Gingsoft Security Research
Palo Alto Networks released an update to PAN-OS yesterday, which patches five vulnerabilities: Critical – Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface (PAN-SA-2016-0005). High – Unauthenticated Command Injection in Management Web Interface (PAN-SA-2016-0003). Medium – Unauthenticated Stack Exhaustion in GlobalProtect/SSL VPN Web Interface (PAN-SA-2016-0004). Medium – ESM Console XSS vulnerability (PAN-SA-2016-0001). Low – Command Injection in Command Line Interface[…]
Buffer Overflow in glibc (CVE-2015-7547) Are you affected? Existing Gingsoft Online Vulnerability Scanner customers will get a free scan for this once the scanner plugin is updated. We will then provide you via email if we see that you are vulnerable as well as sending the scan report. You can check your version of glibc[…]
This vulnerability, CVE 2016-1287, should get your attention if you are using any of the Cisco ASA firewalls listed below, you should patch immediately: Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA 5500-X Series Next-Generation Firewalls Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers Cisco ASA 1000V Cloud[…]
While conducting an Air Assault on a wireless network, my weapon of choice is the Aircrack-ng suite. The suite contains around 18 tools depending on the version, but I will only mention a few here (Airmon-ng, Airodump-ng, Aireplay-ng, and most famously Aircrack-ng). I used a separate application named Crunch to create a brute-force dictionary. Airmon-ng (Enable[…]
The Metasploit Framework is not something that runs out and exploits all available targets automatically. This is not a script kiddie tool for aiming and pulling a trigger. This a serious toolbox full of modules, exploits, and payload templates. You need to know how to put it all together to get anything meaningful out of[…]
I’ve been noticing this for weeks now. A massive NTP amplification attack from Guangzhou China on Roseville California.
China was attacking TCP ports 50856, 50864, and the known backdoor port TCP 53413 found in Chinese made routers.
Burp Suite is a handy tool that’s freely available for web application testing. I uncovered a GET request to a Russian domain while troubleshooting something else. Needless to say my first thought was a compromise. This is an eye opener when it comes to the shear amount of requests that get made while using a Content[…]
Gingsoft’s has added a new information security initiative in response to the growing number of security breaches. World War 3.0 will play out across copper and fiber. America has a military advantage over the world and is fighting terrorism in the sandbox overseas while other nation states continue to advance their positions in the cyber war at an[…]
The IP Address of the target is actually a global IP address that lives on the firewall. More than likely, to conserve IP Address space, the admin setup TCP port 22 for a Cisco device (or the firewall itself) and other ports translated to other devices.