26 matches found
wined
Windows Exploitation wined Tools The following scripts were...
PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks
The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to...
PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks
The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to...
Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool
Trend Micro’s Managed Extended Detection and Response MxDR team discovered that a file called x32dbg.exe was used to sideload a malicious DLL we identified as a variant of PlugX...
Lupo - Malware IOC Extractor. Debugging Module For Malware Analysis Automation
Debugging module for Malware Analysis Automation For a step by step post on how to use Lupo, with images and instructions, please see this post: https://medium.com/@vishalthakur/lupo-malware-ioc-extractor-cc86ae76b85d Introduction Working on security incidents that involve malware, we come across...
Patchless AMSI bypass using SharpBlock
Introduction For those that followed my personal blog posts on Creating an EDR and Bypassing It, I developed a new tool called SharpBlock. The tool implements a Windows debugger to prevent EDR’s or any other DLL from loading into a process that SharpBlock launches. One feature that was missing fr...
Binary vulnerability in ollydbg buffer
OllyDbg is a 32-bit Microsoft Windows assembly-level analyzing debugger, especially useful when source code is unavailable or the compiler encounters problems. A binary vulnerability exists in the ollydbg buffer that can be exploited by an attacker to cause a denial of service to the server...
DbgShell - A PowerShell Front-End For The Windows Debugger Engine
A PowerShell front-end for the Windows debugger engine. Ready to tab your way to glory? For a quicker intro, take a look at Getting Started. Disclaimers 1. This project is not produced, endorsed, or monitored by the Windows debugger team. While the debugger team welcomes feedback about their API...
PowerShell Front-End for Windows Debugger Engine: DbgShell
The main impetus for DbgShell is that it’s just waaaay too hard to automate anything in the debugger. There are facilities today to assist in automating the debugger, of course. But in my opinion they are not meeting people’s needs. Using the built-in scripting language is arcane, limited,...
Microsoft Edge Chakra NULL Pointer Dereference
spreadIndices = nullptr // This function emits the arguments for a call. // ArgOut's with uses immediately following defs. EmitArgListStartthisLocation, byteCodeGenerator, funcInfo, callSiteId; Js::RegSlot evalLocation = Js::Constants::NoRegister; // // If Emitting arguments for eval and assignin...
Microsoft Process Kill Utility (kill.exe) 6.3.9600.17298 - Crash (PoC)
Exploit for windows platform in category dos / poc ''' + Credits: HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MS-KILL-UTILITY-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================= www.microsoft.com Product:...
JPEGsnoop <= 1.5.2 WriteAV Crash PoC
No description provided by source. !/usr/bin/perl JPEGsnoop 1.5.2 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://sourceforge.net/projects/jpegsnoop/ Vendor Description: JPEGsnoop is a detailed JPEG image decoder and analysis tool. It reports al...
FortKnox Personal Firewall 9.0.305.0 & 10.0.305.0 - Kernel Driver (fortknoxfw.sys) Memory Corruption Vulnerability
No description provided by source. / Exploit Title: 0day FortKnox Personal Firewall kernel driver fortknoxfw.sys memory corruption vulnerability Date: 25/10/2013 Author: Arash Allebrahim Contact : [email protected] Vendor Homepage: http://www.fortknox-firewall.com/ Vulnerable software :...
DIMIN Viewer 5.4.0 Crash PoC
No description provided by source. !/usr/bin/perl DIMIN Viewer 5.4.0 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://www.dimin.net Vendor Decription: View images in countless formats, and apply a variety of effects with this small, fast, and...
[MoonSols] Windows Memory Toolkit
MoonSols Windows Memory Toolkit is a powerful toolkit containing all the utilities needed to perform any kind of memory acquisition or conversion during an incident response, or a forensic analysis for Windows desktops, servers or virtualized environment. The version 2.0 is a refresh and updated...
VideoLAN VLC Media Player 2.0.7 - '.png' Crash (PoC)
!/usr/bin/python VLC Media Player 2.0.7 PNG Crash PoC Vendor Homepage: http://www.videolan.org/ Version: 2.0.7 Tested on: Windows 7 64-bit Author: Kevin Fujimoto Debug Information: Microsoft R Windows Debugger Version 6.12.0002.633 X86 Copyright c Microsoft Corporation. All rights reserved. wait...
DIMIN Viewer 5.4.0 - Crash (PoC)
!/usr/bin/perl DIMIN Viewer 5.4.0 Vendor URI: http://www.dimin.net Vendor Decription: View images in countless formats, and apply a variety of effects with this small, fast, and powerful application. Dimin Viewer incorporates unique visualization ideas, like Panoramic Photographs Tool and Big Ima...
Hardcoreview WriteAV Arbitrary Code Execution
!/usr/bin/perl Hardcoreview WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://sourceforge.net/projects/hardcoreview/ Vendor Description: Image browser. Designed and created for profesional and amature watching image files. All kind of image files...
VLC Player 2.0.3 ReadAV Arbitrary Code Execution
No description provided by source. !/usr/bin/perl VLC Player 2.0.3 = ReadAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://www.videolan.org/vlc/ Vendor Description: VLC is a free and open source cross-platform multimedia player and framework that plays...
Microsoft Office Excel Code Execution
!/usr/bin/perl Microsoft Office Excel ReadAV Arbitrary Code Execution Author: Jean Pascal Pereira Vendor URI: http://office.microsoft.com Vendor Description: Microsoft Excel is a commercial spreadsheet application written and distributed by Microsoft for Microsoft Windows and Mac OS X. It feature...