Category: TheHive

Imap2TheHive: Support for Custom Observables

July 13, 2018 OSSEC, Security, TheHive Leave a comment

I’m using OSSEC to feed an instance of TheHive to investigate security incidents reported by OSSEC. To better categorize the alerts and merge similar events, I needed to add more observables. OSSEC alerts are delivered by email with interesting information for TheHive. This was an interesting use case to play

DShield Analyzer for Cortex

July 9, 2018 Security, TheHive 2 comments

TheHiveÂ is an awesome tool to perform incident management. One of the software components that is linked to TheHive is Cortex defined as a “Powerful observable analysis engine“. Let’s me explain why Cortex can save you a lot of time. When you are working on an incident in TheHive, observables are

Stay in Touch

Upcoming Events

Here is a list of events that I will attend and cover via Twitter and wrap-ups. Ping me if you want to meet! The list is regularly updated.

Recent Tweets

Major electricity maintenance at home this morning… Dear UPS God, be with me! pic.twitter.com/loGdSGFj2x
August 8, 2022 05:49
Interesting script: Looking for persistence artefacts left by #malware? Try “PersistenceSniper” github.com/last-byte/Persisten… #dfir #powershell
August 4, 2022 07:18
The place was nice so I dropped a GoogleMap pin! pic.twitter.com/NIk4lzaFmf
July 30, 2022 09:57
Easy #triage of .Net samples with this #Python module: dotnetfile (github.com/pan-unit42/dotnetfi…)
July 29, 2022 05:46
"Alibaba Cloud Compromised to Distribute Malware via Steganography" www.securitynewspaper.com/2022… Cool technique but it… twitter.com/i/web/status/15525…
July 28, 2022 09:23

Time Machine

NVD Vulnerabilities Feed

CVE-2022-26342 (linkhub_mesh_wifi_ac1200) August 5, 2022
A buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2022-27633 (linkhub_mesh_wifi_ac1200) August 5, 2022
An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability.
CVE-2022-27660 (linkhub_mesh_wifi_ac1200) August 5, 2022
A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.
CVE-2022-28665 (freshtomato) August 5, 2022
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-arm` has a vulnerable URL-decoding feature that can lead to memory corruption.
CVE-2022-26346 (linkhub_mesh_wifi_ac1200) August 5, 2022
A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.
CVE-2022-27178 (linkhub_mesh_wifi_ac1200) August 5, 2022
A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.
CVE-2022-28664 (freshtomato) August 5, 2022
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-mips` has a vulnerable URL-decoding feature that can lead to memory corruption.
CVE-2022-27185 (linkhub_mesh_wifi_ac1200) August 5, 2022
A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.

This website uses cookies to improve your experience. By using our services, you agree to our use of cookies. Accept Learn more

Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT