From miguel.turner at appgate.com Wed Aug 3 18:46:17 2022 From: miguel.turner at appgate.com (Miguel Turner) Date: Wed, 3 Aug 2022 14:46:17 -0400 Subject: [Silica] SILICA v7.48 Message-ID: <5264cf54-a925-e3a2-cd59-e1670f31f874@appgate.com> Immunity is proud to announce the release of SILICA v7.48! Updated embedded Canvas version with additional exploits for the "Attack" module: + CVE-2017-7504 - jbossmq_httpil_deserialization Targets Red Hat Jboss Application Server <= Jboss 4.X + CVE-2021-41773, CVE-2021-42013 - apache_cgi_rce Targets Apache 2.4.49 and Apache 2.4.50 on x64 Linux only + CVE-2022-0543 - redis_sandbox_escape_rce Targets redis versions: 5:5.0.14-1+deb10u1, 5:5.0.3-4, 5:6.0.15-1 + CVE-2022-1388 - f5_bigip_auth_bypass_rce Targets unpatched versions of BIG-IP prior to v17 + CVE-2022-29464 - wso2_file_upload_rce Targets several WSO2 products via arbitrary file upload Also: It is now possible to select the exploits that the "Attack" module will use on the "Module Config" tab of the Settings dialog. Videos can be found at: Known APs Attack & Improved Deauthentication Attack - https://vimeo.com/537915679 WPA traffic decryption using the Kr00k Attack - https://vimeo.com/481719308 Network Printer Attacks - https://vimeo.com/270182796 Bypassing WPA2 encryption using the KRACK attack - https://vimeo.com/251369829 SILICA 7.31: Samba Server Exploitation - https://vimeo.com/230656937 D-link and Microsoft WSUS Exploits - https://vimeo.com/209259981 Fake Captive Portal Demo - https://vimeo.com/198045435 Malicious Access Point Detection - https://vimeo.com/177231337 Karma attack filtering and background WPA handshake sniffer - https://vimeo.com/165882825 Access Point Mapping - https://vimeo.com/157178038 Full Karma Attack - https://vimeo.com/155393829 SMB proxy and group policy exploit - https://vimeo.com/136964755 SSL attacks using SSL stripping and self signed certificates - https://vimeo.com/122117823 Exploiting Android WebView.addJavaScriptInterface - http://vimeo.com/109831748 Pixie Dust WPS Attack - https://vimeo.com/130883860 More WPS attacks - https://vimeo.com/album/3385057/video/115337910 General overview - http://www.immunityinc.com/movies/SILICA_7.5_New_Features.mov Wireless Window - http://www.immunityinc.com/movies/SILICA_Wireless_Window.mp4 SILICA Team The information contained in this electronic mail is confidential information intended only for the use of the individual(s) or entity(s) named. If the reader of the message is not the addressee (or authorized to receive for the addressee), you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the sender by reply e-mail and/or by telephone and destroy the original message.