Year: 2020

SOLARWINDS ORION AND THE SUNBURST BACKDOOR

Posted on By topbento No Comments on SOLARWINDS ORION AND THE SUNBURST BACKDOOR
Breach, News, Vulnerability

Compromised updates for Solarwinds Orion are making headlines for containing malware. The updates available from March through May of this year appear to have contained a very elusive and adaptable trojan that FireEye has dubbed the SUNBURST Backdoor. FireEye has published a great write-up on the attack here along with Indications of Compromise. Please be sure to read through … Read More “SOLARWINDS ORION AND THE SUNBURST BACKDOOR” »

FREE OPEN SOURCE THREAT INTEL SOLUTION – Intel Owl

Posted on By topbento No Comments on FREE OPEN SOURCE THREAT INTEL SOLUTION – Intel Owl
Tools

Intel Owl is an Open Source Intelligence, (OSINT), solution that can query multiple services quickly and easily including shodan, VirusTotal, and hunter.io. The tool supports 30 different analyzers and services at this time and can provide data on potentially malicious files, IP addresses or domains. This could be a great time saver when performing analysis … Read More “FREE OPEN SOURCE THREAT INTEL SOLUTION – Intel Owl” »

DECRYPTING HTTPS TRAFFIC USING Burp Suite PLUGIN

Posted on By topbento No Comments on DECRYPTING HTTPS TRAFFIC USING Burp Suite PLUGIN
Tools, Tutorial

Usually decrypting HTTPS traffic requires a MITM scenario involving certificates and/or deep packet inspection. Silent Signal recently shared a great writeup on how this can be accomplished using Burp Suite and a new extension that is available on their GitHub repository. This method can potentially save time while being less complex and invasive. Using certificates … Read More “DECRYPTING HTTPS TRAFFIC USING Burp Suite PLUGIN” »

REMOTE CODE EXECUTION in Pi-hole CVE-2020-8816

Posted on By topbento No Comments on REMOTE CODE EXECUTION in Pi-hole CVE-2020-8816
News, Vulnerability

If you have a strong dislike for advertisements intruding on your internet experience and you like to tinker and DIY your home network, then you might likely have deployed a Pi-hole in your environment. This vulnerability does require access to the Pi-hole webui and admin credentials, but it allows for arbitrary command execution. Pi-hole versions … Read More “REMOTE CODE EXECUTION in Pi-hole CVE-2020-8816” »

Microsoft Exchange CVE-2020-0688 – MULTIPLE EXPLOITS AVAILABLE

Posted on By topbento No Comments on Microsoft Exchange CVE-2020-0688 – MULTIPLE EXPLOITS AVAILABLE
News, Vulnerability

At this time there are now multiple exploits available for CVE-2020-0688 which allows for Remote Code Execution on servers running a vulnerable version of Microsoft Exchange. This code is executed as SYSTEM and the CVSS score for this vulnerability is 9.0 HIGH. Authentication is required, however, due to Outlook Web Access this could be easy … Read More “Microsoft Exchange CVE-2020-0688 – MULTIPLE EXPLOITS AVAILABLE” »