Tags: Fancy Bear
Tags: One Drive
The Russian APT known as Fancy Bear was caught using an old mouseover technique that doesn’t need macros
The post APT28 attack uses old PowerPoint trick to download malware appeared first on Malwarebytes Labs.
PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell.Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of r…
ForceAdmin is a c# payload builder, creating infinate UAC pop-ups until the user allows the program to be ran. The inputted commands are ran via powershell calling cmd.exe and should be using the batch syntax. Why use? Well some users have UAC set to a…
Malwarebytes found a family of forced Chrome extensions that can’t be removed because of a policy change that tells users “Your browser is managed”.
The post Forced Chrome extensions get removed, keep reappearing appeared first on Malwarebytes Labs.
International cybersecurity authorities have published a Cybersecurity Information Sheet on making it harder to abuse PowerShell
The post Cybersecurity agencies: You don’t have to delete PowerShell to secure it appeared first on Malwarebytes Labs.
Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-m…
PowerGram is a pure PowerShell Telegram Bot that can be run on Windows, Linux or Mac OS. To make use of it, you only need PowerShell 4 or higher and an internet connection. All communication between the Bot and Telegram servers is encrypted with HTT…
PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted …