Alpha Strike Labs

Update on #NetScaler vulnerability CVE-2023-24488 & CVE-2023-3519: There are still >20,2k systems vulnerable to #XSS & #RCE. Patch now! Check out our slides for more info about the scan data: alphastrike.io/wp-content/upl…

We scanned for CVE-2023-24488 on Monday, 10th of July 2023 and identified 30,659 vulnerable systems. Check out our results here: alphastrike.io/wp-content/upl… More than 60% of all identified systems are still vulnerable. Patch now! now! #internetscanning

An der openECSC am 15.9 kann übrigens JEDER Security-Interessierte teilnehmen - gleich ob im Team oder als Einzelspieler ! heise.de/news/Hack-Wett…

🔥 @OWASP Kubernetes Top 10 A prioritized list of risks backed by data aimed at helping security practitioners, system administrators, and software developers prioritize risks around the #Kubernetes ecosystem github.com/OWASP/www-proj…

FIRST has updated the globally renowned Traffic Light Protocol - a vital system used by the cybersecurity industry worldwide to share sensitive information. TLP Version 2.0 can be found on the website. first.org/newsroom/relea… #cybersecurity #incidentresponse #securityteams

Im Projekt #SiSyPHuS Win10 haben wir ein Tool veröffentlicht, mit dem das Verhalten der Windows Telemetrie detailliert beobachtet werden kann - der "System Activity Monitor" (SAM). Mehr hier: ➡bsi.bund.de/dok/1067600 #DeutschlandDigitalSicherBSI

Start of round 2 for the openECSC Challenge - spread the word and join - great prices to win and great people to meet - take the chance and show your skills openECSC.eu

NIST has released the initial public draft of NIST Special Publication (SP) 800-82r3, Guide to Operational Technology (OT) Security csrc.nist.gov/publications/d…

derstandard.at/story/20001347… Vielen Dank allen Teilnehmern und unseren Langjährigen Partnern ohne deren tolle Unterstützung diese Erfolgsgeschichte nie mögliche wäre !!

❗️ #CERTWarnung ❗️ Derzeit erwarten wir nicht, dass von der #Spring4Shell #Schwachstelle ein mit #Log4Shell vergleichbares Bedrohungsszenario ausgeht. Dennoch empfehlen wir dringend, die veröffentlichten Sicherheitshinweise zu beachten: spring.io/blog/2022/03/3…

⚠️ #ENISA and @CERTEU strongly encourage all public and private sector organisations in the EU to adopt a minimum set of cybersecurity best practices, See below 👇

I love the Russian people. That is why I have to tell you the truth. Please watch and share.

It's amazing to me that after all this time, almost all media coverage of Telegram still refers to it as an "encrypted messenger." Telegram has a lot of compelling features, but in terms of privacy and data collection, there is no worse choice. Here's how it actually works: 1/

We published an open-sourced log4j-scanner derived from scanners created by other members of the open-source community. This tool is intended to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities: github.com/cisagov/log4j-…

Here are the latest results of our scans for the #log4shell vulnerability (#cve202144228). More than 15,700 vulnerable services have been identified. Scan results are already on the way to national CERTs. More info on how we scan: alphastrike.io/log4j/

@Chris_TR Thanks for the input. Good idea for our future scans :-D

@AlphaStrikeLabs Hey folks, do you think you can put a link to this thread in one of the request headers? My SOC pals are already short on sleep and dealing with enough alerts, so maybe that helps.

We started our second research scan for rhe log4j vulnerability (CVE-2021-44228). Following up on the results of the first scans we are trying to keep track of successfully patched systems and improve our scan queries to get better results. More info on alphastrike.io/log4j/

4. We try to answer all inquiries and calls that we receive in a very timely manner and we allso try to be transparent about what we intend to do with our research and how we go about it.

3. The abuse domain refers to our main website, indicating we are a legitimate IT security service provider and researcher entity. A traceable track record of public presentations and publications can be quickly found.