Photos from National Cyber Security Services's post
CVE-2019-18935:-- #RCE #exploit for a .NET #deserialization #vulnerability in #Telerik UI for ASP.NET AJAX.
This exploit leverages #encryption logic from RAU_crypto. The RAUCipher class within RAU_crypto.py depends on PyCryptodome, a drop-in replacement for the dead PyCrypto module. #PyCryptodome and #PyCrypto create problems when installed in the same environment, so the best way to satisfy this dependency is to install the module within a virtual environment, as shown above.
#Download #Link:-
https://github.com/noperator/CVE-2019-18935
CVE-2019-18935:-- #RCE #exploit for a .NET #deserialization #vulnerability in #Telerik UI for ASP.NET AJAX.
This exploit leverages #encryption logic from RAU_crypto. The RAUCipher class within RAU_crypto.py depends on PyCryptodome, a drop-in replacement for the dead PyCrypto module. #PyCryptodome and #PyCrypto create problems when installed in the same environment, so the best way to satisfy this dependency is to install the module within a virtual environment, as shown above.
#Download #Link:-
https://github.com/noperator/CVE-2019-18935
GitHub
GitHub - noperator/CVE-2019-18935: RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX. - noperator/CVE-2019-18935
Photos from National Cyber Security Services's post
Malcolm:-- #Malcolm is a #powerful, easily #deployable #network #traffic #analysis #tool suite for full #packet #capture artifacts (#PCAP files) and #Zeek logs.
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind:-
1. Easy to use:– Malcolm accepts network traffic #data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is #automatically normalized, #enriched, and correlated for analysis.
2. Powerful traffic analysis:– Visibility into network communications is provided through two intuitive interfaces: #Kibana, a flexible data #visualization plugin with dozens of prebuilt #dashboards providing an at-a-glance overview of network protocols; and Moloch, a powerful tool for finding and identifying the network #sessions #comprising suspected security incidents.
3. Streamlined deployment:– Malcolm operates as a cluster of #Docker containers, isolated #sandboxes which each serves a dedicated function of the #system. This Docker-based deployment model, combined with a few simple scripts for setup and run-time management, makes Malcolm suitable to be deployed quickly across a variety of platforms and use cases, whether it be for long-term deployment on a #Linux #server in a #security operations center (SOC) or for incident response on a #Macbook for an individual engagement.
4. Secure #communications:– All #communications with Malcolm, both from the user interface and from #remote log forwarders, are secured with industry-standard #encryption #protocols.
5. Permissive license:– Malcolm is comprised of several widely used open-source tools, making it an attractive alternative to security solutions requiring paid #licenses.
6. Expanding control systems visibility:– While Malcolm is great for general-purpose network traffic analysis, its creators see a particular need in the #community for tools providing insight into protocols used in industrial control systems (ICS) environments. Ongoing Malcolm development will aim to provide additional parsers for common #ICS protocols.
#Download #Link:-
https://github.com/idaholab/Malcolm
Malcolm:-- #Malcolm is a #powerful, easily #deployable #network #traffic #analysis #tool suite for full #packet #capture artifacts (#PCAP files) and #Zeek logs.
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind:-
1. Easy to use:– Malcolm accepts network traffic #data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using lightweight forwarders. In either case, the data is #automatically normalized, #enriched, and correlated for analysis.
2. Powerful traffic analysis:– Visibility into network communications is provided through two intuitive interfaces: #Kibana, a flexible data #visualization plugin with dozens of prebuilt #dashboards providing an at-a-glance overview of network protocols; and Moloch, a powerful tool for finding and identifying the network #sessions #comprising suspected security incidents.
3. Streamlined deployment:– Malcolm operates as a cluster of #Docker containers, isolated #sandboxes which each serves a dedicated function of the #system. This Docker-based deployment model, combined with a few simple scripts for setup and run-time management, makes Malcolm suitable to be deployed quickly across a variety of platforms and use cases, whether it be for long-term deployment on a #Linux #server in a #security operations center (SOC) or for incident response on a #Macbook for an individual engagement.
4. Secure #communications:– All #communications with Malcolm, both from the user interface and from #remote log forwarders, are secured with industry-standard #encryption #protocols.
5. Permissive license:– Malcolm is comprised of several widely used open-source tools, making it an attractive alternative to security solutions requiring paid #licenses.
6. Expanding control systems visibility:– While Malcolm is great for general-purpose network traffic analysis, its creators see a particular need in the #community for tools providing insight into protocols used in industrial control systems (ICS) environments. Ongoing Malcolm development will aim to provide additional parsers for common #ICS protocols.
#Download #Link:-
https://github.com/idaholab/Malcolm
Lockwise-ios:-- #Firefox's #Lockwise #app for #iOS and #Android.
#Securely access the #passwords you’ve saved in Firefox from anywhere — even outside of the #browser.
Features:-
1. 256-bit #encryption protects you while synchronizing
2. Get to your passwords securely with Face or Touch ID
3. Your #privacy comes first. We keep your #data safe, never sold.
#Download #Link:-
https://www.mozilla.org/en-GB/firefox/lockwise/
Lockwise-ios:-- #Firefox's #Lockwise #app for #iOS and #Android.
#Securely access the #passwords you’ve saved in Firefox from anywhere — even outside of the #browser.
Features:-
1. 256-bit #encryption protects you while synchronizing
2. Get to your passwords securely with Face or Touch ID
3. Your #privacy comes first. We keep your #data safe, never sold.
#Download #Link:-
https://www.mozilla.org/en-GB/firefox/lockwise/
#Securely access the #passwords you’ve saved in Firefox from anywhere — even outside of the #browser.
Features:-
1. 256-bit #encryption protects you while synchronizing
2. Get to your passwords securely with Face or Touch ID
3. Your #privacy comes first. We keep your #data safe, never sold.
#Download #Link:-
https://www.mozilla.org/en-GB/firefox/lockwise/
Lockwise-ios:-- #Firefox's #Lockwise #app for #iOS and #Android.
#Securely access the #passwords you’ve saved in Firefox from anywhere — even outside of the #browser.
Features:-
1. 256-bit #encryption protects you while synchronizing
2. Get to your passwords securely with Face or Touch ID
3. Your #privacy comes first. We keep your #data safe, never sold.
#Download #Link:-
https://www.mozilla.org/en-GB/firefox/lockwise/
S3Tk:-- A #Security #Toolkit For #Amazon S3.
Scan your #buckets for:-
1. #ACL open to public
2. policy open to public
3. public access blocked
4. logging enabled
5. versioning enabled
6. default #encryption enabled
#Download #Link:-
https://github.com/ankane/s3tk
S3Tk:-- A #Security #Toolkit For #Amazon S3.
Scan your #buckets for:-
1. #ACL open to public
2. policy open to public
3. public access blocked
4. logging enabled
5. versioning enabled
6. default #encryption enabled
#Download #Link:-
https://github.com/ankane/s3tk
Scan your #buckets for:-
1. #ACL open to public
2. policy open to public
3. public access blocked
4. logging enabled
5. versioning enabled
6. default #encryption enabled
#Download #Link:-
https://github.com/ankane/s3tk
S3Tk:-- A #Security #Toolkit For #Amazon S3.
Scan your #buckets for:-
1. #ACL open to public
2. policy open to public
3. public access blocked
4. logging enabled
5. versioning enabled
6. default #encryption enabled
#Download #Link:-
https://github.com/ankane/s3tk