| Name | Category | Info | Dreambox Sep20 | Games | DreamBox Learning is an online remote school application that focuses on mathematics education at the elementary and middle school level. It provides pre-kindergarten through 8th-grade students with over 1,800 lessons presented as animated adventures, games, and challenges. |
|---|---|---|
| Flipgrid Sep20 | Mobile | Flipgrid is a creative platform that invites students to create and share videos on topics or challenges created by teachers. Each grid includes separate “topics” where students post, view and respond to other CDS student videos. Student access to different grids requires different log-ins. | Seesaw Sep20 | Chat/IM | Seesaw is a student-driven digital protfolio that empowers students to independently document what they are learning at school. Teachers can create classes and assign activities, while students can post their work. |
| Name | Category | Info |
|---|---|---|
| Dreambox Sep20 | Games | Simulates the use of DreamBox Learning as of Sep 2020. The user logs in to Dreambox, opens the dashboard, checks activity status, adds an assignment, starts a dreambox game, pauses the game, quits the game and logs out. |
| Dreambox Sep20 Add Assignment | Games | Simulates the use of DreamBox Learning as of Sep 2020. The user logs in to Dreambox, opens the dashboard, adds an assignment and logs out. |
| Dreambox Sep20 Check Activity Status | Games | Simulates the use of DreamBox Learning as of Sep 2020. The user logs in to Dreambox, opens the dashboard, checks activity status and logs out. |
| Dreambox Sep20 Play Fun Mathematics Game | Games | Simulates the use of DreamBox Learning as of Sep 2020. The user logs in to Dreambox, opens the dashboard, starts a dreambox game, pauses the game, quits the game and logs out. |
| Flipgrid Sep20 | Mobile | Simulates the use of the Flipgrid as of September 20. A teacher logs in, creates topics and groups for students. The students log in, provide their responses, and logs out. The teacher gives feedback on the responses, and leaves a video comment on the response and logs out. |
| Flipgrid Sep20 Provide Feedback | Mobile | Simulates the use of the Flipgrid as of September 20. A teacher logs in, provides the feedback on the student's response and logs out. |
| Flipgrid Sep20 Topic And Group Creation | Mobile | Simulates the use of the Flipgrid as of September 20. A teacher logs in, creates topics and groups for students and logs out. |
| Seesaw Sep 20 Teacher - Full Session | Chat/IM | Simulates a Seesaw teacher user logging in to the app, setting up a new classroom with activities and student work posts, adding students, making announcements, managing posts students uploaded, adding comments, archiving and deleting the classroom, then logging out. |
| Seesaw Sep 20 Teacher - Import Classroom | Chat/IM | Simulates a Seesaw teacher user logging in to the app, creating a new classroom by importing from the Google Classroom app, then logging out. |
| Seesaw Sep 20 Teacher - Set Up Classroom | Chat/IM | Simulates a Seesaw teacher user logging in to the app, creating a classroom, creating activities, inviting students, then logging out. |
| Name | Info | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| APT-29 Sep 2020 WellMess Campaign | This strikelist contains 3 strikes simulating the 'APT-29 Sep 2020 WellMess Campaign'. 1. The first strike sends a command injection exploit to the target: Citrix Application Delivery Controller Server 2. The second strike simulates the download of the WellMess malware used by APT-29. 3. The third strike simulates the traffic that occurs after the execution of the WellMess malware. The victim issues an HTTP POST request containing host info such as hostname and IP address to the C2 server. It contains the following sequence of strikes: 1) /strikes/exploits/webapp/exec/cve_2019_19781_citrix_vpn_command_injection_traversal.xml 2) /strikes/malware/apt/apt29_sep_2020_wellmess_campaign/malware_db4f07ecefd1e290d727379ded4f15a0d4a59f88.xml 3) /strikes/botnets/apt/apt29_sep_2020_wellmess_campaign/apt29_sep_2020_wellmess_campaign_command_control.xml
|
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E20-11o31 | CVE-2020-4211CVSSCVSSv3CWE-74 | Exploits | This strike exploits a command injection vulnerability in IBM Spectrum Protect Plus. The vulnerability is due to a combination of missing authentication of the hostname uri and a lack of input sanitization for injection or invalid characters in the hostname parameter. When an attacker sends an HTTP POST request to "/emi/api/hostname", command execution can occur. |
| 9.3 | E20-0zk01 | CVE-2020-1472CVSSCVSSv3CWE-269URL | Exploits | This strike exploits the vulnerability known as 'Zerologon'. This privilege escalation vulnerability is due to the insecure usage of AES-CFB8 encryption for Netlogon sessions in Microsoft Netlogon Remote Protocol (MS-NRPC). A remote (same LAN) unauthenticated attacker can exploit this vulnerability to impersonate the identity of any machine on a network when attempting to authenticate to the Domain Controller which may result in the complete takeover of a Windows domain. |
| 8.3* | E20-15qw1 | CVE-2020-9496CVSSCVSSv3CWE-502URL | Exploits | This strike exploits an insecure deserialization vulnerability in Apache OFBiz. The vulnerability is a result of insufficient validation of XML-RPC requests in the SerializableParser class. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation can lead to remote code execution, in the context of the user running the server. |
| 7.5 | E20-9vhw1 | CVE-2020-14644CVSSCVSSv3CWE-502 | Exploits | This strike exploits an insecure deserialization vulnerability in Oracle Coherence library, which is used in popular products such as Oracle WebLogic Server. The vulnerability is a result of insufficient validation of T3 requests in the RemoteConstructor class. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server.Successful exploitation leads to remote code execution, in the context of the user running the Oracle WebLogic service. |
| 6.8 | E20-0mbe2 | CVE-2018-4314CVSSCVSSv3CWE-416GOOGLE-1596 | Exploits | This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can craft JavaScript in such a way that when the Webcore SVGAnimateElementBase:resetAnimatedType method is invoked a Use After Free condition can occur . This can potentially lead to a denial of service or allow for remote code execution in the context of the current running process. |
| 6.8 | E20-0me81 | CVE-2018-4416CVSSCVSSv3CWE-119GOOGLE-1652 | Exploits | This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can craft JavaScript in such a way that when a for loop is executed and a JSPropertyNameEnumerator object is created, the structure IDs inside the JSPropertyNameEnumerator object can get reused after their parents have been freed leading to type confusion. This can potentially lead to a denial of service or allow for remote code execution in the context of the current running process. |
| 5.0 | D20-0qvt4 | CVE-2019-0233CVSSCVSSv3CWE-835 | Denial | This strike exploits a file upload vulnerability in Apache Struts2. When an attacker sends an HTTP request with a crafted parameter to the server a denial of service condition on the file upload functionality will occur. |