Users Urged to Upgrade for Continued Security and Support In a significant development, Microsoft has officially terminated support for Windows Server 2012 and various editions of Windows 11, version 21H2, effective this month’s Patch Tuesday. This decision means that Microsoft will no longer offer technical assistance, bug fixes, or supportContinue Reading

Threat actor ‘vulns-rock‘ advertised new 0-day local privilege escalation exploit for several Windows versions in xss.is forum. LPE is a type of vulnerability in Windows that allows an attacker to gain elevated privileges on a system. According to the advertisement, this LPE exploits that is developed in C++ language supportsContinue Reading

Recently, the cybersecurity firm Eclypsium discovered suspected backdoor-like activities within Gigabyte systems. The platform’s heuristic detection methods uncovered the new supply chain threats, where legitimate third-party technologies are compromised. The primary concern lies with Gigabyte system firmware executing a Windows native executable during the system startup process. This executable proceedsContinue Reading

Microsoft is reportedly working on a new project, codenamed “Windows CorePC,” that aims to modernize the Windows operating system. The project incorporates ideas from previous Microsoft products, including Windows Core OS and Windows 10X. Windows CorePC will put modularity at the center of the system, allowing for flexible optimization forContinue Reading

In this scenario, we assumed that we have a reverse shell to the victim’s machine and want persistence on the machine. For this, we will use Windows services. First, we start with creating a malicious .exe file called mal.exe with msfvenom. With this payload, we will be able to createContinue Reading

A threat actor calling herself as ‘0xFF’ advertised a new RAT in HackForums. According to the threat actor, this new RAT tool is supporting Windows (amd64, i386, arm, arm64), Linux (amd64, i386, arm, arm64), Darwin (MacOS) (amd64(Intel), arm64(m1)) and Android (bin) (amd64, i386, arm, arm64). This Multi-OS RAT has featuresContinue Reading

CVE-2022-26809 is a vulnerability exists within the Remote Procedure Call Runtime component in Microsoft Windows. If an attacker successfully exploits the vulnerability, then she/he could run arbitrary code on the affected system. To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPCContinue Reading

If DHCP service is enabled and DHCP server is temporarily or permanently unavailable, TCP/IP assigns a class B IP address from 169.254.0.0 to 169.254.255.255 to the machine. This function in Windows is called “Automatic Private IP Addressing”. If you want to use static IP addresses in the machine, you needContinue Reading