The Windows KDC allows an interposing attacker to downgrade to RC4 MD4 encryption in compromising the user's TGT session key resulting in escalation of privilege.
7cbb12797e608e56c65513653347b2c0b4cee93da07a7ca593f276da0197c595Backdoor.Win32.Augudor.b malware suffers from a code execution vulnerability.
eb63fba65d43437a287680fff71157dd2127d980055e141a70d67d2a9e75bbe9Backdoor.Win32.Psychward.b malware suffers from a hardcoded credential vulnerability.
4a196172d709119bf5c9fd8264d2064a406a4232f965f914f828caf704ad4124Backdoor.Win32.Bingle.b malware suffers from a hardcoded credential vulnerability.
2071a5c002ce27b0ea6b560999d5a672774467ed9490813fdbb0280c50591569This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password for exploitation, then reverted. If the web page is not accessible, exploitation will be tried blindly. This module has been successfully tested against version 3.11.0.2483 (50) on Windows 10.
6c2eb4ad5b1e41ad931f1a7eef24882ce7a6fe92ea15f97c143643b989a7e758Backdoor.Win32.Hellza.120 malware suffers from a remote command execution vulnerability.
cdc70328ddf40e49dc5b1f2be3419c1dac2bfb6b0721efd3f3603444e744fbd5Backdoor.Win32.Hellza.120 malware suffers from an authentication bypass vulnerability.
adbd455e6069c90acd875b4a68a6da7ff2670fe9ef0da2ea17802f855cdd6cdaTrojan.Ransom.Ryuk.A ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. Once loaded the exploit dll will check if the current directory is "C:\Windows\System32" and if not, we grab our process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.
cf8ca0f9491742132b26f99723587a07bd7827506a1fb18e871a77bfbc3b9a62Trojan-Dropper.Win32.Corty.10 malware suffers from an insecure credential storage vulnerability.
32271f7a5d8be605d0185b7cf8397b7bf3093ad269844c0104016e34a6185027On Windows, the Kerberos ticket renewal process can be used with CG to get an unencrypted TGT session key for a currently authenticated user leading to information disclosure.
1f9bd51e7f807ea1be820b38b4053f9b704e41211fd5779bce57f43bf497716aOn Windows, the handling of cryptographic data comparison in the CG secure process does not use constant time algorithms resulting in information disclosure.
1eae27125e32160c8f3573cd0f12536dc12d59971e45282431a815f2a69f4009On Windows, the KerbIumGetNtlmSupplementalCredential CG API does not check the encryption key type leading to information disclosure of key material.
bfc4de1d074e4d56008f260f7b9c997af5b2161990204d92efb3480c889c7baaOn Windows, CG API KerbIumCreateApReqAuthenticator can be used to decrypt arbitrary encrypted Kerberos keys leading to information disclosure.
795dc1d7b2670d24abb7d74a9852a53667f29e9616266571270c30ddde0cf221Windows Credential guard does not prevent using encrypted Kerberos keys to change a user's password leading to elevation of privilege.
963aa15cc46082f2880e53f09434bff0855b293f238fa1b7b59fcc34a5c7c568Windows CG APIs, which take encrypted keys, do not limit what encryption or checksum types can be used with those keys. This can result in using weak encryption algorithms which could be abused to either generate keystreams or brute force encryption keys.
a89b74c0dc18c8ac3c1161dc1b3af00aa0758ae52080749f23434cc90472d8b2On Windows, the method for allocating a context when using the CG BCrypt APIs is insecure leading to use-after-free of secure memory resulting in elevation of privilege.
c22c4583f57e6b94c3c87d7e06f1807aec4eb6add28377b878080567d6bba7a8On Windows, a number of Kerberos CG APIs do not verify the ASN1 PDU type when decoding and encoding Kerberos ASN1 structures leading to type confusion and elevation of privilege.
af00e87e42028f79ab35606912cd654841bc7965655e5d68e202a8ef913306f4The Windows kernel suffers from multiple memory problems when handling incorrectly formatted security descriptors in registry hives.
293c30cffcbb94043ce3d944e538e450e3725f0cfaac4a97ac6e1fd8f5cb1152The Windows kernel suffers from an invalid read/write condition due to an unchecked Blink cell index in the root security descriptor.
f5ef4884111855adc3fd46bc812f23d93a2b2cd3ea5d058dca7ff112e15a1d10The Windows kernel suffers from a use-after-free vulnerability due to a refcount overflow in the registry hive security descriptors.
887d2c7083667658525f99cb11e9070e5fce0488ac2056ebd3b6c51b176ad7c3Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
67ab23ee09a646ab8cc0ddcc985209f24f253337461e3d9644c6cfe1c097260cTrojan-Ransom.Win32.Hive.bv malware suffers from a code execution vulnerability.
f83469a387bb85b1095ec29c4bce40b4dee2ed888fd5d49f25e84791155b9806Trojan.Win32.Autoit.fhj malware creates two processes "xservice.exe" and a child process "xps.exe". The process creates an IPC pipe with a NULL DACL allowing RW for the Everyone user group.
9841ae12eb6bf5ae767a59bd72cbbd7fd293da629995025465c618d5121bbc7eTrojan-Spy.Win32.Pophot.bsl malware suffers from an insecure permissions vulnerability.
d84abac25b9b004380790dd21ceec9c49b73c59db79cee24d39decbe0e1623e1Backdoor.Win32.Hupigon.aspg malware suffers from an unquoted service path vulnerability.
887752ece5bea2b15b4d32426b1e97bffee8aa1a6842c8f917087432b7ff5e71
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed