CloudMe 1.11.2 Buffer Overflow
CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the...
View ArticleRecon Informer 1.2
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.
View ArticleWindows File Enumeration Intel Gathering Tool 2.2
NtFileSins.py is a Windows file enumeration intel gathering tool.
View ArticleRecon Informer 1.3
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.
View ArticleMicrosoft Windows cmd.exe Stack Buffer Overflow
Microsoft Windows cmd.exe suffers from a stack buffer overflow vulnerability.
View ArticleMicrosoft Internet Explorer Active-X Control Security Bypass
Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life.
View ArticleMicrosoft Windows .Reg File Dialog Spoofing / Mitigation Bypass
Microsoft Windows suffers from a registration file dialog spoofing vulnerability and their last fix to this issue can be bypassed.
View ArticleMicrosoft Windows Defender / Detection Bypass
Microsoft Windows Defender suffers from a detection bypass vulnerability due to a sub-par mitigation priorly adopted.
View ArticleMicrosoft Windows Contact File Remote Code Execution
This advisory ties together older research on a contact file handling flaw on Microsoft Windows as well as recent research discovered that uses the same methodologies.
View ArticleRSA NetWitness Endpoint EDR Agent 12.x Incorrect Access Control / Code Execution
RSA NetWitness Endpoint EDR Agent version 12.x suffers from incorrect access controls that allow for code execution. It allows local users to stop the Endpoint Windows agent from sending the events to...
View ArticleMicrosoft Windows PowerShell Remote Command Execution
This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3.
View ArticleRansomLord Anti-Ransomware Exploit Tool 1.0
RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware.
View ArticleMicrosoft Defender Anti-Malware PowerShell API Arbitrary Code Execution
Microsoft Defender API and PowerShell APIs suffer from an arbitrary code execution due to a flaw in powershell not handling user provided input that contains a semicolon.
View ArticleMicrosoft Windows PowerShell Code Execution / Event Log Bypass
Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a...
View ArticleRansomLord Anti-Ransomware Exploit Tool 2
RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware by placing PE files in the...
View ArticleIBM i Access Client Solutions Remote Credential Theft
IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability.
View ArticleWyreStorm Apollo VX20 Account Enumeration
An issue was discovered on WyreStorm Apollo VX20 devices prior to version 1.3.58. The TELNET service prompts for a password only after a valid username is entered. Attackers who can reach the Apollo...
View ArticleWyreStorm Apollo VX20 Credential Disclosure
WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET.
View ArticleWyreStorm Apollo VX20 Incorrect Access Control
An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.
View ArticleWindows Defender Detection Mitigation Bypass
This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing...
View ArticleMicrosoft Windows Defender / Detection Bypass Part 3
This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing...
View ArticleMicrosoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass
This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing...
View ArticleMicrosoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation...
Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple...
View ArticleRansomLord Anti-Ransomware Exploit Tool 3
RansomLord generated PE files are saved in x32 and x64 directories and need to be placed in directories where programs execute. The goal of the project is to exploit vulnerabilities inherent in certain...
View ArticleRansomLord Anti-Ransomware Exploit Tool 3.1
RansomLord is a proof-of-concept tool that automates the creation of PE files, used to compromise ransomware pre-encryption. This tool uses dll hijacking to defeat ransomware by placing PE files in the...
View Article