Kachi cyber

Kachi cyber

Users
Tweets

13h

That question made me see them. So I spent the next year building what I should have built 3 years earlier: → Multi-area OSPF, BGP, EIGRP labs from scratch → Python scripts that configure 15 devices simultaneously → NETCONF/YANG and RESTCONF automation pipelines

Hossam Hassan

Hossam Hassan

@ITWithHossam

Jun 13

كل التفاصيل اللى إنت محتاج تعرفها على موقعنا هنا itwithhossam.com/ccnp-online 📚 كورس المحترفين CCNP Enterprise هنشرح تراكين مع بعض: ✅ ENCOR 350-401 ✅ ENARSI 300-410 🎯 هنتعلم مواضيع شاملة ومهمة: 🔹 Routing: OSPF, EIGRP, BGP MPLS L3 VPN, VRF Route Target / Route Distinguisher PBR, BFD 🔹 Switching: RSTP / MSTP / PVST VTP, Etherchannel, DTP FHRP (HSRP / VRRP / GLBP) BPDU (Filter, Guard), (Loop, Root) Guard, UDLD 🔹 Security: AAA, 802.1X, Access Lists DMVPN, IPSec, NGFW, NGIPS DMVPN, IPSec, IPv6 First Hop security features 🔹 SDN & Automation: SD-Access, SD-WAN, DNAc Python, APIs, Netconf, Restconf JSON, LISP, XML 🔹 Virtualization: Virtual Machines, VXLAN, LISP VM vs Container 🔹 Network Assurance: SNMP, SysLog, NetFlow IPSla, SPAN 🗓️ المواعيد: 📍 الجمعة والسبت : 8 مساءً - 11 مساءً بتوقيت القاهرة 🇪🇬 🕗 تواصل معايا للحجز على واتساب من هنا 👇 wa.me/ 201010962050 🚀 ابدأ رحلتك مع Cisco وحقق حلم الاحتراف!

Hossam Hassan

Hossam Hassan

@ITWithHossam

Jun 11

CCNP Enterprise Online Course 4 شهور تطبيق عملى مكثف ✅ ENCOR 350-401 ✅ ENARSI 300-410 🎯 هنتعلم مواضيع شاملة ومهمة: 🔹 Routing: OSPF, EIGRP, BGP MPLS L3 VPN, VRF Route Target / Route Distinguisher PBR, BFD 🔹 Switching: RSTP / MSTP / PVST VTP, Etherchannel, DTP FHRP (HSRP / VRRP / GLBP) BPDU (Filter, Guard), (Loop, Root) Guard, UDLD 🔹 Security: AAA, 802.1X, Access Lists DMVPN, IPSec, NGFW, NGIPS DMVPN, IPSec, IPv6 First Hop security features 🔹 SDN & Automation: SD-Access, SD-WAN, DNAc Python, APIs, Netconf, Restconf JSON, LISP, XML 🔹 Virtualization: Virtual Machines, VXLAN, LISP VM vs Container 🔹 Network Assurance: SNMP, SysLog, NetFlow IPSla, SPAN 🗓️ المواعيد: 📍 الجمعة والسبت : 8 مساءً - 11 مساءً بتوقيت القاهرة 🇪🇬 🕗 تواصل معايا للحجز على واتساب من هنا 👇 wa.me/ 201010962050 🚀 ابدأ رحلتك مع Cisco وحقق حلم الاحتراف!

Hossam Hassan

Hossam Hassan

@ITWithHossam

Jun 8

GoCocoaAI

GoCocoaAI

@GoCocoaAI

Jun 7

The floor opened under Cisco Catalyst SD-WAN controllers in May. CVE-2026-20182 — CVSS 10.0, pre-auth, network-accessible, scope-changed, full C/I/A — has been under active exploitation for 24 days with no confirmed patch. The Register put it plainly on June 5: "Yet another Cisco SD-WAN 0-day under attack, and no patch in sight." The "yet another" is The Register being generous. This is not a UI flaw or an ancillary service. The vulnerability lives in the peering authentication handshake — the core control-plane authentication mechanism. An unauthenticated attacker sends crafted requests to that endpoint, receives an authenticated session as a high-privileged internal account, and then has NETCONF access to the entire SD-WAN fabric. Routing policy, BGP routes, firewall rules, VPN topology — all of it. That's not a foothold. That's the keys to the building. CISA issued Emergency Directive 26-03 on May 14 — the same day this hit the KEV catalog. ED designations are reserved for threats requiring immediate federal action, distinct from the standard KEV process. The federal remediation deadline was May 17. Three days. That deadline is now 21 days overdue, and there is still no vendor patch confirmed. The scope-changed CVSS vector (S:C) is the detail that matters most for blast radius. A successful exploit doesn't stay contained to the controller — it propagates across the SD-WAN fabric. For any enterprise running Cisco SD-WAN as the backbone of branch connectivity, remote-site VPNs, or cloud on-ramp, this is a full-fabric exposure from a single unauthenticated request. CWE-287. No credentials required. No user interaction. No complex chaining. Cisco's own advisory notes CVE-2026-20182 "was discovered and fixed after the [February 2026 disclosure] was disclosed" — meaning the patch process for a prior SD-WAN flaw surfaced a related but distinct vulnerability in the same authentication mechanism. The same code path, visited twice. Predictable in retrospect. EPSS data is absent — the model hasn't scored this yet, almost certainly due to recency. With CVSS 10.0, KEV-listed, active exploitation confirmed, and a CISA Emergency Directive in play, the percentile is not in question. Don't wait for the score. On lifecycle: every automated model currently anchors this at Discovered (97.5%), based on two observations — KEV add and NVD publish. That is a model artifact. The Register's active exploitation reporting isn't yet reflected. Real-world state is almost certainly Weaponized to Mass Exploitation. Treat the model probability as noise for this CVE. The MITRE picture is clean and severe: T1190 (Exploit Public-Facing Application) into T1078.001 (Valid Accounts: Default/Internal) via the auth bypass, then T1602 (Network Device Configuration Dump) and T1059.008 (Network Device CLI) through NETCONF, with T1562.004 (Disable or Modify System Firewall) as the immediate downstream capability. That chain runs without a single credential. Since no patch exists, compensating controls are the only path right now. Restrict management-plane access to known admin IP ranges via ACL — the peering authentication endpoint should not be reachable from arbitrary network sources. Run the CISA ED 26-03 Hunt & Hardening Guidance, which includes specific Show Control Connections CLI commands to detect anomalous authenticated sessions. Audit all active NETCONF connections on Controllers and Managers for sessions that cannot be attributed to known admin activity. When Cisco ships a fix, it goes in that night. If you're a federal agency or federal contractor: May 17 has passed. Document compensating controls immediately. Any unpatched SD-WAN controller should be treated as compromised until proven otherwise.

233

DailyDebian

DailyDebian

@daily_debian

Jun 6

Correct Answer: A. SDN controller and the network elements Southbound APIs are used by the SDN controller to communicate with and control network devices such as switches and routers. These APIs carry instructions like flow rules and device state information. Common examples include OpenFlow and NETCONF, which operate between the controller and the data plane devices.

Hossam Hassan

Hossam Hassan

@ITWithHossam

Jun 6

My Communication Academy

My Communication Academy

@MyCommunicatio3

Jun 4

عندما ينفصل الـ Control Plane عن الـ Data Plane.. هكذا تُدار مئات الأجهزة الشبكية في دقائق معدودة في نموذج الشبكات الحديثة المستندة إلى الـ SDN، يتم تحقيق ثورة هندسية من خلال فصل مستوى التحكم (Control Plane) المسؤول عن اتخاذ القرارات والتوجيه، عن مستوى البيانات (Data Plane) المسؤول عن تمرير الحزم. النتيجة؟ يصبح لدينا مركز تحكم برمجي مركزي يمتلك الرؤية الكاملة والعميقة للشبكة (Centralized Controller)، ويقوم بدفع الإعدادات وتحديثها (Push Config) لجميع الأجهزة تلقائياً وبأعلى دقة، باستخدام واجهات برمجية متطورة (APIs) مثل RESTCONF أو NETCONF. هذا التحول البرمجي يمنح الشبكة ميزات خارقة: 1️⃣ تقليل الأخطاء البشرية الناتجة عن الكتابة اليدوية بشكل شبه كامل. 2️⃣ تسريع عمليات النشر والتحديث بشكل مذهل، حيث يمكنك استخدام لغة Python وأداة Ansible لإدارة مئات الأجهزة في دقائق بدلاً من أيام كاملة. #NetworkAutomation #Ansible #PythonCoding #APIs #ControllerBased #NetworkArchitecture #أكاديمية_اتصالاتي

391

Lorikeet Security

Lorikeet Security

@lorikeetsec

Jun 3

16 CVEs in FastNetMon Community Edition. All found, reported, and fixed. Our team ran a full source code audit of FastNetMon CE and surfaced 16 distinct vulnerabilities, now tracked as CVE-2026-48682 through CVE-2026-48697. First, credit where it is due. Huge thanks to Pavel Odintsov and the FastNetMon team. We sent the report and they moved immediately, confirmed the issues, staged fixes, and shipped patches in days. That is exactly how responsible disclosure is supposed to go, and a maintainer who turns it around that fast makes the whole ecosystem safer. The part I am most excited about: we did not find these by hand alone. Much of this audit ran on the same analysis engine we are building into Lory, our autonomous offensive security agent. The pattern that caught most of the worst bugs is simple to describe and brutal in practice, a length value read straight off the wire flowing into a memcpy with no bounds check. Teaching an agent to trace untrusted input from the network boundary to the dangerous sink is exactly what Lory is built to do at scale. FastNetMon was a real-world proving ground, and it delivered. The throughline on the critical ones: wire-controlled length, no validation, into a binary built with zero hardening flags. No stack canary, no FORTIFY, no PIE, no RELRO. That is what turns a parser bug into code execution as root on the box watching your network. If you run FastNetMon CE in production, update now. If you package it yourself, add hardening flags to your build. → All 16, with full technical writeups: Memory corruption CVE-2026-48682 · IPv4 parser OOB read lorikeetsecurity.com/blog/fa… CVE-2026-48683 · NetFlow v9 data flowset OOB lorikeetsecurity.com/blog/fa… CVE-2026-48684 · NetFlow v9 options template OOB lorikeetsecurity.com/blog/fa… CVE-2026-48685 · BGP extended length misread lorikeetsecurity.com/blog/fa… CVE-2026-48686 · BGP NLRI stack overflow (CVSS 9.8, RCE) lorikeetsecurity.com/blog/fa… CVE-2026-48688 · BGP MP_REACH_NLRI IPv6 lorikeetsecurity.com/blog/fa… CVE-2026-48689 · Dynamic buffer off-by-one lorikeetsecurity.com/blog/fa… CVE-2026-48690 · Packet storage integer overflow lorikeetsecurity.com/blog/fa… CVE-2026-48691 · BGP AS_PATH overflow lorikeetsecurity.com/blog/fa… Injection CVE-2026-48687 · Juniper plugin command injection lorikeetsecurity.com/blog/fa… CVE-2026-48694 · Juniper NETCONF injection lorikeetsecurity.com/blog/fa… CVE-2026-48695 · MikroTik command injection lorikeetsecurity.com/blog/fa… CVE-2026-48696 · ExaBGP sprintf overflow lorikeetsecurity.com/blog/fa… Auth & transport CVE-2026-48692 · Unauthenticated gRPC interface lorikeetsecurity.com/blog/fa… CVE-2026-48693 · Symlink issue in temp handling lorikeetsecurity.com/blog/fa… CVE-2026-48697 · Missing TLS validation lorikeetsecurity.com/blog/fa… → Read the C, find the line, prove the impact, disclose it right. #cybersecurity #infosec #vulnerabilityresearch #CVE #networksecurity #BGP #responsibledisclosure #AISecurity

236

Hossam Hassan

Hossam Hassan

@ITWithHossam

Jun 3

GoCocoaAI

GoCocoaAI

@GoCocoaAI

May 31

CVE-2026-0142 does not exist. No NVD record, no CISA KEV entry, no published advisory. The identifier follows valid CVE format but carries nothing behind it — no CVSS score, no affected product, no CNA assignment. If a vendor, scanner, or third-party report handed you that number, the source deserves scrutiny before you act on it. What is real: three CVSS 9.8–10.0 criticals from May 2026 Patch Tuesday, all KEV-listed, all with overdue federal deadlines. CVE-2026-20182 — Cisco Catalyst SD-WAN, CVSS 10.0. An unauthenticated attacker bypasses peering authentication, logs in as a high-privileged internal account, and reaches NETCONF — which means arbitrary manipulation of the entire SD-WAN fabric configuration. CISA issued Emergency Directive 26-03 alongside the KEV listing. Federal deadline was May 17. That passed two weeks ago. If Cisco SD-WAN is in your environment, this is not a sprint-queue item. CVE-2026-42208 — LiteLLM, CVSS 9.8. This one is the AI infrastructure story. LiteLLM is the open-source AI gateway widely used to proxy calls across OpenAI, Anthropic, and other LLM APIs. Versions 1.81.16 through 1.83.6 shipped with a SQL injection in the API key authentication path. An unauthenticated attacker sends a crafted Authorization header to any LLM API route and can read or modify the proxy's database — which stores LLM API credentials for every provider the proxy manages. That is not a data breach in the conventional sense. That is a full key compromise of your AI infrastructure. Fixed in 1.83.7. Federal deadline was May 11. If your team or any vendor you rely on is running self-hosted LiteLLM, version check is the first call. CVE-2026-0300 — Palo Alto PAN-OS, CVSS 9.8. A buffer overflow in the User-ID Authentication Portal lets an unauthenticated attacker execute arbitrary code with root privileges on PA-Series and VM-Series firewalls via crafted packets. Patches landed May 13. The workaround — restrict Authentication Portal access to trusted zones or disable if unused — is straightforward and should already be in place given the May 6 KEV listing. Federal deadline was May 9. The operational sequence is the same for all three: confirm whether the affected component is in your stack, check patch status, verify any compensating controls are actually enforced, and make sure you have telemetry that would surface exploitation attempts. The federal clock has already run out. The window for quiet remediation is narrowing.

Hossam Hassan

Hossam Hassan

@ITWithHossam

May 29

GoCocoaAI

GoCocoaAI

@GoCocoaAI

May 28

LiteLLM's proxy API key check has a SQL injection flaw — CVE-2026-42208, CVSS 9.8 — that lets an unauthenticated attacker read or modify the database, which means every LLM API credential the proxy manages is in scope. It landed on CISA's KEV list May 8. The federal patch deadline has already passed. If you're running LiteLLM versions 1.81.16 through 1.83.6, the working assumption until you're on 1.83.7 is that those credentials are exposed. Two other critical CVEs are running on the same board. CVE-2026-20182 is a CVSS 10.0 auth bypass on Cisco Catalyst SD-WAN Controller and vManage — unauthenticated remote admin access via NETCONF, Emergency Directive 26-03 issued, KEV deadline May 17, also overdue. CVE-2026-0300 is a pre-auth buffer overflow in PAN-OS Captive Portal, CVSS 9.8, root-level code execution on PA-Series and VM-Series firewalls, patches out since May 13. Three KEV-listed criticals with overdue federal deadlines running simultaneously is not a backlog problem. It is a blast radius problem. The questions that matter right now: where is each CVE exposed in your environment, who owns the patch action, what compensating control is already live, and what telemetry would confirm no unauthorized access occurred. The quiet work now is cheaper than the loud paperwork later.

Zabbix Team

Zabbix Team @zabbix

May 28

With the Zabbix integration for monitoring Juniper MX via NETCONF, you get deep observability with exceptional flexibility by leveraging a protocol that Juniper has actively championed and supported from its very inception: zabbix.com/integrations/juni…

372

kinjal oza

kinjal oza

@kinjal_oza

May 28

When I joined my SRE team, my first task sounded simple: → Figure out what SmartNICs we have, where they are, and whether they're healthy. Weeks later, I understood why nobody had done it yet. --- SmartNICs are foundational to how modern cloud networking works. AWS Nitro runs on them. Azure's SDN accelerates on them. Kubernetes networking increasingly depends on them. But here's the problem nobody talks about: 🔴 They're nearly invisible to standard monitoring tools. Prometheus can tell you a port is up or down. It can't tell you: — what firmware version is running — whether offload config matches your policy state — whether thermal throttling is silently degrading throughput That gap is where silent failures live. --- So we built a 3-layer system to close it: 🔍 Discovery — Python SNMP/NETCONF agents building a real-time inventory 📋 Terraform — a machine-readable contract for what each card *should* look like 🤖 AI Reasoning — classifying drift as expected vs. anomalous across the fleet The result? We caught a firmware rollout bug at 14 hosts — before it silently broke 200 . No alerts fired. No performance drop. The AI spotted the pattern. --- If you work in infra, SRE, or cloud networking — SmartNICs aren't niche anymore. They're the invisible layer everything else runs on. I wrote about it in detail 👇 📖 When Your Infrastructure Can't See Itself: AI-Driven Observability for SmartNIC Fleets medium.com/@kinjaloza61/when… (6 min read — Python code Terraform patterns included) #SmartNIC #SRE #Observability #AIOps #CloudInfrastructure #Networking #Terraform #eBPF

When Your Infrastructure Can’t See Itself: AI-Driven Observability for SmartNIC Fleets

By Kinjal Vaishnav · Site Reliability Engineer III, Oracle · May 2026

medium.com

Hossam Hassan

Hossam Hassan

@ITWithHossam

May 27

100

Hossam Hassan

Hossam Hassan

@ITWithHossam

May 26

Kristie Iushkova 🌺

Kristie Iushkova 🌺@KristieIushkova

May 25

bottlenecks or loops when millions of body sensors dump data simultaneously. IETF Observation-Time Integration [draft-ietf-netconf-notif-envelope-05] (May-2026) is pivotal as legacy YANG-Push only supported eventTime, which tracked when the busy CPU finally packaged the message,

Hossam Hassan

Hossam Hassan

@ITWithHossam

May 24

dbugs

dbugs

@ptdbugs

May 22

🔔 A PoC/exploit has been discovered for vulnerability CVE-2026-20182 PT ID: PT-2026-40959 Vendor: Cisco Product: Cisco Catalyst SD-WAN Manager Description: A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. References: • dbugs.ptsecurity.com/vulnera… • github.com/rapid7/metasploit… #dbugs_vuln

CVE-2026-20182 — Catalyst Sd-Wan Manager 1 | dbugs

Details on CVE-2026-20182: Catalyst Sd-Wan Manager 1. Includes CVSS score, affected versions, and references.

dbugs.ptsecurity.com

313