| Name | Category | Info |
|---|---|---|
| Google Classroom Sep20 | Chat/IM | Google Classroom is a free web service developed by Google for schools that aims to simplify creating, distributing and grading assignments. The primary purpose of Google Clssroom is to streamline the process of sharing files between teachers and students. |
| Guacamole Aug20 | Remote | Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as RDP). |
| Name | Category | Info |
|---|---|---|
| Google Classroom Sep 20 Student - Add Assignment | Chat/IM | Simulates a Google Classroom student user opening the app, adding a submission to an assignment and adding a private comment to his assignment. |
| Google Classroom Sep 20 Teacher - Grade Students | Chat/IM | Simulates a Google Classroom teacher user logging in to the app, reviewing an assignment, grading the assignment and logging out. |
| Google Classroom Sep 20 Teacher - Set Up Classroom | Chat/IM | Simulates a Google Classroom teacher user logging in to the app, creating a classroom, uploading posts and assignments, inviting students, then logging out. |
| Google Classroom Sep 20 Teacher - Full Session | Chat/IM | Simulates a Google Classroom teacher user logging in to the app, setting up a new classroom with posts and assignments, adding students, reviewing assignments and grading students, archiving and deleting the classroom, then logging out. |
| Guacamole Aug20 RDP | Remote | Simulates the communication between the guacamole client(browser) and the server(guacd). An user visits the guacamole client, opens a rdp session to a remote desktop, and closes the connection. |
| HTTP 10 GET Requests with Standard Response Size 64K | Testing and Measurement | Simulates a scenario where the client sends 10 GET requests to the server and for each GET request the server sends a 200 OK response with a standard 64KB (65536) payload. |
| HTTP 10 GET Requests with Standard Response Size 1M | Testing and Measurement | Simulates a scenario where the client sends 10 GET requests to the server and for each GET request the server sends a 200 OK response with a standard 1MB (1048576) payload. |
| TLSv1.2 HTTP 10 GET Requests with Standard Response Size 64K | Testing and Measurement | Simulates HTTP client-server communication where the client sends 10 GET requests to the server and for each GET request the server sends a 200 OK response with a standard 64KB (65536) payload. TLSv1.2 and cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 are used for traffic encryption. |
| TLSv1.2 HTTP 10 GET Requests with Standard Response Size 1M | Testing and Measurement | Simulates HTTP client-server communication where the client sends 10 GET requests to the server and for each GET request the server sends a 200 OK response with a standard 1MB (1048576) payload. TLSv1.2 and cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 are used for traffic encryption. |
| Name | Info | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Emotet August 2020 Campaign | This strikelist contains 4 strikes simulating the 'Emotet August 2020 Campaign'. 1. The first strike sends a phishing email with a link that points to malicious Word document. 2. The second strike simulates the download of the malicious Word document using GET request. 3. The third strike simulates the download of the Emotet malware, using a GET request, after the victim opens the malicious document and triggers the malicious Macro. 4. In the fourth strike, the victim issues an HTTP POST request containing encrypted host information after the Emotet malware has been executed. It contains the following sequence of strikes: 1) /strikes/phishing/emotet_aug_2020_UPS_subject_phishing_email.xml 2) /strikes/malware/apt/emotet_aug_2020_campaign/malware_146535896a476450ac342985a1138a812c38cc97.xml 3) /strikes/malware/apt/emotet_aug_2020_campaign/malware_6c2d1dd28298aa0bf7f9699dbf2351abd60acadf.xml 4) /strikes/botnets/apt/emotet_aug_2020_campaign/emotet_aug_2020_campaign_command_control.xml
|
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 7.5 | E20-7pct1 | CVE-2019-13373CVSSCVSSv3URL | Exploits | A SQL injection vulnerability exists in D-Link Central WiFi Manager CWM(100) due to lack of user request authorization. The vulnerable code resides in '/web/Public/Conn.php' source and uses the HTTP 'dbSQL' parameter value to perform database lookups. By sending a crafted HTTP POST request, a remote unauthenticated attacker may gain access to the platform by adding user accounts or read existing data from the database. |
| 7.5 | E20-7pcs1 | CVE-2019-13372CVSSCVSSv3CWE-94URLURL | Exploits | A remote code execution vulnerability exists in D-Link Central WiFi Manager CWM(100) due to lack of user-supplied data sanitization. The vulnerable code resides in '/web/Lib/Action/IndexAction.class.php' source and uses the HTTP 'Cookie' header value to construct a string which is later evalued as PHP code. By sending a crafted HTTP POST request, a remote unauthenticated attacker may run arbitrary PHP code as the SYSTEM user. |
| 5.0 | D20-9uy71 | CVE-2020-13935CVSSCVSSv3CWE-835 | Denial | This strike exploits an infinite loop vulnerability in the WebSocket module of Apache Tomcat. The vulnerability is caused by improper validations of the extended payload length. A remote, unauthenticated attacker can send crafted WebSocket requests to the server resulting in each of the worker nodes entering an infinite loop; multiple such requests could lead to a denial of service. Note: The strike in one-arm mode uses a specific path "/examples/websocket/echoAnnotation" to perform the exploitation. This path points to the WebSocket examples included with Tomcat. |
| 5.0 | E20-11b41 | CVE-2020-3744CVSSCVSSv3URL | Exploits | This strike exploits an out-of-bounds read vulnerability in Adobe Acrobat and Acrobat Reader. The vulnerability is due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure when handling PDF files. An attacker can exploit this vulnerability by creating a specially crafted PDF file and enticing a user to open it. Successful exploitation could lead to information disclosure. |