Mitigating-Web-Shells
Mitigating-Obsolete-TLS
| Mitigating-Web-Shells | Mitigating-Obsolete-TLS | |
|---|---|---|
| 2 | 4 | |
| 944 | 259 | |
| 0.3% | - | |
| 0.0 | 0.0 | |
| 11 months ago | about 3 years ago | |
| YARA | PowerShell | |
| GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Mitigating-Web-Shells
-
FBI Director Christopher Wray says agency blocked planned cyberattack on children's hospital
The NSA provides publicly to everyone a GitHub Repository to mitigate back doors that other nation-state threat actors are using. Your statement "the sheer number of backdoors and exploits the NSA has and if revealed, would stop probably all malicious programs" implies that nation-state threat actors are using the same back doors, so why would they do this?
-
Mass exploitation of on-prem Exchange servers :(
There is likely a Cobalt Strike BEACON acting as C2 now even if you've patched. I recommend full incident response mode, probably want to isolate the server. Run an integrity check against a known good config with WinDiff or NSA's dirChecker to find other anomolies. https://github.com/nsacyber/Mitigating-Web-Shells
Mitigating-Obsolete-TLS
-
How can I mask my ip?
NSA reading for securing TLS from Obsolete protocols
-
Looking for a method of blocking TLS 1.0 client traffic at the PFSense firewall.
Snort rules from NSA Cybersecurity Directorate: https://github.com/nsacyber/Mitigating-Obsolete-TLS/tree/master/snort
-
Wednesday Links - Edition 2021-01-13
Mitigating Obsolete TLS (2 min read) 🛡️ https://github.com/nsacyber/Mitigating-Obsolete-TLS
- Guidance for mitigating obsolete Transport Layer Security configurations
What are some alternatives?
aizawa - Simple command-line webshell that executes commands via the HTTP request in order to avoid any WAF or IDS while bypassing disable_function.
CryptoLyzer - CryptoLyzer is a fast, flexible and comprehensive server cryptographic protocol (TLS, SSL, SSH, DNSSEC) and related setting (HTTP headers, DNS records) analyzer and fingerprint (JA3, HASSH tag) generator with Python API and CLI/.
Automate-Powershell
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
gimmeSH - For pentesters who don't wanna leave their terminals.
tlsassistant - An open-source modular framework capable of identifying a wide range of TLS vulnerabilities and assessing compliance with multiple guidelines. Its actionable report can assist the user in correctly and easily fixing their configurations.
ExchangeMarch2021IOCHunt - Really fast knock up use at own risk etc.
SDKMan - The SDKMAN! Command Line Interface
htshells - Self contained htaccess shells and attacks
LetsEncrypt-PRTG - Post request script to install an SSL certificate obtained with Certify the Web or win-acme in PRTG.
spectre-meltdown-checker - Reptar, Downfall, Zenbleed, ZombieLoad, RIDL, Fallout, Foreshadow, Spectre, Meltdown vulnerability/mitigation checker for Linux & BSD
PSTcpIp - This PowerShell module contains functions that faciliate testing network connectivity, TLS/SSL and other network tasks