@blamejs/exceptd-skills 0.15.8 → 0.15.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +5 -5
- package/data/attack-techniques.json +10 -1
- package/data/cve-catalog.json +212 -73
- package/data/zeroday-lessons.json +537 -173
- package/manifest.json +44 -44
- package/package.json +1 -1
- package/sbom.cdx.json +18 -18
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.15.10 — 2026-05-29
|
|
4
|
+
|
|
5
|
+
Draft-curation pass 8 — Microsoft server-side RCE. Six CISA KEV-listed CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: Exchange Server deserialization (CVE-2023-21529), Configuration Manager SQL injection (CVE-2024-43468), Windows Server Update Services deserialization (CVE-2025-59287), and the SharePoint Server "ToolShell" chain — improper authentication (CVE-2025-49706), code injection (CVE-2025-49704), and deserialization (CVE-2025-53770). The lessons stress that for these deserialization RCEs patching alone is insufficient: stolen machine keys and dropped web shells survive the patch and require explicit key rotation and web-shell hunting.
|
|
6
|
+
|
|
7
|
+
## 0.15.9 — 2026-05-29
|
|
8
|
+
|
|
9
|
+
Draft-curation pass 7 — network devices and the Ivanti EPMM chain. Seven CISA KEV-listed unauthenticated CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: D-Link DIR-823X command injection (CVE-2025-29635), router buffer overflow (CVE-2022-37055), DCS-2530L/2670L camera code execution (CVE-2020-25078) and command injection (CVE-2020-25079), DNR-322L download-without-integrity (CVE-2022-40799), and the Ivanti EPMM authentication-bypass + code-injection preauth chain (CVE-2025-4427, CVE-2025-4428). The device lessons note that end-of-life consumer hardware is unpatchable, making network isolation the load-bearing control, and that firmware implants survive a reboot without a reflash.
|
|
10
|
+
|
|
3
11
|
## 0.15.8 — 2026-05-29
|
|
4
12
|
|
|
5
13
|
Draft-curation pass 6 — Cisco network devices. Seven CISA KEV-listed Cisco CVEs are promoted from auto-imported drafts to fully-curated entries with behavioral IOCs, ATT&CK enrichment, and matching zero-day lessons: SD-WAN path traversal (CVE-2022-20775), multi-product improper input validation (CVE-2025-20393), IOS/IOS XE SNMP DoS+RCE (CVE-2025-20352), the Secure Firewall ASA/FTD missing-authorization (CVE-2025-20362) and buffer-overflow (CVE-2025-20333) chain, and the Identity Services Engine injection pair (CVE-2025-20337, CVE-2025-20281). The ASA and device lessons note that network-device implants survive patching without explicit recovery steps.
|
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-29T19:28:44.044Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 54,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
7
|
+
"manifest.json": "1bd5c8e6489d1a1b7ef67889b6fa5afbfb3d0780d0a5bf2699b1a5ca22164ec9",
|
|
8
8
|
"data/atlas-ttps.json": "878b4a08bb73c8d20396d85cf433a88f2bc5e7a8cbf7f6ab773ce7ede0a11251",
|
|
9
|
-
"data/attack-techniques.json": "
|
|
10
|
-
"data/cve-catalog.json": "
|
|
9
|
+
"data/attack-techniques.json": "96e21dd277fe24598e8ae74b40009785757a71ed4fc98e456504cd04f441bc90",
|
|
10
|
+
"data/cve-catalog.json": "365fd70e7f02daff7ca5b2b4eeeeb4579621937b167ad2fc07914d1c36a36bc9",
|
|
11
11
|
"data/cwe-catalog.json": "0fd275c2a61754958d68cea03a92794a67cf1c1d4d609f81a5728334df013ee3",
|
|
12
12
|
"data/d3fend-catalog.json": "9a54bccb9f24f84b32024216cc3f53819a053721ac8ab43c326859e68fc0ffaf",
|
|
13
13
|
"data/dlp-controls.json": "d2406c482dddd30e49203879999dc4b3a7fd4d0494d6a61d86b91ee76415df19",
|
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
"data/framework-control-gaps.json": "29e7b6aa841ddf2530ca5971bdb60d7a715684b2f6264141ad49f0de9a039d78",
|
|
16
16
|
"data/global-frameworks.json": "9ba563a85f7f8d6c3c957de64945e20925a89d0ed6ea6fc561cf093811acf558",
|
|
17
17
|
"data/rfc-references.json": "b21d03b948c41bc8a854e2f057948ecf844bd8c105848aeb141d1eadf8192c31",
|
|
18
|
-
"data/zeroday-lessons.json": "
|
|
18
|
+
"data/zeroday-lessons.json": "eecfcd270e8c6063511122374cfc2d5b56bdf5be769ad8e2a1556949ec682f0b",
|
|
19
19
|
"skills/kernel-lpe-triage/skill.md": "0f79c641cef6e5f4a942eb94f43c460562bf83dfb67ae112d146c39c6b320fb0",
|
|
20
20
|
"skills/ai-attack-surface/skill.md": "2880499993e0e69e3897a9d02b5e83aa0462c86a4dd2c1988b9968e375704a1f",
|
|
21
21
|
"skills/mcp-agent-trust/skill.md": "0752834acde0303d6d1e36be4b320eac3d34fde715bb8d71f3ad9e801d701482",
|
|
@@ -272,6 +272,8 @@
|
|
|
272
272
|
"DS0017"
|
|
273
273
|
],
|
|
274
274
|
"cve_refs": [
|
|
275
|
+
"CVE-2020-25078",
|
|
276
|
+
"CVE-2020-25079",
|
|
275
277
|
"CVE-2022-1471",
|
|
276
278
|
"CVE-2023-43654",
|
|
277
279
|
"CVE-2023-44467",
|
|
@@ -305,6 +307,7 @@
|
|
|
305
307
|
"CVE-2025-20337",
|
|
306
308
|
"CVE-2025-23254",
|
|
307
309
|
"CVE-2025-27520",
|
|
310
|
+
"CVE-2025-29635",
|
|
308
311
|
"CVE-2025-30165",
|
|
309
312
|
"CVE-2025-32434",
|
|
310
313
|
"CVE-2025-32444",
|
|
@@ -312,7 +315,9 @@
|
|
|
312
315
|
"CVE-2025-33236",
|
|
313
316
|
"CVE-2025-34291",
|
|
314
317
|
"CVE-2025-3466",
|
|
318
|
+
"CVE-2025-4428",
|
|
315
319
|
"CVE-2025-49596",
|
|
320
|
+
"CVE-2025-49704",
|
|
316
321
|
"CVE-2025-51480",
|
|
317
322
|
"CVE-2025-53773",
|
|
318
323
|
"CVE-2025-54136",
|
|
@@ -561,6 +566,7 @@
|
|
|
561
566
|
"CVE-2025-31161",
|
|
562
567
|
"CVE-2025-32975",
|
|
563
568
|
"CVE-2025-34026",
|
|
569
|
+
"CVE-2025-4427",
|
|
564
570
|
"CVE-2025-49706",
|
|
565
571
|
"CVE-2025-61757",
|
|
566
572
|
"CVE-2025-64513",
|
|
@@ -1023,6 +1029,7 @@
|
|
|
1023
1029
|
"CVE-2025-49113",
|
|
1024
1030
|
"CVE-2025-49596",
|
|
1025
1031
|
"CVE-2025-49704",
|
|
1032
|
+
"CVE-2025-49706",
|
|
1026
1033
|
"CVE-2025-49844",
|
|
1027
1034
|
"CVE-2025-5086",
|
|
1028
1035
|
"CVE-2025-52691",
|
|
@@ -12044,7 +12051,9 @@
|
|
|
12044
12051
|
"_auto_imported": true,
|
|
12045
12052
|
"_intake_method": "mitre-attack-stix",
|
|
12046
12053
|
"cve_refs": [
|
|
12047
|
-
"CVE-2025-31324"
|
|
12054
|
+
"CVE-2025-31324",
|
|
12055
|
+
"CVE-2025-49704",
|
|
12056
|
+
"CVE-2025-53770"
|
|
12048
12057
|
]
|
|
12049
12058
|
},
|
|
12050
12059
|
"T1505.004": {
|