Skip to content
/dev/random

/dev/random

"If the enemy leaves a door open, you must rush in." – Sun Tzu

  • About Me
    • About Me
    • Online Presentations
    • PGP Public Key
  • Disclaimer
  • Tools
    • alerts2afterglow
    • hoover
    • inotes.py
    • known_hosts_bruteforcer
    • pastemon
    • oplb
    • ossec_dashboard
    • ossec2dshield
    • twittermon
    • rrhunter
    • syslog2loggly

Tag: Exploitation

SANS ISC

[SANS ISC] Malicious Post-Exploitation Batch File

June 5, 2018 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.org: “Malicious Post-Exploitation Batch File“: Here is another interesting file that I found while hunting. It is a malicious Windows batch file (.bat) which helps to exploit a freshly compromised system (or… to be used by a rogue user). I don’t have a lot of

Continue reading »

Stay in Touch

RSS Twitter LinkedIn

Upcoming Events

Here is a list of events that I will attend and cover via Twitter and wrap-ups. Ping me if you want to meet! The list is regularly updated.

SANS Brussels February 2019
OSSEC Conference 2019
BruCON Spring Training

Recent Articles

  • [SANS ISC] Old H-Worm Delivered Through GitHub
  • [SANS ISC] Suspicious PDF Connecting to a Remote SMB Share
  • [SANS ISC] Phishing Kit with JavaScript Keylogger
  • [SANS ISC] Tracking Unexpected DNS Changes
  • [SANS ISC] DNS Firewalling with MISP

Popular Articles

  • Show me your SSID’s, I’ll Tell Who You Are! 32,563 views
  • Keep an Eye on SSH Forwarding! 29,065 views
  • Sending Windows Event Logs to Logstash 26,093 views
  • Check Point Firewall Logs and Logstash (ELK) Integration 21,389 views
  • Socat, Another Network Swiss Army Knife 19,149 views
  • Forensics: Reconstructing Data from Pcap Files 17,752 views
  • Vulnerability Scanner within Nmap 17,563 views
  • dns2tcp: How to bypass firewalls or captive portals? 17,131 views
  • Post-BruCON Experience – Running a Wall of Sheep in the Wild 15,136 views
  • Bash: History to Syslog 11,728 views

Recent Tweets

  • [/dev/random] [SANS ISC] Old H-Worm Delivered Through GitHub blog.rootshell.be/2019/02/15/s…

    Yesterday at 13:16

  • Dear @krefel, I sent you a last reminder (via your online form) to unsubscribe me from *ALL* your marketing emails.… twitter.com/i/web/status/10962…

    Yesterday at 07:10

  • "Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs" www.theregister.co.uk/2019/02/…

    Yesterday at 06:24

  • Splunk + Spiderfoot = Win :) #OSINT pic.twitter.com/AunFAp32SE

    February 14, 2019 23:03

  • [/dev/random] [SANS ISC] Suspicious PDF Connecting to a Remote SMB Share blog.rootshell.be/2019/02/14/s…

    February 14, 2019 12:59

Time Machine

RSS NVD Vulnerabilities Feed

  • CVE-2019-6589 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator) February 14, 2019
    On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.
  • CVE-2018-6267 (android) February 13, 2019
    NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947.
  • CVE-2018-6268 (android) February 13, 2019
    NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.
  • CVE-2018-6271 (android) February 13, 2019
    NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.
  • CVE-2018-19008 (cp400pb_firmware) February 13, 2019
    The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and earlier contain a vulnerability in the file parser of the Text Editor wherein the application doesn't properly prevent the insertion of specially crafted files which could allow arbitrary code execution.
  • CVE-2019-5915 (openam) February 13, 2019
    Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
  • CVE-2018-13403 (jira) February 13, 2019
    The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard.
  • CVE-2018-20232 (jira) February 13, 2019
    The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting.
Copyright Xavier Mertens © 2003-2018 | Powered by Xavier Mertens Consulting.
This website uses cookies to improve your experience. By using our services, you agree to our use of cookies. Accept Learn more