Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
f5cd8522d591a0dd1ba1a51efe38a2cf35711c545c26210022790e8d6241ce45FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
89726c52dece93dfee0c409aba6bbbf3c5eb1b6f1352a6d7e18e3810d01951daThis Metasploit module attempts to exploit a netfilter bug on Linux Kernels before 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation.
bf300c0c899733b435995c0ef2a36f7a7f24b72ea483dc9898f85b794dba5bc8Linux kernel versions 2.6.10 up to but not including 2.6.31.5 pipe.c privilege escalation exploit.
75d9acb7f4a5e730359a428a3f8ffeafa457fd42af8d7374f068563ad3b0968dLinux kernel version 2.6.32-rc1 x86_64 register leak proof of concept code.
b1b558c35419a8907982c5211fe3a645007a4ed810c911987941600803db3d08Linux kernel version 2.6.18 suffers from a move_pages() information leak vulnerability.
c05fdfd283ea5558f5b2b11b7f21af43ae4f388bc69af29cd4cfce64f3668c24Olympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.
b73813379c9c7ae3a3ca7625ea543b01df7c00b2718c1c9ba66959c0c4a4ff2dEASY HOME Alarmanlagen-Set MAS-S01-09 suffers from missing protection against replay attacks.
aa11c4d5d771f9d150ecfead9f82a16873ca84a8146387dc50c052e29720ecb1A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Google Chrome version 39.0 is affected.
55331823f8dfff200255c77a7bbd5aa302935b3af6f4e3f1ef14fc56b9da6164Red Hat Security Advisory 2016-2820-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.
09101d18a8872a1fbd6b7d886a1ccee516c5e7b8e80f40ea7d9248d12b1d8f60Red Hat Security Advisory 2016-2819-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.
c10e120fa474ab10ba77d113aeba63c5f3226b7220d718cf61f8cbf65756abccLinux kernels 2.6.32-642 and 3.16.0-4 inode integer overflow proof of concept exploit.
20defbb599c5e84b62933befff3dbdc7d08fdf1cbcf768c8aefb44e16c752bcfMobile Security Framework (MobSF) is an all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also do Web API Security testing with it's API Fuzzer that performs Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session Management and API Rate Limiting.
700cdd3f3460d4db512a15ccc778012b27d14b9d9019961e561b1b27ac8ed277Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.
8e640691cd560b9d8302f132c35c2970fee8d3dd24deecaf9bd5bc9e5f327fb7Red Hat Security Advisory 2016-2816-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Security Fix: A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests.
139b9b08c711bedadc85f67290f1923e202d4dd9d564f6fee986e44d565ac765Red Hat Security Advisory 2016-2815-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Multiple security issues have been addressed.
ef405f0bd7b17b62af6a472bc30f36f4a65f15e773f951d2de8b2b16aaddd1c8A specially crafted web-page can cause Microsoft Internet Explorer 8 to attempt to read data beyond the boundaries of a memory allocation. The issue does not appear to be easily exploitable.
401440c68b1412518e4b354f8345508179c046033ef8057964dd02d484e451bcEasyPHP Devserver version 16.1.1 suffers from cross site request forgery and remote code execution vulnerabilities.
eda4d8f8037371c5984319f153fb7c221633fa3d30ff01226627c02bed5c0f8aCrestron AM-100 versions 1.1.1.11 through 1.2.1 suffer from hard-coded credential and path traversal vulnerabilities.
074016f3af8de3f5aba4073ac2978de1a2f471fab2e93cdc83e0e5e6e533147eHuawei UTPS software version UTPS-V200R003B015D16SPC00C983 suffers from an unquoted service path privilege escalation vulnerability.
af111ecaebdf0489157a897bd2e30ba71575f983ee1d5267b509300f73bbb79aAcunetix version 10 suffers from multiple dll hijacking vulnerabilities.
f9156bed3c4501962e7c625db7d1820c157af7c061dbcc82b917eb9966b17fcc89 bytes small /bin/sh -c reboot shellcode for Linux.
d283ae2adba844d13ddf0ac100ad3f983481d8cac7b242ee525dedd4103902e1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed