My buddy Aamir Lakhani wrote about a cool reconnaissance tool called recon-ng. This tool can automate researching a target using multiple sources. The original post can be found HERE.
Reconnaissance techniques are the one of the first steps penetration testers practice when learning how to exploit systems for vulnerabilities. Traditional reconnaissance techniques are used to gather intelligence, define scope, and identifying weaknesses. Continue reading →
Many industries rely on revenue generated by sales and if credit is used, Payment Card Industry (PCI) compliance is mandated. This includes all industries that process, store or transmit credit card information. Like any compliancy standard, this is the minimal level of real security and should not be considered the goal to protect sensitive data. All compliance mandates that matter must go through various review and audit processes that take time and cause the results to be dated compared to the speed of new attacks you should expect against your network. This means meeting mandates such as PCI should just be part of your overall security strategy. Continue reading →
The people at toptenreviews provided a interesting infographic about facts and statistics on computer viruses. They break up where they tend to come from as well as the most common infections. There is also a brief blurb on conficker since its the most prolific virus to date. The original can be found HERE. Continue reading →
My buddy Aamir Lakhani wrote a great post covering the recently exposed security vulnerability that impacts more than half of the websites on the Internet. Its something everybody needs to be aware of. The original article can be found HERE.
Heartbleed is a serious vulnerability affecting OpenSSL cryptographic libraries. The Heartbleed vulnerability allows an attacker to steal information protected under normal SSL TLS conditions.
Here is what you need to know:
This is a very serious vulnerability.
It harms personal computers and everyday users. Attackers could possibly steal user information.
Many popular websites, including social media, search, email, banking, and health sites are vulnerable.
The bug is found on most systems and has been present since 2012.
Most likely, attackers knew about the vulnerability, and may have been exploiting it for a long time.
Patching and updating systems will not protect owners from attackers who have already captured data.
I wrote about one of my favorite hot-spot honeypot tools known as the WiFI pineapple Mark III last year HERE. The pineapple only cost $100 dollars and can be found at the HAK5 store.
To summarize what this bad boy does, it is a small portable attack tool that can run things such as Karma used to spoof trusted SSIDs and SSL strip to remove trusted connections while sniffing traffic. So for example, lets say your home network is PUPPYDOG123. When you’re at home, your wireless devices will look for PUPPYDOG123 and connect if they see it. When the pineapple is present and running Karma, it can say back “Hey, I’m PUPPYDOG123 … connect to me”. Your device will think its your network and connect. Traffic will go through the Pineapple so you think you are on a trusted network however the pineapple is between aka a man-in-the-middle attack. Continue reading →
My buddy Aamir Lakhani wrote about how traditional security products such as Stateful firewalls and older IPS/IDS solutions are not cutting it for today’s level of threats. This post covers why the “Next-Generation” of security technology matters. The original post can be found HERE.
Organizations are replacing their Stateful firewalls with Next-Generation firewalls (NGFW) and Next-Generation Intrusion Prevention systems (NGIPS). Most traditional firewalls are nothing more than packet filters that keep track of who initiated the traffic to automatically allow response traffic back to originator. IPS vendors such as Sourcefire and McAfee (Intel Security) are rapidly adding advanced features to protect against insider threats, application vulnerabilities, mobile devices, and malware. One must wonder are the days of traditional perimeter security devices such as Stateful firewalls and single-pass IDS systems numbered?
The future of security must reach beyond the capability of an appliance. There are too many attackvectors that are continuously changing to detect with a silo solution. It basically comes down to this …. there are only so many signatures that can be checked against as well as behavior algorithms that can be put in place before you must let traffic pass. Odds are, a malicious attacker will eventually bypass detection based on the fact that there are hackers out there with a rack of all the latest vendor IPS, Firewalls, etc. in a lab designed to test how effective a piece of malware is against any enterprise security solution. So in a nutshell, you will only be able to stop the majority of attacks launched against your network. Something will eventually get through. This means detecting and preventing can’t be your only security strategy. Continue reading →
I recently stood up a Cisco 4345 Intrusion Detection / Prevention (IDS / IPS) appliance and documented the configuration process. Here is a simple guide to setup a next generation Cisco 4345 IPS appliance.
Cisco offers various forms of threat detection options that range from modules in firewalls to dedicated appliances such as the 4345 IPS. Regardless of platform, the underlying technology is similar using a mix of threat reputation described as identifying attackers and various forms of scanning for stopping attacks. An example of stopping an attacker is blocking websites with “bad credit scores” based on how long they have been up on the Internet, the content of the site, traffic seen from the site and so on. So a website claiming to be a American bank may get flagged based on being seen from a foreign country, recently registered as a new site and flagged for SPAM. The majority of attacks on your organization can be prevented by dropping obvious malicious traffic using this method. This leaves a security solution’s resource intensive detection processes the ability to focus on the remaining 5-10% of attacks that make it through credit scoring based detection rather than scanning everything. Continue reading →
Cisco acquired Meraki, the leader in cloud controlled WiFI, routing and security late 2012. For those that haven’t heard of Meraki, the concept behind the technology is pretty cool. All device configuration and management is handled using a cloud / web accessible GUI. You can configure everything and ship equipment to where it needs to provide network access prior to first powering things on. Once you are ready, all you do is plug in the equipment and it works (IE all configuration is sent to the device via encrypted tunnel from the cloud) . It really is that simple.