{"vulnerability": "cve-2016-5195", "sightings": [{"uuid": "4cc7fb55-542f-4dbf-b97e-4c05b1263e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "MISP/58737454-5554-400c-b141-0fa695ca48b7", "content": "", "creation_timestamp": "2017-05-15T06:07:11.000000Z"}, {"uuid": "c0c5f4df-a2b6-4eb8-b3ec-03ac83395e5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "MISP/580d3094-92ec-4344-8126-4606950d210f", "content": "", "creation_timestamp": "2016-10-23T21:53:30.000000Z"}, {"uuid": "dda064f4-0a25-4a8e-ad03-540ec731d673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "MISP/5e42bddd-4c70-4e05-a3e2-65a00a3b4631", "content": "", "creation_timestamp": "2020-02-11T14:50:08.000000Z"}, {"uuid": "082ad13c-fdb0-4dcb-a828-e3e4f2eb9d94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "MISP/ffc3b731-319f-4f70-9814-c5a0a009feae", "content": "", "creation_timestamp": "2020-10-09T16:25:42.000000Z"}, {"uuid": "3a26adae-a406-4d44-abb1-dbc212eff919", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "MISP/c3435853-72c4-4bdb-99e1-b7070e26133f", "content": "", "creation_timestamp": "2021-08-24T15:00:46.000000Z"}, {"uuid": "b86c4ab1-4dfe-4d51-82c0-f44c5ac8e096", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "MISP/8570b982-88e9-4282-b3f2-973c765d9842", "content": "", "creation_timestamp": "2020-10-09T14:48:37.000000Z"}, {"uuid": "933b4326-3bde-46db-be0c-e397104df975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "MISP/f6a84ed8-143b-4c4c-a232-4529f4878764", "content": "", "creation_timestamp": "2020-10-09T14:06:38.000000Z"}, {"uuid": "f8405aa3-4c2c-4d3b-b2ef-92562531c86d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "cc7bad93-d7bf-40ab-a0db-982b5025fc2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://www.exploit-db.com/exploits/40847", "content": "", "creation_timestamp": "2016-11-27T00:00:00.000000Z"}, {"uuid": "d7997b08-9b99-4a34-96af-ae95cb42b9fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://www.exploit-db.com/exploits/40616", "content": "", "creation_timestamp": "2016-10-21T00:00:00.000000Z"}, {"uuid": "30f577b5-0b19-42b2-86a6-a3d8bd8592c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://www.exploit-db.com/exploits/40839", "content": "", "creation_timestamp": "2016-11-28T00:00:00.000000Z"}, {"uuid": "672d4d80-ecf4-455a-8f90-92b8dbefd3da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://www.exploit-db.com/exploits/40611", "content": "", "creation_timestamp": "2016-10-19T00:00:00.000000Z"}, {"uuid": "b1cf8325-d4ba-4b8f-bef9-9f9741615f3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971308", "content": "", "creation_timestamp": "2024-12-24T20:27:23.142649Z"}, {"uuid": "fcc881ba-45c6-49c0-8bf6-6e53f6e8fc3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/devbzwlyukfkz5t/f8a26d127801b4ff19633453b369335e", "content": "", "creation_timestamp": "2025-06-26T08:20:45.000000Z"}, {"uuid": "4a09c5a6-2c0c-48e9-a216-ef5e58f7361b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3ljipift7efi2", "content": "", "creation_timestamp": "2025-03-03T19:43:14.001691Z"}, {"uuid": "b1bb246d-ac01-4552-8610-161c38c6098f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/114309122209532263", "content": "", "creation_timestamp": "2025-04-09T17:13:04.083395Z"}, {"uuid": "6fdaffc6-48fb-4ac7-85b3-c8e487ebe004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:11.000000Z"}, {"uuid": "921d85e5-65be-4bc1-a3b4-8c6114e6bbf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/ib2027/ec7c5e4235b5613eefb554df33366ee0", "content": "", "creation_timestamp": "2025-12-09T00:19:35.000000Z"}, {"uuid": "c7e9efb4-9995-48fc-aa14-7bacc3d9b5bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3lvifrqtqqs2c", "content": "", "creation_timestamp": "2025-08-03T09:51:35.841685Z"}, {"uuid": "343f1ad5-1e3e-41fc-ad40-2dcb944bac18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/devbzwlyukfkz5t/07db6d11cea48fd4c628c6c2b838975b", "content": "", "creation_timestamp": "2025-06-26T11:28:11.000000Z"}, {"uuid": "4f0a07d4-8bae-4fb2-9d07-98526284aa41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/vlaguduva/8cb441862c894883027b674a97cfa7d7", "content": "", "creation_timestamp": "2025-07-12T02:24:02.000000Z"}, {"uuid": "d49f552b-fe0d-4440-8245-9f1ccf4ed3c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/Aggerio/9330fd5699568e142d5ba1c5f775d5ce", "content": "", "creation_timestamp": "2025-11-16T15:29:50.000000Z"}, {"uuid": "8aad3745-6efe-4b95-a225-fa0929fa0b33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/Darkcrai86/09be697306ac0e554b97f21bd6194d4e", "content": "", "creation_timestamp": "2025-09-10T16:57:57.000000Z"}, {"uuid": "e1ad4449-059e-4ba4-a500-957ce41aef28", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:50.000000Z"}, {"uuid": "040aefe1-4ade-44d1-88b9-3e5f7cede154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/s3nt1nel0/2001da4aba70c535b290fc5ccfc43019", "content": "", "creation_timestamp": "2025-12-01T18:07:32.000000Z"}, {"uuid": "61a8b9c0-ccdc-4993-88ef-8c0e6a1338d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/aw-junaid/ae4d93f4a6b7d5e657e92315bcfa005c", "content": "", "creation_timestamp": "2026-02-21T18:37:39.000000Z"}, {"uuid": "c9dcc87a-9497-4f6c-b5cb-2c6dacea94f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/aw-junaid/676778028c81ea4b72359c6ffffdf9e5", "content": "", "creation_timestamp": "2026-02-21T18:14:32.000000Z"}, {"uuid": "b5ecb9e0-c577-4e61-9e4b-f733f1cf7310", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/prof-hac/76f2a4b0a2937cff2ca4b95dc94a2d2c", "content": "", "creation_timestamp": "2026-03-27T23:02:22.000000Z"}, {"uuid": "8aaa44f9-4b37-4bf8-851d-5ac7b2ceddf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://bsky.app/profile/segyges.bsky.social/post/3maa2ylybm226", "content": "", "creation_timestamp": "2025-12-18T01:54:19.204743Z"}, {"uuid": "88f83895-ebf8-40ce-a9f3-f4d366ecbcae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3macn2mdz322d", "content": "", "creation_timestamp": "2025-12-19T02:22:53.590382Z"}, {"uuid": "f61336b0-7e78-4891-824d-913237dad7a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/namishelex01/c45e91ffc78335e7a096670758f310e6", "content": "", "creation_timestamp": "2025-12-17T18:58:48.000000Z"}, {"uuid": "fc904b3f-9bf9-4cee-b780-6b7a45335ee1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/garagon/a8d92972c465aaeac354cd11668e409a", "content": "", "creation_timestamp": "2026-02-17T13:27:41.000000Z"}, {"uuid": "07e8f23c-2095-42b7-a52b-e8b4223021f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "published-proof-of-concept", "source": "https://t.me/antichat/7295", "content": "18 \u0434\u0435\u043a\u0430\u0431\u0440\u044f, 20:00 \u043c\u0441\u043a \u0432 \u043f\u0440\u044f\u043c\u043e\u043c \u044d\u0444\u0438\u0440\u0435 \u0441\u043e\u0441\u0442\u043e\u0438\u0442\u0441\u044f \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0432\u0435\u0431\u0438\u043d\u0430\u0440 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043a\u0443\u0440\u0441\u0430 \"\u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c Linux\": \u00a0\"\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Docker. \u041f\u043e\u0431\u0435\u0433 \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0432 \u0445\u043e\u0441\u0442 \u0441 \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u0435\u0439 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439\"\n\u2060\n\u0414\u043e\u0441\u0442\u0443\u043f \u0447\u0435\u0440\u0435\u0437 \u0432\u0441\u0442\u0443\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0442\u0435\u0441\u0442: https://otus.pw/VYBN/\n\n- \u0431\u0443\u0434\u0443\u0442 \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u044b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Docker\n- \u043f\u0440\u043e\u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0441\u0430\u043c\u043e\u0433\u043e \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u0431\u0430\u0433\u0430 - Dirty COW (CVE-2016-5195), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0432\u044b\u0431\u0440\u0430\u0442\u044c\u0441\u044f \u0432 \u0445\u043e\u0441\u0442\u0443\u044e \u041e\u0421 \u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u044c \u0442\u0430\u043c \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438\n\n\u0412\u0435\u0434\u0435\u0442 \u0432\u0435\u0431\u0438\u043d\u0430\u0440 \u0418\u0432\u0430\u043d \u041f\u0438\u0441\u043a\u0443\u043d\u043e\u0432 \u2013 \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u044b\u0439 \u044d\u043a\u0441\u043f\u0435\u0440\u0442, \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0443\u044e\u0449\u0438\u0439 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442 \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u044b \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0430\u0432\u0442\u043e\u0440 \u0438 \u043f\u0440\u0435\u043f\u043e\u0434\u0430\u0432\u0430\u0442\u0435\u043b\u044c \u043a\u0443\u0440\u0441\u043e\u0432 \u043f\u043e \u0418\u0411 \u0441\u043e \u0441\u0442\u0430\u0436\u0435\u043c \u043f\u0440\u0435\u043f\u043e\u0434\u0430\u0432\u0430\u043d\u0438\u044f \u0431\u043e\u043b\u0435\u0435 5 \u043b\u0435\u0442, \u043e\u043f\u044b\u0442\u043e\u043c \u0440\u0430\u0431\u043e\u0442\u044b \u0432 \u043e\u0442\u0440\u0430\u0441\u043b\u044f\u0445 \u0418\u0422 \u0438 \u0418\u0411 \u0431\u043e\u043b\u0435\u0435 9 \u043b\u0435\u0442.\n\u2060", "creation_timestamp": "2019-12-10T10:28:33.000000Z"}, {"uuid": "6603de59-634b-4a12-82bc-3bc0050ec867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://t.me/PredatorySparrowIL/313", "content": "Linux Kernel &amp; Exploit Basics\n\nToday we dive into the Linux Kernel \u2014 the heart of the operating system \u2014 and learn why hackers and pentesters focus on kernel exploits for privilege escalation.\n\n\ud83d\udd39 What is the Kernel?\n\nThe kernel is the core of Linux that manages memory, processes, devices, and system calls.\nRunning in ring 0 (highest privilege), it has complete control of the system.\n\n\ud83d\udd39 Checking Kernel Version\nAttackers often start by fingerprinting the kernel:\nuname -r        # Kernel version\nuname -a        # Full system info\ncat /proc/version\n\nExample output:\n5.4.0-77-generic\n\n\ud83d\udd39 Why Kernel Version Matters\n\u26a1\ufe0fEach version may contain known vulnerabilities.\n\u26a1\ufe0fExploit databases (ExploitDB, GitHub PoCs, etc.) can be searched against the version.\n\nExample:\nDirty COW (CVE-2016-5195) affects many Linux versions.\nOverlayFS (CVE-2015-1328) allows privilege escalation.\n\n\ud83d\udd39 Enumerating Exploitable Kernels\nUse scripts like:\nlinux-exploit-suggester.sh\nlse.sh\n- These tools compare your kernel &amp; system info with known exploits.\n\n\ud83d\udd39 Compiling &amp; Running Exploits\nMost exploits come in C:\ngcc exploit.c -o exploit\n./exploit\n\n\u26a0\ufe0f Note: Always test in lab environments (VMs, Docker) before running on real systems.\n\n\u2705 Pentester Tip: \n- Kernel exploits are powerful but noisy.\n- Always try \u201csafer\u201d privilege escalation methods (misconfigs, weak perms, sudo abuse) before dropping kernel exploits.", "creation_timestamp": "2025-09-19T06:22:04.000000Z"}, {"uuid": "ffe15be9-2c91-429c-91b1-4175ce26a88d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "published-proof-of-concept", "source": "Telegram/Z22ddpILY-yeUUVWiXwyxi9IfQjGUAfHXsS4qd56wYck-To", "content": "", "creation_timestamp": "2025-11-07T03:00:06.000000Z"}, {"uuid": "6639b50b-8724-426d-a839-a288036bb2a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/1b6994db-86fa-4123-a8cd-380c487af562", "content": "", "creation_timestamp": "2026-02-02T12:28:17.238949Z"}, {"uuid": "96ccdb7d-9217-462a-bf5c-2d8094e90e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://t.me/sec_devops/142", "content": "\u041c\u0435\u043d\u044f \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u043e\u0433\u043d\u0430\u043b\u0438 \u0441 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u043c CVE, \u043d\u043e \u044f \u0432\u0441\u0435 \u0440\u0430\u0432\u043d\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u044e \u043c\u044b\u0441\u043b\u044c \u043f\u0440\u0438\u043c\u0435\u0440\u0430\u043c\u0438\n\n\u0412\u043e\u0442, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, CVE-2016-5195 - Race Condition \u0432 \u0441\u0442\u0430\u0440\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u044f\u0434\u0440\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c docker escape. \n\nPoC:\nhttps://github.com/gebl/dirtycow-docker-vdso\n\n\u0412\u0438\u0434\u0435\u043e-\u0434\u0435\u043c\u043e:\nhttps://youtu.be/BwUfHJXgYg0\n\n\u0422\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435:\nhttps://blog.paranoidsoftware.com/dirty-cow-cve-2016-5195-docker-container-escape/\n\n#docker #ops", "creation_timestamp": "2020-09-23T09:37:05.000000Z"}, {"uuid": "c3c86c8d-c4c7-4414-8392-f59c30110bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "published-proof-of-concept", "source": "Telegram/OMDVl8gS5gUQ6qEfIYNlECMto7wQsDPKKZTEhoS2tewKcQQ", "content": "", "creation_timestamp": "2025-09-10T15:00:07.000000Z"}, {"uuid": "cfdfa6b7-56f4-48a4-8c29-0c14ac720cef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://t.me/SpiderCodeCommunity1/368", "content": "\u0633\u0645\u0639\u062a \u0639\u0646 \u062a\u062c\u0633\u0633 \u0627\u0644\u062e\u0641\u064a \u0641\u064a \u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0642\u0627\u0631\u0647 \u0627\u0633\u064a\u0627 \u061f\u061f\n\n\n\u0627\u0647\u0644\u0627 \u0648\u0633\u0647\u0644\u0627 \u0628\u064a\u0643 \u064a\u0639\u0632\u064a\u0632\u064a \u0641\u064a \u0645\u0642\u0627\u0644 \u062c\u062f\u064a\u062f \ud83d\ude01 \n\n\u0639\u0646\u0648\u0627\u0646 \u0627\u0644\u0645\u0642\u0627\u0644 :\n\n( \u0627\u062e\u062a\u0631\u0627\u0642 \u0634\u0628\u0643\u0627\u062a \u0627\u062a\u0635\u0627\u0644 \u0644\u064a \u0642\u0627\u0631\u0647 \u0627\u0633\u064a\u0627 )\n\n\n\u0641\u064a \u0648\u0627\u062d\u062f\u0629 \u0645\u0646 \u0623\u062e\u0637\u0631 \u0627\u0644\u062d\u0645\u0644\u0627\u062a \u0627\u0644\u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0629 \u0627\u0644\u062a\u064a \u062a\u0645 \u0627\u0644\u0643\u0634\u0641 \u0639\u0646\u0647\u0627 \u0645\u0624\u062e\u0631\u064b\u0627 \u0628\u0644\u063a\u062a \u0634\u0631\u0643\u0647 \n\n(  Palo Alto Networks - Unit 42  )\n\n\n\u0639\u0646 \u0646\u0634\u0627\u0637 \u0645\u0643\u062b\u0641 \u0644\u0645\u062c\u0645\u0648\u0639\u0629 \u062a\u0647\u062f\u064a\u062f \u0645\u062a\u0642\u062f\u0645\u0629 \u062a\u0639\u0631\u0641 \u0628\u0627\u0633\u0645 CL-STA-0969 \u0642\u062f\u0631\u062a \u0627\u0646\u0647 \u062a\u0633\u062a\u0647\u062f\u0641 \u062e\u0644\u0627\u0644 \u0639\u0634\u0631 \u0627\u0634\u0647\u0631 \u0643\u0627\u0645\u0644\u0647 \u0627\u0644\u0628\u0646\u064a\u0647 \u0627\u0644\u062a\u062d\u062a\u064a\u0647 \u0627\u0644\u062d\u064a\u0648\u064a\u0647 \u0644\u064a \u062c\u0646\u0648\u0628 \u0634\u0631\u0642 \u0627\u0633\u064a\u0627 \n\n\u0648 \u064a\u0639\u062a\u0642\u062f \u0627\u0646 \u0627\u0644\u062a\u062c\u0633\u0633 \u062f\u0627 \u0645\u0646 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062f\u0648\u0644 \ud83d\udd75\ud83c\udffb\n\n\n\u0637\u064a\u0628 \u064a\u0627 \u0633\u0628\u0627\u064a\u062f\u0631 \u062f\u0648\u0644 \u0647\u062f\u0641\u0647\u0645 \u0627\u064a \u061f\n\n\n\u0647\u062f\u0641\u0647\u0645 \u0627\u062e\u062a\u0631\u0627\u0642 \u0634\u0628\u0643\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u062f\u0648\u0646 \u0627\u064a \u0639\u0644\u0645 \u0644\u064a \u0627\u064a \u0634\u062e\u0635 ( \u0633\u0631\u064a\u0647 \u062a\u0627\u0645\u0647 )\n\n\n\n\u0627\u0644\u062a\u062d\u0642\u064a\u0642\u0627\u062a \u0627\u0638\u0647\u0631\u062a \u0627\u0646 \u0627\u0644\u0647\u062c\u0648\u0645 \u0643\u0627\u0646 \u0645\u0646 \u0641\u0628\u0631\u0627\u064a\u0631 \u0644\u062d\u062f \u0646\u0648\u0641\u0645\u0628\u0631 2024 \u0648 \u0643\u0627\u0646 \u0627\u0644\u0647\u062f\u0641 \u0644\u0627\u0633\u0627\u0633\u064a \u0645\u0646 \u062f\u0627 \u0639\u0645\u0644 rce \u0645\u0646 \u063a\u064a\u0631 \u0644\u0627\u062d\u062a\u064a\u0627\u062c\u0627\u062a  \u0644\u064a \u062a\u0641\u0627\u0639\u0644 \u0639\u0634\u0627\u0646 \u0633\u0631\u0642\u0647 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \n\n\n\u0644\u062d\u0638\u0647 \u0628\u0633 \u0627\u064a \u0647\u0648\u0627 rce \u061f\n\n\u0628\u062e\u062a\u0635\u0627\u0631 rce \u0647\u064a\u0627 \u0647\u062c\u0645\u0647 \u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0647 \u0647\u062f\u0641\u0647 \u0627\u0646\u0647 \u062a\u0639\u0645\u0644 \u0627\u062e\u062a\u0631\u0627\u0642 \u0648 \u062a\u062d\u0643\u0645 \u0641\u064a shell \u0644\u064a \u0627\u0644\u0636\u062d\u064a\u0647 \u0648 \u062f\u064a \u0645\u0646 \u0627\u062e\u0637\u0631 \u0647\u062c\u0645\u0627\u062a \u0633\u064a\u0628\u0631\u0627\u0646\u064a\u0647\n\n\n\u0637\u064a\u0628 \u0627\u0634\u0631\u062d \u0644\u064a\u0646\u0627 \u0645\u062b\u0627\u0644 \u0639\u0646 \u0647\u062c\u0648\u0645 \u061f\n\n\n\u0647\u0645\u0627 \u0627\u0633\u062a\u062e\u062f\u0645\u0648 \u0627\u062f\u0647 \u0627\u0633\u0645\u0647 \n\n( Cordscan )\n\n\u0628\u062d\u064a\u062b \u0627\u0646\u0647\u0645 \u064a\u062c\u0645\u0648\u0639 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0639\u0646 \u0644\u0627\u062c\u0647\u0627\u0632\u0647 \u0648 \u0644\u062d\u062f \u0648\u0642\u062a\u0646\u0627 \u0647\u0630\u0627 \u0645\u062d\u062f\u0634 \u0644\u0642\u064a \u062f\u0644\u064a\u0644\n\n\u0648 \u0628\u0639\u062f\u0647\u0627 \u0639\u0645\u0644\u0648 brute-force \u0639\u0644\u0649 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 SSH\n\n\u0648 \u0628\u0639\u062f\u0647\u0627 \u062f\u062e\u0644\u0648 \u0641\u064a ssh \u0648 \u0632\u0631\u0639\u0648\u0627 malware \n\n\nAuthDoor : \u0648\u062d\u062f\u0629 \u0645\u0635\u0627\u062f\u0642\u0629 \u062e\u0628\u064a\u062b\u0629 \u062a\u0642\u0648\u0645 \u0628\u0633\u0631\u0642\u0629 \u0643\u0644\u0645\u0627\u062a \u0627\u0644\u0645\u0631\u0648\u0631 \u0648\u062a\u0648\u0641\u0631 \u0648\u0635\u0648\u0644 \u062f\u0627\u0626\u0645 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \"\u0643\u0644\u0645\u0629 \u0645\u0631\u0648\u0631 \u0633\u062d\u0631\u064a\u0629\".\n\nCordscan : \u0623\u062f\u0627\u0629 \u0644\u0641\u062d\u0635 \u0627\u0644\u0634\u0628\u0643\u0629 \u0648\u0627\u0644\u062a\u0642\u0627\u0637 \u0627\u0644\u062d\u0632\u0645.\n\nGTPDOOR: \u0645\u0635\u0645\u0645\u0629 \u062e\u0635\u064a\u0635\u064b\u0627 \u0644\u0634\u0628\u0643\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0627\u0644\u0642\u0631\u064a\u0628\u0629 \u0645\u0646 \u062a\u0628\u0627\u062f\u0644 \u062a\u062c\u0648\u0627\u0644 GPRS.\n\nEchoBackdoor: \u0628\u0627\u0628 \u062e\u0644\u0641\u064a \u0633\u0644\u0628\u064a \u064a\u0633\u062a\u062e\u062f\u0645 \u062d\u0632\u0645 ICMP \u0644\u062a\u0644\u0642\u064a \u0648\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0648\u0625\u0631\u0633\u0627\u0644 \u0627\u0644\u0646\u062a\u0627\u0626\u062c.\n\nSGSN Emulator (sgsnemu) : \u0644\u062a\u062c\u0627\u0648\u0632 \u0627\u0644\u062c\u062f\u0631\u0627\u0646 \u0627\u0644\u0646\u0627\u0631\u064a\u0629 \u0639\u0628\u0631 \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u0627\u0644\u0634\u0628\u0643\u0629.\n\nChronosRAT : \u0628\u0631\u0645\u062c\u064a\u0629 \u062e\u0628\u064a\u062b\u0629 \u0642\u0627\u062f\u0631\u0629 \u0639\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0634\u0644 \u0643\u0648\u062f\u060c \u0623\u062e\u0630 \u0644\u0642\u0637\u0627\u062a \u0634\u0627\u0634\u0629\u060c \u062a\u0633\u062c\u064a\u0644 \u0636\u063a\u0637\u0627\u062a \u0627\u0644\u0645\u0641\u0627\u062a\u064a\u062d\u060c \u0625\u0644\u062e.\n\nNoDepDNS (MyDns) : \u0628\u0627\u0628 \u062e\u0644\u0641\u064a \u0628\u0644\u063a\u0629 Go \u064a\u062a\u0644\u0642\u0649 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0639\u0628\u0631 DNS \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0628\u0631\u0648\u062a UDP \u0639\u0644\u0649 \u0627\u0644\u0645\u0646\u0641\u0630 53.\n\n\n\u0648 \u0627\u062e\u062a\u0631\u0642\u0648 \u0643\u0630\u0627 \u0645\u062c\u0645\u0648\u0639\u0647 \u0632\u064a :\n\nLightBasin (UNC1945): \u062a\u0633\u062a\u0647\u062f\u0641 \u0642\u0637\u0627\u0639 \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0645\u0646\u0630 2016.\n\nUNC2891: \u0645\u062c\u0645\u0648\u0639\u0629 \u0645\u0627\u0644\u064a\u0629 \u0647\u0627\u062c\u0645\u062a \u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0635\u0631\u0627\u0641 \u0627\u0644\u0622\u0644\u064a.\n\nUNC3886: \u0645\u062c\u0645\u0648\u0639\u0629 \u0627\u0633\u062a\u063a\u0644\u062a \u062b\u063a\u0631\u0627\u062a \u0641\u064a VMware.\n\n\nMicrosocks Proxy\n\nFRP (Fast Reverse Proxy)\n\nFScan\n\nResponder\n\nProxyChains\n\n\u0648 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0644\u064a cves \u0632\u064a :\n\nCVE-2016-5195\n\nCVE-2021-4034\n\nCVE-2021-3156\n\n\u0648 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062a\u0643\u0646\u064a\u0643\u0627\u062a \u0644\u064a \u062a\u062e\u0641\u064a \u0632\u064a :\n\n\u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u062d\u0631\u0643\u0629 \u0627\u0644\u0645\u0631\u0648\u0631 \u0639\u0628\u0631 DNS tunneling\n\n\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0634\u063a\u0644\u064a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0627\u0644\u0645\u062e\u062a\u0631\u0642\u064a\u0646 \u0643\u0646\u0642\u0627\u0637 \u0648\u0633\u064a\u0637\u0629\n\n\u0645\u0633\u062d \u0633\u062c\u0644\u0627\u062a \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629\n\n\u062a\u0639\u0637\u064a\u0644 SELinux\n\n\u062a\u063a\u064a\u064a\u0631 \u0623\u0633\u0645\u0627\u0621 \u0627\u0644\u0639\u0645\u0644\u064a\u0627\u062a \u0644\u062a\u0628\u062f\u0648 \u0634\u0631\u0639\u064a\u0629 \u062f\u0627\u062e\u0644 \u0627\u0644\u0646\u0638\u0627\u0645\n\n\n\u0648 \u0643\u0627\u0646 \u0641\u064a \u0631\u062f \u0641\u0639\u0644 \u0627\u0644\u062f\u0648\u0644 \u0632\u064a \u0627\u0644\u0635\u064a\u0646 \u0648 \u0627\u0645\u0631\u064a\u0643\u0627 \n\n\n\u062d\u064a\u0646 \u0633\u0627\u0626\u0644 \u0627\u0644\u0631\u0626\u064a\u0633 \u0627\u0644\u0623\u0645\u0631\u064a\u0643\u064a \u062f\u0648\u0646\u0627\u0644\u062f \u062a\u0631\u0627\u0645\u0628 \u0639\u0644\u0649 \u0642\u0646\u0627\u0629 \u0641\u0648\u0643\u0633 \u0646\u064a\u0648\u0632 \u0639\u0646 \u0647\u062c\u0645\u0627\u062a \u0635\u064a\u0646\u064a\u0629 \u0639\u0644\u0649 \u0646\u0638\u0645 \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0627\u0644\u0623\u0645\u0631\u064a\u0643\u064a\u0629 \u0648\u0633\u0631\u0642\u0629 \u0627\u0644\u0645\u0644\u0643\u064a\u0629 \u0627\u0644\u0641\u0643\u0631\u064a\u0629 \u0642\u0627\u0644 :\n\n\u0647\u0648 \u0623\u0646\u062a \u0645\u062a\u062e\u064a\u0644 \u0627\u0646\u0646\u0627 \u0645\u0634 \u0628\u0646\u0639\u0645\u0644 \u0643\u062f\u0647 \u061f\u061f\u061f\n\n \u0627\u062d\u0646\u0627 \u0628\u0646\u0639\u0645\u0644 \u062d\u0627\u062c\u0627\u062a \u0643\u062a\u064a\u0631 \u0643\u062f\u0647 \u0627\u0644\u062f\u0646\u064a\u0627 \u0645\u0627\u0634\u064a\u0629 . \u0627\u0644\u0639\u0627\u0644\u0645 \u062f\u0647 \" \u0645\u0634 \u0633\u0647\u0644 \"\n\n\u0648\u0643\u0627\u0646 \u0627\u0644\u062d\u062f\u062b \u062f\u0627 \u062c\u0647 \u0645\u0639 \u0648\u0642\u062a \u0627\u0644\u064a \u0627\u0644\u0641\u0631\u064a\u0642 \u0627\u0644\u062a\u0642\u0646\u064a \u0627\u0644\u0635\u064a\u0646\u064a \u062d\u064a\u062b \u0642\u0627\u0644\u0648 \u0627\u0646 \u0627\u0644\u0635\u064a\u0646 \u0647\u064a\u0627 \u0627\u0644\u0633\u0628\u0628 \u0644\u0646\u0647\u0645 \u0642\u062f\u0631\u0648 \u064a\u0644\u0642\u0648 zero day  \u0641\u064a \n\n( Microsoft Exchange )\n\n\n\u0648 \u0631\u0643\u0632 \u0641\u064a \u062f\u064a\n\n\u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0623\u0643\u062b\u0631 \u0645\u0646 50 \u062c\u0647\u0627\u0632 \u0639\u0627\u0626\u062f\u064a\u0646 \u0644\u0643\u064a\u0627\u0646 \u0639\u0633\u0643\u0631\u064a \u0635\u064a\u0646\u064a \u0643\u0628\u064a\u0631 \u0628\u064a\u0646 \u064a\u0648\u0644\u064a\u0648 2022 \u0648\u064a\u0648\u0644\u064a\u0648 2023 \n\n\u0648\u0632\u0639\u0645\u062a \u0627\u0644\u0635\u064a\u0646 \u0623\u0646 \u0627\u0644\u0623\u0647\u062f\u0627\u0641 \u0634\u0645\u0644\u062a \u062c\u0627\u0645\u0639\u0627\u062a \u0648\u0645\u0624\u0633\u0633\u0627\u062a \u0628\u062d\u062b\u064a\u0629 \u0648\u0634\u0631\u0643\u0627\u062a \u062a\u0639\u0645\u0644 \u0641\u064a \u0645\u062c\u0627\u0644\u0627\u062a \u0627\u0644\u0627\u062a\u0635\u0627\u0644\u0627\u062a \u0648\u0627\u0644\u0625\u0646\u062a\u0631\u0646\u062a \u0627\u0644\u0641\u0636\u0627\u0626\u064a \n\n\u0648\u0642\u062f \u0627\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0645\u062e\u062a\u0631\u0642\u0648\u0646 \u0627\u0644\u0623\u0645\u064a\u0631\u0643\u064a\u0648\u0646  \u062d\u0633\u0628 \u0632\u0639\u0645 \u0627\u0644\u0635\u064a\u0646  \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0627\u0644\u0625\u0644\u0643\u062a\u0631\u0648\u0646\u064a\u0629 \u0644\u0627\u062e\u062a\u0631\u0627\u0642 \u0627\u0644\u0623\u0646\u0638\u0645\u0629 \u0628\u064a\u0646 \u064a\u0648\u0644\u064a\u0648 \u0648\u0646\u0648\u0641\u0645\u0628\u0631 2024\n\n\n\n\u0627\u0643\u062a\u0628\u0648 \u0644\u064a\u0627 \u0631\u0627\u064a\u0643\u0645 \u0641\u064a \u0627\u0644\u0645\u0642\u0627\u0644 \u062d\u0627\u0648\u0644\u062a \u0627\u062e\u0644\u064a \u0644\u063a\u0647 \u0627\u0644\u0639\u0631\u0628\u064a\u0647 \u0627\u0644\u0641\u0635\u062d\u0647 \u0641\u064a \u0648 \u0634\u0643\u0631\u0627 \u0639\u0644\u064a \u0642\u0631\u0627\u0626\u0647 \u0627\u0644\u0645\u0642\u0627\u0644 \ud83e\udd0d\u2728\n\n\n\u0645\u0635\u062f\u0631 : \n\n\nhttps://thehackernews.com/2025/08/cl-sta-0969-installs-covert-malware-in.html", "creation_timestamp": "2025-08-03T10:22:58.000000Z"}, {"uuid": "874c4b7c-9231-43b1-b52b-f83fed596797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://t.me/SpiderCodeCommunity1/369", "content": "Title:\nCovert Espionage in Asia\u2019s Communication Networks\n\nHello and welcome, dear reader, to a new article \ud83d\ude01\n\nIn one of the most serious cyber espionage campaigns recently discovered, Palo Alto Networks \u2013 Unit 42 reported intense activity from an advanced threat group known as CL-STA-0969, which is believed to have targeted the critical telecommunications infrastructure of Southeast Asia over a span of ten months.\n\nIt is suspected that this operation was state-sponsored \ud83d\udd75\ud83c\udffb\n\n\n---\n\n\ud83e\udde0 So, what was their goal?\n\nTheir primary goal was to silently infiltrate and control telecom networks without detection \u2014 complete stealth.\n\nInvestigations revealed that the attacks occurred between February and November 2024, with the primary objective being Remote Code Execution (RCE) for data theft, without requiring user interaction.\n\n\n---\n\n\u26a0\ufe0f Wait \u2014 what is RCE?\n\nRCE (Remote Code Execution) is a cyberattack that allows an attacker to gain access to a system and execute commands remotely via a shell \u2014 one of the most dangerous forms of attack.\n\n\n---\n\n\ud83d\udd0d Example of the attack:\n\nThe attackers used a tool called Cordscan to gather intelligence about network devices.\nTo this day, no direct evidence has been found regarding their initial access point.\n\nThen, they performed brute-force attacks on SSH protocols, eventually gaining access and planting multiple malware payloads:\n\nAuthDoor: A malicious authentication module that steals credentials and allows persistent access using a \"magic password.\"\n\nCordscan: A network scanning and packet capturing tool.\n\nGTPDOOR: Specifically built for telecom networks near GPRS roaming exchanges.\n\nEchoBackdoor: A passive backdoor using ICMP packets for command execution and result delivery.\n\nSGSN Emulator (sgsnemu): Bypasses firewalls through network manipulation.\n\nChronosRAT: Malware capable of executing shellcode, capturing screenshots, keylogging, and more.\n\nNoDepDNS (MyDns): A Go-based backdoor that receives commands over DNS using UDP on port 53.\n\n\n\n---\n\n\ud83c\udfaf Targeted Threat Groups:\n\nThey also interacted with or mimicked operations of other known APTs:\n\nLightBasin (UNC1945): Targeting telecom since 2016.\n\nUNC2891: Financially motivated, known for ATM attacks.\n\nUNC3886: Exploited vulnerabilities in VMware systems.\n\n\n\n---\n\n\ud83e\uddf0 Tools Used:\n\nMicrosocks Proxy\n\nFRP (Fast Reverse Proxy)\n\nFScan\n\nResponder\n\nProxyChains\n\n\n\n---\n\n\ud83d\udd13 CVEs Exploited:\n\nCVE-2016-5195\n\nCVE-2021-4034\n\nCVE-2021-3156\n\n\n\n---\n\n\ud83d\udd75\ufe0f\u200d\u2642\ufe0f Stealth Techniques:\n\nDNS tunneling for traffic obfuscation\n\nUsing compromised telecom infrastructure as intermediate relays\n\nLog tampering and credential wiping\n\nDisabling SELinux\n\nRenaming malicious processes to appear legitimate\n\n\n\n---\n\n\ud83c\udf0d International Response \u2013 China &amp; USA\n\nWhen asked on Fox News about alleged Chinese cyberattacks on U.S. telecom infrastructure and intellectual property theft, former U.S. President Donald Trump responded:\n\n&gt; \u201cYou really think we don\u2019t do that too?\nWe do a lot of things like that... the world isn\u2019t simple.\u201d\n\n\n\nThis controversy coincided with statements from a Chinese tech team claiming China was the victim, after discovering a Zero-Day vulnerability in Microsoft Exchange.\n\nThey further alleged that over 50 devices belonging to a major Chinese military entity were compromised between July 2022 and July 2023.\n\nThe Chinese claimed the targets included universities, research institutes, and satellite internet companies.\n\nAccording to their reports, U.S. hackers exploited electronic file system vulnerabilities to compromise the targets between July and November 2024.\n\n\n---\n\nSource:\nThe Hacker News \u2013 CL-STA-0969 Campaign", "creation_timestamp": "2025-08-03T10:00:38.000000Z"}, {"uuid": "becd4a95-ea0d-4c30-bb69-460e232241bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "Telegram/rM57tckZQviwwitKIhEvFVu_lQwItgdU-qP0nPYw7l-NMDs", "content": "", "creation_timestamp": "2025-08-30T22:25:05.000000Z"}, {"uuid": "d23e749e-d33e-4830-868e-75d99574a203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "published-proof-of-concept", "source": "Telegram/DOBfrk2dyhFzkyen0Qpzsdfs3pgTsKY3tpML2V_jo-xel9A", "content": "", "creation_timestamp": "2025-08-22T21:00:04.000000Z"}, {"uuid": "d373a96a-0437-4723-a5bc-c0c5ea59f37f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://t.me/arpsyndicate/1157", "content": "#ExploitObserverAlert\n\nCVE-2016-5195\n\nDESCRIPTION: Exploit Observer has 561 entries related to CVE-2016-5195. Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\"\n\nFIRST-EPSS: 0.879360000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-04T08:29:59.000000Z"}, {"uuid": "99b96abf-93d0-443c-977b-1e81146efe65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "published-proof-of-concept", "source": "Telegram/kPRwdse26OL24RRCXFgr-20UFoPAircdPCmhtViT2fQDNms", "content": "", "creation_timestamp": "2025-08-01T03:00:05.000000Z"}, {"uuid": "983133a3-aac0-4a5f-a6d9-2d1014896d97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://t.me/avleonovrus/80", "content": "\u0412 \u043f\u043e\u043b\u043a\u0443 Linux \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0445 \u043f\u043e\u0434\u043d\u044f\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e root-\u0430 \u043f\u0440\u0438\u0431\u044b\u043b\u043e. \u0412\u0441\u0442\u0440\u0435\u0447\u0430\u0435\u043c DirtyCred (CVE-2021-4154 - \u0444\u0435\u0432\u0440\u0430\u043b\u044c\u0441\u043a\u0430\u044f, \u0435\u0441\u0442\u044c PoC; CVE-2022-2588 - \u0441\u0432\u0435\u0436\u0430\u044f, \u043f\u043e\u043a\u0430 \u043d\u0435\u0442 PoC-\u0430). 8 \u043b\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0438\u043a\u0442\u043e \u043d\u0435 \u0437\u0430\u043c\u0435\u0447\u0430\u043b. \u0418\u043b\u0438 \u0437\u0430\u043c\u0435\u0447\u0430\u043b\u0438 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438, \u043d\u043e \u043f\u043e\u043c\u0430\u043b\u043a\u0438\u0432\u0430\u043b\u0438. \u0415\u0441\u0442\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e NVD \u043a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e \u0442\u043e\u0440\u043c\u043e\u0437\u0438\u0442 \u0438 \u0442\u0430\u043c \u043d\u043e\u0432\u043e\u0433\u043e \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430 \u043f\u043e\u043a\u0430 \u043d\u0435\u0442, \u043d\u043e \u043e\u043d \u0432\u043e \u0432\u0441\u044e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \n\n\u0421\u0443\u0434\u044f \u043f\u043e \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u044e \u044d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044f\u0434\u0440\u0430, \u043f\u043e\u0445\u043e\u0436\u0430\u044f \u043d\u0430 \u043c\u0430\u0440\u0442\u043e\u0432\u0441\u043a\u0443\u044e Dirty Pipe (CVE-2022-0847), \u0442\u043e\u043b\u044c\u043a\u043e \u043a\u0440\u0443\u0447\u0435, \u0442.\u043a. \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u0435\u0435:\n\n\"The novel exploitation method, according to the researchers, pushes the dirty pipe to the next level, making it more general as well as potent in a manner that could work on any version of the affected kernel.\"\n\n\u0418 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0438\u0437\u0430\u0446\u0438\u044f \u043d\u0435 \u0441\u043f\u0430\u0441\u0430\u0435\u0442:\n\n\"Second, while it is like the dirty pipe that could bypass all the kernel protections, our exploitation method could even demonstrate the ability to escape the container actively that Dirty Pipe is not capable of.\"\n\n\u041d\u0443 \u0438 \u0442\u0430\u043a-\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432 Linux root-\u0430 \u043f\u043e\u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e. \u0418\u0437 \u0433\u0440\u043e\u043c\u043a\u0438\u0445 \u043c\u043e\u0436\u043d\u043e \u0435\u0449\u0451 \u0432\u0441\u043f\u043e\u043c\u043d\u0438\u0442\u044c Dirty Cow (CVE-2016-5195 - \u043e\u0431\u0430\u043b\u0434\u0435\u0442\u044c \ud83d\ude31, 6 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434, \u043f\u043e\u043c\u043d\u044e \u043a\u0430\u043a \u0432\u0447\u0435\u0440\u0430 \u043a\u0430\u043a \u0442\u0435\u0441\u0442\u0438\u043b) \u0438 Qualys-\u043e\u0432\u0441\u043a\u0438\u0435 PwnKit (CVE-2021-4034) \u0438 Sequoia (CVE-2021-33909).\n\n\u0410 \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0442\u044c? \u0418\u043c\u0445\u043e, \u043f\u0430\u0442\u0447\u0438\u0442\u044c. \u041b\u0443\u0447\u0448\u0435 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430, \u0430 \u043d\u0435 \u0432 \u043f\u043e\u0436\u0430\u0440\u043d\u043e\u043c \u0440\u0435\u0436\u0438\u043c\u0435. \u041d\u043e \u0435\u0441\u043b\u0438 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0438\u043d\u0433\u0430 Linux-\u043e\u0432 \u043d\u0435\u0442, \u0442\u043e \u043b\u0443\u0447\u0448\u0435 \u0440\u0430\u0437\u043e\u0432\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u043c\u0430\u0445\u0430\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e (\u0438\u043b\u0438 \u0434\u0430\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u043c\u0438 \u0441 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430\u043c\u0438) \u043a\u0430\u043a \u0444\u043b\u0430\u0433\u043e\u043c. \u041f\u043e\u0441\u043b\u0435 \u0440\u0430\u0437\u043e\u0432\u043e\u0433\u043e \u0443\u043f\u0440\u0430\u0436\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0434\u0435\u0442 \u0432\u0438\u0434\u043d\u043e \u043a\u0430\u043a\u0438\u0435 \u0435\u0441\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430, \u0430 \u0433\u0434\u0435-\u0442\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u0441\u044f \u0435\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0441 \u043d\u0430\u0441\u043a\u043e\u043a\u0430.\n\n\u041d\u0443 \u0438\u043b\u0438 \u043c\u043e\u0436\u043d\u043e \u043d\u0435 \u043f\u0430\u0442\u0447\u0438\u0442\u044c, \u043e\u0431\u043e\u0441\u043d\u043e\u0432\u044b\u0432\u0430\u044f \u0442\u0435\u043c, \u0447\u0442\u043e \u043e\u043d\u043e (\u0432\u0440\u043e\u0434\u0435) \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0431\u0435\u043b\u044c\u043d\u043e, \u0430 \u0433\u0434\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0431\u0435\u043b\u044c\u043d\u043e, \u0442\u043e \u0442\u0430\u043c \u043d\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e \u0438\u043b\u0438 \u0442\u0443\u0434\u0430 \u043d\u0435 \u0434\u043e\u0431\u0435\u0440\u0443\u0442\u0441\u044f. \u0418 \u0438\u0437 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u043d\u0435 \u0432\u044b\u0431\u0435\u0440\u0443\u0442\u0441\u044f. \u0418 \u0432\u043e\u043e\u0431\u0449\u0435 \u043c\u043e\u0436\u043d\u043e \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c EDR \u043d\u0430 \u043b\u0438\u043d\u0443\u043a\u0441\u0430\u0445. \u0418 \u0435\u0449\u0451 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043f\u0440\u043e\u0431\u043e\u0432\u0430\u0442\u044c \u043c\u0430\u043d\u0434\u0430\u0442\u043a\u0443 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c. \n\n\u041d\u043e, \u0438\u043c\u0445\u043e, \u043e\u0446\u0435\u043d\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0431\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438,  \u0445\u0430\u0440\u0434\u0435\u043d\u0438\u043d\u0433 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0421\u0417\u0418 \u0434\u043b\u044f Linux-\u043e\u0432 \u044d\u0442\u043e \u043a\u043e\u043d\u0435\u0447\u043d\u043e \u0432\u0441\u0435  \u0437\u0430\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u043d\u043e \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0435 \u044d\u0442\u043e \u043f\u0430\u0442\u0447\u0438\u043d\u0433 \u0438 \u043f\u0440\u0435\u0436\u0434\u0435 \u0432\u0441\u0435\u0433\u043e \u043d\u0443\u0436\u043d\u043e \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u0442\u044c\u0441\u044f \u0438\u043c\u0435\u043d\u043d\u043e \u0441 \u043d\u0438\u043c. \n\n@avleonovrus #Linux #Kernel #EOP #DirtyCred", "creation_timestamp": "2023-09-21T09:19:24.000000Z"}, {"uuid": "fff66f1a-63dd-41ce-8506-222f13bb92b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://t.me/DaleelCyberSecurity/80", "content": "\u0645\u0627 \u0647\u064a \u062b\u063a\u0631\u0629 \u064a\u0648\u0645 \u0627\u0644\u0635\u0641\u0631 (Zero-Day Exploit)\u061f\n\n\u0647\u064a \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u063a\u064a\u0631 \u0645\u0639\u0631\u0648\u0641\u0629 \u0644\u0644\u0645\u0637\u0648\u0631\u064a\u0646 \u0623\u0648 \u0627\u0644\u0634\u0631\u0643\u0627\u062a \u0627\u0644\u0645\u0633\u0624\u0648\u0644\u0629 \u0639\u0646 \u0627\u0644\u0646\u0638\u0627\u0645\u060c \u0645\u0645\u0627 \u064a\u0639\u0646\u064a \u0623\u0646\u0647\u0627 \u0644\u0645 \u062a\u064f\u0635\u0644\u062d \u0628\u0639\u062f \u0648\u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0642\u0628\u0644 \u0623\u0646 \u064a\u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641\u0647\u0627 \u0623\u0648 \u0625\u0635\u062f\u0627\u0631 \u062a\u062d\u062f\u064a\u062b \u0644\u0647\u0627.\n\n\n---\n\n\u0643\u064a\u0641 \u062a\u0639\u0645\u0644\u061f\n\n\u0639\u0646\u062f \u0627\u0643\u062a\u0634\u0627\u0641 \u062b\u063a\u0631\u0629 \u062c\u062f\u064a\u062f\u0629\u060c \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0642\u0628\u0644 \u0623\u0646 \u062a\u0635\u062f\u0631 \u0627\u0644\u0634\u0631\u0643\u0629 \u062a\u0635\u062d\u064a\u062d\u064b\u0627 \u0623\u0645\u0646\u064a\u064b\u0627. \u064a\u062a\u0645 \u0630\u0644\u0643 \u0639\u0627\u062f\u0629\u064b \u0645\u0646 \u062e\u0644\u0627\u0644:\n\n\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0623\u062e\u0637\u0627\u0621 \u0628\u0631\u0645\u062c\u064a\u0629 \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 \u0623\u0648 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a.\n\n\u062a\u062c\u0627\u0648\u0632 \u0622\u0644\u064a\u0627\u062a \u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u062b\u0644 SELinux \u0623\u0648 Google Play Protect.\n\n\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u062e\u0628\u064a\u062b\u0629 \u0644\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0645\u0631\u062a\u0641\u0639\u0629 (Root \u0623\u0648 SYSTEM).\n\n\n\n---\n\n\u0643\u064a\u0641 \u064a\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0641\u064a \u0623\u0646\u062f\u0631\u0648\u064a\u062f\u061f\n\n\u062b\u063a\u0631\u0627\u062a \u064a\u0648\u0645 \u0627\u0644\u0635\u0641\u0631 \u0641\u064a \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0641\u064a \u0639\u062f\u0629 \u0623\u0645\u0627\u0643\u0646:\n\n1. \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0627\u0644\u0646\u0638\u0627\u0645 (Kernel Exploits):\n\n\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0623\u062e\u0637\u0627\u0621 \u0641\u064a \u0646\u0648\u0627\u0629 \u0627\u0644\u0646\u0638\u0627\u0645 \u0644\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0645\u0631\u062a\u0641\u0639\u0629.\n\n\u0623\u0645\u062b\u0644\u0629: \u062b\u063a\u0631\u0629 Dirty Cow (CVE-2016-5195)\u060c \u0648\u062b\u063a\u0631\u0627\u062a \u062a\u062c\u0627\u0648\u0632 SELinux.\n\n\n\n2. \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0623\u0633\u0627\u0633\u064a\u0629 (Framework Exploits):\n\n\u0627\u0633\u062a\u0647\u062f\u0627\u0641 \u0645\u0643\u0648\u0646\u0627\u062a \u0627\u0644\u0646\u0638\u0627\u0645 \u0645\u062b\u0644 MediaServer \u0623\u0648 WebView.\n\n\u062a\u0646\u0641\u064a\u0630 \u0623\u0643\u0648\u0627\u062f \u062e\u0628\u064a\u062b\u0629 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0645\u0644\u0641\u0627\u062a PDF \u0623\u0648 MP4 \u0623\u0648 \u0635\u0648\u0631 \u0645\u0634\u0648\u0647\u0629.\n\n\n\n3. \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0627\u0644\u0645\u062a\u0635\u0641\u062d\u0627\u062a (Browser Exploits):\n\n\u062a\u0646\u0641\u064a\u0630 \u0623\u0643\u0648\u0627\u062f \u062c\u0627\u0641\u0627\u0633\u0643\u0631\u064a\u0628\u062a \u062e\u0628\u064a\u062b\u0629 \u0645\u0646 \u062e\u0644\u0627\u0644 WebView \u0623\u0648 Chrome.\n\n\u0627\u0633\u062a\u063a\u0644\u0627\u0644 JavaScript Engine \u0644\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u062a\u0646\u0641\u064a\u0630 \u0643\u0648\u062f \u0639\u0646 \u0628\u0639\u062f (RCE).\n\n\n\n4. \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u0630\u0627\u0643\u0631\u0629 (Heap / Stack Exploits):\n\n\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062a\u0642\u0646\u064a\u0627\u062a \u0645\u062b\u0644 Buffer Overflow \u0623\u0648 Use-After-Free \u0644\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u062a\u062d\u0643\u0645 \u0643\u0627\u0645\u0644 \u0628\u0627\u0644\u062c\u0647\u0627\u0632.\n\n\n\n5. \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u062e\u062f\u0645\u0627\u062a \u0627\u0644\u0646\u0638\u0627\u0645 (System Services Exploits):\n\n\u0645\u062b\u0644 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 ADB \u0641\u064a \u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u062a\u064a \u062a\u062a\u0631\u0643\u0647 \u0645\u0641\u0639\u0651\u0644\u064b\u0627.\n\n\n\n\n\n---\n\n\u0643\u064a\u0641 \u064a\u062d\u0635\u0644 \u0627\u0644\u0647\u0627\u0643\u0631\u0632 \u0639\u0644\u0649 \u062b\u063a\u0631\u0627\u062a \u064a\u0648\u0645 \u0627\u0644\u0635\u0641\u0631\u061f\n\n\u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0644\u0644\u0628\u062d\u062b \u0639\u0646 \u062a\u063a\u064a\u064a\u0631\u0627\u062a \u064a\u0645\u0643\u0646 \u0639\u0643\u0633\u0647\u0627 \u0644\u0627\u0633\u062a\u0646\u062a\u0627\u062c \u0627\u0644\u062b\u063a\u0631\u0627\u062a.\n\n\u0645\u0631\u0627\u062c\u0639\u0629 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0645\u0635\u062f\u0631\u064a \u0644\u0623\u0646\u0638\u0645\u0629 \u0623\u0646\u062f\u0631\u0648\u064a\u062f \u0645\u0641\u062a\u0648\u062d\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 (AOSP).\n\n\u0627\u0633\u062a\u062e\u062f\u0627\u0645 Fuzzing \u0644\u0625\u0631\u0633\u0627\u0644 \u0628\u064a\u0627\u0646\u0627\u062a \u0639\u0634\u0648\u0627\u0626\u064a\u0629 \u0644\u0627\u062e\u062a\u0628\u0627\u0631 \u0633\u0644\u0648\u0643 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a.\n\n\u0627\u0644\u0628\u062d\u062b \u0641\u064a \u0627\u0644\u062a\u0633\u0631\u064a\u0628\u0627\u062a \u0648\u0627\u0644\u0645\u0646\u062a\u062f\u064a\u0627\u062a \u0627\u0644\u0633\u0631\u064a\u0629 \u062d\u064a\u062b \u064a\u062a\u0645 \u0628\u064a\u0639 \u0627\u0644\u062b\u063a\u0631\u0627\u062a.\n\n\n\n---\n\n\u0647\u0644 \u064a\u0645\u0643\u0646\u0646\u064a \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u062b\u063a\u0631\u0629 \u064a\u0648\u0645 \u0627\u0644\u0635\u0641\u0631\u061f\n\n\u0625\u0630\u0627 \u0643\u0646\u062a \u0628\u0627\u062d\u062b\u064b\u0627 \u0623\u0645\u0646\u064a\u064b\u0627\u060c \u064a\u0645\u0643\u0646\u0643 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0648\u0627\u062a \u0645\u062b\u0644 AFL\u060c Frida\u060c Ghidra\u060c IDA Pro \u0644\u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0648\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0627\u062a.\n\n\u0625\u0630\u0627 \u0643\u0646\u062a \u062a\u0631\u064a\u062f \u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627 \u0641\u0642\u0637\u060c \u0641\u0645\u0639\u0638\u0645 \u062b\u063a\u0631\u0627\u062a Zero-Day \u062a\u0643\u0648\u0646 \u062e\u0627\u0635\u0629 \u0648\u064a\u062a\u0645 \u0628\u064a\u0639\u0647\u0627 \u0641\u064a \u0627\u0644\u0633\u0648\u0642 \u0627\u0644\u0633\u0648\u062f\u0627\u0621 \u0628\u0623\u0633\u0639\u0627\u0631 \u062a\u0628\u062f\u0623 \u0645\u0646 10,000$ \u0648\u0642\u062f \u062a\u0635\u0644 \u0625\u0644\u0649 \u0645\u0644\u064a\u0648\u0646 \u062f\u0648\u0644\u0627\u0631 (\u062e\u0627\u0635\u0629 \u062b\u063a\u0631\u0627\u062a iOS \u0648\u0623\u0646\u062f\u0631\u0648\u064a\u062f).\n\n\n\n---\n\n\u0623\u0634\u0647\u0631 \u062b\u063a\u0631\u0627\u062a \u064a\u0648\u0645 \u0627\u0644\u0635\u0641\u0631 \u0641\u064a \u0623\u0646\u062f\u0631\u0648\u064a\u062f\n\nCVE-2019-2215: \u062b\u063a\u0631\u0629 \u062a\u062c\u0627\u0648\u0632 Kernel Sandbox.\n\nCVE-2020-0022: \u062b\u063a\u0631\u0629 Bluetooth RCE \u062a\u062a\u064a\u062d \u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0639\u0646 \u0628\u0639\u062f.\n\nCVE-2023-20963: \u0627\u0633\u062a\u063a\u0644\u0627\u0644 Intent \u0644\u0644\u0647\u0631\u0648\u0628 \u0645\u0646 \u0627\u0644\u062d\u0645\u0627\u064a\u0629.\n\nCVE-2024-XXXX (\u062a\u064f\u0643\u062a\u0634\u0641 \u0628\u0627\u0633\u062a\u0645\u0631\u0627\u0631).\n\n\n\n---\n\n\u0643\u064a\u0641 \u062a\u062d\u0645\u064a \u0646\u0641\u0633\u0643\u061f\n\n\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0646\u0638\u0627\u0645 \u0648\u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0628\u0627\u0633\u062a\u0645\u0631\u0627\u0631.\n\n\u062a\u0639\u0637\u064a\u0644 ADB \u0648 Debugging \u0639\u0646\u062f \u0639\u062f\u0645 \u0627\u0644\u062d\u0627\u062c\u0629 \u0625\u0644\u064a\u0647.\n\n\u062a\u062c\u0646\u0628 \u062a\u062d\u0645\u064a\u0644 \u062a\u0637\u0628\u064a\u0642\u0627\u062a APK \u0645\u0646 \u0645\u0635\u0627\u062f\u0631 \u063a\u064a\u0631 \u0645\u0648\u062b\u0648\u0642\u0629.\n\n\u0627\u0633\u062a\u062e\u062f\u0627\u0645 ROMs \u0645\u0639\u062f\u0644\u0629 \u0628\u0645\u064a\u0632\u0627\u062a \u0623\u0645\u0627\u0646 \u0625\u0636\u0627\u0641\u064a\u0629 \u0645\u062b\u0644 GrapheneOS \u0623\u0648 CalyxOS.\n\n\n\u0625\u0630\u0627 \u0643\u0646\u062a \u062a\u0631\u064a\u062f \u062a\u0639\u0644\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u0623\u0648 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u062b\u063a\u0631\u0627\u062a \u064a\u0648\u0645 \u0627\u0644\u0635\u0641\u0631\u060c \u0623\u0646\u0635\u062d\u0643 \u0628\u062f\u0631\u0627\u0633\u0629 \u0647\u0646\u062f\u0633\u0629 \u0639\u0643\u0633\u064a\u0629 (Reverse Engineering) \u0648\u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062e\u0628\u064a\u062b\u0629 (Malware Analysis).", "creation_timestamp": "2025-01-30T18:05:01.000000Z"}, {"uuid": "7676a368-a8d0-42c4-97f6-c81960af1c9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/112", "content": "The Dirty Pipe Vulnerability\n\n\ud83d\udc64 by Max Kellermann\n\nThis is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.\nIt is similar to\u00a0CVE-2016-5195 \u201cDirty Cow\u201d\u00a0but is easier to exploit.\nThe vulnerability\u00a0was fixed\u00a0in Linux 5.16.11, 5.15.25 and 5.10.102.\n\n\n\ud83d\udcdd Contents: \n\u2022 Abstract\n\u2022 Corruption pt. I\n\u2022 Access Logging\n\u2022 Corruption pt. II\n\u2022 Corruption pt. III\n\u2022 Man staring at code\n\u2022 Man staring at kernel code\n\u2022 Pipes and Buffers and Pages\n\u2022 Uninitialized\n\u2022 Corruption pt. IV\n\u2022 Exploiting\n\u2022 Timeline\n\nhttps://dirtypipe.cm4all.com", "creation_timestamp": "2022-03-08T11:14:13.000000Z"}, {"uuid": "9fff2a54-705f-4ff6-96cf-92f753c33af8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "published-proof-of-concept", "source": "Telegram/seeOg7d7Xdx0LWEqXd7dvE90Oq6nBMNvrC8yGWUmnEYbL4k", "content": "", "creation_timestamp": "2025-06-26T03:00:05.000000Z"}, {"uuid": "ac84a2e3-56e6-4d10-891c-f86aa88f5732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://t.me/sec_devops/316", "content": "\u041c\u0435\u043d\u044f \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u043e\u0433\u043d\u0430\u043b\u0438 \u0441 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u043c CVE, \u043d\u043e \u044f \u0432\u0441\u0435 \u0440\u0430\u0432\u043d\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u044e \u043c\u044b\u0441\u043b\u044c \u043f\u0440\u0438\u043c\u0435\u0440\u0430\u043c\u0438\n\n\u0412\u043e\u0442, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, CVE-2016-5195 - Race Condition \u0432 \u0441\u0442\u0430\u0440\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u044f\u0434\u0440\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u0434\u0435\u043b\u0430\u0442\u044c docker escape. \n\nPoC:\nhttps://github.com/gebl/dirtycow-docker-vdso\n\n\u0412\u0438\u0434\u0435\u043e-\u0434\u0435\u043c\u043e:\nhttps://youtu.be/BwUfHJXgYg0\n\n\u0422\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435:\nhttps://blog.paranoidsoftware.com/dirty-cow-cve-2016-5195-docker-container-escape/\n\n#docker #ops #attack", "creation_timestamp": "2020-10-21T16:16:23.000000Z"}, {"uuid": "feb08d19-0e0a-404d-aa29-3fc4c4a83417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "published-proof-of-concept", "source": "https://t.me/alexmakus/761", "content": "\u0430 \u0432\u043e\u0442 \u0441\u0440\u0435\u0434\u0438 \u0432\u0430\u0441 \u043d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430 \u0436\u0435 \u0435\u0441\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Linux. \u0422\u0443\u0442 \u0442\u0430\u043a\u043e\u0435 \u0434\u0435\u043b\u043e... \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0443\u0436\u0435 9 \u043b\u0435\u0442 \u0432 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Linux, \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u044d\u0441\u043a\u0430\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2016-5195, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435, \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a \u0441\u043a\u043e\u0440\u0435\u0439\u0448\u0435\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u043f\u0440\u0438 \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0430\u043f\u0434\u0435\u0439\u0442\u0430 \u0434\u043b\u044f \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430. \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043d\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u044d\u0442\u043e \u0441\u0430\u043c\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u0441 \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u0435\u0439 \u043f\u0440\u0438\u0432\u0435\u043b\u0435\u0433\u0438\u0439 \u0432 Linux. \u0442\u0443\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e \u0441\u0430\u043c\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (http://dirtycow.ninja) \u2014\u00a0\u0445\u043e\u0440\u043e\u0448\u0435\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435, \u043a\u0441\u0442\u0430\u0442\u0438, \u0442\u0443\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e \u043f\u0430\u0442\u0447\u0435 https://lkml.org/lkml/2016/10/19/860. \u0435\u0449\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e \u0441\u0430\u043c\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u2014\u00a0https://access.redhat.com/security/vulnerabilities/2706661, https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c16, https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails", "creation_timestamp": "2016-10-21T15:37:57.000000Z"}, {"uuid": "a47d5d14-7e55-40a2-804a-d519d2b5a836", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "Telegram/N5W_TyVP5-VuHO5rQAVEZv_MKk10adij6VfUcb3n5LnAsA", "content": "", "creation_timestamp": "2025-04-09T19:11:40.000000Z"}, {"uuid": "889f82b5-8787-408a-850a-0adce4fee0bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/webcpu/7c928d4740d4b4330646df1041a5ee1e", "content": "", "creation_timestamp": "2026-04-30T08:15:26.000000Z"}, {"uuid": "7fca63f7-21e6-4f02-b9e3-538b9e1a2856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://t.me/arpsyndicate/817", "content": "#ExploitObserverAlert\n\nCVE-2016-5195\n\nDESCRIPTION: Exploit Observer has 548 entries related to CVE-2016-5195. Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\"\n\nFIRST-EPSS: 0.879360000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-30T10:17:35.000000Z"}, {"uuid": "1a490b25-bb18-4ea2-8375-98a384d9436c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://t.me/arpsyndicate/216", "content": "#ExploitObserverAlert\n\nCVE-2016-5195\n\nDESCRIPTION: Exploit Observer has 544 entries related to CVE-2016-5195. Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\"\n\nFIRST-EPSS: 0.879360000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-17T05:58:11.000000Z"}, {"uuid": "08cdeda0-3d62-4a58-9425-b618f04a737e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "published-proof-of-concept", "source": "Telegram/LSICrY0gcRIsk405uNpqA1GPRNRWrHt6G2acZwumbe6RcdQ", "content": "", "creation_timestamp": "2025-05-02T17:00:09.000000Z"}, {"uuid": "4c1b341b-d631-45b9-8843-5ff8e90343e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://t.me/HackerOne/345", "content": "Explaining Dirty COW local root exploit - CVE-2016-5195", "creation_timestamp": "2016-10-22T20:57:21.000000Z"}, {"uuid": "82719ed2-0e53-455c-b5a4-03d7fbfd926b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/gormih/faa271309205184d220f2eeb6ac8fb4e", "content": "", "creation_timestamp": "2026-04-30T10:37:23.000000Z"}, {"uuid": "c1066d73-1eae-46b2-8da6-1602f51f2295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://t.me/thehackernews/6597", "content": "\ud83d\udd25 New Linux botnet ALERT!\n\nOutlaw\u2014a Romanian-linked group\u2014is actively hijacking SSH servers to mine crypto via auto-spreading malware.\n\n\u2013 Targets servers with weak SSH creds\n\u2013 Uses BLITZ to self-propagate\n\u2013 Installs SHELLBOT for remote control, DDoS, and data theft\n\u2013 Exploits old bugs like Dirty COW (CVE-2016-5195)\n\n\ud83d\udd17 Full report: https://thehackernews.com/2025/04/outlaw-group-uses-ssh-brute-force-to.html", "creation_timestamp": "2025-04-02T12:46:55.000000Z"}, {"uuid": "dbfa5839-295c-448a-9211-f73e16307d03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://t.me/itsecalert/46", "content": "\u26a0\ufe0f Linux -kernel-local-privilege-escalation-vulnerability-fix CVE-2016-5195: . A race condition was found in the way the Linux kernel\u2019s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (severity: \ud83d\udd38high) Further Info: http://mcaf.ee/xoyfqr\n#alert #vulnerability #severityhigh #linux #kernel #privilegeescalation #exploitednow\n\nPlease subscribe (and let your sysadmins subscribe) to our email alerts: https://infected.io/e-mail-it-security-alerts - just alerts, no spam.", "creation_timestamp": "2016-10-21T12:03:18.000000Z"}, {"uuid": "62168c72-c480-4e22-a1d0-0b5060ffe0a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://t.me/SHATOOB/650", "content": "\ud83c\udd94 @SHATOOB\n\n\u0627\u06cc\u0646 \ud83d\udc46\ud83c\udffb \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062a\u0642\u0631\u06cc\u0628\u0627 \u062f\u0631 \u062a\u0645\u0627\u0645 \u062a\u0648\u0632\u06cc\u0639 \u0647\u0627\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0639\u0627\u0645\u0644 Linux \u0647\u0633\u062a\u060c \u0642\u062f\u0645\u062a\u06cc \u062d\u062f\u0648\u062f 9 \u0633\u0627\u0644 \u062f\u0627\u0631\u062f \u0648 \u062a\u0648\u0633\u0637 \u0646\u0641\u0648\u0630\u06af\u0631\u0627\u0646 \u062f\u0631\u062d\u0627\u0644 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0641\u0631\u0627\u0648\u0627\u0646 \u0627\u0633\u062a. \u0622\u0646 \u0631\u0627 Dirty COW \u0646\u0627\u0645\u06cc\u062f\u0647 \u0627\u0646\u062f\u060c CVE-2016-5195 \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0632 \u0646\u0648\u0639 privilege-escalation \u0627\u0633\u062a. \n\n\n\u062f\u0644\u06cc\u0644 \u0627\u0648\u0644\u060c \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u062a\u0648\u0633\u0639\u0647 exploit \u0647\u0627\u06cc\u06cc \u06a9\u0647 \u062e\u0648\u0628 \u0648 \u0645\u0637\u0645\u0626\u0646 \u06a9\u0627\u0631 \u06a9\u0646\u062f \u0628\u0633\u06cc\u0627\u0631 \u0631\u0627\u062d\u062a \u0627\u0633\u062a. \u0647\u0645\u0686\u0646\u06cc\u0646\u060c \u0646\u0642\u0635 Dirty COW \u062f\u0631 \u0628\u062e\u0634\u06cc \u0627\u0632 \u0647\u0633\u062a\u0647 Linux \u0627\u0633\u062a \u06a9\u0647 \u062a\u0642\u0631\u06cc\u0628\u0627 \u062f\u0631 \u0627\u06a9\u062b\u0631 \u062a\u0648\u0632\u06cc\u0639 \u0647\u0627\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 Redhat \u0648 Debian\u060c \u0628\u0631\u0627\u06cc \u062a\u0642\u0631\u06cc\u0628\u0627 \u06cc\u06a9 \u062f\u0647\u0647 \u0627\u0646\u062a\u0634\u0627\u0631 \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a\u0647 \u0627\u0633\u062a.\n\n\u062a\u0648\u0632\u06cc\u0639 \u0647\u0627\u06cc \u0644\u06cc\u0646\u0648\u06a9\u0633\u06cc \u06a9\u0647 \u0628\u0627\u06af CVE-2016-5195 \u0634\u0627\u0645\u0644 \u062d\u0627\u0644 \u0622\u0646\u0647\u0627 \u0645\u06cc\u0634\u0648\u062f :\n\nRed Hat Enterprise Linux 7.x\nRed Hat Enterprise Linux 6.x\nRed Hat Enterprise Linux 5.x\nCentOS Linux 7.x\nCentOS Linux 6.x\nCentOS Linux 5.x\nDebian Linux wheezy\nDebian Linux jessie\nDebian Linux stretch\nDebian Linux sid\nUbuntu Linux precise (LTS 12.04)\nUbuntu Linux trusty\nUbuntu Linux xenial (LTS 16.04)\nUbuntu Linux yakkety\nUbuntu Linux vivid/ubuntu-core\nSUSE Linux Enterprise 11 and 12\n\n\ud83c\udd94 @SHATOOB", "creation_timestamp": "2016-11-27T20:32:35.000000Z"}, {"uuid": "eacfaccb-0b83-4502-a837-971a762d8108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://gist.github.com/r888800009/efa97cd2d43d83c3edbcc3f4a27f3891", "content": "", "creation_timestamp": "2026-05-06T03:01:58.000000Z"}, {"uuid": "8939698a-8b67-41d1-8dd4-68925786b832", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "seen", "source": "https://t.me/SHATOOB/649", "content": "\ud83c\udd94 @SHATOOB\n\nDirty COW \u060c \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062d\u06cc\u0627\u062a\u06cc \u062f\u0631 \u06a9\u0631\u0646\u0644 \u0644\u06cc\u0646\u0648\u06a9\u0633 CVE-2016-5195\n\n\ud83c\udd94 @SHATOOB", "creation_timestamp": "2016-11-27T20:31:29.000000Z"}, {"uuid": "6c220cdc-dae4-4475-9b98-723849f8ac15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "published-proof-of-concept", "source": "https://t.me/SHATOOB/651", "content": "\ud83c\udd94 @SHATOOB\n\n\n\u0686\u06a9 \u06a9\u0631\u062f\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc :\n\n\u062f\u0631 \u062a\u0648\u0632\u06cc\u0639 \u0647\u0627\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u062f\u0628\u06cc\u0627\u0646 :\n\n\u0646\u0633\u062e\u0647 \u06a9\u0631\u0646\u0644 \u0631\u0648 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u062f :\n\n\u06a9\u062f:\nuname -rv\n\u0627\u06af\u0631 \u0686\u06cc\u0632\u06cc \u0634\u0628\u06cc\u0647 \u0628\u0647 \u0645\u0648\u0631\u062f \u0632\u06cc\u0631 \u062f\u06cc\u062f\u06cc\u062f :\n\n\u06a9\u062f:\n\n4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016\n\n\u06a9\u0631\u0646\u0644 \u0634\u0645\u0627 \u0627\u06cc\u0645\u0646 \u0647\u0633\u062a \u060c \u0627\u0645\u0627 \u0627\u06af\u0631 \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u067e\u0627\u06cc\u06cc\u0646 \u062a\u0631 \u0631\u0648 \u0645\u0634\u0627\u0647\u062f\u0647 \u06a9\u0631\u062f\u06cc\u062f \u060c \u06cc\u0639\u0646\u06cc \u062f\u0631 \u0645\u0642\u0627\u0628\u0644 Dirty COW \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0634\u0645\u0627 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0647\u0633\u062a !\n\n\u06a9\u062f:\n\n4.8.0-26.28 for Ubuntu 16.10\n4.4.0-45.66 for Ubuntu 16.04 LTS\n3.13.0-100.147 for Ubuntu 14.04 LTS\n3.2.0-113.155 for Ubuntu 12.04 LTS\n3.16.36-1+deb8u2 for Debian 8\n3.2.82-1 for Debian 7\n4.7.8-1 for Debian unstable\n\n\u0644\u0637\u0641\u0627 \u062f\u0631 \u0627\u0633\u0631\u0639 \u0648\u0642\u062a \u0633\u0631\u0648\u0631 \u0647\u0627\u06cc \u062e\u0648\u062f \u0631\u0627 \u0628\u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u06a9\u0646\u06cc\u062f.\n\n\u062f\u0631 \u0646\u0648\u0632\u06cc\u0639 \u0647\u0627\u06cc \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 \u0631\u062f\u0647\u062a :\n\n\u0634\u0644 \u0632\u06cc\u0631 \u0631\u0648 \u062f\u0627\u0646\u0644\u0648\u062f \u0648 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f :\n\n\u06a9\u062f:\n\nwget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh\nchmod +x rh-cve-2016-5195_1.sh\n./rh-cve-2016-5195_1.sh\n\n\u062e\u0631\u0648\u062c\u06cc \u0627\u06af\u0631 \u0634\u0628\u06cc\u0647 \u0628\u0647 \u0632\u06cc\u0631 \u0628\u0648\u062f \u060c \u06cc\u0639\u0646\u06cc \u062f\u0631 \u0645\u0642\u0627\u0628\u0644 Dirty COW \u0644\u06cc\u0646\u0648\u06a9\u0633 \u0634\u0645\u0627 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0647\u0633\u062a !\n\n\u06a9\u062f:\n\nYour kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.\nRed Hat recommends that you update your kernel. Alternatively, you can apply partial\nmitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .\n\n\ud83c\udd94 @SHATOOB", "creation_timestamp": "2016-11-27T20:35:54.000000Z"}, {"uuid": "b13eab17-658e-4e68-93b3-fc2aa8944f08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "exploited", "source": "https://t.me/canyoupwnme/289", "content": "Explaining Dirty COW local root exploit - CVE-2016-5195\nhttps://www.youtube.com/watch?v=kEsshExn7aE", "creation_timestamp": "2016-11-09T23:44:11.000000Z"}, {"uuid": "874c7041-7e7c-487c-bc36-ba91a7179d0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-5195", "type": "published-proof-of-concept", "source": "https://t.me/SecLabNews/3590", "content": "\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Cisco \u043f\u0440\u0438\u0437\u043d\u0430\u043b\u0430\u0441\u044c, \u0447\u0442\u043e \u043d\u0435\u043f\u0440\u0435\u0434\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u043e \u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Dirty COW (CVE-2016-5195) \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0448\u043b\u044e\u0437\u0430 Cisco Expressway \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0432\u0438\u0434\u0435\u043e\u0441\u0432\u044f\u0437\u0438 Cisco TelePresence Video Communication Server (VCS).    \nCisco \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Dirty COW", "creation_timestamp": "2018-11-09T11:09:18.000000Z"}]}