Explore >> Select a destination
|
You are here 
|
eddiejackson.net | ||
| | | | |
darkatlas.io
|
|
| | | | | On the evening of July 18, 2025, active and large-scale exploitation of a newly discovered SharePoint remote code execution (RCE) vulnerability chain-dubbed "ToolShell"-was observed in the wild. Initially demonstrated just days earlier on X, the exploit is being used to compromise on-premises SharePoint servers worldwide. The vulnerability chain, detailed in this blog, was later assigned [...] | |
| | | | |
forensicitguy.github.io
|
|
| | | | | In this post I want to take a look at a PowerShell-based Cobalt Strike beacon that appeared on MalwareBazaar. This particular beacon is representative of most PowerShell Cobalt Strike activity I see in the wild during my day job. The beacons often show up as service persistence during incidents or during other post-exploitation activity. If you want to follow along at home, the sample I'm using is here: | |
| | | | |
www.darkoperator.com
|
|
| | | | | [AI summary] The provided text discusses various methods to secure PowerShell environments against potential threats, focusing on monitoring, logging, and policy enforcement. It outlines the use of Group Policy to enable module logging, which helps track PowerShell cmdlet activities. The text also covers the use of Software Restriction Policies (SRP) and AppLocker for controlling application execution. Additionally, it mentions the PowerShell v3 feature __PSLockdownPolicy as a tool for restricting PowerShell functionalities. The author emphasizes the importance of planning and testing these security measures in a controlled environment to ensure effectiveness. | |
| | | | |
bitcoincore.org
|
|
| | | CVE-2015-20111 - Remote code execution due to bug in miniupnpc | ||
