β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The Automation FOrensics Tool (AFOT) is an automation tool build in Python and used for Windows Forensics in order to combine the following tools:
> AnalyzePESig (http://didierstevens.com/files/software/AnalyzePESig_V0_0_0_2.zip)
> National Software Reference Library reduced set (http://www.nsrl.nist.gov/RDS/rds_2.52/rds_252m.zip)
>NSRL Tool (http://didierstevens.com/files/software/nsrl_V0_0_2.zip)
>VirusTotal Search Tool (http://didierstevens.com/files/software/virustotal-search_V0_1_2.zip)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) https://github.com/harris21/afot
2) cd https://github.com/harris21/afot
3) now run python afot.py in your terminal.
So the procedure is pretty straight-forward:
The user provides the path, which will be used to analyze all the executables included in those folders/subfolders.
AnalyzePESig looks for signed executables, whom certificate will soon be revoked.
AFOT will collect all the non-signed executables and cross-check them with NSRL's hashset database, using the NSRL tool.
Last but not least, if any hashes were found to be in NSRL's hashset database too, we cross-check those hashes with VirusTotal, using the VirusTotal Search tool.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The Automation FOrensics Tool (AFOT) is an automation tool build in Python and used for Windows Forensics in order to combine the following tools:
> AnalyzePESig (http://didierstevens.com/files/software/AnalyzePESig_V0_0_0_2.zip)
> National Software Reference Library reduced set (http://www.nsrl.nist.gov/RDS/rds_2.52/rds_252m.zip)
>NSRL Tool (http://didierstevens.com/files/software/nsrl_V0_0_2.zip)
>VirusTotal Search Tool (http://didierstevens.com/files/software/virustotal-search_V0_1_2.zip)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) https://github.com/harris21/afot
2) cd https://github.com/harris21/afot
3) now run python afot.py in your terminal.
So the procedure is pretty straight-forward:
The user provides the path, which will be used to analyze all the executables included in those folders/subfolders.
AnalyzePESig looks for signed executables, whom certificate will soon be revoked.
AFOT will collect all the non-signed executables and cross-check them with NSRL's hashset database, using the NSRL tool.
Last but not least, if any hashes were found to be in NSRL's hashset database too, we cross-check those hashes with VirusTotal, using the VirusTotal Search tool.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅FPWIN Pro provided by Panasonic Corporation contains an out-of-bounds read vulnerability:
https://dailycve.com/fpwin-pro-provided-panasonic-corporation-contains-out-bounds-read-vulnerability
https://dailycve.com/fpwin-pro-provided-panasonic-corporation-contains-out-bounds-read-vulnerability
Dailycve
FPWIN Pro provided by Panasonic Corporation contains an out-of-bounds read vulnerability. | CVE
Details:
FPWIN Pro is a PLC software programming application provided by Panasonic Corporation. FPWIN Pro has an out-of-bounds read loophole (CWE-125) that allows a user to open a specially designed project file to execute arbitrary javascript.
Vulnerability:β¦
FPWIN Pro is a PLC software programming application provided by Panasonic Corporation. FPWIN Pro has an out-of-bounds read loophole (CWE-125) that allows a user to open a specially designed project file to execute arbitrary javascript.
Vulnerability:β¦
Forwarded from UNDERCODE NEWS
OnePlus 8T devices are suffering from a serious error reported several times by users. Here's what happens and how to fix.
#Bugs
#Bugs
Forwarded from UNDERCODE NEWS
The 2021 Nest home surveillance camera product line is about to be launched by Google.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DNS SPECIAL UTILITIES :
Β» dnsgram (https://doc.powerdns.com/md/manpages/dnsgram.1/): dnsgram is a debugging tool for intermittent resolver failures. it takes one or more input PCAP files and generates statistics on 5 second segments allowing the study of intermittent resolver issues.
Β» dnsreplaY (https://doc.powerdns.com/md/manpages/dnsreplay.1/): Dnsreplay takes recorded questions and answers and replays them to the specified nameserver and reporting afterwards which percentage of answers matched, were worse or better. Then compares the answers and some other metrics with the actual ones with those found in the dumpfile.
Β» dnsscan (https://doc.powerdns.com/md/manpages/dnsscan.1/): dnsscan takes one or more INFILEs in PCAP format and generates a list of the number of queries per query type.
Β» dnsscope (https://doc.powerdns.com/md/manpages/dnsscope.1/): dnsscope takes an input PCAP and generates some simple statistics outputs these to console.
Β» dnswasher (https://doc.powerdns.com/md/manpages/dnswasher.1/): dnswasher takes an input file in PCAP format and writes out a PCAP file, while obfuscating end-user IP addresses. This is useful to share data with third parties while attempting to protect the privacy of your users.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DNS SPECIAL UTILITIES :
Β» dnsgram (https://doc.powerdns.com/md/manpages/dnsgram.1/): dnsgram is a debugging tool for intermittent resolver failures. it takes one or more input PCAP files and generates statistics on 5 second segments allowing the study of intermittent resolver issues.
Β» dnsreplaY (https://doc.powerdns.com/md/manpages/dnsreplay.1/): Dnsreplay takes recorded questions and answers and replays them to the specified nameserver and reporting afterwards which percentage of answers matched, were worse or better. Then compares the answers and some other metrics with the actual ones with those found in the dumpfile.
Β» dnsscan (https://doc.powerdns.com/md/manpages/dnsscan.1/): dnsscan takes one or more INFILEs in PCAP format and generates a list of the number of queries per query type.
Β» dnsscope (https://doc.powerdns.com/md/manpages/dnsscope.1/): dnsscope takes an input PCAP and generates some simple statistics outputs these to console.
Β» dnswasher (https://doc.powerdns.com/md/manpages/dnswasher.1/): dnswasher takes an input file in PCAP format and writes out a PCAP file, while obfuscating end-user IP addresses. This is useful to share data with third parties while attempting to protect the privacy of your users.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅IBM WebSphere Extreme Scale CVE-2020-4336 :
https://dailycve.com/ibm-websphere-extreme-scale-cve-2020-4336
https://dailycve.com/ibm-websphere-extreme-scale-cve-2020-4336
Dailycve
IBM WebSphere Extreme Scale CVE-2020-4336 | CVE
Details:
IBM WebSphere Extreme Size stores private URL information.
About criteria. This can lead to disclosure of data if unauthorized parties do not using server logs, referrer headers or browser history, you have access to URLs.
Vulnerability:
β¦
IBM WebSphere Extreme Size stores private URL information.
About criteria. This can lead to disclosure of data if unauthorized parties do not using server logs, referrer headers or browser history, you have access to URLs.
Vulnerability:
β¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
They threw away hard drives containing 7,500 Bitcoins as garbage!
#International
#International
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Some good hacking plugins:
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/Burp.md
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/Chrome.md
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/Firefox.md
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/Immunity.md
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/Volatility-Framework.md
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/OllyDbg.md
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Some good hacking plugins:
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/Burp.md
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/Chrome.md
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/Firefox.md
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/Immunity.md
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/Volatility-Framework.md
https://github.com/Hack-with-Github/Powerful-Plugins/blob/master/OllyDbg.md
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
Powerful-Plugins/Burp.md at master Β· Hack-with-Github/Powerful-Plugins
Powerful plugins and add-ons for hackers. Contribute to Hack-with-Github/Powerful-Plugins development by creating an account on GitHub.
Forwarded from DailyCVE
Dailycve
41 bugs in Riot os | CVE
Details:
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically found in the Internet of Things (IoT): 8-bit, 16-bit and 32-bit microcontrollers.
RIOT is based on the following design principles: energyβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Multiple vulnerabilities in Delta Electronics HMI software:
https://dailycve.com/multiple-vulnerabilities-delta-electronics-hmi-software
https://dailycve.com/multiple-vulnerabilities-delta-electronics-hmi-software
Dailycve
Multiple vulnerabilities in Delta Electronics HMI software | CVE
Details:
There are multiple vulnerabilities in DOPSoft and CNCSoft ScreenEditor provided by Delta Electronics.
Vulnerabilities:
Out -of- bounds writing ( CWE-787 ) --CVE-2020-27275
CVSS v3 CVSS: 3.0 / AV: L / AC: L / PR: N / UI: R / S: U / C: H / I:β¦
There are multiple vulnerabilities in DOPSoft and CNCSoft ScreenEditor provided by Delta Electronics.
Vulnerabilities:
Out -of- bounds writing ( CWE-787 ) --CVE-2020-27275
CVSS v3 CVSS: 3.0 / AV: L / AC: L / PR: N / UI: R / S: U / C: H / I:β¦
Forwarded from UNDERCODE NEWS
In the first half of the year, Apple placed orders for suppliers to produce more than 95 million iPhones.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Attack identification
There are two main methods for identifying traffic attacks:
1) Ping test: If the Ping timeout or severe packet loss is found, it may be attacked. If the server on the same switch is found to be inaccessible, it can basically be determined as a traffic attack. The premise of the test is that the ICMP protocol between the victim host and the server is not blocked by devices such as routers and firewalls;
2) Telnet test: Its distinguishing feature is that the remote terminal fails to connect to the server, and it is easy to judge relative traffic attacks and resource exhaustion attacks. If the website is suddenly very slow or inaccessible, but it can be pinged, it is likely to be attacked. On the Netstat-na command, a large number of SYN_RECEIVED, TIME_WAIT, FIN_WAIT_1 and other statuses were observed, and EASTBLISHED is rarely, which can be determined as a resource exhaustion attack. The characteristic is that the victim host cannot Ping or the packet loss is serious and the server on the same switch is pinged normally. The reason is that the attack caused the system kernel or application CPU utilization to reach 100% and failed to respond to the Ping command, but because there is still bandwidth, the host on the same switch can be pinged.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Attack identification
There are two main methods for identifying traffic attacks:
1) Ping test: If the Ping timeout or severe packet loss is found, it may be attacked. If the server on the same switch is found to be inaccessible, it can basically be determined as a traffic attack. The premise of the test is that the ICMP protocol between the victim host and the server is not blocked by devices such as routers and firewalls;
2) Telnet test: Its distinguishing feature is that the remote terminal fails to connect to the server, and it is easy to judge relative traffic attacks and resource exhaustion attacks. If the website is suddenly very slow or inaccessible, but it can be pinged, it is likely to be attacked. On the Netstat-na command, a large number of SYN_RECEIVED, TIME_WAIT, FIN_WAIT_1 and other statuses were observed, and EASTBLISHED is rarely, which can be determined as a resource exhaustion attack. The characteristic is that the victim host cannot Ping or the packet loss is serious and the server on the same switch is pinged normally. The reason is that the attack caused the system kernel or application CPU utilization to reach 100% and failed to respond to the Ping command, but because there is still bandwidth, the host on the same switch can be pinged.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Windows 10 Troubleshooting Crash, and process kill, CRITICAL_PROCESS_DIED :
https://dailycve.com/windows-10-troubleshooting-crash-and-process-kill-criticalprocessdied
https://dailycve.com/windows-10-troubleshooting-crash-and-process-kill-criticalprocessdied
Dailycve
Windows 10 Troubleshooting Crash, and process kill, CRITICAL_PROCESS_DIED | CVE
Details:
The CRITICAL_PROCESS_DIED bug check has a value of 0x000000EF. This indicates that a critical system process died. A critical process is one that forces the system to bug check if it terminates. This can happen when the state of the process isβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
