Professional Documents
Culture Documents
Summary
Symantec ThreatCon Low: Basic network posture
This condition applies when there is no discernible network incident activity and no malicious
code activity with a moderate or severe risk rating. Under these conditions, only a routine
security posture, designed to defeat normal network threats, is warranted. Automated systems
and alerting mechanisms should be used.
Interesting News
* The Cyber WAR (CWAR) recently received an overhaul. There is more content now along with more sections. You can
find previous issues of the CWAR here: informationwarfarecenter.com/CIR. We are constantly trying to improve the value of
our publications. This includes or Cyber Intelligence Report series and other books in our library. If you have any
suggestions for more content, please let us know: publications@informationwarfarecenter.com.
* * We have an active Facebook group that discusses topics ranging from computer forensics to ethical hacking and more.
Join the Cyber Secrets Facebook group here. If you would like to receive the CIR updates by email, Subscribe!
Index of Sections
Current News
* Packet Storm Security
* Krebs on Security
* Dark Reading
* The Hacker News
* Security Week
* Infosecurity Magazine
* KnowBe4 Security Awareness Training Blog
* ISC2.org Blog
* HackRead
* Koddos
* Naked Security
* Threat Post
* Null-Byte
* IBM Security Intelligence
* Threat Post
* C4ISRNET - Media for the Intelligence Age Military
The Hacker Corner:
* Security Conferences
* Google Zero Day Project
Cyber Range Content
* CTF Times Capture the Flag Event List
* Vulnhub
Tools & Techniques
* Packet Storm Security Latest Published Tools
* Kali Linux Tutorials
* GBHackers Analysis
InfoSec Media for the Week
* Black Hat Conference Videos
* Defcon Conference Videos
* Hak5 Videos
* Eli the Computer Guy Videos
* Security Now Videos
* Troy Hunt Weekly
* Intel Techniques: The Privacy, Security, & OSINT Show
Exploits and Proof of Concepts
* Packet Storm Security Latest Published Exploits
* CXSecurity Latest Published Exploits
* Exploit Database Releases
Cyber Crime & Malware Files/Links Latest Identified
* CyberCrime-Tracker
Advisories
* Dark Web Resources
* Dark Web News
* US-Cert (Current Activity-Alerts-Bulletins)
* Zero Day Initiative Advisories
* Packet Storm Security's Latest List
Information Warfare Center Products
* CSI Linux
* Cyber Secrets Videos & Resoures
* Information Warfare Center Print & eBook Publications
Credits
Packet Storm Security
Krebs on Security
Infosecurity Magazine
ISC2.org Blog
* There's Training ... and there's Official Training: Know the Differences
* (ISC)2 Costa Rica Chapter: Sharing reflections and lessons learned from Maze Team attack
* (ISC)2 Costa Rica Chapter: Sharing reflections and lessons learned from Maze Team attack
* On-Premise Accelerated Training to Resume at Firebrand
* Advice from 3 Cyber Pros on Getting Certified
* Report: Cybersecurity Understaffing Lowers Ability to Handle Cyber Threats
* 10 Critical Skills for the Cybersecurity Workforce
HackRead
Koddos
Threat Post
Null-Byte
InfoWorld
* REVULN
* Suits & Spooks
* HACKLU (hack.lu)
* InfoSec Conference Spotlight Series
* NorthSec
* THOTCON
* nullcon
* TROOPERS
* We Stand With The #BLM Movement
* Cybersecurity Podcasts (With Categories)
CTF Time has links to a lot of current Capture the Flag competitions and information on past events. Below is
a list if CTFs they have on thier calendar.
VulnHub Downloadable CTFs for your Cyber Range (Most use VirtualBox)
* Ganana: 1
* infovore: 1
* Assertion: 1
* BBS: 1
* GainPower: 1
Tools & Techniques
Packet Storm Security Tools Links
GBHackers Analysis
* Vulnerability in Bitdefender Anti-Virus Let Hackers Run The Malicious Arbitrary Code Remotely
* Cisco Webex Meetings for Windows Let Hackers Gain Access to Sensitive Data
* VLC Vulnerability Let Remote Hackers to Execute Arbitrary Code with User Privilege
* Multiple Flaws in GTP Tunneling Protocol Let Hackers to Attack 3G/4G/5G Users
* SMBleed - Windows SMB Protocol Bug Let Hackers Leak Kernel Memory & Execute a Code Remotely
Weekly Cyber Security Video and Podcasts
Black Hat
* Practical steps on your zero trust journey. A CyberWire Pro Briefing by Rick Howard.
* CyberWire office tour with Dave: week 5
* DATATRIBE TOUR WITH DAVE
* evm: ALLSTAR: New Challenge Problems for Static Analysis
Defcon Conference
Hak5
Security Now
Troy Hunt
CXSecurity
Kali has the Exploit-DB preinstalled and updates the database on a monthly basis. The tool that they have
added is called "SearchSploit". This can be installed on Linux, Mac, and Windows. Using the tool is also quite
simple. In the command line, type:
There is a second tool that uses searchsploit and a few other resources writen by 1N3 called "FindSploit". It is
also a command line (CLI) tool used to search for exploits, but it also requires online access.
Cyber Crime & Malware Files/Links Latest Identified
CyberCrime-Tracker
infocheckdetails.com/salvation/webpanel/login.php
[CWHQ:21176] Type: Tesla - IP: 38.114.114.163
poiuytrewq3.site/login/
[CWHQ:21175] Type: TaurusStealer - IP: 82.146.49.38
180.214.236.98/webpanel/10/login.php
[CWHQ:21174] Type: Tesla
180.214.236.98/webpanel/9/login.php
[CWHQ:21173] Type: Tesla
180.214.236.98/webpanel/8/login.php
[CWHQ:21172] Type: Tesla
180.214.236.98/webpanel/7/login.php
[CWHQ:21171] Type: Tesla
180.214.236.98/webpanel/6/login.php
[CWHQ:21170] Type: Tesla
180.214.236.98/webpanel/5/login.php
[CWHQ:21169] Type: Tesla
180.214.236.98/webpanel/4/login.php
[CWHQ:21168] Type: Tesla
180.214.236.98/webpanel/3/login.php
[CWHQ:21167] Type: Tesla
180.214.236.98/webpanel/2/login.php
[CWHQ:21166] Type: Tesla
180.214.236.98/webpanel/1/login.php
[CWHQ:21165] Type: Tesla
usafile.info/
[CWHQ:21164] Type: Nexus - IP: 8.210.21.253
host-109-234-35-62.hosted-by-vdsina.ru/
[CWHQ:21163] Type: Nexus - IP: 109.234.33.9
194.87.111.43/
[CWHQ:21162] Type: Nexus
185.205.209.42/
[CWHQ:21161] Type: Nexus
109.234.35.62/
[CWHQ:21160] Type: Nexus
ggtyyu.pw/login.php
[CWHQ:21159] Type: OskiStealer - IP: 92.53.96.159
Tor Dark Web Search Engines
This resource has been added to give those using the Tor Dark Web some extra search engines they may not
have had before. To access .onion sites, you must have access to the Tor network. Disclaimer: Do NOT break
the law!
Ahmia: "searches hidden services on the Tor network. To access these hidden services, you need the Tor
browser bundle. Abuse material is not allowed on Ahmia. See our service blacklist and report abuse material if
you find it in the index. It will be removed as soon as possible.""
Link: msydqstlz2kzerdg.onion
Candle: Tor Search is a "Google" like search engine that crawl s Tor sites.
Link: gjobqjj7wyczbqie.onion
Kilos: Dark Market Search Engine: As per this article, Kilos was searching over 525k forum posts, 60k listings,
2500 vendors, and 190k reviews of 5 of the biggest Tor Dark Markets.
Link: dnmugu4755642434.onion
Onion.Live: "We are a Tor Network directory created to monitor and study popular .onion hidden services. Our
focus is to track the darknet websites uptime, as it conveys a lot of information for cybersecurity professionals.
Onion.live is designed to offer URL uptime stats and protection against common darknet scam such as
phishing, and it's only suitable for informative purposes only. No endorsements are made or implied regarding
any hidden service or organizations mentioned here."
Link: onion.live
Tor66: As per this article, Tor66 was searching the Tor Onion network and has the option for looking at random
.onion sites (dangerous if not filtered), the top 100 sites calculated by them, and "fresh” sites (also
dangerous if not filtered).
Link: tor66sezptuu2nta.onion
TORCH: "is a very efficient crawler and search engine which is 24 hour indexing new contents from the Tor
network. It serves over 80,000 search requests every day from Tor users looking for content in Tor network and
it is referred by hundreds of sites within Tor and on the clear web."
Link: xmh57jrzrnw6insl.onion
Dark Web News
Coinbase Eager To Sell Blockchain Analysis Software To Government Agency Duo
Blockchain Analytics Software Sale: Coinbase, the most prominent cryptocurrency exchange, is now eager to
sell its blockchain analytics software named Coinbase Analytics. According to the public documents, two U.S.
government agencies would be buying the software from Coinbase. As records obtained through the sources, it
reveals that the Internal Revenue Service (IRS) and the U.S. [...] The post Coinbase Eager To Sell Blockchain
Analysis Software To Government Agency Duo appeared first on Dark Web Link | Deep web Onion Links |
Darknet News.
Truecaller Sells 4.75 Cr Indian's Data on the Darknet Markets
An online intelligence firm named Cyble has flagged a criminal to sell Truecaller records of 4.75 Cr Indians on
the Darknet Markets. The Truecaller data was sold on the dark web for a meagre amount of just Rs. 75,000.
Although after the flagship, the Sweden based caller identification app has straightforwardly denied any
breaches that [...] The post Truecaller Sells 4.75 Cr Indian’s Data on the Darknet Markets appeared
first on Dark Web Link | Deep web Onion Links | Darknet News.
International Collaboration Aids in Italian Paedophile Arrest
A 30-year-old Italian individual (Italian Paedophile) has been arrested by the Italian State Police (Polizia di
Stato). It is stated that the arrest took place within just ten days of the video discovery. International police
forces also equally took part in the arrest incident to trace down the accused who allegedly produced child
sexual abuse [...] The post International Collaboration Aids in Italian Paedophile Arrest appeared first on Dark
Web Link | Deep web Onion Links | Darknet News.
ZDI-CAN-11433: Foxit
A CVSS score 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) severity vulnerability discovered by 'Mat Powell of
Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2020-06-26, 3 days ago. The vendor is
given until 2020-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will
coordinate the release of a public advisory.
ZDI-CAN-11432: Foxit
A CVSS score 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) severity vulnerability discovered by 'Mat Powell of
Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2020-06-26, 3 days ago. The vendor is
given until 2020-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will
coordinate the release of a public advisory.
ZDI-CAN-11417: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11416: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11415: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11414: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11413: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11412: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11411: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11410: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11409: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11408: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11407: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11406: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11405: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11404: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11403: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11402: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11401: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11400: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11399: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11398: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11397: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
ZDI-CAN-11396: Micro Focus
A CVSS score 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) severity vulnerability discovered by 'Pedro Ribeiro
(pedrib@gmail.com | @pedrib1337) from Agile Information Security' was reported to the affected vendor on:
2020-06-26, 3 days ago. The vendor is given until 2020-10-24 to publish a fix or workaround. Once the vendor
has created and tested a patch we will coordinate the release of a public advisory.
Packet Storm Security - Latest Advisories
Download here.
CSI Linux Investigator is a Virtual Machine Appliance that contains 3 different virtual machines. CSI Linux
Analyst is the environment that you will use most of the time. CSI Linux Gateway is a Tor gateway that can help
mask your online location while allowing the tools within CSI Linux Analyst access to the Tor dark web. CSI
Linux SIEM contains the tools you need for identifying local network threats.
* Version 2020.3 is soon to be released! This next version will combine the 3 (Analyst/SIEM/Gateway) into 1
distro with 2 different download options. The first will be a Virtul Machine like before and the second will be a
bootable install. This will allow for booting from both internal and externl drives.
Cyber Secrets
Cyber Secrets is a community revolving around all layers of cybersecurity. Within this community is a YouTube
Channel, FaceBook/LinkedIn Group, and a few websites.
Videos:
Anonymity on the Internet, Powershell, PsExec, & SED
Maltego demo with Social Links from mtg-bi
Powershell PsExec Network - Just the Tip (JtT)
The Cyber Intelligence Report (CIR) is an Open Source Intelligence (AKA OSINT) resource centering around
an array of subjects ranging from Exploits, Advanced Persistent Threat, National Infrastructure, Dark Web,
Digital Forensics & Incident Response (DIFR), and the gambit of digital dangers.
Items that focus on cyber defense and DFIR usually spotlight capabilities in the CSI Linux environment. If
interested in helping evolve, please let us know. The CIR rotates between odd quarters issues focusing on
Blue Team and the even issues on Red Team information.