Staying Home? Get paid for surfing the web!

Staying Home? Get paid for surfing the web! You can earn some passive money by using below browser on your mobile phone, table and computer. Just try it during this globally impacted COVID-19 situation. What you need to do is download the CryptoTab Browser in above link and use it as default browser on your gadegets then get paid. That's all. Thanks. Have fun!

How to copy file from TFTP server via vrf enabled interface in Cisco Devices?

TFTP server is sitting in subnet which can reach via global routing table and your network devices is configured OOB with vrf routing.

You have no other ways to copy your files to your device except from TFTP server.

What will you do then? 😊
Leaking vrf to global routing or vice versa? 

The answer is ...
configure terminal
ip tftp source-interface (Your OOB interface IP)

You’re done.


Have a good day.
(Be knowledgeable, pass it on then)

PAN OS API Key problem after upgrade from 7 to 8

When you use External Block List for Malicious IP with your PaloAlto, you need API Key for your server to refresh the list whenever you update the content.

The API key syntax for PAN OS 7 and 8 is different and it will take your time after you upgrade PAN OS.

So here is the solution what I've tested.

Syntax for 7 is

https://<firewall IP>/api/?type=op&cmd=<request><system><external-list><refresh><name>Type 
your EBL Name Here</name></refresh></external-list></system></request>&key="API Key"

Syntax for 8 is

https://<firewall ip>/api/?type=op&cmd=<request><system><external-list><refresh><type><ip>
<name>Type your EBL Name Here</name></ip>
</type></refresh></external-list></system></request>&key="API Key"

Have fun with PAN OS.


Have a good day!

(Be knowledgeable, pass it on then)

Why is this ransomware attack different?

Unlike other ransomware families, the WannaCry strain does not spread via infected e-mails or infected links. Instead, it takes advantage of a security hole in most Windows versions to automatically execute itself on the victim PC. According to various reports, this attack avenue has been developed by the National Security Agency (NSA) in the US as a cyber-weapon and it was leaked to the public earlier in April along with other classified data allegedly stolen from the agency.
Until now, a number of hospitals, telecom companies or gas and utilities plants have suffered massive disruptions caused by data being held at ransom.
As this ongoing outbreak is affecting countless computer users around the world, we are actively working on a free decryption tool to help victims recover their information without paying the ransom. Make sure to follow us on Twitter and Facebook to be notified when it becomes available.
Source : Bitdefender


Have a good day!
(Be knowledgeable, pass it on then)

MPLS Troubleshooting Tips

Anyone of you having difficulty in troubleshooting MPLS as a beginner?
I did some research and take notes for myself and now it is for you to do reference as well.

MPLS troubleshooting can be divided into two main steps:

1) Verify routing information flow
2) Verify proper data flow

- Routing information flow troubleshooting requires verification of end-to-end routing information propagation between CE routers.
- Verification of the routing information flow should be done systematically, starting at the routing ingress CE and moving to the egress CE.
- Verification of the data flow should be done systematically, starting at the data flow ingress CE and moving to the egress CE.

There are three things to perform basic MPLS troubleshooting.
They are,
1) Preliminary steps in MPLS VPN Troubleshooting:
- Is CEF enabled?
- Are labels for IGP routes generated and propagated?
- Are large labeled packets propagated across the MPLS backbone (maximum transmission unit issues)?

2) Verify the routing information flow:
- Are CE routes received by a PE?
- Are routes redistributed into MP-BGP with proper extended communities?
- Are VPNv4 routes propagated to other PE routers?
- Is the BGP route selection process working correctly?
- Are VPNv4 routes inserted into VRFs on other PE routers?
- Are VPNv4 routes redistributed from BGP into the PE-CE routing protocol?
- Are IPv4 routes propagated to other CE routers?

3) Verify proper data flow:
- Is CEF enabled on the ingress PE router interface?
- Is the CEF entry correct on the ingress PE router?
- Is there an end-to-end label switched path tunnel (LSP tunnel) between PE routers?
- Is the LFIB entry on the egress PE router correct?

Do you have/know something that I missed out in my above list? Please assist me by letting know. Thanks.

Have a good day.
(Be knowledgeable, pass it on then)

Ryzerlo ransomware poses as Pokemon game

The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, Ryzerlo which encrypts the victim's files and leaves an email address to be contacted to unlock victim's files.
Infection cycle:
The Trojan comes across as Pokemon Go game with the icon
Once the victim installs the executable, the trojan adds the some changes to the registry.
The Trojan adds two autostart objects to enable startup after reboot:
  • %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[numbers].exe (copy of original)
It tries to connect to the C&C server and then the trojan encrypts all the victims documents with extensions * .txt, * .rtf, * .doc, * .pdf, * .mht, * .docx, * .xls, * .xlsx, * .ppt, * .pptx, * .odt, * .jpg, *. png, * .csv, * .sql, * .mdb, * .sln, * .php, * .asp, * .aspx, * .html, * .xml, * .psd, * .htm, * .gif, * .png with .locked extension. 
The trojan creates the following two files on the victim's desktop. One include random text and another one include email address to contact.
We urge our users to always be vigilant and cautious with any unsolicited attachments specially if you are not certain of the source. If you are responsible for your system and network security, it's time to patch your security devices.

Source : Dell SonicWall Center

Have a nice day.
(Be knowledgeable, pass it on then)

QuadRooter - the flaw that can affect millions of Android devices

A set of 4 critical Android vulnerabilities were recently published by CheckPoint. Successful exploitation of any of these exploits can give the attacker root privileges on the affected device. It is possible for an attacker to construct a malicious app that triggers these exploits with no need for special privileges making these vulnerabilities extremely dangerous. 

The vulnerabilities were found in the software drivers that accompany Qualcomm chipsets. Thereby any Android device using Qualcomm chipset is vulnerable, this counts to nearly 900 million smartphones and tablets.

The report by CheckPoint goes into the finer details about the vulnerabilities but below is a high level description of the same:

The vulnerability is present in a kernel module introduced by Qualcomm called ipc_router that provides inter-process communication where it is possible to convert a regular socket (CLIENT_PORT) into a monitoring socket (CONTROL_PORT).

Ashmem is Android's memory allocation sybsystem that enables processes to efficiently share memory buffers. Devices using Qualcomm chipsets use a modified version of ashmem, the vulnerability is in one of the functions in this version of ashmem.
Attackers can trick get_ashmem_file function to think that an arbitrary file called "ashmem" is actually an ashmem file.

CVE-2016-2503 and CVE-2106-2504 are related to Qualcomm's GPU component Kernel Graphics Support Layer:

  • CVE-2016-2503:
    One of the GPU components - Kernel graphic Support Layer - has a module kgsl_sync that is responsible for syncing between CPU and the apps. Within this module is a function that is prone to race condition flaw that can be exploited
  • CVE-2016-2504:
    A user space process can allocate and map memory to GPU, thereby it can create/destroy kgsl_mem_entry which represents an object that uses GPU memory. This object is bound to a process using GPU mapping mechanism or the "idr" mechanism. But since there is no access protection enforced, this object can be freed by another thread.

The report states that Qualcomm has released patches to OEM's (Original Equipment Manufacturers) and the open source community between April and end of July. Google has confirmed that its Verify Apps feature already blocks QuadRooter exploit.

At the moment there are no instances of malicious apps misusing these vulnerabilities in the wild. We will keep an eye on the Android landscape and provide protection against threats that exploit these vulnerabilities.

Source : Dell SonicWall Security Center

Have a good time.
(Be knowledgeable, pass it on then)