GPO to block regsvr32 AppLocker Bypass Vulnerability

This content is 3 years old.A recently discovered method of bypassing AppLocker by using regsvr32.exe, poses a threat to users on Windows 7, 8/8.1, and 10 (Professional or Enterprise editions).  To work around this issue and prevent regsvr32 from accessing remote resources, you can block regsvr32.exe in the Windows Firewall.  Taking it a step further, … Read moreGPO to block regsvr32 AppLocker Bypass Vulnerability

Disqus WordPress Plugin Vulnerability

This content is 5 years old.A vulnerability has been discovered in the Disqus plugin for WordPress allowing for Remote Code Execution. The Disqus plugin is used on nearly 2 million WordPress blogs. Who is Vulnerable? A remote attacker could successfully execute remote code provided the following version of software are true: PHP <= 5.1.6 WordPress <= 3.1.4 … Read moreDisqus WordPress Plugin Vulnerability

CryptoLocker Software Restriction Policies

This content is 5 years old.Identification of Cryptolocker Location of CryptoLocker binaries: %AppData%<random>.exe %LocalAppData%<random>.exe If the malware has executed, one or more of the following registry keys will be present: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun CryptoLocker HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun CryptoLocker_<version> HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce *CryptoLocker HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun <Random> Containing CryptoLocker Stop the binaries from executing by applying GPO to block the following: %appdata%*.exe %appdata%**.exe %localappdata%*.exe … Read moreCryptoLocker Software Restriction Policies

3% of Government Websites Still Remain Unpatched Against the OpenSSL “Heartbleed Bug”

This content is 5 years old.

Yesterday, I collected over 1,200 .GOV TLD domains and ran checks against them.  Of that, 58 were affected by the OpenSSL bug, aka, Heartbleed.  This morning, upon checking again, only 39 remain unpatched of that initial 58 affected.

During my testing I was able to inadvertently obtain login credentials for a particular .GOV website illustrated in the screenshot below.

Heartbleed affected .GOV website showing user credentials
Heartbleed affected .GOV website showing user credentials

I collected the .GOV domains from http://www.data.gov/.  I cooked a simple bash script loop against this list and passed it to a Proof of Concept “check” tool to determine if the site was unpatched.  The tool I used is https://gist.github.com/takeshixx/10107280 (python).

Read more3% of Government Websites Still Remain Unpatched Against the OpenSSL “Heartbleed Bug”

OpenSSL “Heartbleed Bug” Check

I published a web-based Heartbleed Bug check tool, https://techish.net/pub/Heartbleed/, based on the project from http://filippo.io/Heartbleed/.  His server was overloaded and I wanted to provide some friends and colleagues a way to test their systems.  Along with the web-based version, you can also test from the command line in Linux.  To find out more about the OpenSSL Heartbleed Bug, you can visit http://www.heartbleed.com/.