nightHawkResponse - Incident Response Forensic Framework
Custom built application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline "collections" file and give flexibility in search/stack and tagging. ** The application was born out of the inability to control multiple...
7.4AI Score
Incident Response Forensic Framework: nightHawk Response
Incident Response Forensic Framework Custom built application for asynchronus forensic data presentation on an ElasticSearch backend. This application is designed to ingest a Mandiant Redline “collections” file and give flexibility in search/stack and tagging. The application was born out of the...
-0.4AI Score
MS16-087: Security Update for Windows Print Spooler (3170005)
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists in the Windows Print Spooler service due to improper validation of print drivers while installing a printer from network ...
8.1CVSS
1.1AI Score
0.141EPSS
-0.2AI Score
USN-2970-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
USN-2970-1 Linux kernel (Vivid HWE) vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly sanity check the endpoints reported by the...
7.8CVSS
7.9AI Score
0.014EPSS
WarBerryPi - Turn your Raspberry Pi into a War Machine
The ** WarBerry ** was built with one goal in mind; to be used in red teaming engagement where we want to obtain as much information as possible in a short period of time with being as stealth as possible. Just find a network port and plug it in. The scripts have been designed in a way that the...
7.1AI Score
Tactical Exploitation: WarBerryPi
The ** WarBerry ** was built with one goal in mind; to be used in red teaming engagement where we want to obtain as much information as possible in a short period of time with being as stealth as possible. Just find a network port and plug it in. The scripts have been designed in a way that the...
AI Score
Incident Response Suite: CimSweep
Incident Response Suite used to engage in offensive reconnaissance CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CimSweep may also be used to engage in offensive reconnaisance without.....
1.6AI Score
Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2968-2)
USN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux...
5.5CVSS
8.7AI Score
0.014EPSS
Fast golang dns proxy that can run anywhere, built to black-hole internet advertisements and malware servers Incoming requests spawn a goroutine and are served concurrently, and the block cache resides in-memory to allow for rapid lookups, allowing grimd to serve thousands of queries at once...
0.9AI Score
5.5CVSS
7.2AI Score
0.014EPSS
5.5CVSS
7AI Score
0.005EPSS
5.5CVSS
7.5AI Score
0.014EPSS
5.5CVSS
7.5AI Score
0.014EPSS
Linux kernel (Vivid HWE) vulnerabilities
Releases Ubuntu 14.04 ESM Packages linux-lts-vivid - Linux hardware enablement kernel from Vivid for Trusty Details Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical...
5.5CVSS
8.2AI Score
0.014EPSS
Releases Ubuntu 14.04 ESM Packages linux - Linux kernel Details Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service (system...
5.5CVSS
8.7AI Score
0.014EPSS
Linux kernel (Trusty HWE) vulnerabilities
Releases Ubuntu 12.04 Packages linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise Details USN-2968-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from...
5.5CVSS
8.9AI Score
0.014EPSS
Linux kernel (Utopic HWE) vulnerabilities
Releases Ubuntu 14.04 ESM Packages linux-lts-utopic - Linux hardware enablement kernel from Utopic for Trusty Details Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with...
5.5CVSS
8.1AI Score
0.005EPSS
Open Source Intelligence and Forensics : Maltego
Maltego is an open source intelligence and forensics application Maltego is a visual link analysis tool that, out the box, comes with open source intelligence (OSINT) plugins, called transforms. The tool offers real-time data mining and information gathering as well as the representation of this...
-0.2AI Score
Microsoft Expands Bug Bounty Program, Preps Windows Server 2016 for Final Release
Microsoft is accelerating the fumigation of bugs on its soon-to-be released Windows Server 2016 operating system. Last week, Microsoft announced a new bug bounty program running from April 29, through July 29, 2016 – with up to $15,000 in rewards for each qualifying bug. Microsoft’s expansion of...
0.1AI Score
Microsoft Bounty Programs Expansion - Nano Server Technical Preview Bounty
Microsoft is pleased to announce another expansion of the Microsoft Bounty Programs. Today we begin a bounty for the Nano Server installation option of Windows Server 2016Technical Preview 5. Please visit https://aka.ms/BugBounty to find more details. Nano Server is a remotely administered,...
6.9AI Score
GitLab: Private snippets in public / internal projects leaked though GitLab API
Vulnerability details The /projects/:id/snippets resource leaks private snippets that were posted in a public or internal project. Proof of concept As a victim, create a new public or internal project. Lets state that the project has ID 1. Enable the snippets feature in the project settings and...
-0.3AI Score
PentestBox 2.0 - Portable Penetration Testing Distribution for Windows Environments
PentestBox provides all security tools as a software package, eliminating requirement of Virtual machines or dualboot environments on Windows Operating System. It is created because more than 50% of penetration testing distribution users uses windows. [Source] So it provides an efficient platform.....
7.4AI Score
Uber: XSS In archive.uber.com Due to Mime Sniffing in IE
archive.uber.com hosts a mirror of pypi at archive.uber.com/pypi/simple/. It mirrors all of the .tar.gz that are uploaded to pypi. The MIME type of all the .tar.gz files is application/octet-stream. Since the MIME type is not specified, browsers will automatically try to determine the type of the.....
-0.6AI Score
Adversary Resistant Computing Platform: SubgraphOS
Subgraph OS is an adversary resistant computing platform. The main purpose of Subgraph OS is to empower people to communicate, share, and collaborate without fear of surveillance and interference. What this means in practical terms is that users of Subgraph OS can safely perform their day-to-day...
-0.4AI Score
conted.ox.ac.uk XSS vulnerability
Vulnerable URL: https://www.conted.ox.ac.uk/courses/professional/nanobasics/nano/media/interface.swf?flashContentURL=flash_content/flash_content.html&altContentURL;=javascript:alert('XSSPOSED') Details: Description| Value ---|--- Patched:| Yes, at 25.04.2016 Latest check for patch:| 25.04.2016...
6.3AI Score
Crouzet em4 soft 1.1.04 M3 soft 3.1.2.0 - Insecure File Permissions
Crouzet em4 soft 1.1.04 M3 soft 3.1.2.0 - Insecure File...
-0.2AI Score
Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions
Exploit for windows platform in category local...
6.8AI Score
Crouzet em4 soft 1.1.04 - '.pm4' Integer Division By Zero
Exploit for windows platform in category dos /...
7AI Score
7.4AI Score
Crouzet em4 soft 1.1.04 - .pm4 Integer Division By Zero
Crouzet em4 soft 1.1.04 - .pm4 Integer Division By...
AI Score
-0.2AI Score
7.4AI Score
Crouzet em4 soft 1.1.04 Integer Division By Zero
Title: Crouzet em4 soft 1.1.04 Integer Division By Zero Advisory ID: ZSL-2016-5309 Type: Local/Remote Impact: DoS Risk: (1/5) Release Date: 29.02.2016 Summary em4 is more than just a nano-PLC. It is a leading edge device supported by best-in-class tools that enables you to create and implement...
7.4AI Score
Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 Insecure File Permissions
Title: Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 Insecure File Permissions Advisory ID: ZSL-2016-5310 Type: Local/Remote Impact: Privilege Escalation Risk: (2/5) Release Date: 29.02.2016 Summary em4 is more than just a nano-PLC. It is a leading edge device supported by best-in-class tools that...
7.2AI Score
Gogs is a self-hosted Git service written in Go which is very easy to get running and has low system usage as well. It aspires to be the easiest, fastest, and most painless way to set up a self-hosted Git service. With Go, this can be done with an independent binary distribution across ** ALL...
-0.1AI Score
FreeBSD : py-pillow -- Buffer overflow in TIFF decoding code (53252879-cf11-11e5-805c-5453ed2e2b49)
The Pillow maintainers report : Pillow 3.1.0 and earlier when linked against libtiff >= 4.0.0 on x64 may overflow a buffer when reading a specially crafted tiff file. Specifically, libtiff >= 4.0.0 changed the return type of TIFFScanlineSize from int32 to machine dependent int32|64. If the...
6.5CVSS
7.1AI Score
0.004EPSS
py-pillow -- Buffer overflow in TIFF decoding code
The Pillow maintainers report: Pillow 3.1.0 and earlier when linked against libtiff >= 4.0.0 on x64 may overflow a buffer when reading a specially crafted tiff file. Specifically, libtiff >= 4.0.0 changed the return type of TIFFScanlineSize from int32 to machine dependent...
6.5CVSS
7.1AI Score
0.004EPSS
openSUSE: Security Advisory for mbedtls (openSUSE-SU-2015:2257-1)
The remote host is missing an update for...
8.1AI Score
0.013EPSS
N3XT — Advanced CHIP that Could Make Your Computer 1000 Times Faster
Researchers have come up with an all new way to revolutionize the standard computer chip that comes inbuilt in all our electronics. Researchers from Carnegie Mellon, Stanford, and t_he University of California_, Berkeley among others, have invented a new material that could replace the 'silicon'...
6.8AI Score
openSUSE Security Update : mbedtls (openSUSE-2015-898)
This update for mbedtls fixes the following security and non-security issues : Update to 1.3.15 Fix potential double free if ssl_set_psk() is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. Fix potential heap corruption...
0.1AI Score
0.013EPSS
Security update for mbedtls (important)
This update for mbedtls fixes the following security and non-security issues: Update to 1.3.15 Fix potential double free if ssl_set_psk() is called more than once and some allocation fails. Cannot be forced remotely. Found by Guido Vranken, Intelworks. Fix potential heap corruption on...
0.2AI Score
0.013EPSS
Operating System (OS) Detection (HTTP)
HTTP based OS detection from the HTTP/PHP banner or default test ...
7.4AI Score
How to Install Let's Encrypt Free SSL Certificate On Your Website
Another Big Milestone – Let's Encrypt is now offering Free HTTPS certificates to everyone. Let's Encrypt has opened to the public, allowing anyone to obtain Free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates for their web servers and to set up HTTPS websites in a few simple...
6.7AI Score
sveningers.se XSS vulnerability
Vulnerable URL: http://www.sveningers.se/nano/?dir=">'>);--> Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 09:32 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pageran...
6.3AI Score
Baidu really fixed all of the WormHole vulnerability?-vulnerability warning-the black bar safety net
You can’t have a back door in the software because you can’t have a back door that's only for the good guys.“ - Apple CEO Tim Cook You should not give software to install the back door, because you can't guarantee that this Backdoor only the good guys can use the--Apple CEO cook 0×0...
0.1AI Score
Than the gourd baby is also scary Baidu full system APP SDK vulnerability – WormHole wormhole vulnerability analysis report APP vulnerability discovery,Android reverse analysis bydroidsec ”You can’t have a back door in the software because you can’t have a back door that's only for the good guys.“....
AI Score
”You can’t have a back door in the software because you can’t have a back door that's only for the good guys.“ - Apple CEO Tim Cook ”You should not give software to install the back door because you can't guarantee that this Backdoor only the good guys can use.” – Apple CEO cook 0x00 sequence ...
-0.1AI Score
In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of pre-specified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which...
-0.1AI Score
5.5CVSS
7.2AI Score
0.025EPSS