Posted by loope at 2020-04-17

firefox beta for windows 10 on qualcomm snapdragon always connected pcs now available

Whether it’s checking the weather forecast or movie times, you can always count on the web to give you the information you’re seeking. Your choice of operating system and computer shouldn’t change your online experience. As part of Mozilla’s mission, we built Firefox as a trusted user agent for people on the web and it’s one of the reasons why we’re always looking to work with companies to optimize Firefox Quantum for their devices. Last December, we announced our collaboration with Qualcomm, to create an ARM64-native build of Firefox for Snapdragon-powered Windows 10 Always Connected PCs. Today, we’re excited to report its availability in our beta release channel, a channel aimed at developers or early tech adopters to test upcoming features before they’re released to consumers. Today’s release builds on the performance work done for Firefox Quantum, which uses multiple processes as efficiently as possible. Working with Qualcomm’s Snapdragon compute platform, we’re able to push the multi-core paradigm one step further, offering octa-core CPUs. We’re also taking advantage of Rust’s fearless concurrency to intelligently divide browsing tasks across those cores to deliver a fast, personal, and convenient experience. Snapdragon powered Always Connected PCs are ideal for the road warrior because they are thin, fanless, lightweight with a long battery life and lightening fast cellular connectivity, and built to seamlessly perform daily work tasks on-the-go. We’re no stranger to optimizing the Firefox browser for any device. From Fire TV to the new iPad, we’ve custom tailored Firefox browsers for a number of different devices, because it shouldn’t matter what device you use. Test Drive Firefox’s ARM64 for Windows 10 on Snapdragon Your feedback is valuable for us to fine-tune this experience for a future release. If you have an ARM64 device running Windows 10, you can help by reporting bugs or submitting crash reports or simply sharing feedback. If you have any questions about your experience you can visit here for assistance. To try the ARM64-native build of Firefox on Windows beta version, you can download it here.

Posted by zura at 2020-04-17

secwiki weekly (158)

Safety technology

[web security] struts 2-045 vulnerability detection utility exp GUI version https://github.com/flytas/struts 2-045-exp

[web security] s2-045 vulnerability analysis http://blog.csdn.net/u011721501/article/details/60768657

[web security] DOM XSS parsing http://mp.weixin.qq.com/s/ia2itmipdbwbvi57gaaeuw

[web security] struts2_pochttp://thief.one/2017/03/07/struts2-045% E6% BC% 8F% E6% B4% 9e/

[programming technology] [King's glory] analysis report on the principle of mutual calling between C ා and C + + http://gslab.qq.com/article-257-1.html

[vulnerability analysis] [vulnerability warning] cve-2017-2636: Linux kernel n ﹐ HDLC driver module local privilege vulnerability http://bobao.360.cn/learning/detail/3586.html

[web security] 60 bytes - no file penetration test experiment https://www.n0tr00t.com/2017/03/09/penetration-test-without-file.html

[vulnerability analysis] dota2 nthack plug in analysis report http://gslab.qq.com/article-255-1.html

[web security] bcrpscan: an intelligent backup file scanning tool https://github.com/secfree/bcrpscan

[malicious analysis] analysis report of double tail scorpion (apt-c-23) https://ti.360.com/upload/report/file/aptswxlvj8fnjoxck.pdf

[tools] social engineering password analysis https://blog.yesfree.pw/? Post = 152

[tool] one sentence management system on Web https://github.com/boy-hack/webshellmanager

[web security] how to quickly use the vulnerability s02-45 to obtain the server permission http://simeon.blog.51cto.com/18680/1904351

[operation and maintenance security] the road to safe operation of financial industry enterprises 2016.10.28https://pan.baidu.com/s/1ch4ugi

[programming technology] take out order crawler: meituan, hungry, Baidu https://github.com/mudiyouyou/waimai-crawler

[malicious analysis] webshell sample set (2011-2017) https://www.secsilo.com/silo/view? Id = 8e6c876e8fa2d0c5379b0df5afed362b

[web security] domain penetration basic simple information collection (basic chapter) https://xianzhi.aliyun.com/forum/read/805.html

[Video] movies for hackers: hacker movies collection https://github.com/k4m4/movies-for-hackers

[operation and maintenance security] building a Sysmon dashboard with an elk stack https://cyberswardog.blogspot.com/2017/03/building-sysmon-dashboard-with-elk-stack.html

[O & M security] under Kali, install openvashttp://0cx.cc/install ﹣ OpenVAS ﹣ on ﹣ kali.jspx

[web security] phptrace: trace function calls, request information and execution process of PHP at runtime https://github.com/qihoo360/phptrace

[vulnerability analysis] guard the last defense line: analysis of three escape sandbox technologies http://www.4hou.com/technology/3665.html

[malicious analysis] stealing Empire: the black production of consumer finance: http://mp.weixin.qq.com/s? ᦇ biz = mtqzmje1njqwmq = = & mid = 2655538952 & IDX = 4 & Sn = c7db605415da86593c0b6624bdc1529e & scene = 0 ᦇ wechat? Redirect

[web security] s2-045 principle preliminary analysis (cve-2017-5638) http://paper.seebug.org/241/

[web security] intrigue core: domain name information collection platform based on scan and interface https://github.com/intrigueio/intrigue-core

[operation and maintenance security] five steps and seven moves to start the strongest DDoS attack and defense war! http://mt.sohu.com/20170215/n480734620.shtml

[forensic analysis] CIA leaked thousands of confidential documents: all kinds of 0day tools and malicious programs http://www.freebuf.com/news/128802.html

[document] a picture to understand CIA: there is a reason for strong attack ability: http://www.4hou.com/info/3757.html

[web security] Drupal 7. X service module from deserialization to remote command execution http://www.button.com/98140.html

[vulnerability analysis] WordPress username enumeration vulnerability analysis (cve-2017-5487) http://paper.seebug.org/239/

[web security] scanner based on CMS plug-in https://github.com/drope/dropescan

[O & M security] Ponemon Institute's "the value of Threat Intelligence: a study of Companies in North America and the UK", http://mp.weixin.qq.com/s? Biz = mzi4nzu2nju4nq = = & mid = 2247484109 & IDX = 1 & Sn = 56b5d16517082096e982d7d823b87c8e & scene = 0 "wechat" redirect

[operation and maintenance security] [exclusive] my enterprise security promotion method https://xianzhi.aliyun.com/forum/read/793.html

[operation and maintenance security] how to realize the automatic deployment of ansible multi machine room for startups http://www.4hou.com/special/3701.html

[mobile security] reverse engineering Samsung S6 sboothttp://blog.quarkslab.com/reverse-engineering-samsung-s6-sboot-part-i.html

[other] various excellent materials, artifacts and frameworks used by programmers on the road https://github.com/stanzhao/be-a-professional-programmer

[forensic analysis] see how I find the mobile number of Facebook registered users http://www.freebuf.com/vuls/128456.html

[device security] Internet of things device telnet password quick scan tool http://www.freebuf.com/sectool/128661.html

[forensic analysis] privacy disclosure: check the back of the website http://www.freebuf.com/news/128317.html

[web security] native payload? DNS: backdoor payload and anti-virus bypass project transmitted through DNS http://www.motoin.com/98026.html

[web security] hacking gutemalas DNS spying on active directory users by expanding a TLD mischtttps://the hackerblog.com/hacking gutemalas DNS spying on active directory users by expanding a TLD misconfiguration/

[other] thinking triggered by a command https://xianzhi.aliyun.com/forum/mobile/read/790.html

[malicious analysis] hidden attack - to frontinghttp://www.4hou.com/technology/3516.html

[wireless security] what did I do after I modified the router's DNS? http://t.tips/?action=show&id=23440

[other] Internet company WAF system design http://www.freebuf.com/articles/network/128370.html

[malicious analysis] another posture of kerberoast attack http://www.4hou.com/technology/3640.html

[malicious analysis] exploit kits: Winter 2017 review malicious exploitation package overview https://blog.malwarebytes.com/thread-analysis/2017/03/exploit-kits-winter-2017-review/

[news] ා experience sharing meeting of PCSA member units at RSA conference in 2017 ා in depth sharing of documents: http://mp.weixin.qq.com/s ᦇ biz = mzi0nju3odk1nw = = & mid = 2247484796 & IDX = 1 & Sn = 902d107f4ce6cba227bfe08f8b2ea289 & scene = 0 ᦇ wechat ﹐ redirect

[forensic analysis] CIA malware and hacking tools https://news.ycombinator.com/item? Id = 1381015 & from = timeline

[malicious analysis] top exploit kit activity Roundup - winter 2017 active vulnerability exploit package https://www.zscaler.com/blogs/research/top-exploit-kit-activity-roundup-winter-2017

[operation and maintenance security] how to build a system that can effectively resist the "wool party" attacks? http://www.4hou.com/info/news/3714.html

[mobile security] 2016 Antian mobile security annual report: full migration of threats http://blog.avlsec.com/2017/03/4474/2016-security-report/

[device security] nearly 200000 WiFi surveillance cameras have a remote code execution vulnerability. You can set up a botnet at will http://www.4hou.com/info/news/3778.html

[forensic analysis] spammers expose their entire operation through bad backupshttp://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-through-bad-backups.html

[malicious analysis] the US intelligence system is trapped in the window breaking effect: Wikileaks re exposes the inside story of the CIA [Download] http://mp.weixin.qq.com/s? ᥸ biz = mzi4mja1mzkyna = = & mid = 2655295027 & IDX = 1 & Sn = 82d6f63084d9409c588a27b447d62012 & scene = 0 ﹐ wechat ﹐ redirect

[forensic analysis] spammergate: the fall of an empire 1.4 billion? https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire

[malicious analysis] crypt0l0cker (torrentlocker): old dog, new trickshttp://blog.talosintelligence.com/2017/03/crypt0l0cker-torrentlocker-old-dog-new.html

[operation and maintenance security] the Tianyan system for security construction exploration of financial enterprises: http://mp.weixin.qq.com/s? ʍ biz = mzi2mjq1nta4ma = = & mid = 2247483712 & IDX = 1 & Sn = 19cefe91aa204505ad87a5150e011559 & scene = 0 ʍ wechat A redirect

[web security] talk about OSP's role in OpenVAS scanning system http://www.button.com/98347.html

[mobile security] aliju security 2016 annual report https://xuanlan.zhihu.com/p/25666246? Group id = 823212209231519744

[web security] 7 ways to exploit RFI vulnerability http://www.hackingarticles.in/7-ways-exploit-rfi-vulnerability/

[malicious analysis]. Net Reverse Engineering (I) http://www.4hou.com/technology/3641.html

[web security] content type: Malicious - New Apache struts 2 0-day under attack http://blog.talosintelligence.com/2017/03/apache-0-day-expanded.html? M = 1

[mobile security] summary of APP Security Online Detection System http://www.jianshu.com/p/946bdea18f49

[web security] intrigue core: discover new attack surface http://www.motif.com/98263.html

[equipment safety] analysis of penetration test of industrial control system http://mp.weixin.qq.com/s? & IDX = 1 & Sn = 176b8a4d5ee8250ebf95a0c96160d1ce & scene = 0 ﹐ wechat ﹐ redirect

[magazine] sec wiki weekly (issue 157) https://www.sec-wiki.com/weekly/157

[malicious analysis] analyze the newly added protection layer of neutrino botnet http://www.4hou.com/technology/3740.html

[web security] how I found a $5000 Google Maps XSS (by padding with protobuf) [FQ] https://medium.com / @ marin_m / how-i-found-a-5-000-google-maps-xss-by-padding-with-protobuf-963ee0d9caff#. Qd4siqiac

[operation and maintenance security] improve the security of windows ad (3) http://www.4hou.com/technology/3456.html

[forensic analysis] the WikiLeaks CIA dump shows hacking secrets of spies https://www.wired.com/2017/03/cia-can-hack-phone-pc-tv-says-wikileaks/

[web security] EXIF analysis and utilization (I) http://www.button.com/97860.html

[operation and maintenance security] the way for enterprises in the financial industry to operate safely http://mp.weixin.qq.com/s? ᥼ biz = mzizmtaznzuxmq = = & mid = 2652876136 & IDX = 1 & Sn = da491605c5a7251f69170ca13f43a3ff & scene = 0 ᥼ wechat ᦆ redirect

[malicious analysis] WordPress Hacks: functions.php backdoorshttps://www.polaris64.net/blog/cyber-security/2017/wordpress-hacks-functions-php-backdoors

[other] Microsoft Security Technology https://technet.microsoft.com/zh-cn/library/mt589972

[web security] the OEM version vulnerability of WiFi cam for wireless IP Camera affects more than 1250 models http://www.button.com/98152.html

[web security] development of an abnormal based web application firewallhttps://github.com/matthiasmaes/analogywebapplicationfirewall

Posted by barkins at 2020-04-17

some nmap nse script recommendations

Preface

Nmap is a powerful open source scanning tool. At the same time, nmap provides a powerful scripting engine (nmap scripting Engine), which supports extending the function of nmap through Lua scripting language. In the distribution of nmap, hundreds of extended scripts have been included. In addition to assisting in the four basic functions of nmap, i.e. host discovery, port scanning, service detection and operating system detection, other scanning capabilities have also been added: detailed detection of HTTP services, brute force cracking of simple passwords, and vulnerability information checking Wait.

Script classification and use

classification

Nmap scripts are mainly divided into the following categories, which are quoted from: nmap script Usage Summary:

auth: 负责处理鉴权证书（绕开鉴权）的脚本  
broadcast: 在局域网内探查更多服务开启状况，如dhcp/dns/sqlserver等服务  
brute: 提供暴力破解方式，针对常见的应用如http/snmp等  
default: 使用-sC或-A选项扫描时候默认的脚本，提供基本脚本扫描能力  
discovery: 对网络进行更多的信息，如SMB枚举、SNMP查询等  
dos: 用于进行拒绝服务攻击  
exploit: 利用已知的漏洞入侵系统  
external: 利用第三方的数据库或资源，例如进行whois解析  
fuzzer: 模糊测试的脚本，发送异常的包到目标机，探测出潜在漏洞 intrusive: 入侵性的脚本，此类脚本可能引发对方的IDS/IPS的记录或屏蔽  
malware: 探测目标机是否感染了病毒、开启了后门等信息  
safe: 此类与intrusive相反，属于安全性脚本  
version: 负责增强服务与版本扫描（Version Detection）功能的脚本  
vuln: 负责检查目标机是否有常见的漏洞（Vulnerability），如是否有MS08_067

Command line options

Some commands provided by nmap are as follows:

-sC/--script=default：使用默认的脚本进行扫描。
--script=<Lua scripts>：使用某个脚本进行扫描
--script-args=x=x,y=y: 为脚本提供参数 
--script-args-file=filename: 使用文件来为脚本提供参数 
--script-trace: 显示脚本执行过程中发送与接收的数据 
--script-updatedb: 更新脚本数据库 
--script-help=<Lua scripts>: 显示脚本的帮助信息

Script

Targeted script

Some more targeted nmap scripts on GitHub are collected:

MS15-034、LFI、Nikto、ShellShock、tenda

https://github.com/s4n7h0/NSE

Enumerate ICs programs and devices

https://github.com/digitalbond/Redpoint

Some NSE script collections

https://github.com/cldrn/nmap-nse-scripts

Router information collection:

https://github.com/DaniLabs/scripts-nse

brute force

https://github.com/lelybar/hydra.nse

Cassandra、WebSphere

https://github.com/kost/nmap-nse

Scada

https://github.com/drainware/nmap-scada

NSE development tools

https://github.com/s4n7h0/Halcyon

Hadoop、Flume

https://github.com/b4ldr/nse-scripts

WordPress

https://github.com/peter-hackertarget/nmap-nse-scripts

https://github.com/nosteve/vnc-auth

Phantom JS check HTTP header information

https://github.com/aerissecure/nse

WebServices detection

https://github.com/c-x/nmap-webshot

SSL heart drop

https://github.com/takeshixx/ssl-heartbleed.nse

OpenStack

https://github.com/sicarie/nse

Apache、Rails-xml

https://github.com/michenriksen/nmap-scripts

Gateway, DNS

https://github.com/ernw/nmap-scripts

MacOS

https://github.com/ulissescastro/ya-nse-screenshooter

Directory scanning, whatcams, vulnerability detection

https://github.com/Cunzhang/NseScripting

Redis

https://github.com/axtl/nse-scripts

Huawei equipment testing

https://github.com/vicendominguez/http-enum-vodafone-hua253s

Axis

https://github.com/bikashdash/Axis_Vuln_Webcam

Intranet Penetration

Recommendation from milsec official account

Nmap provides many effective scripts that do not need to rely on other third-party tools to perform penetration tests on Intranet machines:

smb-enum-domains.nse

Domain controller information collection, host information, user, password policy, etc

smb-enum-users.nse

Domain controller scan

smb-enum-shares.nse

Traverse the shared directory of the remote host

smb-enum-processes.nse

Traverse the system process of the host through SMB

smb-enum-sessions.nse

Obtain the user login session of the host in the domain through SMB to view the current user login status

smb-os-discovery.nse

Collect the operating system, computer name, domain name, full name domain name, domain forest name, NetBIOS machine name, NetBIOS domain name, workgroup, system time, etc. of the target host through SMB protocol

Smb-ls.nse

List the files in the shared directory and use with SMB enum share

smb-psexec.nse

When obtaining the SMB user password, the command can be executed on the remote host through SMB psexec

smb-system-info.nse

Obtain the operating system information, environment variables, hardware information and browser version of the target host through SMB protocol

ms-sql-brute.nse

Collect the combination dictionary and crack the MSSQL machine in the domain

ms-sql-xp-cmdshell.nse

When obtaining the SA permission user name and password of MSSQL, you can execute the specified command through the nmap script, or through the SMB protocol or MSSQL

Redis.nse

Burst the user password of redis. You can obtain the server permission by writing SSH key

oracle-sid-brute.nse

Mounting a dictionary and exploding Oracle's sid

oracle-enum-users

Traverse the available users of Oracle through the mount dictionary

oracle-brute.nse

After obtaining SID, Oracle's user password can be exploded

pgsql-brute.nse

PostgreSQL user password guessing script, password blasting for PgSQL, appropriate permissions can read and write files, execute commands, so as to further obtain server control permissions.

svn-brute.nse

The SVN server is blasted. Through the content on the SVN server, we can download the source code and find some useful information

tool

Nmap NSE script search engine

https://github.com/JKO/nsearch ================================================ _ _ _____ _____ _ | \ | |/ ___|| ___| | | | \| |\ `--. | |__ __ _ _ __ ___ | |__ | . ` | `--. \| __| / _` || '__| / __|| '_ | | |\ |/\__/ /| |___ | (_| || | | (__ | | | | \_| \_/\____/ \____/ \__,_||_| \___||_| |_| ================================================ Version 0.4b http://goo.gl/8mFHE5 @jjtibaquira Email: [email protected] | www.dragonjar.org ================================================ nsearch> search name:http author:calderon category:vuln *** Name Author [+] http-vuln-cve2012-1823.nse Paulino Calderon, Paul AMAR [+] http-phpself-xss.nse Paulino Calderon [+] http-wordpress-enum.nse Paulino Calderon [+] http-adobe-coldfusion-apsa1301.nse Paulino Calderon [+] http-vuln-cve2013-0156.nse Paulino Calderon [+] http-awstatstotals-exec.nse Paulino Calderon [+] http-axis2-dir-traversal.nse Paulino Calderon [+] http-huawei-hg5xx-vuln.nse Paulino Calderon [+] http-tplink-dir-traversal.nse Paulino Calderon [+] http-trace.nse Paulino Calderon [+] http-litespeed-sourcecode-download.nse Paulino Calderon [+] http-majordomo2-dir-traversal.nse Paulino Calderon [+] http-method-tamper.nse Paulino Calderon

https://github.com/JKO/nsearch

 ================================================
   _   _  _____  _____                     _
  | \ | |/  ___||  ___|                   | |
  |  \| |\ `--. | |__    __ _  _ __   ___ | |__
  | . ` | `--. \|  __|  / _` || '__| / __|| '_  |
  | |\  |/\__/ /| |___ | (_| || |   | (__ | | | |
  \_| \_/\____/ \____/  \__,_||_|    \___||_| |_|
 ================================================
  Version 0.4b http://goo.gl/8mFHE5  @jjtibaquira
  Email: [email protected]  |   www.dragonjar.org
 ================================================

 nsearch> search name:http author:calderon category:vuln
 *** Name                                     Author
 [+] http-vuln-cve2012-1823.nse               Paulino Calderon, Paul AMAR
 [+] http-phpself-xss.nse                     Paulino Calderon
 [+] http-wordpress-enum.nse                  Paulino Calderon
 [+] http-adobe-coldfusion-apsa1301.nse       Paulino Calderon
 [+] http-vuln-cve2013-0156.nse               Paulino Calderon
 [+] http-awstatstotals-exec.nse              Paulino Calderon
 [+] http-axis2-dir-traversal.nse             Paulino Calderon
 [+] http-huawei-hg5xx-vuln.nse               Paulino Calderon
 [+] http-tplink-dir-traversal.nse            Paulino Calderon
 [+] http-trace.nse                           Paulino Calderon
 [+] http-litespeed-sourcecode-download.nse   Paulino Calderon
 [+] http-majordomo2-dir-traversal.nse        Paulino Calderon
 [+] http-method-tamper.nse                   Paulino Calderon

summary

Scanning often triggers IDs or other security devices, so you should choose the appropriate script according to the actual environment.

Reference resources

Summary of nmap script usage
The use of nmap loading NSE script in Intranet penetration
The use of nmap loading NSE script in Intranet penetration

Posted by mitry at 2020-04-17

defective products management center of state administration of market supervision

Release time: October 25, 2019

Recall release date: October 25, 2019

Country or region where the recall was issued: United States

Manufacturer: General Motors Limited

Model: Silverado 1500, suburban, Tahoe, Sierra 1500, Yukon

Number of recalls: 638068

Defects and consequences: GM is recalling some 2015-2020 Chevrolet suburban, Tahoe and Yukon, as well as 2014-2018 Chevrolet Silverado 1500 and GMC Sierra 1500 vehicles, equipped with 5.3-litre engine and 3.08 transmission ratio rear axle and four-wheel drive. If the wheel speed sensor fails, the EBCM software may activate the driveline protection system. Inadvertent activation of the driveline protection system can cause the wheels opposite the faulty sensor to brake unexpectedly, which can cause the vehicle to pull to one side unexpectedly, increasing the risk of a crash.

Related announcement

Posted by muschett at 2020-04-17

wireless scanner download

It scans/connects/gives info about Wireless networks

Status: Inactive

Get Updates

Full Name

Phone Number

Job Title

Industry

Company

Company Size

Get notifications on updates for this project. Get the SourceForge newsletter. Get newsletters and notices that include site news, special offers and exclusive discounts about IT products & services.

I agree to receive these communications from SourceForge.net. I understand that I can withdraw my consent at anytime. Please refer to our Terms of Use and Privacy Policy or Contact Us for more details. I agree to receive these communications from SourceForge.net via the means indicated above. I understand that I can withdraw my consent at anytime. Please refer to our Terms of Use and Privacy Policy or Contact Us for more details.

JavaScript is required for this form.

You seem to have CSS turned off. Please don't fill out this field.

Windows

This software can:- give you a list of wireless adapters- scan for Wireless networks (also continuosly)- give you a list of wireless networks- if it founds a wireless network without authentication, it connects to it, start an external program, wait for it then disconnect

The program is done in C++ using the Microsoft Windows Native Wifi.

Please, fill the http://wirelessscanner.sourceforge.net/survey/

Other Useful Business Software

VPN is like a hacker proof and encrypted channel, in which the data flow between you and the external network flows. With the protection of Nord VPN, no one can monitor this channel or steal your network data. When using public Wi Fi, accessing personal and work accounts on the go, and wanting the privacy of web browsing records,

Nord VPN can make you comfortable.

Aquaboutic | Focus Security Research | Vulnerability Exploit | POC

Tag: all