Initial Access Intelligence

Fetch Detection Artifacts

To download the latest available detection artifacts, VulnCheck Initial Access Intelligence detection artifacts are available via git, backup file, and API.

VulnCheck Initial Access Intelligence provides in-house developed exploit PoCs, packet captures, and Suricata signatures to defend against initial access vulnerabilities.

VulnCheck tracks initial access vulnerabilities, remote code execution vulnerabilities that do not require authentication, and authors detection artifacts to help organizations defend against weaponized exploits for those vulnerabilities. VulnCheck Initial Access Intelligence provides these detection artifacts in timely manner, to help organizations author detections and defend themselves, during the unclear times of recent disclosures.

Generate SSH Keys

Learn how to generate VulnCheck SSH Keys for accessing VulnCheck Detection Artifacts.

Using Git

After setting up your SSH keys in the VulnCheck web portal and activating your paid subscription license to VulnCheck Initial Access Intelligence, simply leverage git clone, to get the latest detection artifacts available.

git clone git@git.vulncheck.com:vulncheck/initial-access.git

Using the Backup File

The Initial Access Git repository is also available as an unencrypted or encrypted backup file. The encrypted variants password is vulncheck.

Offline BackupDescription
initial-access-gitInitial Access Git repository is an offline backup
initial-access-git-encryptedInitial Access Git repository is an offline password-protected backup

To request a specific offline backup, simply call /v3/backup/:index as follows (initial-access-git shown below):

curl --request GET \
    --url https://api.vulncheck.com/v3/backup/initial-access-git \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

Accessing Suricata and Snort Rules

VulnCheck offers API endpoints for quick and easy access to the Suricata and Snort rules. The following endpoints contain one rule on each line:

For example, to fetch the Suricata rules, call /v3/rules/initial-access/suricata as follows:

curl --request GET \
    --url https://api.vulncheck.com/v3/rules/initial-access/suricata \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

Example Initial Access Artifacts

VulnCheck Initial Access Intelligence example record for PaperCut (CVE-2023-27350)

Compile Exploit Code

Use Docker to compile and run the VulnCheck provided go-exploit scanner