Happy independence day everyone

9.4k upvotes
/r/Kerala
2023 Aug 14
https://redd.it/15r790c
by @r_kerala


🏆 Great achievement!
💪 Milestone of 300 subscribers.

Y'all are cool

1.0k upvotes
/r/fullegoism
2020 Mar 22
https://redd.it/fn6ocb
by @fullegoism

Cona Ember
https://i.imgur.com/3gZ8wtz.jpg

5.6k upvotes
/r/streetmoe
2023 May 07
https://redd.it/13b58mc
by @streetmoe


🏆 Great achievement!
💪 Milestone of 800 subscribers.

Religione

2.1k upvotes
/r/rimesegate
2021 Jan 04
https://redd.it/kq5ciu
by @r_rimesegate


🏆 Great achievement!
💪 Milestone of 69 subscribers.

In a protest against censorship, photographer A.L. Schafer staged this iconic photograph in 1934, violating as many rules as possible in one shot.

16.0k upvotes
/r/PropagandaPosters
2022 Oct 07
https://redd.it/xxwgz1
by @r_propagandaposters
#history #psychology #war #military #technology #propaganda

🏆 Great achievement!
💪 Milestone of 4000 subscribers.

Unpredictable Hyderabad

5.2k upvotes
/r/hyderabad
2023 Nov 10
https://redd.it/17s1niq
by @rhyderabad


🎂🎂🎂
🎁 Today @rhyderabad is 3 years old.
🎉 Congratulations! 🎈

Found this online, is it true?

44.7k upvotes
/r/OnePiece
2023 Sep 05
https://redd.it/16a8tki
by @r_onepiecer


🎂
🎁 Today @r_onepiecer is 1 year old.
🎉 Congratulations! 🎈

[Art] Aki vs Katana Man (Chainsaw Man)

19.6k upvotes
/r/manga
2021 Jan 17
https://redd.it/kz3bhu
by @r_manga2


🎂
🎁 Today @r_manga2 is 1 year old.
🎉 Congratulations! 🎈

Woke media strikes again 🤦‍♂️

7.1k upvotes
/r/OkBuddyFresca
2022 Aug 16
https://redd.it/wq92nc
by @r_okbuddyfresca


🎂
🎁 Today @r_okbuddyfresca is 1 year old.
🎉 Congratulations! 🎈

absolutelynotmeirl

41.6k upvotes
/r/absolutelynotme_irl
2019 Dec 31
https://redd.it/ehwhp1
by @notme_irl


🏆 Great achievement!
💪 Milestone of 42 subscribers.

Si dice che ai tempi correva l'anno 2020

3.0k upvotes
/r/Ratorix
2020 Sep 21
https://redd.it/iwwxtc
by @r_Ratorix


🏆 Great achievement!
💪 Milestone of 50 subscribers.

Directed by Robert B. Tikka

4.7k upvotes
/r/islam
2021 Jan 13
https://redd.it/kwlztz
by @r_islam_channel
#islam

🏆 Great achievement!
💪 Milestone of 420 subscribers.

Watson, Stone and Roberts Goddesses!

282 upvotes
/r/ChurchOfEmma
2021 Mar 01
https://redd.it/lv11db
by @r_churchofemma


🎂
🎁 Today @r_churchofemma is 1 year old.
🎉 Congratulations! 🎈

First vs. Second Playthrough

8.6k upvotes
/r/DiscoElysium
2021 Apr 13
https://redd.it/mpsfre
by @r_DiscoElysium
#disco #discoelysium #hardcore #crpg #indiegames

🏆 Great achievement!
💪 Milestone of 10 subscribers.

Don't know if memes are allowed here but here it is

1.9k upvotes
/r/algotrading
2022 Jan 27
https://redd.it/sdmlw7
by @r_algotrading
#algorithmic #trading #trade #stock #market

🎂🎂
🎁 Today @r_algotrading is 2 years old.
🎉 Congratulations! 🎈

META DO NOT POST TRACKING NUMBERS OR SLIPS

You'll potentially reveal both your address and the other person's address along with other identification. We just had incidents where the seller's address, seller's full name, seller's phone number, buyer's address, buyer's full name, and other package-specific information was leaked.

It's a mess to clean up, as other websites archive comments with links, and even after we take down the offending comment, we still have to contact image hosting sites with takedown requests. The posting of this message was delayed until said image hosting site took down the image.

Your post will be removed and other consequences will be handed down. Doxxing someone, intentionally or not, is a serious offense.

43 upvotes
/r/thinkpadsforsale
2020 Apr 16
https://redd.it/g2ngcl
by @rthinkpadsforsale


🎂🎂🎂🎂🎂
🎁 Today @rthinkpadsforsale is 5 years old.
🎉 Congratulations! 🎈

Tamamo no mae

379 upvotes
/r/Tamamo
2021 Jun 11
https://redd.it/nx6nvc
by @r_tamamo
#tamamo #fate #fatego

🎂🎂
🎁 Today @r_tamamo is 2 years old.
🎉 Congratulations! 🎈

Multiple Exploits for CVE-2019-19781 (Citrix ADC/Netscaler) released overnight - prepare for mass exploitation

Last update: January 20 - 07:01 UTC/GMT

Patches Now Out for Some

Updates to 11.1 (11.1 63.15) and 12.0 (12.0 63.13) are now up

Citrix blog post: Vulnerability Update: First permanent fixes available, timeline accelerated

ADC version 12.0: https://www.citrix.com/downloads/citrix-adc/firmware/release-120-build-6313.html

ADC version 11.1: https://www.citrix.com/downloads/citrix-adc/firmware/release-111-build-6315.html

Important

Citrix issued revised updates today

[https://www.citrix.com/blogs/2020/01/17/citrix-updates-on-citrix-adc-citrix-gateway-vulnerability/](https://www.citrix.com/blogs/2020/01/17/citrix-updates-on-citrix-adc-citrix-gateway-vulnerability/)

Fox-IT issued an analysis

https://resources.fox-it.com/rs/170-CAK-271/images/Fox-IT%20Advisory%20on%20Citrix%20vulnerability.pdf

Impact / Root Cause

remote pre-auth arbitrary command execution due to logic vuln i.e. reliable execution possible.

Products affected

Citrix ADC and Citrix Gateway version 13.0 all supported builds
Citrix ADC and NetScaler Gateway version 12.1 all supported builds
Citrix ADC and NetScaler Gateway version 12.0 all supported builds
Citrix ADC and NetScaler Gateway version 11.1 all supported builds
Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

Amazon Web Services - [https://twitter.com/KevTheHermit/status/1216318333219491840](https://twitter.com/KevTheHermit/status/1216318333219491840)

At midday on January 12th Citrix Netscaler AMIs on AWS are default vulnerable out of the box. The root password is set to the instance ID; that can be read from the metadata URL. You can also "cat /flash/nsconfig/.AWS/instance-id".

Background on the vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2019-19781
[https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/](https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/)

Sigma rules

https://github.com/Neo23x0/sigma/blob/master/rules/web/web\_citrix\_cve\_2019\_19781\_exploit.yml

Snort rules

[https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/](https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/)

Snort/Suricata rules

Present since December 29th - 2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules) in the EmergingThreats
[https://rules.emergingthreats.net/open/](https://rules.emergingthreats.net/open/)

Exploitation Forensic Artifacts

https://www.trustedsec.com/blog/netscaler-remote-code-execution-forensics/
[https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/](https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/)

Multiple Exploits for CVE-2019-19781 (Citrix ADC/Netscaler) released overnight - prepare for mass exploitation

***Last update:*** January 20 - 07:01 UTC/GMT

**Patches Now Out for Some**

Updates to 11.1 (11.1 63.15) and 12.0 (12.0 63.13) are now up

Citrix blog post: [Vulnerability Update: First permanent fixes available, timeline accelerated](https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/?mkt_tok=eyJpIjoiT1RVME56UXhOak00WWpnMyIsInQiOiI0NG9GcjY4Z09OS3ZKT3BcL21odWp6V25EcmdFR3lwMVNBWmhqTjlpR1hmbzlRSlhIXC9BSXJyK0NNMk9SdEdFMkw4cUl5Mk9MVnBkY1JxSGJLZithVjh3PT0ifQ%3D%3D)

ADC version 12.0: [https://www.citrix.com/downloads/citrix-adc/firmware/release-120-build-6313.html](https://www.citrix.com/downloads/citrix-adc/firmware/release-120-build-6313.html)

ADC version 11.1: [https://www.citrix.com/downloads/citrix-adc/firmware/release-111-build-6315.html](https://www.citrix.com/downloads/citrix-adc/firmware/release-111-build-6315.html)

**Important**

Citrix issued revised updates today

* [https://www.citrix.com/blogs/2020/01/17/citrix-updates-on-citrix-adc-citrix-gateway-vulnerability/](https://www.citrix.com/blogs/2020/01/17/citrix-updates-on-citrix-adc-citrix-gateway-vulnerability/)

Fox-IT issued an analysis

* [https://resources.fox-it.com/rs/170-CAK-271/images/Fox-IT%20Advisory%20on%20Citrix%20vulnerability.pdf](https://resources.fox-it.com/rs/170-CAK-271/images/Fox-IT%20Advisory%20on%20Citrix%20vulnerability.pdf)

**Impact / Root Cause**

remote pre-auth arbitrary command execution due to logic vuln i.e. reliable execution possible.

**Products affected**

* Citrix ADC and Citrix Gateway version 13.0 all supported builds
* Citrix ADC and NetScaler Gateway version 12.1 all supported builds
* Citrix ADC and NetScaler Gateway version 12.0 all supported builds
* Citrix ADC and NetScaler Gateway version 11.1 all supported builds
* Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

***Amazon Web Services*** *-* [https://twitter.com/KevTheHermit/status/1216318333219491840](https://twitter.com/KevTheHermit/status/1216318333219491840)

At midday on January 12th Citrix Netscaler AMIs on AWS are default vulnerable out of the box. The root password is set to the instance ID; that can be read from the metadata URL. You can also "cat /flash/nsconfig/.AWS/instance-id".

**Background on the vulnerability**

* [https://nvd.nist.gov/vuln/detail/CVE-2019-19781](https://nvd.nist.gov/vuln/detail/CVE-2019-19781)
* [https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/](https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/)

**Sigma rules**

* [https://github.com/Neo23x0/sigma/blob/master/rules/web/web\_citrix\_cve\_2019\_19781\_exploit.yml](https://github.com/Neo23x0/sigma/blob/master/rules/web/web_citrix_cve_2019_19781_exploit.yml)

**Snort rules**

* [https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/](https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/)

**Snort/Suricata rules**

* Present since December 29th - 2029206 - ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) (exploit.rules) in the EmergingThreats
* [https://rules.emergingthreats.net/open/](https://rules.emergingthreats.net/open/)

**Exploitation Forensic Artifacts**

* [https://www.trustedsec.com/blog/netscaler-remote-code-execution-forensics/](https://www.trustedsec.com/blog/netscaler-remote-code-execution-forensics/?utm_content=112033384&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306)
* [https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/](https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/)
*

[https://x1sec.com/CVE-2019-19781-DFIR](https://x1sec.com/CVE-2019-19781-DFIR)
* via SSH - [https://twitter.com/cyb3rops/status/1215974764227039238](https://twitter.com/cyb3rops/status/1215974764227039238) (caveat: .. doesn't need to be in the URL in all exploitation scenarios)

​

ssh -t [address] 'grep -r "/../vpns" /var/log/http*'

**Vendor mitigation**

* [https://support.citrix.com/article/CTX267679](https://support.citrix.com/article/CTX267679)
* [https://support.citrix.com/article/CTX267027](https://support.citrix.com/article/CTX267027)

Citrix have now (8pm UTC Jan 11) published when they expect patched builds to be available - from [https://support.citrix.com/article/CTX267027](https://support.citrix.com/article/CTX267027) \- some are saying patches are available already to large clients

* 10.510.5.70.x 31st January 2020
* 11.111.1.63.x 20th January 2020
* 12.012.0.63.x 20th January 2020
* 12.112.1.55.x 27th January 2020
* 13.013.0.47.x 27th January 2020

Citrix blog by their CISO - [https://www.citrix.com/blogs/2020/01/11/citrix-provides-update-on-citrix-adc-citrix-gateway-vulnerability/](https://www.citrix.com/blogs/2020/01/11/citrix-provides-update-on-citrix-adc-citrix-gateway-vulnerability/)

**3rd party mitigation steps / advice**

* [https://www.cyber.gov.au/threats/advisory-2020-001-active-exploitation-critical-vulnerability-citrix-application-delivery-controller-and-citrix-gateway](https://www.cyber.gov.au/threats/advisory-2020-001-active-exploitation-critical-vulnerability-citrix-application-delivery-controller-and-citrix-gateway)
* [https://medium.com/@hungrybytes/mitigation-steps-for-cve-2019-19781-8f88d48770b4](https://medium.com/@hungrybytes/mitigation-steps-for-cve-2019-19781-8f88d48770b4)
* Palo Alto content version 8224 or newer.
* 8224 contains detection code for this CVE and will reset the connection before the vulnerability can be exploited. Resets are visible in the threat logs with a name of "Citrix Application Delivery Controller And Gateway Directory Traversal Vulnerability".
* Fortinet IPS 15.754 has a signature - default action is 'pass' though
* [https://fortiguard.com/encyclopedia/ips/48653](https://fortiguard.com/encyclopedia/ips/48653)
* from the comments by [u/ragogumi](https://www.reddit.com/u/ragogumi/)
* "*Fortinet IPS sig appears to be ineffective at detecting or mitigating. I've seen nothing in IPS logs related to this CVE - and cisagov checker, nessus scans and 3rd party red team attempts have not trigger IPS sensor, regardless of remediation state.*"
* Checkpoint released IPS protection too, 2020-01-12, "Citrix Multiple Products Directory Traversal (CVE-2019-19781)". Default action seems to be "Detect".
* [https://www.checkpoint.com/defense/advisories/public/2019/CPAI-2019-1653.html](https://www.checkpoint.com/defense/advisories/public/2019/CPAI-2019-1653.html)

**Details on how to exploit**

* [https://www.mdsec.co.uk/2020/01/deep-dive-to-citrix-adc-remote-code-execution-cve-2019-19781/](https://www.mdsec.co.uk/2020/01/deep-dive-to-citrix-adc-remote-code-execution-cve-2019-19781/)
* [https://github.com/jas502n/CVE-2019-19781](https://github.com/jas502n/CVE-2019-19781)

**Checkers**

* [https://github.com/cisagov/check-cve-2019-19781](https://github.com/cisagov/check-cve-2019-19781) (USA Government)
* [https://github.com/mekoko/CVE-2019-19781](https://github.com/mekoko/CVE-2019-19781) (Chinese)
* [https://github.com/hackingyseguridad/nmap/blob/master/CVE-2019-19781.nse](https://github.com/hackingyseguridad/nmap/blob/master/CVE-2019-19781.nse) (nmap noscript)
* [https://github.com/cyberstruggle/DeltaGroup/blob/master/CVE-2019-19781/CVE-2019-19781.nse](https://github.com/cyberstruggle/DeltaGroup/blob/master/CVE-2019-19781/CVE-2019-19781.nse) (nmap noscript)
* [https://github.com/lasersharkkiller/noscripts/blob/master/exploits/scanner/cve-2019-19781-scanner.ps1](https://github.com/lasersharkkiller/noscripts/blob/master/exploits/scanner/cve-2019-19781-scanner.ps1) (PowerShell)
*