Choose Again.

This is the last post/activity you’ll see on MDNC. I have now chosen to bring the MDNC (Blog/Kafeine/MISP) project to an end. Thanks to those who helped me during this incredible 8 years journey. The blog and twitter account will stay up (but inactive) for the records. The MDNC MISP…

CVE-2018-15982 (Flash Player up to 31.0.0.153) and Exploit Kits

The CVE-2018-15982 is a bug that allows remote code execution in Flash Player up to 31.0.0.153, spotted in the wild as a 0day. Patched on December 05, 2018 with APSB18-42. Underminer: Underminer exploit kit improves in its latest iteration - 2018-12-21 - Malwarebytes Fallout: 2019-01-16 Figure 4: Fallout exploiting CVE-2018-15982…

CVE-2018-8174 (VBScript Engine) and Exploit Kits

The CVE-2018-8174 is a bug that allows remote code execution in the VBScript Engine. Found exploited in the wild as a 0day via Word documents, announced by Qihoo360 on April 20, 2018, patched by Microsoft on May 8, 2018 and explained in details by Kaspersky the day after. A Proof…

CVE-2018-4878 (Flash Player up to 28.0.0.137) and Exploit Kits

The CVE-2018-4878 is a bug that allows remote code execution in Flash Player up to 28.0.0.137, spotted in the wild as a 0day, announced by the South-Korean CERT on the 31st of January. Patched on February 6, 2018 with ASPB18-03. Seen in malspam campaign two weeks after, it’s now beeing…

The King of traffic distribution

Disclaimer: This post is hosted here as a courtesy to the author who prefers to remain anonymous. MDNC was not involved in any way with this study. Introduction EITest is one of the longest malicious delivery campaigns that has continued to evolve. In the spring of 2017, it started redirecting…

CoalaBot: http Ddos Bot

CoalaBot appears to be build on August Stealer code (Panel and Traffic are really alike)I found it spread as a tasks in a Betabot and in an Andromeda spread via RIG fed by at least one HilltopAds malvertising. 2017-09-11: a witnessed infection chain to CoalaBotA look inside :CoalaBot: Login Screen(August…

CoalaBot : http Ddos Bot

CoalaBot appears to be build on August Stealer code (Panel and Traffic are really alike)I found it spread as a tasks in a Betabot and in an Andromeda spread via RIG fed by at least one HilltopAds malvertising. 2017-09-11: a witnessed infection chain to CoalaBotA look inside :CoalaBot: Login Screen(Same…

Metasploit Wrapup

Slowloris: SMB editionTaking a page from the Slowloris HTTP DoS attack, the aptly named SMBLoris DoS attack exploits a vuln contained in many Windows releases (back to Windows 2000) and also affects Samba (a popular open source SMB implementation). Through creation of many connections to a target's SMB port, an…

Hack with Metasploit: Announcing the UNITED 2017 CTF

Got mad skillz? Want mad skillz? This year at Rapid7’s annual UNITED Summit, we’re hosting a first-of-its-kind Capture the Flag (CTF) competition. Whether you’re a noob to hacking or a grizzled pro, you’ll emerge from our 25-hour CTF with more knowledge and serious bragging rights. Show off your 1337 abilities…

Metasploit Wrapup

With Hacker Summer Camp 2017 wrapped up and folks now recovering from it, why not grab a drink and read up on what's new with Metasploit? Where there's smoke...At least a few versions of open source firewall IPFire contain a post-auth RCE vulnerability, and we (well, you!) now have a module…

Virtual Machine Automation (vm-automation) repository released

Rapid7 just released a new public repo called vm-automation. The vm-automation repository is a Python library that encapsulates existing methodologies for virtual machine and hypervisor automation and provides a platform-agnostic Python API. Currently, only ESXi and VMWare workstation are supported, but I have high hopes we will support other hypervisors…

Announcement: End-of-life Metasploit 32-bit versions

UPDATE: With the release of version 4.15 on July 19, 2017, commercial Metasploit 32-bit platforms (Metasploit Pro, Metasploit Express, and Metasploit Community) no longer receive future product or content updates. These platforms are now obsolete and are no longer supported. Rapid7 announced the end of life of commercial Metasploit 32-bit versions…

Metasploit Wrapup

Metasploit HackathonWe were happy to host the very first Metasploit framework open source hackathon this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of Rapid7 joined forces with the in-house team and worked on a lot of great projects, small and large. @bcook started the hackathon working with…

Metasploit Wrapup

A fresh, new UAC bypass module for Windows 10!Leveraging the behavior of fodhelper.exe and a writable registry key as a normal user, you too can be admin! Unpatched as of last week, this bypass module works on Windows 10 only, but it works like a charm! Reach out and allocate somethingThis…
1 2 3 20