripathi code...

Windows Command Shell, Bind TCP (via Ruby)

Continually listen for a connection and spawn a command shell via Ruby This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 128 include Msf::Payload::Single include...

Windows Command Shell, Reverse TCP Stager (No NX or Win7)

Spawn a piped command shell staged. Connect back to the attacker No NX This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 177 include Msf::Payload::Stager include Msf::Payload::Window...

cmd to modify the registry completely Raiders, containing the latest HIV through registry monitoring techniques-vulnerability warning-the black bar safety net

regedit not disclosed the parameters in cmd. regedit in the run parameters REGEDIT /L:system /R:user filename1 REGEDIT /L:system /R:user /C filename2 REGEDIT /L:system /R:user /E filename3 regpath /L:system Specifies the location of the SYSTEM. The DAT file. /R:user Specifies the location of the...

PHP <= 5.2.3 (php_win32sti) Local Buffer Overflow Exploit

No description provided by source. ?php / Inphex 317 Bytes , Windows Command Shell Bind TCP Inline , Architecture x86 , Windows TinyXP - vm. GET /script.php HTTP/1.1\n telnet 192.168.2.32 4444 Microsoft Windows XP Version 5.1.2600 C Copyright 1985-2001 Microsoft Corp. C:\apache...

PHP <= 5.2.3 (php_win32sti) Local Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ========================================================= PHP 7ffdf020 7c911005 7c9110ed 00000001 00000000 shoutz go to Kevin Finisterre / if!functionexists'winbrowsefile' die'win32std extension is not available'; $shellcode=...