PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
KNOW before NO, (Fri, Apr 28th)
A good friend told me that anengagedinformation security professional is one wholeads with the KNOW instead of the NO. This comment struck me and has resonated…

Another Day, Another Obfuscation Technique, (Fri, Apr 28th)
We got many samples from our readers and wethank them for this. It helps us to find how attackers are improving their techniques to bypass security controls and…

ISC Stormcast For Friday, April 28th 2017 https://isc.sans.edu/podcastdetail.html?id=5478, (Fri, Apr 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

BGP Hijacking: The Internet is Still/Again Broken, (Thu, Apr 27th)
The Internet is a network of networks. Each Autonomous system (AS) connects to the internet using a router that speaks the Border Gateway Protocol (BGP) to diss…

ISC Stormcast For Thursday, April 27th 2017 https://isc.sans.edu/podcastdetail.html?id=5476, (Thu, Apr 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again), (Wed, Apr 26th)
Setting up a Microsoft SQL server with a stupid simple password like sa for the sa user is hard. First of all, Microsoft implemented a default password policy t…

Packet Storm
Latest Security Tool Files
TOR Virtual Network Tunneling Tool 0.3.0.6
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

Uberscan Brute Forcing Tool
Uberscan is an IP scanner and brute forcing tool all in one. Written in perl.

Thycotic Secret Server Data Decrypter
This is a powershell script that decrypts the data stored within a Thycotic Secret Server.

DAVOSET 1.3.2
DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.

Packet Fence 7.0.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secur…

Blue Team Training Toolkit (BT3) 2.2
Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and…

360-FAAR Firewall Analysis Audit And Repair 0.6.2
360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands…

Wireshark Analyzer 2.2.6
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a comme…

Ansvif 1.7
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.


SecurityFocus
General Security Vulnerabilities
Vuln: cURL/libcURL CVE-2016-8622 Remote Security Bypass Vulnerability
cURL/libcURL CVE-2016-8622 Remote Security Bypass Vulnerability…

Vuln: cURL/libcURL CVE-2016-8623 Information Disclosure Vulnerability
cURL/libcURL CVE-2016-8623 Information Disclosure Vulnerability…

Vuln: cURL/libcURL CVE-2016-8621 Information Disclosure Vulnerability
cURL/libcURL CVE-2016-8621 Information Disclosure Vulnerability…

Vuln: cURL/libcURL CVE-2016-8624 Remote Security Bypass Vulnerability
cURL/libcURL CVE-2016-8624 Remote Security Bypass Vulnerability…

Bugtraq: [security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
[security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution…

Bugtraq: [SECURITY] [DSA 3838-1] ghostscript security update
[SECURITY] [DSA 3838-1] ghostscript security update…

Bugtraq: Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability
Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Adobe ColdFusion BlazeDS Java Object Deserialization RCE
Synopsis : A web-based application running on the remote host is affected by a remote code execution vulnerab…

Trend Micro Control Manager cgiShowClientAdm Security Bypass
Synopsis : A CGI application running on the remote host is affected by a security bypass vulnerability. Desc…

H3C / HPE Intelligent Management Center accessMgrServlet Java Object Deserialization RCE
Synopsis : A web application hosted on the remote web server is affected by a remote code execution vulnerabi…

H3C / HPE Intelligent Management Center RMI Java Object Deserialization RCE
Synopsis : A web application hosted on the remote web server is affected by a remote code execution vulnerabi…

Portrait Display SDK PdiService Insecure Privileges Local Privilege Escalation
Synopsis : The Portrait Displays SDK Service (PdiService) running on the remote Windows host is affected by a…

Sourcefire
Vulnerability Research Team
Threat Round-up for Apr 21 - Apr 28
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 21 and April…

Vulnerability Spotlight: Randombit Botan Library X509 Certificate Validation Bypass Vulnerability
This vulnerability was discovered by Aleksandar Nikolic of Cisco Talos.OverviewTalos has discovered a vulnerab…

Vulnerability Spotlight: Multiple Vulnerabilities in Zabbix
These vulnerabilities were discovered by Lilith Wyatt of Cisco ASIGSummaryZabbix is an enterprise monitoring s…

Vulnerability Spotlight: IrfanView Jpeg2000 Reference Tile width Arbitrary Code Execution Vulnerability
Discovered by Aleksandar Nikolic of Cisco TalosOverviewTalos is disclosing TALOS-2017-0310 / CVE-2017-2813, an…

Vulnerability Spotlight: Hard-coded Credential Flaw in Moxa ICS Wireless Access Points Identified and Fixed
Earlier this month, Talos responsibly disclosed a set of vulnerabilities in Moxa ICS wireless access points. W…

RHEL
Red Hat Errata
RHBA-2017:1171-1: heketi bug fix update
Red Hat Enterprise Linux: Updated heketi packages are now available for Container Native Storage 3.5.

RHBA-2017:1172-1: cns-deploy-tool bug fix update
Red Hat Enterprise Linux: Updated cns-deploy-tool packages that fix several bugs are now available for Contai…

RHEA-2017:1188-1: rhev-hypervisor bug fix and enhancement update for RHEV 3.6.10
Red Hat Enterprise Linux: An updated rhev-hypervisor package is now available.

RHBA-2017:1141-1: devtoolset-6-ltrace bug fix update
Red Hat Enterprise Linux: Updated devtoolset-6-ltrace packages that fix two bugs are now available as a part…

RHBA-2017:1143-1: devtoolset-6-gcc bug fix update
Red Hat Enterprise Linux: Updated devtoolset-6-gcc packages that fix several bugs are now available as a part…

RHBA-2017:1147-1: devtoolset-6 update
Red Hat Enterprise Linux: Updated devtoolset-6 packages are now available as a part of Red Hat Developer Tool…

Microsoft
Security Advisories
3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
Revision Note: V2.0 (March 14, 2017): Advisory rereleased to announce that the changes described in this advis…

4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
Revision Note: V1.0 (January 27, 2017): Advisory published.Summary: Microsoft is releasing this security advis…

3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (January 10, 2017): Advisory published.Summary: Microsoft is releasing this security advis…

3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary: Microsoft is releasing this security adv…

3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary:…

Malc0de

Malc0de

(You might not want to click on these!)

down12.xiazaidc.com
URL: , IP Address: 121.41.10.159, Country: CN, ASN: 37963, MD5: 2a65f85d09f36402fbd91484a9a4adac…

d1.97you.net
URL: , IP Address: 183.131.168.153, Country: CN, ASN: 4134, MD5: e6cf7a3c987ada0625981f2a654f5106…

cendereci.com
URL: cendereci.com/dasphdasodasopjdaspjdasdasa.png, IP Address: 85.159.66.172, Country: TR, ASN: 34619, MD5: 2…

c.img001.com
URL: c.img001.com/re58/guagua_23103510024.exe, IP Address: 183.131.82.252, Country: CN, ASN: 4134, MD5: f1db40…

c.img001.com
URL: c.img001.com/re58/kele_20090197397.exe, IP Address: 183.131.82.252, Country: CN, ASN: 4134, MD5: bde29dee…

c.img001.com
URL: c.img001.com/re58/pingguo_21561000328.exe, IP Address: 183.131.82.252, Country: CN, ASN: 4134, MD5: b3aa7…

c.img001.com
URL: c.img001.com/re58/girlshow_20300025849.exe, IP Address: 183.131.82.252, Country: CN, ASN: 4134, MD5: 31d5…

ClamAV
Top 10 ClamAV Official Signatures
Malware Domain List
alegroup.info (2017/03/20_10:13)
Host: alegroup.info/ntnrrhst, IP address: 194.87.217.87, ASN: 197695, Country: RU, Description: Ransom, Fake.PCN, Malspam…

fourthgate.org (2017/03/20_10:13)
Host: fourthgate.org/Yryzvt, IP address: 104.200.67.194, ASN: 8100, Country: US, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/pay/rd.php?id=10, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

ssl-6582datamanager.de (2017/03/14_23:02)
Host: ssl-6582datamanager.de/, IP address: 54.72.9.51, ASN: 16509, Country: US, Description: redirects to Paypal phishing…

privatkunden.datapipe9271.com (2017/03/14_23:02)
Host: privatkunden.datapipe9271.com/, IP address: 104.31.75.147, ASN: 13335, Country: US, Description: Paypal phishing…

www.hjaoopoa.top (2017/03/06_21:09)
Host: www.hjaoopoa.top/admin.php?f=1.gif, IP address: 52.207.234.89, ASN: 14618, Country: US, Description: Cerber ransomware…

up.mykings.pw:8888 (2017/03/06_21:09)
Host: up.mykings.pw:8888/update.txt, IP address: 60.250.76.52, ASN: 3462, Country: TW, Description: related to a Mirai windows spreader trojan…

down.mykings.pw:8888 (2017/03/06_21:09)
Host: down.mykings.pw:8888/ver.txt, IP address: 60.250.76.52, ASN: 3462, Country: TW, Description: related to a Mirai windows spreader trojan…


© 2001-2016 Procyon Labs / Randal T. Rioux