Using DNS History in Cybersecurity ?****
DNS records are one of the most valuable sources of information for a researcher. Given the opportunity to observe them in retrospect, they become almost a silver bullet.

Our new article outlines potential use cases, as well as several tools that will allow you to take full advantage of DNS History in your work ?

? Read now: https://netlas.io/blog/dns_history_in_cybersecurity/

Enjoy reading!

netlas.io

Using DNS History in Cybersecurity - Netlas Blog

A detailed guide on how to use DNS History in cybersecurity. Use cases, best tools, and best practices.

Automated search for domain names with a specific TLD ?

How often have you researched companies that have their own TLDs? Listing all relevant domains would be very valuable...

The author of today's article noted that there is no single tool that lists all the required domain names. In order to automate these searches and simplify the building of an attack surface, he created the first utility to perform this task - tldfinder.

? tldfinder's GitHub: https://github.com/projectdiscovery/tldfinder
? Read more about tool: https://cloud.google.com/blog/topics/threat-intelligence/enumerating-private-tlds

In addition, we express our gratitude to N7WEra for finding a place for Netlas in his utility!

GitHub

GitHub - projectdiscovery/tldfinder: A streamlined tool for discovering TLDs, associated domains, and related domain names.

A streamlined tool for discovering TLDs, associated domains, and related domain names. - projectdiscovery/tldfinder

CVE-2024-43425: RCE in Moodle, PoC is available ???

Due to incomplete sanitization in the “calculated questions” feature, attackers can transmit and execute arbitrary code, which can be used to disclose students’ confidential information or disrupt the entire learning process.

Search at Netlas.io:
? Link: https://nt.ls/6WaFx
? Dork: http.headers.set_cookie:"MoodleSession"

Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/

CVE-2024-8073: Command Injection in Hillstone Networks Firewalls, 9.8 rating ?

The freshest vulnerability in Hillstone WAFs allows an attacker to perform RCE due to incorrect input validation.

Search at Netlas.io:
? Link: https://nt.ls/YZWqU
? Dork: http.title:"Hillstone Networks"

Vendor's advisory: https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/

CVE-2024-40766: Improper Access Control in SonicWall SonicOS, 8.6 rating❗️****
An improper access control vulnerability in the SonicOS admin interface could allow an attacker to access sensitive information and even execute arbitrary code on an affected device.

Search at Netlas.io:
? Link: https://nt.ls/WTQRf
? Dork: http.headers.server:"sonicwall"

Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

CVE-2024-5932: Deserialization of Untrusted Data in GiveWP plugin, 10.0 rating ?*?*?**
Vulnerability discovered in the popular donation plugin leaves thousands of WordPress sites vulnerable to RCE and arbitrary file deletion.

Search at Netlas.io:
? Link: https://nt.ls/xS1vx
? Dork: http.body:"plugins/give/assets/dist"

Netlas.io and RST Cloud collaboration ?****
We trust you've observed the inclusion of threat intelligence data in the Netlas search with the release of version 0.24.0. This advancement was made achievable through our partnership with RST Cloud.
Today, we are pleased to unveil an official press release for those inclined to acquaint themselves with the full array of collaborative features.

?? Press release: https://www.linkedin.com/posts/netlas-io_netlas-and-rst-cloud-forge-alliance-to-enhance-activity-7204777141576581120-E1H3/

Linkedin

Netlas.io on LinkedIn: Netlas and RST Cloud Forge Alliance to Enhance Cyber Threat Intelligence…

Netlas and RST Cloud Forge Alliance to Enhance Cyber Threat Intelligence and Threat Hunting Capabilities Netlas.io, a leading platform for internet-wide…

CVE-2024-24919: Exposure of Sensitive Information in Check Point ?****
A vulnerability that has been on everyone's lips in recent days. Allows an unauthenticated attacker to gain access to sensitive information.

Search at Netlas.io:? Link (tag, more results): https://nt.ls/z9fQV
? Dork (tag, more results): tag.name:"checkpoint"

? Link (no tag): https://nt.ls/tnMCW
? Dork (no tag): http.favicon.hash_sha256:9a3a865d8911afcd95389ec701e5e8abcad69d928efd5b52b5d0bcc70a60d11a

Vendor's advisory: https://support.checkpoint.com/results/sk/sk182336

? Netlas Python SDK v.0.5 is now available. We've made key updates for enhanced compatibility and improved downolading features.

? To upgrade, run:

```

pip install --upgrade netlas

```

? Check out the full changelog for more details: https://docs.netlas.io/changelog/

CVE-2024-2879: SQL injection in LayerSlider plugin for WordPress, 9.8 rating ?****
Plugin used on millions of websites had a feature that was vulnerable to blind SQL injection. If the vulnerability was successfully exploited, the attacker could gain access to any confidential information.

Search at Netlas.io:? Link: https://nt.ls/8CmgD
? Dork: http.body:"plugins/layerslider"

Read more: https://www.wordfence.com/blog/2024/04/5500-bounty-awarded-for-unauthenticated-sql-injection-vulnerability-patched-in-layerslider-wordpress-plugin/