Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
4e79eb042eb823afaf5a229f2344c8feFireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
1f24ed2af728ba73cdf9e51337f2d43bThis Metasploit module attempts to exploit a netfilter bug on Linux Kernels before 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation.
3749f597d7dba9ade2186bcc9aef3668Linux kernel versions 2.6.10 up to but not including 2.6.31.5 pipe.c privilege escalation exploit.
7cd715daa187357bd1edf4c0cb587cbcLinux kernel version 2.6.32-rc1 x86_64 register leak proof of concept code.
d243180fe92ea99f0ca63f222c678db2Linux kernel version 2.6.18 suffers from a move_pages() information leak vulnerability.
78ca6c1797fc7d2f33407cc5cf28ac5bOlympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.
aef9f3339073a9ee80368ab5ac42e3e2EASY HOME Alarmanlagen-Set MAS-S01-09 suffers from missing protection against replay attacks.
f93defe9672b26e5f08c198f16c16202A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Google Chrome version 39.0 is affected.
58cecd42033cec65bf344dd36af29db5Red Hat Security Advisory 2016-2820-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.
491b87cff099497464b93aa7323a6ffbRed Hat Security Advisory 2016-2819-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.
c634ff0bf43812c5d02354fde3c6e91aLinux kernels 2.6.32-642 and 3.16.0-4 inode integer overflow proof of concept exploit.
5e4bac26711257f2b173173b9a893edfMobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.
0c1d2d101da02097ba466840e0148138Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.
75bd302689d825abf438d908c7aeabceRed Hat Security Advisory 2016-2816-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Security Fix: A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests.
c53faf50d2f9b17fdb12d61c106fa9c9Red Hat Security Advisory 2016-2815-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Multiple security issues have been addressed.
40e849086f142342f2fe5a0a631b942aA specially crafted web-page can cause Microsoft Internet Explorer 8 to attempt to read data beyond the boundaries of a memory allocation. The issue does not appear to be easily exploitable.
4d0b3ffce8b8ea73636475ad12f99828EasyPHP Devserver version 16.1.1 suffers from cross site request forgery and remote code execution vulnerabilities.
1c30f5d29d417d09aa93e89605fff2f7Crestron AM-100 versions 1.1.1.11 through 1.2.1 suffer from hard-coded credential and path traversal vulnerabilities.
5b5026c9de1a7593e6278ffca75951c1Huawei UTPS software version UTPS-V200R003B015D16SPC00C983 suffers from an unquoted service path privilege escalation vulnerability.
a99ab7c10a0cbc6bec9f3c753f2bc5e6Acunetix version 10 suffers from multiple dll hijacking vulnerabilities.
c7d17948b507cc164092b9290f9294d389 bytes small /bin/sh -c reboot shellcode for Linux.
6ebbbd4d2b92ca81bfde6be3923f77da
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed