| Name | Category | Info |
|---|---|---|
| OpenAI API Call | Social Networking/Search | The OpenAI API provides access to advanced language models like GPT-3 and GPT-4 for various natural language processing tasks, enabling developers to integrate these capabilities into their applications via a simple HTTP-based interface. It uses TCP as the transport layer protocol and TLS1.2 for secure communication. |
| Name | Category | Tags | Info |
|---|---|---|---|
| ClientSim OpenAI API Call | Social Networking/Search | LLM AI |
This simulates the scenario of making an API request to the actual OpenAI API server using the GPT-3.5 Turbo language model to get the completion of a user prompt. Here, the client sends a POST request to the OpenAI API server with the specified system and user prompts over TLS1.2. |
| LinkedIn Ads Sample Advertisements Apr24 over TLS1.2 | Social Networking/Search | HARSimulation Advertising |
LinkedIn Ads is a popular advertising platform that allows publishers to display targeted ads on their websites. This simulates the network traffic pattern of LinkedIn Ads hosted advertisements as seen in the world's top 50 popular websites as of April 2024. There are 3 HTTP hosts and about 16 HTTP transactions which are replayed over TLS1.2. |
| LinkedIn Ads Sample Advertisements Apr24 over TLS1.3 | Social Networking/Search | HARSimulation Advertising |
LinkedIn Ads is a popular advertising platform that allows publishers to display targeted ads on their websites. This simulates the network traffic pattern of LinkedIn Ads hosted advertisements as seen in the world's top 50 popular websites as of April 2024. There are 3 HTTP hosts and about 16 HTTP transactions which are replayed over TLS1.3. |
| Microsoft Ads Sample Advertisements Apr24 over TLS1.2 | Social Networking/Search | HARSimulation Advertising |
Microsoft (or Bing) Ads is a popular advertising platform that allows publishers to display targeted ads on their websites. This simulates the network traffic pattern of Microsoft Ads hosted advertisements as seen in the world's top 50 popular websites as of April 2024. There are 16 HTTP hosts and about 83 HTTP transactions which are replayed over TLS1.2. |
| Microsoft Ads Sample Advertisements Apr24 over TLS1.3 | Social Networking/Search | HARSimulation Advertising |
Microsoft Ads is a popular advertising platform that allows publishers to display targeted ads on their websites. This simulates the network traffic pattern of Microsoft Ads hosted advertisements as seen in the world's top 50 popular websites as of April 2024. There are 16 HTTP hosts and about 83 HTTP transactions which are replayed over TLS1.3. |
| OpenAI API Call | Social Networking/Search | LLM AI |
This simulates the scenario of making an API request to the OpenAI API server using the GPT-3.5 Turbo language model to get the completion of a user prompt. Here, the client sends a POST request to the OpenAI API server with the specified system and user prompts, and the server responds with the completion of the user prompt using the specified language model. Here the HTTP transaction is encrypted using TLS1.2. |
| Twitter Ads Sample Advertisements Apr24 over TLS1.2 | Social Networking/Search | HARSimulation Advertising |
Twitter Ads is a popular advertising platform that allows publishers to display targeted ads on their websites. This simulates the network traffic pattern of Twitter Ads hosted advertisements as seen in the world's top 50 popular websites as of April 2024. There is 2 HTTP host and about 14 HTTP transactions which are replayed over TLS1.2. |
| Twitter Ads Sample Advertisements Apr24 over TLS1.3 | Social Networking/Search | HARSimulation Advertising |
Twitter Ads is a popular advertising platform that allows publishers to display targeted ads on their websites. This simulates the network traffic pattern of Twitter Ads hosted advertisements as seen in the world's top 50 popular websites as of April 2024. There is 2 HTTP host and about 14 HTTP transactions which are replayed over TLS1.3. |
| Name | Info |
|---|---|
| Advertising Traffic Mix April 2024 | This simulates the advertising traffic patterns of the top 5 ad service providers like Google AdSense, Amazon Ads, Microsoft Ads, LinkedIn Ads and Twitter Ads, as seen in the world's 50 most popular websites as of April 2024. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E24-a70v1 | CVE-2020-29583CVSSCVSSv3CWE-522URL | Exploits | This strike exploits an use of Hard-Coded Credentials Vulnerability in Zyxel Multiple Products. This vulnerability is due to an undocumented account (zyfwp) with an unchangeable password. The account is designed to deliver automatic firmware updates to connected access points through FTP. A remote, unauthenticated attacker could exploit this vulnerability to gain unauthorized access to the affected device, potentially leading to further compromise of the network. |
| 10.0 | E24-0dz61 | CVE-2017-3506CVSSCVSSv3CWE-78URL | Exploits | This strike exploits an OS command injection vulnerability in Oracle WebLogic Server. The vulnerability is caused by insecure deserialization of untrusted data. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted serialized object to the vulnerable WebLogic Server. When the server processes this object, it deserializes the data, leading to the execution of the attacker's code. |
| 7.8 | E24-1pee1 | CVE-2023-4966CVSSCVSSv3CWE-119URL | Exploits | This strike exploits a buffer overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway. The vulnerability is due to improper input validation of the size and format of input hostname data before processing it. It occurs during the processing of HTTP Host headers that exceed a certain length. This causes the vulnerable appliance to return the contents of its system memory, potentially including valid session cookies. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the vulnerable endpoint that trigger the buffer overflow, leading to the disclosure of session tokens. |
| 7.8 | E24-io2f1 | CVE-2024-24919CVSSCVSSv3CWE-200URL | Exploits | This strike exploits a directory traversal vulnerability in Check Point Quantum Security Gateways, affecting systems with Remote Access VPN or Mobile Access Software Blades enabled. The vulnerability is due to improper sanitization and validation of user input in the '/clients/MyCRL' endpoint. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted POST request to the vulnerable endpoint containing the string 'CSHELL/' and a path traversal sequence, which could disclose sensitive information, including files containing password hashes. |
| Component | Info |
|---|---|
| Apps | The "Client Hello" action in "HTTPS Simulated" flow has been enhanced to include random JA3 fingerprints as well as common extensions. |
| Component | Info |
|---|---|
| Apps | Fixed the randomly occurring iv length error in IETF QUIC Version-1 flow. |
| Security | Strike E16-5dl01 has been updated to reflect the correct direction. |
| Security | Strike D13-zek01 has been updated to fix malformed packets which were randomly encountered or with some specific seed. |
| Security | Fixed the strike E15-36o01 by properly setting the Tree ID and adding the NT Create AndX Request/Response packets. |