My buddy Aamir wrote a summary of the open source announcement by Cisco at RSA last week (original post can be found HERE). Cisco also announced integrating FireAMP with Cisco email, web and cloud security products. FireAMP gives Cisco products the ability to detect infected files by searching for known hashes, sandboxing unknown files and other detection means. More on the FireAMP capabilities can be found HERE. Another source for these announcements is on the Network World blog found HERE. Continue reading
My buddy Aamir Lakhani wrote about how traditional security products such as Stateful firewalls and older IPS/IDS solutions are not cutting it for today’s level of threats. This post covers why the “Next-Generation” of security technology matters. The original post can be found HERE.
Organizations are replacing their Stateful firewalls with Next-Generation firewalls (NGFW) and Next-Generation Intrusion Prevention systems (NGIPS). Most traditional firewalls are nothing more than packet filters that keep track of who initiated the traffic to automatically allow response traffic back to originator. IPS vendors such as Sourcefire and McAfee (Intel Security) are rapidly adding advanced features to protect against insider threats, application vulnerabilities, mobile devices, and malware. One must wonder are the days of traditional perimeter security devices such as Stateful firewalls and single-pass IDS systems numbered?
Aamir Lakhani from drchaos.com wrote a good article on how chaining together social engineering tactics compromised a highly visible twitter account. The original post can be found HERE.
Who can we trust? It’s a tough question. We think we can trust our friends, co-workers, mentors, and colleagues because they are people we see and interact with often as frequently as we do with our family members. Unfortunately, there is risk in trusting others, particularly when those we trust have privileged access to our accounts and sensitive information. When our trust and exposure extends to those who we work with, and incorporates intimate knowledge of our business concerns, corporate cultural developments, and technology secrets, we must face the reality of insider threats. Unlike external attackers, those we consider to be on the inside of our trust circles do not need to hunt for valuable information, nor do they need to exploit strong perimeter defenses; insiders already know what is valuable and where it is stored.
Aamir Lakhani wrote a fantastic article on the recent data breach of Target’s network. If you recently shopped at Target, you really should read this. The original article can be found HERE.
Anyone who swiped their credit or debit card between Nov. 27th through Dec. 15th may have had his or her accounts breached. Continue reading
My buddy Aamir wrote a great post on Cryptolocker. The original can be found HERE.
Cryptolocker is malware that is categorized as ransomware. According to Wikipedia, “Ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed” (Wikpedia).
Cryptolocker is dangerous because if you are infected with the malware, you are in danger of losing all your files that are local to your machine, including attached storage (USB drives) and connected network drives. The network drives or any other mass storage media that shows up as a drive letter could be corrupted by the malware. Continue reading
My Buddy Aamir Lakhani wrote a awesome Installation guide for kali Linux. This is a updated version of what is available in our book. Check out the original post HERE via www.drchaos.com
Introducing kali Linux
The creators of BackTrack have released a new, advanced penetration testing Linux distribution named kali Linux. BackTrack 5 was the last major version of the BackTrack distribution. The creators of BackTrack decided that to move forward with the challenges of cyber security and modern testing a new foundation was needed. Kali Linux was born and released March 13th 2013. Kali Linux is based on Debian and an FHS-Compliant file system. Continue reading
I published an article for PenTest magazine’s November 2013 issue. The article is titled “Launching Social Media Based Attacks”. Below is the introduction from the article. You can find the complete article at http://pentestmag.com/. Continue reading
A few weeks ago Aamir Lakhani put up a blog post on how to install and configure Snort on Security Onion with Snorby. Since the release of the article He has received numerous requests on how to disable some of the rules. Here is a post on tuning by Aamir. The original post can be found HERE.
If you followed the article, The Ultimate Guide to Installing Security Onion with Snort and Snorby, you are no doubt seeing quite a few events on your Snorby dashboard.
Before you begin, make sure you have root privileges. Type in sudo –i to get root privileges. Continue reading