Browsing tag
Cybersecurity researchers have discovered a new campaign that’s exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or commands via specifically […]
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident “began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation […]
Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader. The attack has been attributed to a threat actor tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) under the moniker UAC-0184. “The […]
Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a now-patched critical security flaw in its Outlook email service to gain unauthorized access to victims’ accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called Forest Blizzard (formerly Strontium), which is also widely tracked under the monikers APT28, […]
A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. “In this campaign, the threat actors steal and exfiltrate NTLMv2 hashes using customized versions […]
An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop. “PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption,” according to Adlumin, which found the malware implanted in an unnamed domestic aerospace defense contractor in May 2023. “The name is derived from […]
Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems. Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany. “The attack campaign has […]
The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, the malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI’s ChatGPT, Spotify, Tableau, and Zoom. BATLOADER, as the name suggests, […]
A recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit, also called Gootloader, is known to employ search engine optimization (SEO) poisoning tactics (aka spamdexing) for initial access. It typically works by compromising and abusing legitimate infrastructure and seeding those sites with […]
Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker,” the tech giant […]
An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group known as Charming Kitten (aka Phosphorous, APT35, or TA453), while also calling out the […]
FIN6 cybercrime group tied with a LockerGoga and Ryuk ransomware that targets the enterprise network in an engineering industry by compromising the internet facing system. Researchers from FireEye recently learning this incident from their customer’s network and the further investigation reveals that the FIN6 group was in the Initial stage of attack. FIN6 using publicly […]
DCOMrade is a Powershell script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. The script is build to work with Powershell 2.0 but will work with all versions above as well. The script currently supports the following Windows operating systems (both […]
Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging, Module logging, Transcription, AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API. Work In Progress This is still a preliminary version intended as a POC. The code works only on x64 processes and tested against […]
Microsoft signed DLL for the ActiveDirectory PowerShell module Just a backup for the Microsoft’s ActiveDirectory PowerShell module from Server 2016 with RSAT and module installed. The DLL is usually found at this path: C:WindowsMicrosoft.NETassemblyGAC_64Microsoft.ActiveDirectory.Management and the rest of the module files at this path: C:WindowsSystem32WindowsPowerShellv1.0ModulesActiveDirectory Usage You can copy this DLL to your machine and […]
Newly discovered PowerGhost Malware Spreading across corporate networks that infecting both servers and workstations to illegally mining the crypt-currency and Perform DDoS Attacks. Cybercriminals targeting large number corporate networks to mining the cryptocurrency and DDoS attack to generate huge profits. Enterprise Networks should choose the best DDoS Attack prevention services to ensure the DDoS attack protection and prevent […]
Making FUD Shortcut (.lnk) payloads with LNK-KISSER to remote execute malicious code. Shortcut-Payload-Generator Exploiting Powershell to make ShortCut Payloads [fud]. There is too much of awsome tricks there , u can make it better ^_^. For Ex : Killing tcpview , taskmanager ..etc while downloading. Set hidden attribs to the malware after downloading….etc G00d […]
Newly detected MuddyWater Malware campaign open the sophisticated backdoor in Windows PC by launching Powershell script using weaponized Microsoft word document. Initially, MuddyWater attack targeted the Saudi government using the same set of malicious components with PowerShell script in 2017 also it launch the same attack on other countries like Turkey, Pakistan, and Tajikistan in March […]
Security researchers have found a critical flaw in Windows 10 where Cortana can be manipulated into executing Powershell commands on locked devices. Attackers can misuse this vulnerability to retrieve confidential data, reset the password, log into a device, and even execute codes from above the lock screen. The only sense of satisfaction is that it requires physical access […]
Information security professionals explain that Harness is the remote access payload with the ability to provide a remote interactive PowerShell interface from a Windows system to almost any TCP socket. The goal of the Harness Project is to provide a remote interface with the capabilities and feel of the native PowerShell executable included with the Windows […]
An information security expert explains that Grouper is an unstable PowerShell module designed for use by pentesters and redteamers that filters the XML output of the Get-GPOReport cmdlet and identifies all the settings defined in the GPO group policy objects that may be useful for someone who tries to do something bad. Here are some examples of […]