I just got a PA200 patched with PAN-OS 6.0.10 with latest Threat Prevention and WildFire, so I decided to put it up for the test. First, I grabbed stuxnet from https://tuts4you.com/download.php?view.3011, where I then extracted and uploaded it to a…Continue Reading →
Summary Exploiting common misconfigurations in network systems allows an attacker to gather and use information to take over and control network devices. This can be done just as easily to core equipment as to Customer-Premises Equipment(CPE). A large scale attack…Continue Reading →
Noticed that mod security has been blocking HTTP tags that’s suppose to be allowed for wordpress. Please notify me if you experience any issues with the comment section.
It takes about 3 lines of code to make a Denial of Service attack, but what can be done do to increase the performance and impact?
Let the testing begin! There are a lot of tools out there, some terrible and some better. Will test out the most common ones and figure out how they work and perform and what makes them so unique.
By running “curl www.vg.no -I”, I ended up with this header:
|
HTTP/1.1 200 OK Server: nginx/1.0.15 Content-Type: text/html Last-Modified: Fri, 31 Oct 2014 10:26:59 GMT X-VG-SolveMe: uggc://jjj.it.ab/ynxfrgngg.ugzy Content-Length: 217 Accept-Ranges: bytes Date: Fri, 31 Oct 2014 18:34:52 GMT Connection: keep-alive X-Cache: MISS X-VG-WebCache: m323-varnish-02 X-Age: 0 Age: 0 |
By the looks of it, this reminds me of a encoded URL string, that hopefully leads to something funny.
The current bash exploit has been expanded, both to bypass new patches and abuse new services. As an example, some FTP servers under the right circumstances may be affected by this. As for Perl, many scripts rely on the functions/variables…Continue Reading →