Lucene search
K
AvleonovMost viewed

389 matches found

Information Security Automation
Information Security Automation
added 2021/07/11 8:52 p.m.24558 views

Last Week’s Security news: PrintNightmare patches and Metasploit, Kaseya CVEs, Morgan Stanley Accellion FTA, Cisco BPA and WSA, Philips Vue PACS, CISA RVAs, Lazarus job offers

Hello guys! The third episode of Last Week’s Security news, July 5 - July 11. There was a lot of news last week. Most of them was again about PrintNightmare and Kaseya. The updates for PrintNightmare CVE-2021-34527 were finally released mid-week. It became possible not only to disable the service...

9CVSS1.1AI score0.99759EPSS
Exploits57
Information Security Automation
Information Security Automation
added 2021/06/28 10:59 a.m.20305 views

Last Week’s Security news: Cisco ASA, BIG-IQ, vSphere, Solaris, Dlink, iPhone %s, DarkRadiation, Google schema, John McAfee

Hello, today I want to experiment with a new format. I will be reading last weeks news from my @avleonovnews channel, which I found the most interesting. I do this mostly for myself, but if you like it too, then that would be great. Please subscribe to my YouTube channel and my Telegram...

10CVSS10AI score0.99928EPSS
Exploits20
Information Security Automation
Information Security Automation
added 2017/10/04 5:57 p.m.4500 views

Vulners NASL Plugin Feeds for OpenVAS 9

As I already wrote earlier, you can easily add third party nasl plugins to OpenVAS. So, my friends from Vulners.com realised generation of NASL plugins for OpenVAS using own security content. I've tested it for scanning CentOS 7 host. And it works = Let's see the whole process. I assume that we...

6.9CVSS7.3AI score0.00673EPSS
Exploits1
Information Security Automation
Information Security Automation
added 2022/05/26 9:21 p.m.2535 views

Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, Im using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presente...

9.3CVSS0.5AI score0.83277EPSS
Exploits17
Information Security Automation
Information Security Automation
added 2017/10/02 11:27 p.m.2356 views

Downloading and analyzing NVD CVE feed

In previous post "New National Vulnerability Database visualizations and feeds" I mentioned JSON NVD feed. Let's see what data it contains, how to download and analyse it. First of all, we need to download all files with CVEs from NVD database and save them to some directory. Unfortunately, there...

9.3CVSS8.1AI score0.26316EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2017/08/09 5:49 p.m.2225 views

Downloading entire Vulners.com database in 5 minutes

Today I once again would like to talk about Vulners.com and why, in my opinion, it is the best vulnerability database that exist nowadays and a real game-changer. The main thing is transparency. Using Vulners you not only can search for security content see "Vulners – Google for hacker", but...

9.3CVSS8.8AI score0.9923EPSS
Exploits55
Information Security Automation
Information Security Automation
added 2018/06/05 3:57 p.m.1961 views

Vulnerability Databases: Classification and Registry

What publicly available Vulnerability Databases do we have? Well, I can only say that there are a lot of them and they are pretty different. Here I make an attempt to classify them. It's quite an ungrateful task. No matter how hard you try, the final result will be rather inaccurate and incomplet...

7.5CVSS7.9AI score0.99993EPSS
Exploits55
Information Security Automation
Information Security Automation
added 2017/05/09 9:17 p.m.1712 views

Vulnerability Quadrants

Hi everyone! Today I would like talk about software vulnerabilities. How to find really interesting vulnerabilities in the overall CVE flow. And how to do it automatically. First of all, let's talk why we may ever need to analyze software vulnerabilities? How people usually do their Vulnerability...

7.6CVSS0.2AI score0.99999EPSS
Exploits89
Information Security Automation
Information Security Automation
added 2017/06/30 4:46 p.m.1587 views

Adding third party nasl plugins to OpenVAS

If you want to develop nasl plugins for OpenVAS, you might be interested how to import them in scanner. So, I was also interested. First of all, I decided to copy one of existing nasl scripts. I chose script that successfully detected vulnerability on a target host. Thus, in the case of importing...

7.1AI score0.11093EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2018/01/24 5:19 p.m.1507 views

Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0

Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. You can read my description of the version 1.0 at "Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome". Killing feature of Vulners web scanner v. 2.0 is...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2020/06/10 12:46 a.m.1245 views

How to list, create, update and delete Grafana dashboards via API

I have been a Splunk guy for quite some time, 4 years or so. I have made several blog posts describing how to work with Splunk in automated manner see in appendix. But after their decision to stop their business in Russia last year, including customer support and selling software and services, it...

6.4CVSS8.6AI score0.99856EPSS
Exploits5
Information Security Automation
Information Security Automation
added 2018/01/20 10:27 p.m.857 views

Kenna Security: Analyzing Vulnerability Scan data

I've been following Kenna Security before 2015 Risk I/O for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various vulnerability scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts an...

2.6CVSS9.2AI score0.02079EPSS
Exploits1
Information Security Automation
Information Security Automation
added 2017/06/29 9:29 p.m.828 views

Petya the Great and why *they* don’t patch vulnerabilities

I really like this. Just imagine. Quiet, routine, everyday Vulnerability Management process in organizations: scanning-patching, scanning-patching, scanning-patching… And then. Suddenly! PEEETYYA!!! And at very same moment everything changes. People from different companies start to communicate...

9.3CVSS0.3AI score0.99933EPSS
Exploits84
Information Security Automation
Information Security Automation
added 2017/06/19 7:28 p.m.746 views

GSM Community Edition and lagging OpenVAS Plugin Feed

As I already wrote in "Installing OpenVAS 9 from the sources", since May 2017 OpenVAS 9 is available in a form of free virtual appliance. It is called GSM Community Edition GCE and is based on Greenbone commercial product GSM ONE. What's the difference between GSM ONE and free GCE? GSM Community...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/03/11 6:41 p.m.714 views

Converting Nmap xml scan reports to json

Unfortunately, Nmap can not save the results in json. All available output options: -oN filespec normal output -oX filespec XML output -oS filespec ScRipT KIdd|3 oUTpuT -oG filespec grepable output -oA basename Output to all formats And processing xml results may not be easy an easy task. Just lo...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2020/03/09 1:12 a.m.605 views

Parsing Nessus v2 XML reports with python

Upd. This is an updated post from 2017. The original script worked pretty well for me until the most recent moment when I needed to get compliance data from Nessus scan reports, and it failed. So I researched how this information is stored in a file, changed my script a bit, and now I want to sha...

7.6CVSS8.2AI score0.34132EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2017/10/21 2:10 p.m.596 views

CWEs in NVD CVE feed: analysis and complaints

As you probably know, one of the ways to describe the nature of some software vulnerability is to provide corresponding CWE Common Weakness Enumeration ids. Let's see the CWE links in NVD CVE base. I have already wrote earlier how to deal with NVD feed using python in "Downloading and analyzing N...

7.5CVSS8.2AI score0.04733EPSS
Exploits2
Information Security Automation
Information Security Automation
added 2017/05/28 10:59 a.m.592 views

New vulnersBot for Telegram with advanced searches and subscriptions

Vulners.com team have recently presented a new version of vulnerability intelligence bot for Telegram messenger. Now you can search for vulnerabilities and other security content by talking with bot. Searches For example, I've heard about new critical vulnerability in Samba called SambaCry by...

10CVSS10AI score0.99448EPSS
Exploits24
Information Security Automation
Information Security Automation
added 2019/03/04 10:38 a.m.587 views

Vulnerability Management at Tinkoff Fintech School

In the last three weeks, I participated in Tinkoff Fintech School - educational program for university students. Together with my colleagues, we prepared a three-month practical Information Security course: 1 lecture per week with tests and home tasks. Each lecture is given by a member of our...

9.3CVSS8.2AI score0.99988EPSS
Exploits83
Information Security Automation
Information Security Automation
added 2021/03/26 2:47 a.m.576 views

Vulristics: Microsoft Patch Tuesdays Q1 2021

Hello everyone! It has been 3 months since my last review of Microsoft vulnerabilities for Q4 2020. In this episode I want to review the Microsoft vulnerabilities for the first quarter of 2021. There will be 4 parts: January, February, March and the vulnerabilities that were released between the...

10CVSS1.8AI score0.99999EPSS
Exploits123
Information Security Automation
Information Security Automation
added 2018/11/05 7:22 a.m.551 views

Adding custom NASL plugins to Tenable Nessus

Making custom NASL scripts plugins for Nessus is a pretty complicated process. Basically, NASL Nessus Attack Scripting Language is an internal instrument of Tenable and it seem that they are not really interested in sharing it with the community. The only publicly available official documentation...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/04/10 3:37 p.m.516 views

Installing OpenVAS 9 from the sources

In last month Greenbone Networks and OpenVAS development team have finally presented new OpenVAS 9 with new GUI, improved multi-scanner support, improved asset management, etc. We have been waiting for this release for 2 years! Upd. Please note, that entire procedure for separating scanners onto...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/09/01 6:12 p.m.432 views

Assessing Linux Security Configurations with SCAP Workbench

Recently I had a chance to work with OpenSCAP. It's a set of free and open-source tools for Linux Configuration Assessment and a collection security content in SCAP Security Content Automation Protocol format. In this post I will write about SCAP Workbench. It is a GUI application that can check...

Exploits0
Information Security Automation
Information Security Automation
added 2020/02/13 2:50 p.m.431 views

Microsoft Patch Tuesday February 2020

IMHO, these are the two most interesting vulnerabilities in a recent Microsoft Patch Tuesday February 2020: Mysterious Windows RCE CVE-2020-0662. "To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary...

9CVSS2.3AI score0.99965EPSS
Exploits30
Information Security Automation
Information Security Automation
added 2021/07/05 3:19 p.m.425 views

Last Week’s Security news: PrintNightmare, Kaseya, Intune, Metasploit Docker escape

Hello guys! The second episode of Last Week’s Security news from June 28 to July 4. The most interesting vulnerability of the last week is of course Microsoft Print Spooler "PrintNightmare". By sending an RpcAddPrinterDriverEx RPC request, for example over SMB, a remote, authenticated attacker ma...

10CVSS1.1AI score0.99999EPSS
Exploits83
Information Security Automation
Information Security Automation
added 2018/09/05 7:57 p.m.424 views

Retrieving IT Asset lists from NetBox via API

A little bit more about IT Asset Inventory of Internal Network, that your IT team can provide. I have recently worked with NetBox - an open source IP address management IPAM and data center infrastructure management DCIM solution developed by well-known cloud hosting provider DigitalOcean. It's n...

7.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2021/08/02 7:48 p.m.421 views

Last Week’s Security news: Serious Sam in Metasploit, PetitPotam, Zimbra Hijack, Joint Advisory TOP30 CVEs

Hello everyone! Last Weeks Security News, July 26 - August 1. Serious Sam in Metasploit Last week I talked about the Serious Sam vulnerability CVE-2021-36934, also known as HiveNightmare. The name HiveNightmare comes from the fact that Windows stores its registry data in a small number of...

7.5CVSS0.4AI score0.67252EPSS
Exploits13
Information Security Automation
Information Security Automation
added 2022/02/28 8:52 p.m.413 views

Microsoft Patch Tuesday February 2022

Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2022. I release it pretty late, because of the my previous big episode about the blindspots in the Knowledge Bases of Vulnerability Scanners. Please take a look if you havent seen it. Well, if you are even slightly...

9.3CVSS8.4AI score0.53655EPSS
Exploits5
Information Security Automation
Information Security Automation
added 2021/12/06 3:27 p.m.402 views

QSC21, VMDR Training and Exam

Hello everyone! On the one hand, because of the pandemic, we have become more distant from each other. We work mostly remotely from home. Traveling to a conference in another country has become much more difficult than it used to be. Now it is not only expensive. It has become much more difficult...

0.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/08/29 5:3 p.m.402 views

Burp Suite Free Edition and NTLM authentication in ASP.net applications

As you know, Burp Suit is a scanner for advanced Web Application Security researchers. However, the free version of Burp is more like Firebug analogue, but much more functional. Let's see how to install it and use for website analysis. This analysis may be necessary to find vulnerabilities or...

7.6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2020/02/11 1:46 p.m.391 views

Is Vulnerability Management more about Vulnerabilities or Management?

I've just read a nice article about Vulnerability Management in the Acribia blog in Russian. An extract and my comments below. In the most cases Vulnerability Management is not about Vulnerabilities, but about Management. Just filtering the most critical vulnerabilities is not enough. Practical...

10CVSS1.4AI score0.9951EPSS
Exploits59
Information Security Automation
Information Security Automation
added 2019/07/17 3:7 p.m.382 views

Kaspersky Security Center 11 API: getting information about hosts and installed products

I spent a lot of time last week working with the new API of Kaspersky Security Center 11. KSC is the administration console for Kaspersky Endpoint Protection products. And it has some pretty interesting features besides the antivirus/antimalware, for example, vulnerability and patch management. S...

7.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2022/07/23 8:34 a.m.365 views

Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery

Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldnt be unusual for a US government agency, NSA or CIA to publish such a report. But when a globa...

7.2CVSS9.6AI score0.70461EPSS
Exploits2
Information Security Automation
Information Security Automation
added 2022/08/23 12:0 a.m.363 views

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, lets take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into...

9.3CVSS0.3AI score0.9981EPSS
Exploits190
Information Security Automation
Information Security Automation
added 2021/02/11 11:31 p.m.360 views

Vulners Linux Audit API for Host Vulnerability Detection: Manual Auditing, Python Scripting and Licensing

Hello everyone! This episode will be about Vulners Linux Audit API, which allows you to detect vulnerabilities on a Linux host knowing only the OS version and installed packages. I had a similar post about this 4 years ago, but some details have changed, so I came back to this topic. Manual Audit...

4.6CVSS0.1AI score0.00365EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2018/10/28 10:31 p.m.359 views

Deploying VirtualBox virtual machines with Vagrant

I often use virtual machines for various tasks: from building software packages to testing software products or PoCs for vulnerabilities. Creating a virtual machine in Oracle VirtualBox is a time-consuming and annoying process: set parameters of VM, attach iso, make dozens of clicks in OS...

0.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/06/20 9:30 p.m.346 views

Vulners Cloud Agents for Vulnerability Management

A very good news! Vulners Team is ready to present complete functionality for vulnerability audit. And it's not just an Audit API that you have to use somehow in your own scripts, but an enterprise ready product, like agent-based vulnerability scanning in Qualys and Tenable. You can try it for...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2021/07/19 4:29 p.m.344 views

Last Week’s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins

Hello guys! The fourth episode of Last Week’s Security news, July 12 – July 18. I would like to start with some new public exploits. I think these 4 are the most interesting. If you remember, 2 weeks ago I mentioned the ForgeRock Access Manager and OpenAM vulnerability CVE-2021-35464. Now there i...

10CVSS9.6AI score0.99999EPSS
Exploits31
Information Security Automation
Information Security Automation
added 2022/12/30 6:3 p.m.340 views

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. Its especially nice that all the code to support the new API was written and contributed ...

10CVSS7.6AI score0.95764EPSS
Exploits284
Information Security Automation
Information Security Automation
added 2020/05/13 12:49 a.m.331 views

Microsoft Patch Tuesday May 2020: comments from VM vendors, promising stuff for phishing, troubles with SharePoint and lulz with Visual Studio

This will be my third Microsoft Patch Tuesday report in video and audio format. And for the third time in a row, Microsoft has addressed over a hundred vulnerabilities. With my Microsoft Patch Tuesday parser, it was possible to generate a report almost on the same day. But, of course, it takes mu...

9.3CVSS8.1AI score0.9981EPSS
Exploits144
Information Security Automation
Information Security Automation
added 2021/07/10 12:14 a.m.330 views

Vulristics: Microsoft Patch Tuesdays Q2 2021

Hello everyone! Lets now talk about Microsoft Patch Tuesday vulnerabilities for the second quarter of 2021. April, May and June. Not the most exciting topic, I agree. I am surprised that someone is reading or watching this. For me personally, this is a kind of tradition. Plus this is an opportuni...

10CVSS0.2AI score0.99718EPSS
Exploits114
Information Security Automation
Information Security Automation
added 2019/05/31 8:37 p.m.329 views

PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Management products

On May 21, I spoke at the PHDays 9 conference. I talked about new methods of Vulnerability Prioritization in the products of Vulnerability Management vendors. During my 15 minutes time slot I defined the problems that this new technology has to solve, showed why these problems could NOT be solved...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2020/07/18 6:31 p.m.318 views

Barapass, Tsunami scanner, vulnerabilities in Windows DNS Server and SAP products, weird attack on Twitter

This episode is based on posts from my Telegram channel avleonovcom, published in the last 2 weeks. So, if you use Telegram, please subscribe. I update it frequently. Barapass update I recently released an update to my password manager barapass. BTW, it seems to be my only pet project at the MVP...

10CVSS8.5AI score0.94719EPSS
Exploits28
Information Security Automation
Information Security Automation
added 2022/04/03 12:15 a.m.315 views

Spring4Shell, Spring Cloud Function RCE and Spring Cloud Gateway Code Injection

Hello everyone! This episode will be about last weeks high-profile vulnerabilities in Spring. Lets figure out what happened. Alternative video link for Russia: Of course, its amazing how fragmented the software development world has become. Now there are so many technologies, programming language...

7.5CVSS9.7AI score0.99939EPSS
Exploits186
Information Security Automation
Information Security Automation
added 2017/12/29 1:40 p.m.315 views

Vulners Nmap plugin

In previous post about Vulners vulnerability detection plugins for Burp and Google Chrome, I mentioned that it would be great to have a plugin for some free publicly available tool, like Nmap. And guys from the Vulners Team have recently released Nmap plugin. Isn't it awesome? To detect...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2020/03/22 1:15 a.m.292 views

Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 “Wormable” RCE and updates for February goldies

SMBv3 "Wormable" RCE Without a doubt, the hottest Microsoft vulnerability in March 2020 is the "Wormable" Remote Code Execution in SMB v3 CVE-2020-0796. The most commonly used names for this vulnerability are EternalDarkness, SMBGhost and CoronaBlue. There was a strange story of how it was...

9.3CVSS0.7AI score0.99965EPSS
Exploits156
Information Security Automation
Information Security Automation
added 2021/01/11 1:50 a.m.289 views

Vulristics Vulnerability Score, Automated Data Collection and Microsoft Patch Tuesdays Q4 2020

In this episode I would like to make a status update of my Vulristics project. For those who dont know, in this project I retrieve publicly available vulnerability data and analyze it to better understand the severity of these vulnerabilities and better prioritize them. Currently, it is mainly...

10CVSS0.9AI score0.99512EPSS
Exploits105
Information Security Automation
Information Security Automation
added 2018/12/24 10:36 p.m.275 views

New Advanced Dynamic Scan Policy Template in Nessus 8

According to Nessus 8.1.0 release notes, Tenable finally solved the problem with Mixed Plugin groups. At least partially. I will briefly describe the problem. Let's say we found out that some Nessus plugins crash our target systems. This happens rarely, but it happens. So, we decided to disable...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2021/02/19 11:56 p.m.268 views

Microsoft Defender for Endpoint: Why You May Need It and How to Export Hosts via API in Python

Hello everyone! In this episode, I want to talk about Microsoft Defender for Endpoint. It’s not a well-known free Defender antivirus built in Windows 10, but an enterprise level solution with the similar name. Yes, the naming is pretty confusing. I will not repeat Microsofts marketing thesis. Jus...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2021/12/12 11:51 p.m.267 views

Vulnerability Intelligence based on media hype. It works? Grafana LFI and Log4j “Log4Shell” RCE

Hello everyone! In this episode, I want to talk about vulnerabilities, news and hype. The easiest way to get timely information on the most important vulnerabilities is to just read the news regularly, right? Well, I will try to reflect on this using two examples from last week. I have a security...

9.3CVSS10AI score0.99999EPSS
Exploits393
Total number of security vulnerabilities389