#Windows

By Deeba Ahmed The vulnerability was identified in System Integrity Protection (SIP) within the macOS ecosystem. This is a post from HackRead.com Read the original post: macOS flaw allowed attackers to install persistent, undetectable malware

By Deeba Ahmed The prime target of this malware campaign is unsuspecting users on Windows 10. This is a post from HackRead.com Read the original post: New malware lures fake Chrome update to attack Windows PCs

By Owais Sultan OSINT refers to information collected from online sources however it requires tools to do so, and here are the 10 best OSINT Tools for 2020. This is a post from HackRead.com Read the original post: Free and Best OSINT Tools 2021

<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-_KxV4jubhaU/YUOcgzhpbJI/AAAAAAAAuvw/Sc0xmixjtXoKF7G1bAmJ0ibxfmIDEAIxwCNcBGAsYHQ/s873/PS2EXE.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="381" data-original-width="873" height="280" src="https://1.bp.blogspot.com/-_KxV4jubhaU/YUOcgzhpbJI/AAAAAAAAuvw/Sc0xmixjtXoKF7G1bAmJ0ibxfmIDEAIxwCNcBGAsYHQ/w640-h280/PS2EXE.JPG" width="640" /></a></div><p><br /></p> <p>Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one switch, real windows executables are generated. With Powershell 5.x support and graphical front end.</p> <p>Module version.</p><span><a name='more'></a></span><p><br /></p> <p>You find the script based version here (<a href="https://github.com/MScholtes/TechNet-Gallery" rel="nofollow" target="_blank" title="https://github.com/MScholtes/TechNet-Gallery">https://githu...

<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-0CNZScA0sq4/YUON6V-lfQI/AAAAAAAAuug/xjavC5KDHcQVEUB8BmaMUVRy8ioMz3uUgCNcBGAsYHQ/s1500/code-light-keyboard.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1000" data-original-width="1500" height="426" src="https://1.bp.blogspot.com/-0CNZScA0sq4/YUON6V-lfQI/AAAAAAAAuug/xjavC5KDHcQVEUB8BmaMUVRy8ioMz3uUgCNcBGAsYHQ/w640-h426/code-light-keyboard.jpg" width="640" /></a></div><p><br /></p> <p>QLOG provides enriched Event Logging for security related events on Windows based systems. It is under heavy development and currently in alpha state. QLOG doesn’t use API hooks and it doesn’t require a driver to be installed on the target system, QLOG only uses ETW to retrieve its telemetry. Currently QLOG supports “process create” events only, but other enriched events will follow soon. QLOG runs as a Windows Services, but can also run in consol...

<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-JMl-654CheQ/YUOLZnQfumI/AAAAAAAAuuQ/JGDFkb4V1iQ5GvRUodx6ZDEecD6q2iZ1gCNcBGAsYHQ/s300/printer_hack.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="168" data-original-width="300" height="358" src="https://1.bp.blogspot.com/-JMl-654CheQ/YUOLZnQfumI/AAAAAAAAuuQ/JGDFkb4V1iQ5GvRUodx6ZDEecD6q2iZ1gCNcBGAsYHQ/w640-h358/printer_hack.jpeg" width="640" /></a></div><p><br /></p> <p>Concealed Position is a local <a href="https://www.kitploit.com/search/label/Privilege%20Escalation" target="_blank" title="privilege escalation">privilege escalation</a> attack against Windows using the concept of "Bring Your Own Vulnerability". Specifically, Concealed Position (CP) uses the <em>as designed</em> package point and print logic in Windows that allows a low privilege user to stage and install printer drivers. CP specifically installs drivers with <a hr...

<p><a href="http://2.bp.blogspot.com/-Lc-pMQxsfVg/YTVKVhCUJqI/AAAAAAAAt1I/Hsik9IJaHQENyEWH7b1bKIx-2vjj3ttNwCK4BGAYYCw/s1600/ntlm_theft_1_example-run-781145.png" style="text-align: center;"><img alt="" border="0" height="336" id="BLOGGER_PHOTO_ID_7004586528950462114" src="http://2.bp.blogspot.com/-Lc-pMQxsfVg/YTVKVhCUJqI/AAAAAAAAt1I/Hsik9IJaHQENyEWH7b1bKIx-2vjj3ttNwCK4BGAYYCw/w640-h336/ntlm_theft_1_example-run-781145.png" width="640" /></a></p><p><br /></p> <p>A tool for generating multiple types of NTLMv2 hash theft files.</p> <p>ntlm_theft is an Open Source Python3 Tool that generates 21 different types of hash theft documents. These can be used for phishing when either the target allows smb traffic outside their network, or if you are already inside the internal network.</p> <p>The benefits of these file types over say macro based documents or exploit documents are that all of these are built using "intended functionality". None were flagged by <a href="https://www.kitploit.com/se...

<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-X7RGnp89UBU/YUNCQ39MNeI/AAAAAAAAunU/ZpAc4HUyWtMEl7jz_yxyLBLvvXkpbacLwCNcBGAsYHQ/s1473/CVE-2021-40444_3_calc.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="820" data-original-width="1473" height="356" src="https://1.bp.blogspot.com/-X7RGnp89UBU/YUNCQ39MNeI/AAAAAAAAunU/ZpAc4HUyWtMEl7jz_yxyLBLvvXkpbacLwCNcBGAsYHQ/w640-h356/CVE-2021-40444_3_calc.png" width="640" /></a></div><p><br /></p><p>Malicious docx <a href="https://www.kitploit.com/search/label/Generator" target="_blank" title="generator">generator</a> to exploit CVE-2021-40444 (Microsoft Office Word <a href="https://www.kitploit.com/search/label/Remote" target="_blank" title="Remote">Remote</a> Code Execution)</p><span><a name='more'></a></span><p><br /></p><p>Creation of this Script is based on some <a href="https://www.kitploit.com/search/label/Reverse%20Engineering" target="_...

Hello everyone! Last Week’s Security News, July 26 – August 1. Serious Sam in Metasploit Last week I talked about the Serious Sam vulnerability (CVE-2021-36934), also known as HiveNightmare. The name HiveNightmare comes from the fact that Windows stores its registry data in a small number of proprietary database files called hives. Due to mismanagement […]

Hello everyone! After 4 episodes of the Last Week’s Security news, I decided to change the format. I will no longer try to cover all the important news, because it takes a long time to prepare such reviews. So, from now on, I will focus only on a few news of the past week, which […]