Security
Headlines
HeadlinesLatestCVEs

Tag

#Windows

macOS flaw allowed attackers to install persistent, undetectable malware

By Deeba Ahmed The vulnerability was identified in System Integrity Protection (SIP) within the macOS ecosystem. This is a post from HackRead.com Read the original post: macOS flaw allowed attackers to install persistent, undetectable malware

HackRead
#Apple News#Malware#Security#Apple#macOS#Microsoft#Rootkit#security#Windows#vulnerability#mac
New malware lures fake Chrome update to attack Windows PCs

By Deeba Ahmed The prime target of this malware campaign is unsuspecting users on Windows 10. This is a post from HackRead.com Read the original post: New malware lures fake Chrome update to attack Windows PCs

PS2EXE - Module To Compile Powershell Scripts To Executables

<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-_KxV4jubhaU/YUOcgzhpbJI/AAAAAAAAuvw/Sc0xmixjtXoKF7G1bAmJ0ibxfmIDEAIxwCNcBGAsYHQ/s873/PS2EXE.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="381" data-original-width="873" height="280" src="https://1.bp.blogspot.com/-_KxV4jubhaU/YUOcgzhpbJI/AAAAAAAAuvw/Sc0xmixjtXoKF7G1bAmJ0ibxfmIDEAIxwCNcBGAsYHQ/w640-h280/PS2EXE.JPG" width="640" /></a></div><p><br /></p> <p>Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one switch, real windows executables are generated. With Powershell 5.x support and graphical front end.</p> <p>Module version.</p><span><a name='more'></a></span><p><br /></p> <p>You find the script based version here (<a href="https://github.com/MScholtes/TechNet-Gallery" rel="nofollow" target="_blank" title="https://github.com/MScholtes/TechNet-Gallery">https://githu...

QLOG - Windows Security Logging

<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-0CNZScA0sq4/YUON6V-lfQI/AAAAAAAAuug/xjavC5KDHcQVEUB8BmaMUVRy8ioMz3uUgCNcBGAsYHQ/s1500/code-light-keyboard.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1000" data-original-width="1500" height="426" src="https://1.bp.blogspot.com/-0CNZScA0sq4/YUON6V-lfQI/AAAAAAAAuug/xjavC5KDHcQVEUB8BmaMUVRy8ioMz3uUgCNcBGAsYHQ/w640-h426/code-light-keyboard.jpg" width="640" /></a></div><p><br /></p> <p>QLOG provides enriched Event Logging for security related events on Windows based systems. It is under heavy development and currently in alpha state. QLOG doesn’t use API hooks and it doesn’t require a driver to be installed on the target system, QLOG only uses ETW to retrieve its telemetry. Currently QLOG supports “process create” events only, but other enriched events will follow soon. QLOG runs as a Windows Services, but can also run in consol...

Concealed Position - Bring Your Own Print Driver Privilege Escalation Tool

<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-JMl-654CheQ/YUOLZnQfumI/AAAAAAAAuuQ/JGDFkb4V1iQ5GvRUodx6ZDEecD6q2iZ1gCNcBGAsYHQ/s300/printer_hack.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="168" data-original-width="300" height="358" src="https://1.bp.blogspot.com/-JMl-654CheQ/YUOLZnQfumI/AAAAAAAAuuQ/JGDFkb4V1iQ5GvRUodx6ZDEecD6q2iZ1gCNcBGAsYHQ/w640-h358/printer_hack.jpeg" width="640" /></a></div><p><br /></p> <p>Concealed Position is a local <a href="https://www.kitploit.com/search/label/Privilege%20Escalation" target="_blank" title="privilege escalation">privilege escalation</a> attack against Windows using the concept of "Bring Your Own Vulnerability". Specifically, Concealed Position (CP) uses the <em>as designed</em> package point and print logic in Windows that allows a low privilege user to stage and install printer drivers. CP specifically installs drivers with <a hr...

Ntlm_Theft - A Tool For Generating Multiple Types Of NTLMv2 Hash Theft Files

<p><a href="http://2.bp.blogspot.com/-Lc-pMQxsfVg/YTVKVhCUJqI/AAAAAAAAt1I/Hsik9IJaHQENyEWH7b1bKIx-2vjj3ttNwCK4BGAYYCw/s1600/ntlm_theft_1_example-run-781145.png" style="text-align: center;"><img alt="" border="0" height="336" id="BLOGGER_PHOTO_ID_7004586528950462114" src="http://2.bp.blogspot.com/-Lc-pMQxsfVg/YTVKVhCUJqI/AAAAAAAAt1I/Hsik9IJaHQENyEWH7b1bKIx-2vjj3ttNwCK4BGAYYCw/w640-h336/ntlm_theft_1_example-run-781145.png" width="640" /></a></p><p><br /></p> <p>A tool for generating multiple types of NTLMv2 hash theft files.</p> <p>ntlm_theft is an Open Source Python3 Tool that generates 21 different types of hash theft documents. These can be used for phishing when either the target allows smb traffic outside their network, or if you are already inside the internal network.</p> <p>The benefits of these file types over say macro based documents or exploit documents are that all of these are built using "intended functionality". None were flagged by <a href="https://www.kitploit.com/se...

CVE-2021-40444 PoC - Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)

<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-X7RGnp89UBU/YUNCQ39MNeI/AAAAAAAAunU/ZpAc4HUyWtMEl7jz_yxyLBLvvXkpbacLwCNcBGAsYHQ/s1473/CVE-2021-40444_3_calc.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="820" data-original-width="1473" height="356" src="https://1.bp.blogspot.com/-X7RGnp89UBU/YUNCQ39MNeI/AAAAAAAAunU/ZpAc4HUyWtMEl7jz_yxyLBLvvXkpbacLwCNcBGAsYHQ/w640-h356/CVE-2021-40444_3_calc.png" width="640" /></a></div><p><br /></p><p>Malicious docx <a href="https://www.kitploit.com/search/label/Generator" target="_blank" title="generator">generator</a> to exploit CVE-2021-40444 (Microsoft Office Word <a href="https://www.kitploit.com/search/label/Remote" target="_blank" title="Remote">Remote</a> Code Execution)</p><span><a name='more'></a></span><p><br /></p><p>Creation of this Script is based on some <a href="https://www.kitploit.com/search/label/Reverse%20Engineering" target="_...

Last Week’s Security news: Serious Sam in Metasploit, PetitPotam, Zimbra Hijack, Joint Advisory TOP30 CVEs

Hello everyone! Last Week’s Security News, July 26 – August 1. Serious Sam in Metasploit Last week I talked about the Serious Sam vulnerability (CVE-2021-36934), also known as HiveNightmare. The name HiveNightmare comes from the fact that Windows stores its registry data in a small number of proprietary database files called hives. Due to mismanagement […]

Last Week’s Security news: Pegasus, SeriousSAM, Sequoia

Hello everyone! After 4 episodes of the Last Week’s Security news, I decided to change the format. I will no longer try to cover all the important news, because it takes a long time to prepare such reviews. So, from now on, I will focus only on a few news of the past week, which […]