PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
ISC Stormcast For Thursday, January 19th 2017 https://isc.sans.edu/podcastdetail.html?id=5337, (Wed, Jan 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Apple Garage Band Remote Code Exec Patched - v10.1.5 - https://support.apple.com/en-ca/HT207477, (Wed, Jan 18th)
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States…

Oracle Quarterly Critical Patch Updates are out - time to patch all things Oracle! http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html, (Wed, Jan 18th)
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States…

Making Windows 10 a bit less "Creepy" - Common Privacy Settings, (Wed, Jan 18th)
Microsoft regards Windows 10 is the most secure version of Windows out of the box, and I do have to agree thats the case. Which is all well and good, but the…

ISC Stormcast For Wednesday, January 18th 2017 https://isc.sans.edu/podcastdetail.html?id=5335, (Tue, Jan 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

domain_stats.py a web api for SEIM phishing hunts , (Tue, Jan 17th)
Last year, over the Thanksgiving break, Justin Henderson and I worked ona tool to provide a web API interface foranother tool I released last year called freq.p…

Packet Storm
Latest Security Tool Files
THC-IPv6 Attack Tool 3.2
THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.

Keypatch 2.1
Keypatch is a plugin of IDA Pro for Keystone Assembler Engine.

Tinc Virtual Private Network Daemon 1.0.31
tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling all…

FireHOL 3.1.1
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual…

PEV 0.80
pev is a full-featured, open source, multi-platform command line toolkit to work with PE (Portable Executables) binaries.

Truffle Hog
Truffle Hog searches through git repositories for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally commit…

Hashcat Advanced Password Recovery 3.30 Source Code
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…

Hashcat Advanced Password Recovery 3.30 Binary Release
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based…

Proxmark Iceman Fork 1.6.7
This is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access…


SecurityFocus
General Security Vulnerabilities
Vuln: Linux Kernel CVE-2015-8104 Denial of Service Vulnerability
Linux Kernel CVE-2015-8104 Denial of Service Vulnerability…

Vuln: Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability…

Vuln: libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability
libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability…

Vuln: Linux Kernel CVE-2015-5307 Denial of Service Vulnerability
Linux Kernel CVE-2015-5307 Denial of Service Vulnerability…

Bugtraq: ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability
ESA-2016-161: EMC Isilon OneFS LDAP Injection Vulnerability…

Bugtraq: ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability
ESA-2016-143: EMC Documentum Webtop and Clients Stored Cross-Site Scripting Vulnerability…

Bugtraq: [SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue
[SECURITY] CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Oracle Database Multiple Vulnerabilities (January 2017 CPU)
Synopsis : The remote database server is affected by multiple vulnerabilities. Description : The remote Ora…

Oracle WebLogic Server Core Components Subcomponent RCE (January 2017 CPU)
Synopsis : An application server installed on the remote host is affected by a remote code execution vulnerab…

Oracle VM VirtualBox 5.0.x < 5.0.32 / 5.1.x < 5.1.14 Multiple Vulnerabilities (January 2017 CPU)
Synopsis : An application installed on the remote host is affected by multiple vulnerabilities. Description…

Oracle E-Business Multiple Vulnerabilities (January 2017 CPU)
Synopsis : A web application installed on the remote host is affected by multiple vulnerabilities. Descripti…

HP Operations Manager Installed (Linux)
Synopsis : HP Operations Manager for Linux is installed on the remote host. Description : HP Operations Man…

Sourcefire
Vulnerability Research Team
Without Necurs, Locky Struggles
This post authored by Nick Biasini with contributions from Jaeson SchultzLocky has been a devastating force fo…

Vulnerability Spotlight: Multiple Code Execution Vulnerabilities in Oracle Outside In Technology
These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos.Summary Oracle's Outside In Technol…

Vulnerability Spotlight: Exploiting the Aerospike Database Server
Vulnerabilities discovered by TalosTalos is disclosing multiple vulnerabilities discovered in the Aerospike Da…

Shadow Brokers Malware Coverage
The Shadow Brokers released what appears to be a series of windows rootkit components in a farewell message. T…

Microsoft Patch Tuesday - January 2017
Happy New Year to our readers! Today marks the first Patch Tuesday of 2017 with Microsoft releasing their mont…

RHEL
Red Hat Errata
RHBA-2017:0151-1: openstack-nova bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Compute packages that resolve various issues are now available fo…

RHBA-2017:0152-1: python-keystoneclient bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Identity packages that resolve various issues are now available f…

RHBA-2017:0154-1: openstack-neutron bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Networking packages that resolve various issues are now available…

RHBA-2017:0155-1: python-cinderclient bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Block Storage packages that resolve various issues are now availa…

RHBA-2017:0163-1: openstack-nova bug fix advisory
Red Hat Enterprise Linux: Updated OpenStack Compute packages that resolve various issues are now available fo…

RHBA-2017:0164-1: Red Hat Enterprise Linux OpenStack Platform Bug Fix Advisory
Red Hat Enterprise Linux: Updated packages that resolve various issues are now available for Red Hat Enterpr…

Microsoft
Security Advisories
3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (January 10, 2017): Advisory published.Summary: Microsoft is releasing this security advis…

3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary: Microsoft is releasing this security adv…

3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
Revision Note: V1.0 (September 13, 2016): Advisory published.Summary:…

3179528 - Update for Kernel Mode Blacklist - Version: 1.0
Revision Note: V1.0 (August 9, 2016): Click here to enter text.Summary: Microsoft is blacklisting some publica…

2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
Revision Note: V2.0 (May 18, 2016): Advisory updated to provide links to the current information regarding the…

Malc0de

Malc0de

(You might not want to click on these!)

down12.xiazaidc.com
URL: , IP Address: 121.43.113.145, Country: CN, ASN: 37963, MD5: 2a65f85d09f36402fbd91484a9a4adac…

cendereci.com
URL: cendereci.com/dasphdasodasopjdaspjdasdasa.png, IP Address: 85.159.66.172, Country: TR, ASN: 34619, MD5: 2…

c.img001.com
URL: c.img001.com/re58/pingguo_21561000328.exe, IP Address: 14.215.74.85, Country: CN, ASN: 58543, MD5: b3aa78…

c.img001.com
URL: c.img001.com/re58/girlshow_20300025849.exe, IP Address: 14.215.74.85, Country: CN, ASN: 58543, MD5: 31d5f…

c.img001.com
URL: c.img001.com/re58/qixi_20200013406.exe, IP Address: 14.215.74.85, Country: CN, ASN: 58543, MD5: 086ca0d2e…

bargainshop.councilofcoders.com
URL: bargainshop.councilofcoders.com/wp-includes/pm2.dll, IP Address: 162.249.2.136, Country: US, ASN: 55293,…

bargainshop.councilofcoders.com
URL: bargainshop.councilofcoders.com/wp-includes/inst1.exe, IP Address: 162.249.2.136, Country: US, ASN: 55293…

ClamAV
Top 10 ClamAV Official Signatures
Suspect.DoubleExtension-zippwd-15
Count: 18895…
W32.Virut.Gen.D-163
Count: 12179…
Heuristics.Safebrowsing.Suspected-malware_safebrowsing.clamav.net
Count: 7110…
Heuristics.Phishing.Email.SpoofedDomain
Count: 6804…
Heuristics.Phishing.Email.SSL-Spoof
Count: 5072…
Heuristics.Safebrowsing.Suspected-phishing_safebrowsing.clamav.net
Count: 4508…
Worm.Mydoom.I
Count: 4167…
PUA.Script.PDF.EmbeddedJS-1
Count: 3669…
HTML.Phishing.Card-52
Count: 3614…
Malware Domain List
kingskillz.ru (2016/10/30_01:52)
Host: kingskillz.ru/~kingskil/Prince/Man/lucy/mine/shit.exe, IP address: 85.143.215.183, ASN: 201848, Country: RU, Description: Trojan.FareIt…

www.family-partners.fr (2016/10/13_14:03)
Host: www.family-partners.fr/data.dpg, IP address: 95.142.169.132, ASN: 29169, Country: FR, Description: ransomware…

elmissouri.fr (2016/10/13_14:03)
Host: elmissouri.fr/data.dpg, IP address: 213.186.33.50, ASN: 16276, Country: FR, Description: ransomware…

apexgames.org (2016/09/21_12:12)
Host: apexgames.org/ykxj6/par/factura.zip, IP address: 166.62.112.150, ASN: 26496, Country: US, Description: Javascript inside zip file leads to trojan…

art-archiv.ru (2016/09/21_12:12)
Host: art-archiv.ru/images/animated-number/docum-arhiv.exe, IP address: 81.177.139.111, ASN: 8342, Country: RU, Description: trojan…

tscl.com.bd (2016/09/15_08:48)
Host: tscl.com.bd/m/RI%20XIN%20QUOTATION%20LIST.zip, IP address: 209.99.16.206, ASN: 394695, Country: US, Description: trojan inside zip file…

catjogger.win (2016/09/15_10:06)
Host: catjogger.win/ganel/gate.php, IP address: 213.145.225.170, ASN: 25575, Country: AT, Description: pony loader c&c…

ad.getfond.info (2016/09/14_20:05)
Host: ad.getfond.info, IP address: 83.217.26.203, ASN: 200161, Country: RU, Description: PlugX C&C…


© 2001-2016 Procyon Labs / Randal T. Rioux