Tag: UAC bypass
-
Beyond Static Analysis: Hunt, Filter, and Confirm Hijacks with DLLHijackHunter
DLLHijackHunter is an automated Windows DLL hijacking detection tool that goes beyond static analysis. It discovers, validates, and confirms DLL hijacking opportunities using a multi-phase pipeline: Discovery — Enumerates binaries across services, scheduled tasks, startup items, COM objects, and AutoElevate UAC bypass vectors Filtration — Eliminates false positives through intelligent hard and soft gates Canary Confirmation — Deploys a…
-
Under CTRL: The Undocumented Russian Malware Mimicking Windows Hello to Hijack Your PC
A nascent venomous suite, christened “CTRL,” elegantly masquerades as an innocuous folder harboring a private cryptographic key; however, upon ignition, it imperceptibly transfigures the quarry’s computational architecture into an exquisitely accommodating portal for remote subjugation. The cybersecurity savants at Censys ARC have meticulously chronicled a labyrinthine kinetic chain, wherein a solitary, malignant tether—manifesting as an…
-
The Installer Trap: New SetupHijack Tool Bypasses Windows UAC via Race Conditions
SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows installer and update processes. It targets scenarios where privileged installers or updaters drop files in %TEMP% or other world-writable locations, allowing an attacker to replace these files before they are executed with elevated privileges. Does not require elevated permissions to run. Does not use file system…
-
The Silence of the Scans: New NtKiller Utility Disables Antivirus at the Root
A new commodity has surfaced on underground forums for those seeking to operate more quietly—and for longer. An actor using the alias AlphaGhoul has begun promoting a utility called NtKiller, which, according to its author, can stealthily disable antivirus software and endpoint detection tools, enabling malicious payloads to run on compromised machines while evading detection.…
-
Batavia Spyware Unmasked: Covert Campaign Hits Russian Industrial & Scientific Orgs via Phishing Emails
Since July 2024, Russia has been the target of a large-scale, highly targeted cyber campaign employing a previously unknown espionage tool named Batavia. According to Kaspersky Lab, the attacks have been directed at industrial and scientific organizations, with malicious emails disguised as contract agreement requests resulting in the compromise of at least a hundred devices…