This post sheds light on CVE-2022-40055. Vulnerable device: GPON ONT: Titanium 2122A found HERE Software Version: T2122-V1.26EXL Hardware Version: C40-210 Description: The web login interface of this router contains a limit for number of times a user can try invalid passwords. The default limit is set to 3 after which the login is locked...
HUNT THREATS WITH PC HUNTER
Published on Sunday 25 September 2022 · 10:45 · By Alpha
PCHunter is a toolkit with access to hundreds of settings including kernels and kernel modules, processes, network, startup, etc. This blog explores the features and how this can be utilized in your Threat Hunting process. A free and practical toolkit for Windows, PCHunter anti-rootkit has a number of potent tools for inspecting and manipulating...
Decoding the /proc/<PID>/net/tcp
Published on Thursday 09 December 2021 · 21:02 · By Alpha
The Linux concept of 'Everything is a file' is a very helpful one. This post share details of an attacker can read the network statistics even if the commands like 'netstat' and 'lsof' are not available. /proc is a virtual file system that is created each time a system boots and is dissolved during shutdown. The directory /proc contains (among...
SQLMAP TAMPER SCRIPTS
Published on Monday 20 September 2021 · 12:20 · By Alpha
Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. This blog explains various tamper scripts and their usage. Credits to original author for piling this up TAMPER SCRIPT TESTED against NOTES \ TIPS apostrophemask UNIVERSAL \ NOT DESCRIBED...
REGISTRY AND MALWARE PERSISTENCE
Published on Monday 14 June 2021 · 08:07 · By System Admin
This amazingly interesting post describes persistence techniques malwares use today via Registry entries. Malwares have been an interesting topic of research since the very first computer virus was developed called a "Brain". Malware development has tremendously evolved since then. Our team observes new strains of virus samples everyday....
DATA EXFILTRATION with PING
Published on Tuesday 01 June 2021 · 20:10 · By Alpha
In this post we dive deep into the ICMP protocol and utilise the same for exfiltration of data without any external tool. Before we get into technical stuff let us quickly brush up on our theory. ICMP The ICMP stands for Internet Control Message Protocol. It is a network layer protocol used by network devices to diagnose network communication...
« Previous entries - page 1 of 1
©2009 ALPHA THREAT BLOGS. All Rights Reserved.