Name | Category | Info |
---|---|---|
Google Search Oct22 | Social Networking/Search | Google Search is a search engine provided by Google. Google Search offers a convenient way to search for text across the world wide web content indexed by Google. |
iCloud Nov 2022 | Data Transfer/File Sharing | iCloud is a cloud service from Apple Inc.. |
Name | Category | Tags | Info |
---|---|---|---|
Facebook Apr 18 - HTTP/2 | Social Networking/Search | HTTP/2 | Simulates the use of the Facebook website as of April 2018 over HTTP/2. All of the available actions for this flow are exercised. |
Giphy Bandwidth Sep22 - HTTP/2 | Voice/Video/Media | Social Networking/Search HTTP/2 |
Simulates the use of the GIPHY application as of September 2022 over HTTP/2, where a user searches for a GIF, and creates and uploads a new GIF. |
Google Search Oct22 - HTTP/2 | Social Networking/Search | HTTP/2 | Simulates the use of the Google Search as of October 2022 over HTTP/2, where a user opens the homepage, initiates a search, and then browses the image and news results. |
Google Search Oct22 | Social Networking/Search | HTTP/2 | Simulates the use of the Google Search as of October 2022 where a user opens the homepage, initiates a search, and then browses the image and news results. |
Google Search Get Images Oct22 | Social Networking/Search | HTTP/2 | Simulates the use of the Google Search as of October 2022 where a user opens the homepage, initiates a search, and then browses the image results. |
iCloud Nov 2022 | Data Transfer/File Sharing | SimulatedTLS | iCloud is a cloud service from Apple Inc. which enables users to sync their data to the cloud, including mail, contacts, calendars, photos, notes and files. |
Instagram Apr 18 - HTTP/2 | Social Networking/Search | HTTP/2 | Simulates the use of the Instagram website as of April 2018 over HTTP/2, which includes signing in, photo viewing and commenting, as well as sharing a photo before logging out. |
Netflix July 2017 - HTTP/2 | Voice/Video/Media | HTTP/2 | Simulates the use of Netflix application as of 2017 over HTTP/2, which includes login to Netflix, search for a movie, view detail information about the movie, start playing it and then pause and resume it. After a short time this is followed by logging out. |
Pinterest Sep22 - HTTP/2 | Social Networking/Search | Cloud HTTP/2 |
Simulates the use of the Pinterest app as of September 2022 over HTTP/2. The user opens the app, logs in, browses through posts, searches with a keyword, uploads an image and logs out. |
Reddit Account Management Feb18 - HTTP/2 | Social Networking/Search | HTTP/2 | Simulates the use of Reddit web application as of February 2022 over HTTP/2, where a user signs into the application, loads the profile, accesses the setting and messages and logs out from the application. |
Reddit Browse Content Feb18 - HTTP/2 | Social Networking/Search | HTTP/2 | Simulates the use of Reddit web application as of February 2022 over HTTP/2, where a user loads the main page, signs into the application, accesses the posts, creates a comment, searches the posts, subscribes to the subreddit, accesses the gifts page and signs out from the application. |
Snapchat Web Bandwidth Oct22 - HTTP/2 | Voice/Video/Media | Social Networking/Search Chat/IM HTTP/2 |
Simulates the use of the Snapchat application as of September 2022 over HTTP/2, where a user sends a text message and a "snap" message. |
TikTok Mar 20 - HTTP/2 | Social Networking/Search | Voice/Video/Media HTTP/2 |
Simulates the use of TikTok application as of March 2020 over HTTP/2, where a user logs into the TikTok application, loads the homepage, checks the inbox, browses video category, comments to a video, watches a video, uploads a video, browses the music library, posts a video, watches a live stream, chats in the live stream, browses through gifts, checks balance and quits the live stream. |
Twitter Apr22 - HTTP/2 | Social Networking/Search | HTTP/2 | Simulates the use of the Twitter as of April 2022 over HTTP/2, where a user gets in the sign in page, signs into the Twitter website, browses his feed, posts a tweet, follows an account and signs out. |
Wattpad Bandwidth Jul22 - HTTP/2 | Social Networking/Search | HTTP/2 | Simulates the use of the Wattpad application as of July 2022 over HTTP/2, where a user opens the website, searches for a writer, reads a book, and writes and publishes their own book. |
Wordpress Bandwidth Jul22 - HTTP/2 | Social Networking/Search | HTTP/2 | Simulates the use of the WordPress application as of July 2022 over HTTP/2, where a user opens the website, writes a blog post, adds a page to their site, and stars and comments on a post. |
Youtube Dec18 - HTTP/2 | Voice/Video/Media | HTTP/2 | Simulates the use of Youtube site as of December 2018 over HTTP/2. The user performs the following actions signs in, searches a video, plays the video, pauses it, likes it, unlikes it, adds the video to a playlist, subscribes to a channel, unsubscribes, accesses Subscriptions, accesses Playlists, removes video from the playlist, accesses Trending, accesses History, signs out. |
Name | Info |
---|---|
Sandvine 2022 APAC Downstream | Simulates the downstream traffic generated by the top 10 applications reported in the Sandvine Global Internet Phenomena Report January 2022 for APAC region. |
Sandvine 2022 APAC Downstream - HTTP/2 | Simulates the downstream traffic generated by the top 10 applications reported in the Sandvine Global Internet Phenomena Report January 2022 over HTTP/2 for APAC region. |
Sandvine 2022 Global Social - HTTP/2 | Simulates the downstream traffic generated by the top 10 social media applications over HTTP/2 reported in the Sandvine Global Internet Phenomena Report January 2022. Here the weights are extrapolated from the GLOBAL APP TRAFFIC SHARE table present in the report. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
9.0 | E22-9s2f1 | CVE-2020-10199CVSSCVSSv3CWE-94URL | Exploits | This strike exploits an Expression Language injection vulnerability in Sonatype Nexus Repository Manager. The vulnerability is due to insufficient input validation on memberNames JSON parameter. A remote, authenticated attacker can exploit this vulnerability by authenticating with the server and then sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary code in the security context of the target application. *NOTE: While running this strike in OneArm mode, the strike executes calc.exe on the target server. |
7.2 | E22-elax1 | CVE-2022-34713CVSSCVSSv3CWE-22URL | Exploits | This strike exploits a directory traversal vulnerability in Microsoft Windows Support Diagnostic Tool. The vulnerability is due to improper validation of .diagcab files. A remote attacker could exploit this vulnerability by enticing a user into opening a crafted .diagcab file. Successful exploitation could allow the attacker to execute arbitrary code under the context of the user. |
6.8 | E22-1e2p1 | CVE-2022-0289CVSSCVSSv3CWE-416GOOGLE-2251URL | Exploits | This strike exploits a vulnerability in Google Chrome. Specifically, javascript can be crafted in such a way that when Safe Browsing flags a page the user visits and the DOM is processed a frame belonging to WebContents can be removed without notifying the object causing a Use After Free condition to occur. When this happens a denial of service condition, or potentially remote code execution, may occur. |
6.8 | E22-1e361 | CVE-2022-0306CVSSCVSSv3CWE-787GOOGLE-2250URL | Exploits | This strike exploits a vulnerability in Google Chrome. Specifically, the RequestThumbnail function does not properly validate the page_index parameter, which is used as an index within the pages_ vector. Javascript can be crafted in such a way that when getThumbnail messages are called from an embedding page a buffer overflow will happen. When this happens a denial of service condition, or potentially remote code execution, may occur. |
6.8 | E22-1esw1 | CVE-2022-1232CVSSCVSSv3CWE-843GOOGLE-2280URL | Exploits | This strike exploits a vulnerability in Google Chrome. Specifically, javascript can be crafted in such a way that when an Object replaces a property store an interceptor is encountered that causes memory corruption. When this happens a denial of service condition, or potentially remote code execution, may occur. |
6.8 | E22-1g5y1 | CVE-2022-2998CVSSCVSSv3CWE-416GOOGLE-2300URL | Exploits | This strike exploits a vulnerability in Google Chrome. Specifically, LinkToTextMenuObserver holds a pointer to a RenderFrameHost object, but does not properly observe when FrameHost destruction events occur. Because of this, if an attacker manages to craft javascript in such a way that will destroy the frame host at the right time, a use after free condition can occur in LinkToTextMenuObserver::CompleteWithError. When this happens a denial of service condition, or potentially remote code execution, may occur. |
6.8 | E22-eeuo1 | CVE-2022-26352CVSSCVSSv3CWE-22URL | Exploits | This strike exploits a Directory Traversal vulnerability in dotCMS. The vulnerability is due to insufficient validation of the names of files uploaded through the dotCMS content API. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in writing a file outside of the expected document root, possibly leading to, in the worst case, arbitrary code execution under the security context of the web server process. *NOTE: While running this strike in OneArm mode, a file named "poc.jsp" is created on the server. |
4.0 | E22-ecgl1 | CVE-2022-23253CVSSCVSSv3CWE-476URLURL | Denial | This strike exploits a denial of service vulnerability in Microsoft Windows VPN component. The vulnerability is due to improper handling of PPTP packets. A remote, unauthenticated attacker could exploit these vulnerabilities by sending the same Incoming-Call-Connected packet twice. Successful exploitation results in a denial of service condition on the target system. |
Component | Info |
---|---|
Apps | HTTP/2 tag was added to Reddit Browse Content Feb 18, Reddit Account Management Feb 18 and TikTok Mar 20 superflows. |
Evasions | Behavior change for one-arm strikes. Users can now set SSL::EnableOnAllTCP=true or SSL::EnableOnAllHTTP=true in order to run a strike in one-arm mode with TLS enabled. Note: Enabling TLS works only if SSL::DisableDefaultStrikeSSL=false. In the past this was possible just for strikes having default_over_ssl keyword. |
Evasions | SELF::URI now overrides HTTP request path if set. |
NewEvasion | Added new evasion Global::IgnoreDirection. If this is enabled file transfer strikes which have S2C(Server to Client) direction can be used in One-Arm mode for file upload. |
NewEvasion | Added new evasion: FILEUPLOAD::MultipartPost. This evasion changes the behavior when the following options are selected: Global::RevertMalwarePost=True and HTTP:TransportMethods=Post and (FILETRANSFER::TransferMethod=HTTP or MALWARE::TransferMethod=HTTP) . In this case if our newly added evasion is used then the file upload will be done via multipart upload. |
NewEvasion | Added new evasion options for selecting custom authentication type in HTTP. When HTTP::AuthenticationType is set to User-specified custom auth then HTTP::Auth is used as the content of the Authorization header. Note: HTTP::AuthenticationType option "User-specified authentication" gets renamed into "User-specified username and password". |
NewEvasion | Added new evasion options HTTP::ExtraFormDataName and HTTP::ExtraFormDataContent which add an additional multipart in addition to the file being uploaded. Note: This two evasion options are used only if Global::ReverMalwarePost=true and FILETRANSFER::MultipartPost=true and HTTP::HTTPTransportMethods=POST and (FILETRANSFER::TransferMethod=HTTP or MALWARE::TransferMethod=POST). |
NewEvasion | Added new evasion option FILETRANSFER::StrikeNameAsFileName. When enabled, the files being transfer will have the name replaced with the the name of the strike and the strike id concatenated. More precisely the file name will be ${StrikeName}_${StrikeId}.${extension} |
NewEvasion | Added new evasion Global::OneArmSleep for specifying a sleep period(measured in milliseconds) before the next file is transferred. Available only for HTTP file transfer currently. |
NewStrikeList | Added new strikelist 'CISA Alert (AA22-279A) Top CVEs Actively Exploited By PRC State-Sponsored Cyber Actors'. |