An independent researcher has uncovered a critical vulnerability in the ksthunk.sys driver, a component of the Windows operating system responsible for facilitating 32-bit to 64-bit process communications. The flaw, which...
In October 2024, Huntress analysts uncovered a previously unreported ransomware strain, dubbed SafePay, deployed across two distinct incidents. This ransomware has unique characteristics, including the use of .safepay as the...
A high-severity vulnerability has been discovered in the Common Log File System (CLFS) driver in Windows 11, enabling local users to escalate their privileges. CLFS is responsible for efficiently managing...
Security researchers have disclosed the technical details and proof-of-concept (PoC) exploit codes for three vulnerabilities (CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208) in the Linux kernel, impacting versions v3.18-rc1 to v6.5-rc4. These “use-after-free”...
Cybersecurity researchers have uncovered a privilege escalation vulnerability in the Cloud Functions service on the Google Cloud Platform. This vulnerability, dubbed ConfusedFunction, could allow an attacker to gain unauthorized access...
OpenVPN, a leading provider of virtual private network (VPN) solutions, has refuted claims of zero-day vulnerabilities in its OpenVPN2 software, alleged to allow an attack named OVPNX. These claims, made...
GTFONow Automatic privilege escalation on Unix systems by exploiting misconfigured setuid/setgid binaries, capabilities, and sudo permissions. Designed for CTFs but also applicable in real-world pentests. Features Automatically exploit misconfigured sudo...
Teleport, a renowned platform offering centralized authentication and auditing for servers and cloud applications, has recently found itself in the cybersecurity spotlight. This platform, however, has multiple vulnerabilities, some of...
On the 12th of December 2023, SAP Security Patch Day published 15 new Security Notes alongside updates to 2 previously released notes, fortifying SAP’s commitment to safeguarding its vast ecosystem...
In the shadowy realm of cybersecurity, a new predator emerges from within, turning the very defenses meant to protect into weapons of betrayal. A recent report by CrowdStrike Counter Adversary...
In the interconnected world of software and cybersecurity, even the most seemingly innocuous applications can harbor dangerous vulnerabilities. This is the story of Papercut, a widely used printing management software,...
DavRelayUp A quick and dirty port of KrbRelayUp with modifications to allow for NTLM relay from webdav to LDAP in order to streamline the abuse of the following attack primitive: (Optional) New...
PrivKit PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS. PrivKit detects the following misconfigurations Checks for Unquoted Service Paths Checks...
PurplePanda This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation...
Here you will find privilege escalation tools for Windows and Linux/Unix* (in some near future also for Mac). These tools search for possible local privilege escalation paths that you could exploit and print them...
Support Securityonline.info site. Thanks!
