EUVD-2005-2696

Malware in sbrugna...

What Are Normal Users Supposed to Do with IDS Alerts from Network Gear?

Probably once a week, I see posts like this in the r/Ubiquiti subreddit. Ubiquiti makes network gear that includes an "IDS/IPS" feature. I own some older Ubiquiti gear so I am familiar with the product. When you enable this feature, you get alerts like this one, posted by a Redditor: This is...

A refresher on Talos’ open-source tools and the importance of the open-source community

Open-source software that is free to download, deploy and modify is a vital component in the fight for cyber security. Freely available software not only helps defend systems that would otherwise be unprotected, but it also allows people to learn and develop vital cybersecurity skills. In this...

A10: Insufficient logging and monitoring ❗️ — Top 10 OWASP 2017

A10: Insufficient logging and monitoring ❗️ — Top 10 OWASP 2017 Introduction Insufficient logging and monitoring is in the Top 10 OWASP for many different reasons. Not only is it hard to detect but it’s also hard to protect from. There are several ways we can protect ourselves from this...

SANS 2021 Threat Hunting Survey: How Organizations' Security Postures Have Evolved in the New Normal

It's that time of year once again: The SANS Institute — the most trusted resource for cybersecurity research — has conducted its sixth annual Threat Hunting Survey, sponsored by Rapid7. The goal of this survey is to better understand the current threat hunting landscape and the benefits provided ...

Suricata Based IDS/IPS Distro: SELKS

SELKS is both Live and installable Network Security Management ISO based on Debian implementing and focusing on a complete and ready to use Suricata IDS/IPS ecosystem with its own graphic rule manager. From start to analysis of IDS/IPS and NSM events in 30 sec. The name comes from its major...

Singularity - A DNS Rebinding Attack Framework

Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...

Non-reliable Nessus scan results

Do you perform massive unauthenticated vulnerability scans with Nessus? It might be a bad idea. It seems that Nessus is not reliable enough to assess hundreds and thousands of hosts in one scan and can lose some valuable information. The thing is that sometimes Nessus does not detect open ports a...

3 Reasons to Use VMware NSX with Trend Micro Deep Security

Enterprises have begun adopting network virtualization for their IT infrastructure. According to a 2016 survey conducted by Accenture, 95 percent of small, medium, and large enterprises believe “network services will be virtualized.” Meanwhile, 25 percent of those who have adopted network...

Protecting Your Web Apps with AppSpider Defend Until They Can Be Patched

AppSpider scans can detect exploitable vulnerabilities in your applications, but once these vulnerabilities are detected how long does it take your development teams to create code fixes for them? In some cases it could take several days to weeks before a fix/patch to resolve the vulnerability ca...

IDS IPS Testing Framework: pytbull

pytbull is an Intrusion Detection/Prevention System IDS/IPS Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to...

DNS Enumeration Script: DNSRecon

DNS reconnaissance is part of the information gathering stage on a penetration test engagement. When a penetration tester is performing a DNS reconnaissance he is trying to obtain as much information as he can regarding the DNS servers and their records. The information that can be gathered can...

[Pytbull] IDS/IPS Testing Framework

Pytbull is an Intrusion Detection/Prevention System IDS/IPS Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS and to validate config. Download Pytbull...

Prizm Content Connect Code Execution

In the course of our security assessment consulting we often find 0day vulnerabilities and report them to vendors. In this particular case the vendor has unfortunately shown a general disgregard for the security risk of this uncovered vulnerability which was originally disclosed privately to them...

zDefender - Enterprise smartphone IDS/IPS released by Zimperium

zDefender - Enterprise smartphone IDS/IPS released by Zimperium Do you recall the security firm Zimperium which came out with ANTI, the killer Android app that allowed even the clueless to hack and pwn like a pentester? Zimperium, an Israeli security start up founded by Zuk Avraham, a...

Window AutoPwn (WINAUTOPWN) - Auto Hacking/shell Gaining Tool

Window AutoPwn WINAUTOPWN - Auto Hacking/shell Gaining Tool Autohack your targets with least possible interaction. winAUTOPWN Features : - Above 500 vulnerability exploits for softwares applications. - Custom-compiled executables of famous and effective exploits alongwith a few original...

Legacy Browser Exploit Whitespace Obfuscation

Although various security products provide coverage against many web vulnerabilities known exploits could potentially bypass security products by using JavaScript obfuscation techniques. An example of such a technique is the whitespace obfuscation. Such techniques obfuscate known exploits so they...

SmarterMail 8.0 - Multiple Cross-Site Scripting Vulnerabilities

Author: Hoyt LLC Research Target: SmarterMail Version 8.0.4086.25048 Tools: Burp Suite Pro 1.3.09, FuzzDB Description: XSS, Cross Site Scripting in SmarterMail 8.0.4086.25048, CWE-79, CAPEC-86 Keywords: Stored XSS, Reflected XSS, Cross Site Scripting, SmarterMail 8.0.4086.25048, xss.cx, hoyt llc...

InGate Firewall和SIParator多个安全漏洞

BUGTRAQ ID: 34309 Ingate Firewall和SIParator都是企业级的硬件防火墙设备。 Ingate Firewall和SIParator中存在多个安全漏洞，恶意用户可以利用这些漏洞执行欺骗攻击、绕过某些安全限制或导致拒绝服务。 1 如果将IPsec隧道将远程网络设置为允许“Remote/private address”配置单元，就可能允许任意用户配置单元。 2 IDS/IPS实现中的错误可能允许SIP报文绕过欺骗和IPsec检查。 3 验证DSA和ECDSA密钥签名中的错误可能导致伪造服务器证书。 4 验证HMAC...

Non Standard MS-RPC Message Types

DCE/RPC stands for Distributed Computing Environment / Remote Procedure Calls. It is a Remote Procedure Call system that allows software to work across multiple computers, as if it were all working on the same computer. This system allows programmers to write distributed software without having t...