PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC Stormcast For Monday, December 5th 2016 https://isc.sans.edu/podcastdetail.html?id=5277, (Sun, Dec 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Protecting Powershell Credentials (NOT), (Fri, Dec 2nd)
If youre like me, youve worked through at least one Powershell tutorial, class or even a how-to blog. And youve likely been advised to use the PSCredential cons…

ISC Stormcast For Friday, December 2nd 2016 https://isc.sans.edu/podcastdetail.html?id=5275, (Fri, Dec 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Tap Gigabit Networks on the Cheap, (Thu, Dec 1st)
First a disclaimer: This methodworks for a home network, maybe a small business network. I do describe how to do this using a specific vendors equipment. This i…

Webcast today (1pm ET): The 6 Most Dangerous New Cyberattack Techniques with Ed Skoudis, Mike Assante and Johannes Ullrich. https://t.co/0g0wFWDkJc, (Thu, Dec 1st)
--- Johannes B. Ullrich, Ph.D. STI|Twitter|LinkedIn (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 U…

ISC Stormcast For Thursday, December 1st 2016 https://isc.sans.edu/podcastdetail.html?id=5273, (Wed, Nov 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packet Storm
Latest Security Tool Files
Hashcat Advanced Password Recovery 3.20 Source Code
hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…

Hashcat Advanced Password Recovery 3.20 Binary Release
hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…

TOR Virtual Network Tunneling Tool 0.2.8.10
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

Suricata IDPE 3.2
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded…

FireHOL 3.1.0
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual…

Evilgrade - The Update Exploitation Framework 2.0.8
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the atta…

Blue Team Training Toolkit (BT3) 2.1
Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and…

FireHOL 3.0.2
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual…

Mobile Security Framework MobSF 0.9.3 Beta
Mobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analys…


SecurityFocus
General Security Vulnerabilities
Vuln: Linux Kernel 'usbhid/hiddev.c' Local Heap Buffer Overflow Vulnerability
Linux Kernel 'usbhid/hiddev.c' Local Heap Buffer Overflow Vulnerability…

Vuln: Linux Kernel CVE-2016-7117 Use-After-Free Remote Code Execution Vulnerability
Linux Kernel CVE-2016-7117 Use-After-Free Remote Code Execution Vulnerability…

Vuln: Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability…

Vuln: PHP 'ext/session/session.c' Remote Code Injection Vulnerability
PHP 'ext/session/session.c' Remote Code Injection Vulnerability…

Bugtraq: CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used
CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used…

Bugtraq: Microsoft MSINFO32.EXE ".NFO" Files XML External Entity
Microsoft MSINFO32.EXE ".NFO" Files XML External Entity…

Bugtraq: Microsoft Windows Media Center "ehshell.exe" XML External Entity
Microsoft Windows Media Center "ehshell.exe" XML External Entity…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Google Chrome < 55.0.2883.75 Multiple Vulnerabilities (macOS)
Synopsis : A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabiliti…

Google Chrome < 55.0.2883.75 Multiple Vulnerabilities
Synopsis : A web browser installed on the remote Windows host is affected by multiple vulnerabilities. Descr…

Cisco AsyncOS for Email Security Appliances MIME Header Processing Filter Bypass (cisco-sa-20161116-esa1 / cisco-sa-20161116-esa2)
Synopsis : The remote security appliance is missing a vendor-supplied patch. Description : According to its…

AIX OpenSSH Advisory : openssh_advisory9.asc
Synopsis : The remote AIX host has a version of OpenSSH installed that is affected by multiple vulnerabilitie…

Mozilla Thunderbird < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE
Synopsis : The remote Windows host contains a mail client that is affected by a remote code execution vulnera…

Sourcefire
Vulnerability Research Team
Project FIRST: Share Knowledge, Speed up Analysis
Project FIRST is lead by Angel M. Villegas. This post is authored by Holger Unterbrink. Talos is pleased to an…

Cerber Spam: Tor All the Things!
This post authored by Nick Biasini and Edmund Brumaghin with contributions from Sean Baird and Andrew Windsor.

Talos Responsible Disclosure Policy Update
Responsible disclosure of vulnerabilities is a key aspect of security research. Often, the difficulty in respo…

Fareit Spam: Rocking Out to a New File Type
This post authored by Nick BiasiniTalos is constantly monitoring the threat landscape including the email thre…

Vulnerability Spotlight: Multiple File Parsing Bugs in HDF5 File Library Patched
These vulnerabilities were discovered by the Talos Vulnerability Development Team.Today, Talos is disclosing t…

RHEL
Red Hat Errata
RHBA-2016:2851-1: rh-java-common bug fix update
Red Hat Enterprise Linux: Updated rh-java-common packages that fix one bug are now available for Red Hat Soft…

RHBA-2016:2852-1: rh-eclipse46 bug fix update
Red Hat Enterprise Linux: Updated rh-eclipse46 packages that fixes two bugs are now available for Red Hat Sof…

RHSA-2016:2850-1: Important: thunderbird security update
Red Hat Enterprise Linux: An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat…

RHBA-2016:2849-1: kernel bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix several bugs and add various enhancements are now…

RHBA-2016:2841-1: Red Hat Certification bug fix and enhancement update
Red Hat Enterprise Linux: An updated redhat-certification packages that fixes several bugs and adds various e…

RHSA-2016:2842-1: Low: Red Hat OpenShift Enterprise 2.x - 30 Day End Of Life Notice
This is the 30 Day notification for the End of Production Phase 1 of Red Hat OpenShift Enterprise 2.x (2.0, 2…

Microsoft
Security Advisories
3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary:…

3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary: Microsoft is releasing this security adv…

3179528 - Update for Kernel Mode Blacklist - Version: 1.0
Revision Note: V1.0 (August 9, 2016): Click here to enter text.Summary: Microsoft is blacklisting some publica…

2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
Revision Note: V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the…

3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
Revision Note: V1.0 (May 10, 2016): Advisory published.Summary: FalseStart allows the TLS client to send appli…

Malc0de

Malc0de

(You might not want to click on these!)

fksbamzqbzpyii.writehello.ru
URL: fksbamzqbzpyii.writehello.ru/nethost.exe, IP Address: 82.118.16.98, Country: UA, ASN: 15626, MD5: 34a6eda…

fiveelementsliving.com
URL: fiveelementsliving.com/counter/2, IP Address: 97.74.183.128, Country: US, ASN: 26496, MD5: d86fac2dc09ef4…

down411357.xiazaidown.com
URL: down411357.xiazaidown.com/cx/160624/6/CPoitersoCPDF@304_122369.exe, IP Address: 61.160.210.226, Country:…

down411355.xiazaidown.com
URL: down411355.xiazaidown.com/cx/160624/6/eefbfbdefbfbdeefbfbdefbfbd@163_99955.exe, IP Address: 61.160.210.22…

down411346.xiazaidown.com
URL: down411346.xiazaidown.com/cx/160624/6/cpuz@19_91178.exe, IP Address: 61.160.210.226, Country: CN, ASN: 23…

down411328.xiazaidown.com
URL: down411328.xiazaidown.com/cx/160624/6/u8fc5u96f77@19_135373.exe, IP Address: 61.160.210.226, Country: CN,…

clickfinder123.com
URL: clickfinder123.com/kqaer2c56ds34caq12/file.exe, IP Address: 185.153.198.117, Country: RU, ASN: 49877, MD5…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
kingskillz.ru (2016/10/30_01:52)
Host: kingskillz.ru/~kingskil/Prince/Man/lucy/mine/shit.exe, IP address: 85.143.215.183, ASN: 201848, Country: RU, Description: Trojan.FareIt…

www.family-partners.fr (2016/10/13_14:03)
Host: www.family-partners.fr/data.dpg, IP address: 95.142.169.132, ASN: 29169, Country: FR, Description: ransomware…

elmissouri.fr (2016/10/13_14:03)
Host: elmissouri.fr/data.dpg, IP address: 213.186.33.50, ASN: 16276, Country: FR, Description: ransomware…

apexgames.org (2016/09/21_12:12)
Host: apexgames.org/ykxj6/par/factura.zip, IP address: 166.62.112.150, ASN: 26496, Country: US, Description: Javascript inside zip file leads to trojan…

art-archiv.ru (2016/09/21_12:12)
Host: art-archiv.ru/images/animated-number/docum-arhiv.exe, IP address: 81.177.139.111, ASN: 8342, Country: RU, Description: trojan…

tscl.com.bd (2016/09/15_08:48)
Host: tscl.com.bd/m/RI%20XIN%20QUOTATION%20LIST.zip, IP address: 209.99.16.206, ASN: 394695, Country: US, Description: trojan inside zip file…

catjogger.win (2016/09/15_10:06)
Host: catjogger.win/ganel/gate.php, IP address: 213.145.225.170, ASN: 25575, Country: AT, Description: pony loader c&c…

ad.getfond.info (2016/09/14_20:05)
Host: ad.getfond.info, IP address: 83.217.26.203, ASN: 200161, Country: RU, Description: PlugX C&C…


© 2001-2016 Procyon Labs / Randal T. Rioux