Design/Logic Flaw

Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data...

CVE-2018-8843

Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data...

CVE-2018-8843

Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data...

PLCWinNT software suffers from a memory leak vulnerability

CoDeSys is a complete development environment for programmable logic control PLCs, in which simulation functions can be implemented by configuring the PLCWinNT software. A memory leak vulnerability exists in the PLCWinNT software that corresponds to the V2 version of CoDeSys. An attacker can...

RTA - Framework Designed To Test The Detection Capabilities Against Malicious Tradecraft

RTA provides a framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK. RTA is composed of python scripts that generate evidence of over 50 different ATT&CK tactics, as well as a compiled binary application th...

Metta - An Information Security Preparedness Tool To Do Adversarial Simulation

Metta is an information security preparedness tool. This project uses Redis/Celery, python, and vagrant with virtualbox to do adversarial simulation. This allows you to test mostly your host based instrumentation but may also allow you to test any network based detection and controls depending on...

List of Adversary Emulation Tools

PenTestIT RSS Feed Every once in a while, the security industry brings forth a new buzz word and introduces terminologies that sound über cool and generate lot's of interest. One such word going around now-a-days is automated "adversary emulation". Let's first understand what this really means...

Students fell prey to phishing attacks conducted by their universities

By Waqas Universities Educating Students on Cybersecurity by Simulating Fake Phishing Attacks. This is a post from HackRead.com Read the original post: Students fell prey to phishing attacks conducted by their universities...

Information Security Preparedness Tool: Metta

Metta is an open-source information security preparedness tool for adversarial simulation. As an emerging concept, the industry has yet to settle on a definitive definition of adversarial simulation, but it involves simulating components of targeted attacks in order to test both an organization’s...

Linux Kernel Denial of Service Vulnerability (CNVD-2018-02199)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'einjerrorinject' function in the drivers/acpi/apei/einj.c file in the Linux kernel. A local attacker could exploit this...

New FakeNet-NG Feature: Content-Based Protocol Detection

I Matthew Haigh recently contributed to FLARE’s FakeNet-NG network simulator by adding content-based protocol detection and configuration. This feature is useful for analyzing malware that uses a protocol over a non-standard port; for example, HTTP over port 81. The new feature also detects and...

New FakeNet-NG Feature: Content-Based Protocol Detection

I Matthew Haigh recently contributed to FLARE’s FakeNet-NG network simulator by adding content-based protocol detection and configuration. This feature is useful for analyzing malware that uses a protocol over a non-standard port; for example, HTTP over port 81. The new feature also detects and...

CVE-2014-9733

CVE-2014-9733 concerns nw.js. The connected documents indicate that NW.js before 0.11.5 can simulate user input events within a normal frame, enabling a remote attacker to cause an unknown impact via unknown vectors. The CNVD entry explicitly notes a vulnerability in nw.js prior to 0.11.5 and men...

marketplace-simulation.com XSS vulnerability

Vulnerable URL: http://www.marketplace-simulation.com/?utmsource=marketplace-livemedium=301campaign=Brochure%20Referral%27%3E%3Csvg%20onload=alert%22OPENBUGBOUNTY%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.12.2017 Vulnerability type:| XSS Vulnerability...

Sielco Sistemi Winlog 2.07.16 Buffer Overflow

require 'msf/core' class MetasploitModule 'Sielco Sistemi Winlog %q This module exploits a stack based buffer overflow found in Sielco Sistemi Winlog 'James Fitts' , 'License' = MSFLICENSE, 'Version' = '$Revision: $', 'References' = , 'Privileged' = true, 'DefaultOptions' = 'EXITFUNC' = 'thread',...

Encrypted, Anti-Replay, Multiplexed Udp Tunnel: Udp2raw-tunnel

A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls or Unstable UDP Environment. Its Encrpyted, Anti-Replay and Multiplexed. It also acts as a Connection Stabilizer. Features Send / Receive UDP Packet with fake-tcp/icmp headers...

GPS-SDR-SIM - Software-Defined GPS Signal Simulator

GPS-SDR-SIM generates GPS baseband signal data streams, which can be converted to RF using software-defined radio SDR platforms, such as bladeRF, HackRF, and USRP. Windows build instructions 1. Start Visual Studio. 2. Create an empty project for a console application. 3. On the Solution Explorer ...

SIP-Based DoS Attack Simulator: SIP-DAS

SIP-DAS DoS Attack Simulator is a tool developed to simulate SIP-based DoS attacks. It has been developed to be used in academic work to help developing novel SIP-based DDoS attacks and defense approaches in original. SIP-DAS was originally written in Java, but it has been rewritten using Python,...

Advanced Threat Analytics プレイブックを使って攻撃をシミュレーションし検出する方法

本記事は、Microsoft Advanced Threat Analytics Team のブログ “How to simulate and detect attacks with the Advanced Threat Analytics Playbook” 2017 年 2 月 23...

The vulnerability of the microprogramming software of the Cisco TelePresence Server allows a hacker to simulate the endpoints of the server.

The vulnerability of the Privilege software interface of the Cisco TelePresence Server control device’s microprogramming system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to simulate the behavior of the server’s endpoints remotely...