Threat & Vulnerability Discussions
cancel
Showing results for 
Search instead for 
Did you mean: 
Threat & Vulnerability Discussions
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

SkyVPN - Really a C2 threat?

Hi, I have just spotted a treat alert of SkyVPN C2 traffic (ID 18871) in my logs and looked at the entry on the Threat Vault.  This seems to be quite an old detection but when I looked around for any further information regarding SkyVPN, I couldn't s

...

djr by L3 Networker
  • 1279 Views
  • 1 replies
  • 0 Likes

Zone protection on sub interfaces

Apologies if this is going over old ground but I have an issue with zone protection and am stumped trying to work out what it is.

 

I have configured and applied the zone protection profile to a layer3 sub-interface, when I test against it with crafted

...

SMB: User password brute force

We have been seeing SMB: User Password Brute Force Attempt threats coming into our logs.  We are not seeing a UN accompanied with the the traffic and the are using port 445.  This just popped up recently and we are not seeing anything malicious on th

...

charlesk by L1 Bithead
  • 2685 Views
  • 1 replies
  • 0 Likes

Block hash value

Hi Team

 

How to block below hash value. Please help us


4ad20bcd0f915acba7817e0639fcbf4f713beb8ac35112134808d4e5f753d519

86800f9e3b563eaeba1d84d431b83405b2118300c0ad2deab39a093d4b9093c5

96a64cccb55f7b42711015054ddd6ac45459643aa17c13248c6e344dc787cbfd

aad97

...

DLP Regex pattern does not work

hi all, I'm trying to add a regex data pattern for the word Orion. It works everywhere, but Palo Alto just refuses to except it and gives no reason. This is standard regex syntax 

 

([oO][rR][iI][oO][nN])

 

I need the word "orion" in every possible combi

...

igs1917 by L1 Bithead
  • 718 Views
  • 0 replies
  • 1 Likes

Exact threat details

  Hi,

 

  Is there a way to know what a specific threat ID checks for? We enabled SSL inspection for SMTP traffic and Palo started to flag every e-mail with threat ID 56951 (non-RFC compliant SMTP traffic), but ThreatDB does not provide anything useful

...

Laszlo by L1 Bithead
  • 3219 Views
  • 5 replies
  • 0 Likes