Ticket | Info |
---|---|
DE6712 | Updated queryString used by 24 dynamic strike lists (including "Strike Level by Year") to exclude malware strikes by file path. |
DE4799 (1355592) | Fixed an issue that might cause test hang while running HTTP based attacks, with "EnableOnAllHTTP" option set for the SSL Evasion profile, through DUT configured as SSL Transparent Prox. |
DE6618 | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory (see Modified Strikes section to see the strikes). Additionally, metadata, including keywords, references and description, updated as well. |
DE6685 (1416489) | The StructureSize field in the SMB2 TREE_CONNECT Request has been updated to adhere to the Microsoft SMB Protocol Version 2 specification. The value is now 9, regardless of the size of the following buffer. |
DE6689 (1416052) | Resolves an issue in which some web applications produced an HTTP response whose status line contained a space in the status code. |
DE6693 (1416723) | The "ServerCertificateFile", "ServerKeyFile", "ClientCertificateFile", and "ClientKeyFile" options in the Security Component Evasion Profile now allow the selection of a system-provided SSL resource. |
DE6700 (1416952) | The description for the "Application Protocols A-M" and "Application Protocols N-Z" Application Profiles have been updated to indicate that updates to the profiles may take up to several minutes for processing. |
Ticket | Info |
---|---|
US8573 (36921) | Updated the HTTP header 'Accept-Language' generated in HTTP Permutations Super Flows, to match other payload languages (previously only English language was matched). The superflow's logic was not changed. |
US56084 | SNMPv2c now supports multiple OID's in GET Request and GET Response actions. See instructions in those actions on how to use a CSV file to import them. |
US56759 | Added a canned test, superflows, and application profile to emulate the shadow broker exploit chain. |
Name | Category | Info |
---|---|---|
YouTube Sep16 | Voice/Video/Media | YouTube is an American video-sharing website headquartered in San Bruno, California, United States that operates as one of Google's subsidiaries. The site allows users to upload, view, rate, share and comment on videos. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Tinder Sep16 | Social Networking/Search | Tinder is a location-based social search service application (using Facebook) that facilitates communication between mutually interested users, allowing matched users to chat. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Name | Category | Info |
---|---|---|
Equation Group Cisco Exploit Chain | Security | A demonstration of the Equation Group's exploit chain targeting the ASA and PIX platforms. Creates traffic seen from exploitation through to command and control traffic. See blog post at https://www.ixiacom.com/company/blog/equation-groups-firewall-exploit-chain for more information. |
YouTube September 2016 | Voice/Video/Media | Traffic that simulates some of the actions a user can perform on the YouTube website. |
YouTube September 2016 Browse Sections | Voice/Video/Media | Traffic that simulates browsing through sections, viewing the account settings and trying to upload an image. |
YouTube September 2016 Play Video | Voice/Video/Media | Traffic that simulates playing a video, rating it, creating a playlist and subscribing to channels. |
Tinder | Social Networking/Search | Traffic that simulates signing in, swiping and changing settings in the Tinder app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Tinder Swiping | Social Networking/Search | Traffic that simulates signing in and swiping in the Tinder app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Name | Info |
---|---|
Equation Group Cisco Exploit Chain | This Application Profile demonstrates the Equation Group's exploit chain targeting the ASA and PIX platforms. See blog post at https://www.ixiacom.com/company/blog/equation-groups-firewall-exploit-chain for more information. |
Top Five Microsoft Windows Applications 2016 | This traffic mix represents five of the most popular Microsoft Windows applications in 2016. |
Top Five Android Apps 2016 | This traffic mix represents five of the most popular Android applications in 2016. |
Name | Info |
---|---|
Equation Group Cisco Exploit Chain | This test recreates the steps involved in compromising and maintaining control using the exploit kit and tooling provided by the Shadow Broker leak in mid 2016. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E16-6ar01 |
APSB-16-29 CVE-2016-4275 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-40421 GOOGLE-859 SECURITYTRACKER-1036794 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. There is a memory corruption occurs when freeing memory after AVC decoding. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
10.0 | E16-3rt01 |
APSB-16-08 BID-84310 CVE-2016-1001 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39609 GOOGLE-720 SECURITYTRACKER-1035251 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a heap overflow in the Zlib codecs used when playing FLV files in flash. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
10.0 | E15-9hw01 |
APSB-15-32 BID-78715 CVE-2015-8420 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39044 GOOGLE-588 SECURITYTRACKER-1034318 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in TextField sharpness setter. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
10.0 | E15-9hp01 |
APSB-15-32 BID-78715 CVE-2015-8413 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39043 GOOGLE-590 SECURITYTRACKER-1034318 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in Selection SetSelection. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
10.0 | E15-6f401 |
APSB-15-16 BID-75592 CVE-2015-4432 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-425 SECURITYTRACKER-1032810 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a heap overflow when loading FLV file with Nellymoser audio codec. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
7.6 | E16-5ji01 |
CVE-2016-3294 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) MS16-105 |
Exploits | This strike exploits a memory corruption vulnerability in the Microsoft Edge Browser. Specifically, when an attacker crafts an html page with an element that makes a call to the insertAdjacentText or insertAdjacentHTML functions, it's possible for type confusion to occur. This can potentially lead to remote code execution within the context of the current user, or a denial of service condition in the browser. |
7.2 | E14-a5y01 |
CVE-2014-9286 CVSS-7.2 (AV:L/AC:L/AU:N/C:C/I:C/A:C) SECURITYTRACKER-1036438 URL |
Exploits | This strike exploits an integer signedness error in the FreeBSD bspatch utility. The control block data of bsdiff patch files is handled differently in 32 bit and 64 bit versions of bspatch. Due to this difference, certain negative values will lead to data being written outside the allocated buffer. An attacker can create a malicious patch file, which, when applied, may cause arbitrary code execution or abnormal termination of the bspatch utility. |
5.1 | E16-5jj01 |
CVE-2016-3295 CVSS-5.1 (AV:N/AC:H/AU:N/C:P/I:P/A:P) MS16-104 |
Exploits | This strike exploits a memory corruption vulnerability in the Microsoft Internet Explorer and Edge Browsers. Specifically, when an attacker crafts an html page with a caption element that contains a doctype declaration a type confusion vulnerability can occur. This can potentially lead to remote code execution within the context of the current user, or a denial of service condition in the browser. |
5.0 | E16-6ih01 |
CVE-2016-4553 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:P/A:N) SECURITYTRACKER-1035768 URL |
Exploits | This strike exploits a cache poisoning vulnerability in Squid Proxy Server. Squid accepts fully qualified domain names in the Request-URI field of HTTP requests. If given a fully qualified domain, it does not ignore the host header. If an attacker places a legitimate fully qualified domain name into the Request-URI field and an attacker-controlled malicious domain into the host field, Squid will access the attacker-controlled domain and cache it as the legitimate domain. Future users who attempt to access the url the attacker provided in the Request-URI field will instead be served the cached malicious website. |
5.0 | D16-4zd01 |
BID-83406 CVE-2016-2569 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) SECURITYTRACKER-1035101 URL |
Denial | This strike exploits a denial of service vulnerability in Squid Proxy Server. The Vary header consists of comma delimited values. The server expands this header into a comma + space delimited string. This expansion may cause the string to exceed the maximum character limit, which will result in an assertion failure, terminating the Squid process. Successful exploitation will result in abnormal termination of the Squid process, leading to a denial of service condition. |
2.6 | E16-5l301 |
CVE-2016-3351 CVSS-2.6 (AV:N/AC:H/AU:N/C:P/I:N/A:N) MS16-104 |
Exploits | This strike exploits a vulnerability in Microsoft Internet Explorer and Edge Browsers. Specifically, an attacker can specify different mime type extensions in javascript that will identify whether or not a certain program is installed on the target machine. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E14-6za01 |
BID-68998 CVE-2014-5158 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) ZDI-14-272 |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
10.0 | E13-7s301 |
BID-64647 CVE-2013-6195 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) ZDI-14-009 |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
10.0 | E13-6f201 |
CVE-2013-6194 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) ZDI-14-003 |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
10.0 | E13-6ez01 |
CVE-2013-2348 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) SCIP-65986 |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
10.0 | E11-4c101 |
BID-47638 CVE-2011-1729 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) SCIP-57380 |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
10.0 | E11-3pn01 |
BID-46234 CVE-2011-0923 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) SCIP-56392 |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
10.0 | E11-3pm01 |
BID-46234 CVE-2011-0922 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
10.0 | E09-35301 |
BID-33554 CVE-2009-0183 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
9.3 | E13-u0m01 |
CVE-2010-0478 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-16333 MS10-025 SCIP-4103 |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
9.3 | E09-5z101 |
CVE-2009-3853 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) SCIP-50694 |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
9.3 | E09-35401 |
BID-33555 CVE-2009-0184 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-16634 |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
7.5 | E09-51101 |
BID-36384 CVE-2009-2629 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
6.4 | E14-6zc01 |
CVE-2014-5160 CVSS-6.4 (AV:N/AC:L/AU:N/C:N/I:P/A:P) ZDI-14-263 |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
5.0 | E12-47p01 |
BID-52667 CVE-2012-1573 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
5.0 | E12-47l01 |
BID-52668 CVE-2012-1569 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
5.0 | E10-3kk01 |
BID-39013 CVE-2010-0740 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) EXPLOITDB-12334 |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |
5.0 | E09-3of01 |
BID-34061 CVE-2009-0879 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) |
Exploits | Fixed protocol attribute for 17 Strikes in the /strikes/exploits/misc directory. Additionally, metadata, including keywords, references and description, updated as well. |