[FD] Defense in depth -- the Microsoft way (part 66): attachment manager allows to load arbitrary DLLs

2020-03-31 Thread Stefan Kanthak
Hi @ll, this is the continuation of the previous posts and . (Un)fortunately the IOfficeAntiVirus interface (see

[FD] Deskpro Helpdesk < 2019.8.0 (Privilege Escalation, RCE)

2020-03-31 Thread RedForce Advisory
RedForce Advisory https://redforce.io ## ِAdvisory Information Title: Deskpro Helpdesk < 2019.8.0 Multiple Vulnerabilities Advisory URL: https://blog.redforce.io/attacking-helpdesks-part-1-rce-chain-on-deskpro-with-bitdefender-as-case-study/ Date published: 2020-03-28 Date of last update:

[FD] TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference

2020-03-31 Thread Pietro Oliva
Vulnerability title: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference Author: Pietro Oliva CVE: CVE-2020-10231 Vendor: TP-LINK Product: NC200, NC210, NC220, NC230, NC250, NC260, NC450 Affected version: NC200 <= 2.1.8 build 171109, NC210 <= 1.0.9 build 171214, NC220 <=

[FD] Recon-Informer v1 - Intel for offensive systems tool

2020-03-31 Thread hyp3rlinx
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages Scapy. https://github.com/hyp3rlinx/0/blob/master/Recon-Informer.py Thanks and stay safe to all, hyp3rlinx

Re: [FD] Defense in depth -- the Microsoft way (part 64): Windows Defender loads and exeutes arbitrary DLLs

2020-03-31 Thread Stefan Kanthak
"Paul Szabo" wrote: > Does this mean that unprivileged users can defeat WindowsDefender, > even when that is "enforced" by managers? Surely that would be a > vulnerability! I am not knowledgeable about Windows management, > but the pages >

Re: [FD] Defense in depth -- the Microsoft way (part 64): Windows Defender loads and exeutes arbitrary DLLs

2020-03-31 Thread Paul Szabo
Does this mean that unprivileged users can defeat WindowsDefender, even when that is "enforced" by managers? Surely that would be a vulnerability! I am not knowledgeable about Windows management, but the pages https://docs.microsoft.com/en-us/configmgr/protect/deploy-use/endpoint-protection