These alerts are triggered when detecting an attempt to exploit the Bash Shellshock vulnerability via CGI scripts on a web server. The Bash Shellshock vulnerability is a severe security flaw in the Unix Bash shell that, when exploited, allows an attacker to execute arbitrary commands on a vulnerable system, potentially gaining unauthorized access or control.
These alerts are triggered when detecting an attempt to exploit the Bash Shellshock vulnerability via CGI scripts on a web server. The Bash Shellshock vulnerability is a severe security flaw in the Unix Bash shell that, when exploited, allows an attacker to execute arbitrary commands on a vulnerable system, potentially gaining unauthorized access or control.
This alert is triggered when detecting an SSH scan of an asset. SSH is a secure protocol to provide access to an asset in a network. This alert may be triggered when an adversary is attempting to scan a network and creat an initial connection.
This alert is triggered when detecting communication on ports 5800-5820 from an external source. Ports 5800-5820 are used by the virtual network computing service (VNC), which creates a screen-sharing system opening the network to remote communication. This alert may be triggered when an adversary is attempting to scan the network or gain initial access.
These alerts are triggered when detecting an attempt to exploit the Bash Shellshock vulnerability via CGI scripts on a web server. The Bash Shellshock vulnerability is a severe security flaw in the Unix Bash shell that, when exploited, allows an attacker to execute arbitrary commands on a vulnerable system, potentially gaining unauthorized access or control.
This alert is triggered when detecting inbound communication from an external network to the database (DB) on port 3306 (mySQL). This alert may be triggered when an adversary is attempting to gain initial access to the DB or is attempting to read or write data to the DB.
This alert is triggered when detecting inbound communication from an external network to the database (DB) on port 5432 (PostgreSQL). This alert may be triggered when an adversary is attempting to gain initial access to the DB or is attempting to read or write data to the DB.
This alert is triggered when detecting a NetBIOS status communication sent from an internal asset to an axternal destination.
This alert is triggered when detecting communication on ports 5900-5920 from an external source. Ports 5900-5920 are used by the virtual network computing service (VNC), which creates a screen-sharing system opening the network to remote communication. This alert may be triggered when an adversary is attempting to scan the network or gain initial access.
This alert is triggered when detecting inbound communication from an external network to the database (DB) on port 4333 (mSQL). This alert may be triggered when an adversary is attempting to gain initial access to the DB or is attempting to read or write data to the DB.