OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...

[SECURITY] Fedora 28 Update: community-mysql-5.7.22-1.fc28

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Command and Control via Legitimate Behavior over HTTP: TrevorC2

TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfil. There are two components to TrevorC2 – the client and the server. The client can be...

OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...

OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...

OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...

Hashcat Wrapper for Distributed Hashcracking: Hashtopolis

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis’s development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...

[SECURITY] Fedora 28 Update: nghttp2-1.31.1-1.fc28

This package contains the HTTP/2 client, server and proxy programs...

GRR Rapid Response - Remote Live Forensics For Incident Response

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR...

[SECURITY] Fedora 26 Update: mariadb-10.1.32-1.fc26

MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client...

JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with...

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...

TrevorC2 - Command and Control via Legitimate Behavior over HTTP

TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfil. There are two components to TrevorC2 - the client and the server. The client can be...

[SECURITY] Fedora 26 Update: community-mysql-5.7.20-1.fc26

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Telnet IoT Honeypot - Python Telnet Honeypot For Catching Botnet Binaries

This project implements a python telnet server trying to act as a honeypot for IoT Malware which spreads over horribly insecure default passwords on telnet servers on the internet. Other than https://github.com/stamparm/hontel or https://github.com/micheloosterhof/cowrie examples, which provides...

Arbitrary Account Password Reset Vulnerability in OnStar iOS Client Server

OnStar iOS client is a smart driving system. An arbitrary account password reset vulnerability exists in the OnStar iOS client server. An attacker can reset the password of any client and perform unauthorized operations by intercepting the verification code in a packet...

FruityC2 - Post-Exploitation Tool to Manage Compromised Machines from a Web Interface

This is the initial release for FruityC2 alpha version. Can be installed on any linux system, but the installation scripts are made for Debian based systems. There are a lot of functionalities that will be include in future releases, and probably a lot of code will be changed, but this version is...

Monitoring Windows Console Activity (Part 1)

Introduction While performing incident response, Mandiant encounters attackers actively using systems on a compromised network. This activity often includes using interactive console programs via RDP such as the command prompt, PowerShell, and sometimes custom command and control C2 console tools...

[SECURITY] Fedora 26 Update: community-mysql-5.7.19-1.fc26

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

[SECURITY] Fedora 25 Update: supervisor-3.2.4-1.fc25

The supervisor is a client/server system that allows its users to control a number of processes on UNIX-like operating systems...