PLABS
softwareguideswar roomaboutgo-home
Internet Storm Center Infocon Status
Infocon: green
Forensic use of mount --bind…

Forensic use of mount --bind, (Sun, Sep 24th)
In my previous diary, I mentioned a recent case that led me to write mac-robber.py. In that case, I mentioned that I needed to build a filesystem timeline and w…

What is the State of Your Union? , (Fri, Sep 22nd)
Regularly the President of the United States delivers the State of the Union address. This practice "fulfills rules in Article II, Section 3 of the U.S. Constit…

Malspam pushing Word documents with Hancitor malware, (Fri, Sep 22nd)
Introduction …

ISC Stormcast For Friday, September 22nd 2017 https://isc.sans.edu/podcastdetail.html?id=5680, (Fri, Sep 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Emails threatening DDoS allegedly from Phantom Squad, (Thu, Sep 21st)
Introduction …

Packet Storm
Latest Security Tool Files
TestSSL 2.9.5
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and muc…

TOR Virtual Network Tunneling Tool 0.3.1.7
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new comm…

ifchk 1.0.8
Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will dis…

FireHOL 3.1.5
FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual…

Ansvif 1.8
Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Mobius Forensic Toolkit 0.5.31
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and i…

Blue Team Training Toolkit (BT3) 2.5
Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and…

MIMEDefang Email Scanner 2.82
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing…

tcpdump 4.9.2
tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression.


SecurityFocus
General Security Vulnerabilities
Vuln: Samba CVE-2017-12151 Man in the Middle Security Bypass Vulnerability
Samba CVE-2017-12151 Man in the Middle Security Bypass Vulnerability…

Vuln: Samba CVE-2017-12150 Man in the Middle Security Bypass Vulnerability
Samba CVE-2017-12150 Man in the Middle Security Bypass Vulnerability…

Vuln: Samba CVE-2017-12163 Arbitrary File Write Vulnerability
Samba CVE-2017-12163 Arbitrary File Write Vulnerability…

Vuln: Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability…

Bugtraq: APPLE-SA-2017-09-19-1 iOS 11
APPLE-SA-2017-09-19-1 iOS 11…

Bugtraq: Watchguard Fireware OS DOS & Stored XSS
Watchguard Fireware OS DOS & Stored XSS…

Bugtraq: [SECURITY] [DSA 3978-1] gdk-pixbuf security update
[SECURITY] [DSA 3978-1] gdk-pixbuf security update…


Helpful Stuff
DShield.org Recommended Block List
This list summarized the top 20 attacking class C (/24) subnets over the last three days. The number of 'attacks' indicates the number of targets reporting scans from this subnet.
DShield.org Suspicious Domain List
GRC ShieldsUP!
Internet Vulnerability Profiling
Geo IP Location Service
This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, Inc. to assist you in locating the geographical location of an IP Address.
IANA Port Number List
The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.
InterNIC Whois Search
A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Nessus
Latest Nessus Plugins Released
Google Chrome < 61.0.3163.100 Multiple Vulnerabilities (macOS)
Synopsis : A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabiliti…

Google Chrome < 61.0.3163.100 Multiple Vulnerabilities
Synopsis : A web browser installed on the remote Windows host is affected by multiple vulnerabilities. Descr…

Apple iOS < 11 Multiple Vulnerabilities
Synopsis : The version of Apple iOS running on the mobile device is affected by multiple vulnerabilities. De…

Apple TV < 11 Multiple Vulnerabilities
Synopsis : The remote Apple TV device is affected by multiple vulnerabilities. Description : According to i…

Ubuntu 17.04 : emacs25 vulnerability (USN-3428-1)
<br /> Synopsis :<br /> <br /> The remote Ubuntu host is missing a security-related patch.&l…

Sourcefire
Vulnerability Research Team
Vulnerability Spotlight: LibOFX Tag Parsing Code Execution Vulnerability
This vulnerability was discovered by Cory Duplantis of TalosUpdate 9/20/2017: A patch is now available to fix…

CCleaner Command and Control Causes Concern
This post was authored by Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul R…

CCleanup: A Vast Number of Machines at Risk
This post was authored by: Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig WilliamsUpd…

Beers with Talos EP 13:A Vast CCleanup, Strutting Your Stuff, and the Ex$ploit Economy
Beers with Talos (BWT) Podcast Episode 13 is now available.  Download this episode and subscribe to Beers…

Threat Round Up For Sept 8 - Sept 15
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between September 08 and S…

RHEL
Red Hat Errata
RHBA-2017:2745-1: ovirt-setup-lib bug fix update
Red Hat Enterprise Linux: Updated ovirt-setup-lib packages are now available.

RHBA-2017:2748-1: ovirt-hosted-engine-setup bug fix update for RHV 4.1.6
Red Hat Enterprise Linux: Updated ovirt-hosted-engine-setup packages that fix several bugs and add various en…

RHBA-2017:2757-1: cockpit-ovirt for RHV 4.1.6
Red Hat Enterprise Linux: An update is now available for cockpit-ovirt.

RHBA-2017:2758-1: redhat-virtualization-host bug fix, and enhancement update for RHV 4.1.6
Red Hat Enterprise Linux: Updated redhat-virtualization-host packages are now available.

RHBA-2017:2764-1: qemu-kvm bug fix update
Red Hat Enterprise Linux: Updated qemu-kvm packages that fix one bug are now available for Red Hat Enterprise…

RHBA-2017:2765-1: ghostscript bug fix update
Red Hat Enterprise Linux: Updated ghostscript packages that fix one bug are now available for Red Hat Enterpr…

Microsoft
Security Advisories
4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
Revision Note: V1.0 (August 8, 2017): Advisory published.Summary: Microsoft is releasing this security advisor…

4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
Revision Note: V1.0 (June 27, 2017): Advisory published.Summary: Microsoft is releasing this security advisory…

4025685 - Guidance related to June 2017 security update release - Version: 1.0
Revision Note: V1.0 (June 13, 2017): Advisory publishedSummary: Microsoft is announcing the availability of ad…

4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
Severity Rating: CriticalRevision Note: V1.3 (May 12, 2017): Updated FAQ to clarify the update that needs to b…

4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
Severity Rating: CriticalRevision Note: V1.2 (May 12, 2017): Added entries into the affected software table. T…

Malc0de

Malc0de

(You might not want to click on these!)

lookera.xyz
URL: lookera.xyz/1.exe, IP Address: 31.31.196.14, Country: RU, ASN: 197695, MD5: 0db6576a2b40f0e0ce9c09ae45d81…

gold.bellverse.bid
URL: gold.bellverse.bid/stub_maker.php?program=sevenzip&&tid=15887292&&pid=539&&b_typ=pe&&reb=1&&name=Office+P…

gokeenakte.top
URL: gokeenakte.top/url/1, IP Address: 47.89.249.183, Country: US, ASN: 45102, MD5: d14bc9efe80aeb7d172cbb590f…

gokeenakte.top
URL: gokeenakte.top/ws.exe, IP Address: 47.89.249.183, Country: US, ASN: 45102, MD5: c8c45e2e8b99d4b6ec84fc6e0…

gokeenakte.top
URL: gokeenakte.top/test.txt, IP Address: 47.89.249.183, Country: US, ASN: 45102, MD5: 8009e4433aad21916a7761d…

gokeenakte.top
URL: gokeenakte.top/3, IP Address: 47.89.249.183, Country: US, ASN: 45102, MD5: 05d8e078a999a4d9f871569fc93966…

dolerholanta.top
URL: dolerholanta.top/3, IP Address: 47.89.249.183, Country: US, ASN: 45102, MD5: 05d8e078a999a4d9f871569fc939…

ClamAV
Top 10 ClamAV Official Signatures
Malware Domain List
sarahdaniella.com (2017/06/02_08:38)
Host: sarahdaniella.com/swift/SWIFT%20$.pdf.ace, IP address: 63.247.140.224, ASN: 19271, Country: US, Description: trojan…

amazon-sicherheit.kunden-ueberpruefung.xyz (2017/05/01_16:22)
Host: amazon-sicherheit.kunden-ueberpruefung.xyz, IP address: 185.61.138.74, ASN: 49349, Country: UA, Description: phishing…

alegroup.info (2017/03/20_10:13)
Host: alegroup.info/ntnrrhst, IP address: 194.87.217.87, ASN: 197695, Country: RU, Description: Ransom, Fake.PCN, Malspam…

fourthgate.org (2017/03/20_10:13)
Host: fourthgate.org/Yryzvt, IP address: 104.200.67.194, ASN: 8100, Country: US, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

dieutribenhkhop.com (2017/03/20_10:13)
Host: dieutribenhkhop.com/parking/pay/rd.php?id=10, IP address: 84.200.4.125, ASN: 31400, Country: DE, Description: Ransom, Fake.PCN, Malspam…

ssl-6582datamanager.de (2017/03/14_23:02)
Host: ssl-6582datamanager.de/, IP address: 54.72.9.51, ASN: 16509, Country: US, Description: redirects to Paypal phishing…

privatkunden.datapipe9271.com (2017/03/14_23:02)
Host: privatkunden.datapipe9271.com/, IP address: 104.31.75.147, ASN: 13335, Country: US, Description: Paypal phishing…

www.hjaoopoa.top (2017/03/06_21:09)
Host: www.hjaoopoa.top/admin.php?f=1.gif, IP address: 52.207.234.89, ASN: 14618, Country: US, Description: Cerber ransomware…


© 2001-2017 Procyon Labs / Randal T. Rioux