1.

Shellshock (Bash Bug)

What is it?​
Shellshock is a critical vulnerability in Bash, the default shell in many Unix-based systems
(Linux, macOS). The vulnerability was discovered in 2014 and allowed attackers to execute
arbitrary commands on a target system remotely.

How does it work?​

Shellshock arises from how Bash processes environment variables. When Bash processes an
environment variable, it mistakenly allows the execution of arbitrary code if the variable contains
specially crafted data. This could be triggered by a malicious user or script, potentially leading to
remote code execution on the system.

Impact:​
Attackers could exploit this flaw to run commands with the same privileges as the user running
Bash, potentially gaining full control over the system.

How to protect against it:

●​ Patch or upgrade: Ensure that Bash is updated to a patched version. All modern Linux
distributions (and macOS) have fixed the issue in later versions.
●​ Restrict Bash usage: If possible, limit the use of Bash or disable it in favor of more
secure shells.
●​ Network protection: Block external access to Bash via misconfigured web servers or
other services.

2. EternalBlue

What is it?​
EternalBlue is a vulnerability in the Microsoft SMB (Server Message Block) protocol, discovered
by the NSA and leaked by the Shadow Brokers group in 2017. It was used by the WannaCry
and NotPetya ransomware attacks.

How does it work?​

The vulnerability allows remote attackers to send specially crafted packets to vulnerable
systems, leading to code execution. SMBv1, an outdated version of the protocol, is especially
vulnerable, allowing attackers to exploit this flaw to spread malware across networks.

Impact:​
EternalBlue can lead to remote code execution and is commonly used to propagate
ransomware, malware, and worms across a network.

How to protect against it:

 ●​ Patch systems: Ensure that all Windows systems are updated with the latest security
patches, especially the one that addresses the EternalBlue exploit.
●​ Disable SMBv1: Disable SMBv1, as it is outdated and insecure.
●​ Firewall: Block SMB traffic (ports 445, 139) from untrusted networks.

3. Heartbleed

What is it?​
Heartbleed is a vulnerability in OpenSSL, an open-source implementation of SSL/TLS
encryption. It was discovered in 2014 and allows attackers to access the memory of systems
running vulnerable versions of OpenSSL, exposing sensitive data such as private keys and
passwords.

How does it work?​

Heartbleed occurs due to a flaw in the TLS heartbeat extension. When the heartbeat request is
made, the server fails to properly check the length of the request. This allows an attacker to
send a malformed heartbeat request, causing the server to leak portions of its memory.

Impact:​
Sensitive information like private keys, usernames, passwords, and even authentication tokens
could be exposed, leading to complete compromise of the system.

How to protect against it:

●​ Update OpenSSL: Ensure you are running a patched version of OpenSSL that has
addressed the Heartbleed vulnerability.
●​ Regenerate SSL/TLS certificates: After patching, regenerate your SSL/TLS
certificates, as they might have been compromised.
●​ Test for Heartbleed: Use online tools or security scanners to check if your systems are
still vulnerable.

4. Apache Struts 2 Vulnerability

What is it?​
Apache Struts 2 is an open-source framework for building Java web applications. A critical
vulnerability in Apache Struts 2 (CVE-2017-5638) was discovered in 2017, allowing remote
code execution via malicious file uploads.

How does it work?​

The vulnerability allows attackers to exploit the file upload mechanism by sending a crafted
request with an improper content-type header, leading to arbitrary code execution on the server
hosting the web application.

Impact:​
Exploitation could allow attackers to execute commands remotely, potentially gaining control of
the server and the application.

How to protect against it:

●​ Update Struts: Always use the latest version of Apache Struts, which includes security
patches for known vulnerabilities.
●​ Web Application Firewall (WAF): Use a WAF to filter malicious traffic targeting
vulnerable endpoints.
●​ Limit file uploads: If your application requires file uploads, restrict the allowed file types
and sizes.

5. Apple iAmRoot (Root user bug)

What is it?​
In 2017, a security vulnerability was discovered in macOS where the "root" user (a superuser
account) could be accessed without a password under certain conditions. This bug was named
"iAmRoot."

How does it work?​

The issue occurs when a user tries to unlock the system and enters the wrong password
multiple times. On macOS High Sierra, the system would allow access to the root account
without requiring authentication.

Impact:​
This could allow an attacker to gain administrative privileges and take full control of the affected
Mac.

How to protect against it:

●​ Apply patches: Apple released a patch to fix this issue, so ensure macOS is updated.
●​ Disable root access: If possible, disable the root user on your macOS system to
prevent unauthorized access.

6. POODLE (Padding Oracle On Downgraded Legacy Encryption)

What is it?​
POODLE is a vulnerability in SSLv3 (Secure Sockets Layer version 3), which was widely used
for encrypting web traffic. The attack exploits a weakness in how SSLv3 handles block cipher
padding, allowing attackers to decrypt data even if the communication is encrypted.

How does it work?​

By forcing a downgrade from a more secure protocol like TLS to SSLv3, an attacker can exploit
the padding vulnerability and intercept encrypted communications.

Impact:​
POODLE allows attackers to decrypt sensitive data, including passwords and credit card
numbers.

How to protect against it:

●​ Disable SSLv3: Disable SSLv3 support on web servers and clients to prevent attackers
from exploiting this vulnerability.
●​ Enforce TLS: Ensure that only TLS (Transport Layer Security) is used for secure
communications.

7. Conficker

What is it?​
Conficker is a worm that targets vulnerabilities in Microsoft Windows operating systems. It was
first discovered in 2008 and exploits flaws in the MS08-067 vulnerability in the Windows Server
service.

How does it work?​

Conficker spreads by exploiting the vulnerability in Windows, allowing the worm to propagate
across networks. Once a system is infected, Conficker could turn the machine into a bot that
could be used for various malicious purposes, such as launching denial-of-service attacks.

Impact:​
It can lead to widespread infections, system instability, data theft, or being part of a botnet used
for cybercriminal activities.

How to protect against it:

●​ Patch systems: Ensure that all Windows systems are updated with the latest patches,
particularly MS08-067.
●​ Network segmentation: Use network segmentation to limit the spread of worms like
Conficker.
8. Microsoft RPC DCOM (Remote Procedure Call / Distributed Component
Object Model)

What is it?​
RPC and DCOM are communication protocols used by Windows for inter-process
communication. Vulnerabilities in RPC DCOM, such as the one exploited by the Blaster worm in
2003, can allow remote attackers to execute code on vulnerable systems.

How does it work?​

If RPC DCOM is not properly configured or patched, attackers can exploit these vulnerabilities
to execute arbitrary code remotely, potentially compromising the system.

Impact:​
RPC DCOM vulnerabilities can allow attackers to take control of the system remotely, installing
malware or stealing data.

How to protect against it:

●​ Patch systems: Always keep systems updated with the latest security patches.
●​ Restrict RPC access: Use firewalls to limit or block unnecessary RPC and DCOM
traffic.

9. Golden Ticket Attack

What is it?​
A Golden Ticket attack is a method used in Kerberos authentication systems (common in Active
Directory environments) to forge a valid ticket-granting ticket (TGT), allowing attackers to gain
unauthorized access to systems within a network.

How does it work?​

An attacker, with access to a domain controller’s Kerberos ticket-granting key, can create a
Golden Ticket, which allows them to impersonate any user or service within the domain,
including administrative accounts.

Impact:​
This attack can lead to complete domain compromise, allowing attackers to access all resources
in the network.

How to protect against it:

●​ Use strong, unique passwords: Protect the Kerberos key distribution center (KDC)
secrets with strong passwords.
●​ Monitor for suspicious Kerberos ticket usage: Look for signs of abnormal
authentication patterns using security monitoring tools.
10. Silver Ticket Attack

What is it?​
Silver Tickets are similar to Golden Tickets but are used for accessing specific services, rather
than gaining access to the whole domain. A Silver Ticket allows attackers to impersonate a user
and access specific services on the network.

How does it work?​

The attacker forges a service ticket for a specific service using knowledge of the service
account’s credentials.

Impact:​
Silver Ticket attacks can allow attackers to access critical services or servers without being
detected.

How to protect against it:

●​ Protect service account credentials: Ensure that service account passwords are
complex and not easily guessable.
●​ Monitor service ticket usage: Keep track of abnormal service ticket requests.