I published the following diary on isc.sans.edu: “Obfuscated bash script targeting QNap boxes“: One of our readers, Nathaniel Vos, shared an interesting shell script with us and thanks to him! He found it on an embedded Linux device, more precisely, a QNap NAS running QTS 4.3. After some quick investigations,
Tag: Script
Automatic Extraction of Data from Excel Sheet
Excel sheets are very common files in corporate environments. It’s definitively not a security tool but it’s not rare to find useful information stored in such files. When these data must be processed for threat hunting or to collect IOC’s, it is mandatory to automate, as much as possible, the processing
phpMoAdmin 0-day Nmap Script
An 0-day vulnerability has been posted on Full-Disclosure this morning. It affects the MongoDB GUI phpMoAdmin. The GUI is similar to the well-known phpMyAdmin and allows the DB administrator to perform maintenance tasks on the MongoDB databases with the help of a nice web interface. The vulnerability is critical because it allows
Grabbing Devices Configuration Using Expect
Just a small post about an Expect script I quickly wrote to solve a backup issue. I already blogged about the “Expect” tool one year ago. I won’t explain again the basics of Expect, just read my previous post. This time, Expect is used to perform an automatic backup of