Red Team gone real!
PowerShell payloads within macro enabled MS files
https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/
PowerShell payloads within macro enabled MS files
https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/
Trend Micro
Potential MuddyWater Campaign uses PRB-Backdoor
We found a new sample that may be related to the MuddyWater campaign. The sample does not directly download the Visual Basic Script and PowerShell component files, and instead encode all the scripts on the document itself.
File format RCE: using path traversal in .zip and similar file formats.
Found as early as 1991. The attack is very easy to perform and requires minimalistic user interaction.
Vulnerable machines include iphones, Windows platform apps, Linux platform apps.
https://youtu.be/Ry_yb5Oipq0
Found as early as 1991. The attack is very easy to perform and requires minimalistic user interaction.
Vulnerable machines include iphones, Windows platform apps, Linux platform apps.
https://youtu.be/Ry_yb5Oipq0
Linux privilege escalation
https://j.ludost.net/blog/archives/2018/06/13/ancient_su_-_hostile_vulnerability_in_debian_8_and_9/
https://j.ludost.net/blog/archives/2018/06/13/ancient_su_-_hostile_vulnerability_in_debian_8_and_9/
Getting NTLM hashes via Microsoft's 'Word'.
https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-subdoc/
https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-subdoc/
Rhino Security Labs
Abusing Microsoft Word Features for Phishing: “subDoc”
Feature-rich Office docs are ideal targets for phishing and pentest campaigns. Here we show how a Microsoft Word (subDoc) feature can be abused.