| Name | Category | Info |
|---|---|---|
| Dingtalk Chat | Chat/IM | Dingtalk, also called Dingding in Chinese is a popular Chinese working platform with rich messaging and multimedia features. This flow simulates a Dingtalk desktop client sending and receiving messages. It uses TLS for TCP flows including Dingtalk LWP for instant messaging and HTTP for authentication initiation. |
| EpixNow Feb21 | Social Networking/Search | Epix Now is an over-the-top(OTT) subscription streaming service from Epix, delivering quality original series and documentaries, movie releases and classic film franchises. The content is available on TV, on demand, online and across devices. |
| Instagram Mobile Mar21 | Social Networking/Search | Instagram is a photo and video-sharing social networking service owned by Facebook, Inc. This android mobile app allows users to create and share photos, stories and videos with friends and followers, users care about. It uses QUIC for video streaming. |
| Simulated TLS | Secure Data Transfer | Simulates Transport Layer Security (TLS) sessions. It consists of handshake simulation and generating encrypted payloads following the exact observed traffic pattern. NOTE: There is no option to change certificates, nor decrypting the payloads. It uses pre-configured application-specific data to generate traffic. It is not suitable to create custom superflow. |
| Name | Category | Info |
|---|---|---|
| Dingtalk Chat | Chat/IM | Simulates the use of Dingtalk desktop client as of March 2021, where the user logs in to the Dingtalk app, sends and receives messages to and from a contact and then logs out. |
| EpixNow Feb 21 | Social Networking/Search | Simulates the use of the EpixNow website as of February 2021. All of the available actions for this flow are exercised. |
| EpixNow Feb 21 Browse Movies | Social Networking/Search | Simulates the scenario where the user opens EpixNow website, logs in, browses for movies, searches movie with keyword and logs out. |
| Instagram Mobile Mar21 Access Explore | Social Networking/Search | Simulates the use of the Instagram Mobile app as of March 2021 where a user gets in the sign in page, signs into the Instagram Mobile app, accesses the explore section, expands a photo, likes the photo, follows the user, unfollows the user and signs out. |
| Instagram Mobile Mar21 Play Video | Social Networking/Search | Simulates the use of the Instagram Mobile app as of March 2021 where a user gets in the sign in page, signs into the Instagram Mobile app, views the home feed, plays a video present in that feed, saves it to Collections, likes it, comments on it and signs out. |
| Instagram Mobile Mar21 Show Profile | Social Networking/Search | Simulates the use of the Instagram Mobile app as of March 2021 where a user gets in the sign in page, signs into the Instagram Mobile app, shows the profile, shows list of the followers, shows the list of followed users and signs out. |
| Instagram Mobile Mar21 Upload New Post | Social Networking/Search | Simulates the use of the Instagram Mobile app as of March 2021 where a user gets in the sign in page, signs into the Instagram Mobile app, views the home feed, posts a video, expands a photo in the feed, likes it, shows the profile and signs out. |
| LDAP OneArm | Authentication | Simulates the use of LDAP in one-arm mode where the client sends binding request with proper credentials to connect to a LDAP server, then adds an entry, modifies an attribute of the entry and deletes the entry from the Directory Information Tree(DIT). |
| Signal Chat Messenger Mar 2021 | Secure Data Transfer | Signal is a cross-platform centralized encrypted messaging service developed by the Signal Technology Foundation and Signal Messenger LLC. It uses the Internet to send one-to-one and group messages, which can include files, voice notes, images and videos. |
| Zoom Meeting Conference with Screen Share (6 Users) | Voice/Video/Media | Simulates 3 minutes of Zoom Conference Meeting with Screen Share between 6 users: User-1 is the Host and User-2 to User-6 are the guests. At the beginning, User-1 hosts the meeting and the guests (User-2 to User-6) join the meeting. Then the host sends messages to the guests, the guests receive those messages, and the User-2 replies to the Host. After that they start a 3 minutes video call and User-2 starts screen sharing. User-4, User-5 stay for 1 minute in the conference, then leave the conference for 1 minute and join back with audio only. After 3 minutes from the beginning of the conference, they (all the guests) leave the conference meeting and log out. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.3 | E20-14kkc | CVE-2020-6550CVSSCVSSv3CWE-416GOOGLE-2067 | Exploits | This strike exploits a vulnerability in Google Chrome. Specifically, javascript can be crafted in such a way that an attacker can synchronously destroy the 'WebIDBGetDBNamesCallbacksImpl' object which can result in the access of freed memory. When this happens a denial of service condition, or potentially remote code execution, may occur. |
| 7.5 | E21-ca2v1 | CVE-2021-26855CVSSCVSSv3CWE-918URLURL | Exploits | A server side request forgery exists in multiple versions of Microsoft Exchange Server. The vulnerability resides in 'Microsoft.Exchange.FrontEndHttpProxy.dll' and is due to improper validation of requests for static resources sent to the backend component of the server. A remote unauthenticated attacker may send an HTTP POST request with a crafted 'Cookie' header to access resources that are otherwise accessible only for administrative users. |
| 6.8 | E20-13kkc | CVE-2020-6541CVSSCVSSv3CWE-416GOOGLE-2068 | Exploits | This strike exploits a vulnerability in Google Chrome. Specifically, javascript can be crafted in such a way that the 'OnServiceConnectionError' function calls 'Resolve' which invokes a user-defined function. If this user function calls USB::getDevices an invalid loop iterator is set. When this loop cycles, a use after free condition can occur. When this happens a denial of service, or potentially remote code execution, may be possible. |
| 6.8 | E21-ca8p1 | CVE-2021-27065CVSSCVSSv3CWE-73EXPLOITDB-49637URL | Exploits | An arbitrary file upload vulnerability exist in Microsoft Exchange Server due to lack of sanitization of 'FilePathName' parameter in Virtual Directory reset requests. A remote authenticated attacker may send crafted JSON HTTP requests to upload a webshell on the target system and execute arbitrary commands as the SYSTEM user. |
| 3.5 | E21-c5l11 | CVE-2021-21029CVSSCVSSv3CWE-79URL | Exploits | A reflected cross-site scripting vulnerability exists in Adobe Magento. The vulnerability is due to insufficient sanitization of a file resource identifier in 'DownloadCss.php'. A remote authenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the server. Successful exploitation could result in arbitrary JavaScript execution in victims's browser. |
| B21-svd01 | URLURL | Backdoors | This strike simulates the HTTP requests sent by a host infected with Sunshuttle or Goldmax malware. An infected host may periodically send one or more similar HTTP requests. Requests to these URLs should be considered an Indicator of Compromise (IoC). | |
| B21-nuj01 | URLURLURL | Backdoors | This strike simulates the HTTP requests sent by a host infected with TEARDROP or RAINDROP malware. An infected host may periodically send one or more similar HTTP requests. Requests to these URLs should be considered an Indicator of Compromise (IoC). |
| ID | Info |
|---|---|
| E21-9v511 | Strike was modified to be usable with the Flood Evasion Profile. |
| Component | Info |
|---|---|
| Apps | Enhancements have been done to make all the actions of the WebSocket protocol proxy compatible. Super flows "WebSocket Connection", "WebSocket Message Generation", "WebSocket Ping-Pong" have been tagged as "Proxy". |