From af673fcca0c8981eefd0697fb4a9db807bb61281 Mon Sep 17 00:00:00 2001
From: Shanableh <yshana534@cable.comcast.com>
Date: Sat, 1 Jun 2024 18:26:37 -0400
Subject: [PATCH] content-update

---
 ...cal_Malware_Analysis_and_Triage_Summary.md | 13 ++++++++
 .../Brocade_ICX_Broadcast_and_Multicast.md    | 31 ++++++++++++++-----
 2 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/docs/Knowledge_Base/Cyber_Journey/TCM_Security/Practical_Malware_Analysis_and_Triage_Summary.md b/docs/Knowledge_Base/Cyber_Journey/TCM_Security/Practical_Malware_Analysis_and_Triage_Summary.md
index 8dd1d43dc..670ad2bda 100644
--- a/docs/Knowledge_Base/Cyber_Journey/TCM_Security/Practical_Malware_Analysis_and_Triage_Summary.md
+++ b/docs/Knowledge_Base/Cyber_Journey/TCM_Security/Practical_Malware_Analysis_and_Triage_Summary.md
@@ -1531,7 +1531,20 @@
 
         ??? info "Debugger x32dbg"
 
+            Search for string reference the url
+
+            ![alt text](image-25.png)
+
+            We want to set a breakpoint at that address location (F2)
             
+            ![alt text](image-26.png)
+
+            Hit F9 until you see the URL
+
+            ![alt text](image-27.png)
+
+
+
 
 
 
diff --git a/docs/Knowledge_Base/Network/Vendor/Ruckus/Switches/Brocade_ICX_Broadcast_and_Multicast.md b/docs/Knowledge_Base/Network/Vendor/Ruckus/Switches/Brocade_ICX_Broadcast_and_Multicast.md
index 2fe369ea2..ef763266d 100644
--- a/docs/Knowledge_Base/Network/Vendor/Ruckus/Switches/Brocade_ICX_Broadcast_and_Multicast.md
+++ b/docs/Knowledge_Base/Network/Vendor/Ruckus/Switches/Brocade_ICX_Broadcast_and_Multicast.md
@@ -125,7 +125,7 @@
 
         This should take care of multicast storm issues, of course you will need to issue `clear statistics` command after each change and monitor if the changes are actually working or not
         
-        ![alt text](ICX-s98nsxz-0.png)
+        ![alt text](/Knowledge_Base/images/ICX-s98nsxz-0.png)
 
         After the change
 
@@ -180,14 +180,31 @@
     wr mem
     ```
 
-    OR
+    <mark>**OR**</mark>
 
     Create an ACL and assign it
 
+    You will need to know what ports are being utilized by the vendor, depending if this is an STB (Set Top Boxes), Chromecast, etc...
+
+    |Port(s) | Protocol | Service|
+    |:-|:-|:-|
+    |5353 | tcp,udp | Multicast DNS (MDNS) |
+    | 5353 | udp |  Bonjour |
+    | 1900 | tcp,udp | SSDP, UPnP (Universal PnP) |
+
+    Below ACL will block ports 1900 & 5353
+
+    ```bash
+    ip access-list extended Filter_mDNS
+    deny udp any any eq 5353
+    deny udp any any eq 1900
+    permit ip any any
+    ```
+
+    Below is how you apply the ACL above to a Router ve for a specific VLAN
+
     ```bash
-    ip access-list extended ACL
-     permit ip 172.17.52.0 0.0.3.255 host 172.17.52.2
-     deny ip 172.17.52.0 0.0.3.255 host 224.0.0.251
-     deny udp 172.17.52.0 0.0.3.255 any eq 5353
-     permit ip any any
+    #configure the Filter on Interface ve level
+    interface ve <ve_Number>
+     ip access-group Filter_mDNS in
     ```