The Windows KDC allows an interposing attacker to downgrade to RC4 MD4 encryption in compromising the user's TGT session key resulting in escalation of privilege.
7cbb12797e608e56c65513653347b2c0b4cee93da07a7ca593f276da0197c595
Backdoor.Win32.Augudor.b malware suffers from a code execution vulnerability.
eb63fba65d43437a287680fff71157dd2127d980055e141a70d67d2a9e75bbe9
Backdoor.Win32.Psychward.b malware suffers from a hardcoded credential vulnerability.
4a196172d709119bf5c9fd8264d2064a406a4232f965f914f828caf704ad4124
Backdoor.Win32.Bingle.b malware suffers from a hardcoded credential vulnerability.
2071a5c002ce27b0ea6b560999d5a672774467ed9490813fdbb0280c50591569
This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group password, or individual user accounts. If the web page is accessible, the access control is set to no password for exploitation, then reverted. If the web page is not accessible, exploitation will be tried blindly. This module has been successfully tested against version 3.11.0.2483 (50) on Windows 10.
6c2eb4ad5b1e41ad931f1a7eef24882ce7a6fe92ea15f97c143643b989a7e758
Backdoor.Win32.Hellza.120 malware suffers from a remote command execution vulnerability.
cdc70328ddf40e49dc5b1f2be3419c1dac2bfb6b0721efd3f3603444e744fbd5
Backdoor.Win32.Hellza.120 malware suffers from an authentication bypass vulnerability.
adbd455e6069c90acd875b4a68a6da7ff2670fe9ef0da2ea17802f855cdd6cda
Trojan.Ransom.Ryuk.A ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. Once loaded the exploit dll will check if the current directory is "C:\Windows\System32" and if not, we grab our process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.
cf8ca0f9491742132b26f99723587a07bd7827506a1fb18e871a77bfbc3b9a62
Trojan-Dropper.Win32.Corty.10 malware suffers from an insecure credential storage vulnerability.
32271f7a5d8be605d0185b7cf8397b7bf3093ad269844c0104016e34a6185027
On Windows, the Kerberos ticket renewal process can be used with CG to get an unencrypted TGT session key for a currently authenticated user leading to information disclosure.
1f9bd51e7f807ea1be820b38b4053f9b704e41211fd5779bce57f43bf497716a
On Windows, the handling of cryptographic data comparison in the CG secure process does not use constant time algorithms resulting in information disclosure.
1eae27125e32160c8f3573cd0f12536dc12d59971e45282431a815f2a69f4009
On Windows, the KerbIumGetNtlmSupplementalCredential CG API does not check the encryption key type leading to information disclosure of key material.
bfc4de1d074e4d56008f260f7b9c997af5b2161990204d92efb3480c889c7baa
On Windows, CG API KerbIumCreateApReqAuthenticator can be used to decrypt arbitrary encrypted Kerberos keys leading to information disclosure.
795dc1d7b2670d24abb7d74a9852a53667f29e9616266571270c30ddde0cf221
Windows Credential guard does not prevent using encrypted Kerberos keys to change a user's password leading to elevation of privilege.
963aa15cc46082f2880e53f09434bff0855b293f238fa1b7b59fcc34a5c7c568
Windows CG APIs, which take encrypted keys, do not limit what encryption or checksum types can be used with those keys. This can result in using weak encryption algorithms which could be abused to either generate keystreams or brute force encryption keys.
a89b74c0dc18c8ac3c1161dc1b3af00aa0758ae52080749f23434cc90472d8b2
On Windows, the method for allocating a context when using the CG BCrypt APIs is insecure leading to use-after-free of secure memory resulting in elevation of privilege.
c22c4583f57e6b94c3c87d7e06f1807aec4eb6add28377b878080567d6bba7a8
On Windows, a number of Kerberos CG APIs do not verify the ASN1 PDU type when decoding and encoding Kerberos ASN1 structures leading to type confusion and elevation of privilege.
af00e87e42028f79ab35606912cd654841bc7965655e5d68e202a8ef913306f4
The Windows kernel suffers from multiple memory problems when handling incorrectly formatted security descriptors in registry hives.
293c30cffcbb94043ce3d944e538e450e3725f0cfaac4a97ac6e1fd8f5cb1152
The Windows kernel suffers from an invalid read/write condition due to an unchecked Blink cell index in the root security descriptor.
f5ef4884111855adc3fd46bc812f23d93a2b2cd3ea5d058dca7ff112e15a1d10
The Windows kernel suffers from a use-after-free vulnerability due to a refcount overflow in the registry hive security descriptors.
887d2c7083667658525f99cb11e9070e5fce0488ac2056ebd3b6c51b176ad7c3
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
67ab23ee09a646ab8cc0ddcc985209f24f253337461e3d9644c6cfe1c097260c
Trojan-Ransom.Win32.Hive.bv malware suffers from a code execution vulnerability.
f83469a387bb85b1095ec29c4bce40b4dee2ed888fd5d49f25e84791155b9806
Trojan.Win32.Autoit.fhj malware creates two processes "xservice.exe" and a child process "xps.exe". The process creates an IPC pipe with a NULL DACL allowing RW for the Everyone user group.
9841ae12eb6bf5ae767a59bd72cbbd7fd293da629995025465c618d5121bbc7e
Trojan-Spy.Win32.Pophot.bsl malware suffers from an insecure permissions vulnerability.
d84abac25b9b004380790dd21ceec9c49b73c59db79cee24d39decbe0e1623e1
Backdoor.Win32.Hupigon.aspg malware suffers from an unquoted service path vulnerability.
887752ece5bea2b15b4d32426b1e97bffee8aa1a6842c8f917087432b7ff5e71