CVE-2015-0235: A GHOST in the Machine

ghost-170Nick BiasiniEarl Carter, Alex Chiu and Jaeson Schultz from the cisco security research team posted about the real impact of the recent announced ghost vulnerability found by Qualys. It seems to not be as scary as the market is advertising. The original post can be found HERE.

On Tuesday January 27, 2015, security researchers from Qualys published information concerning a 0-day vulnerability in the GNU C library. The vulnerability, known as “GHOST” (a.k.a. CVE-2015-0235), is a buffer overflow in the __nss_hostname_digits_dots() function. As a proof-of-concept, Qualys has detailed a remote exploit for the Exim mail server that bypasses all existing protections, and results in arbitrary command execution. Qualys intends to release the exploit as a Metasploit module. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco 2015 Annual Security Report

Cisco ASR2015Cisco just released its Annual Security Report for 2015. You can download this report for free HERE. The Cisco 2015 Annual Security Report, which presents the research, insights, and perspectives provided by Cisco Security Research and other security experts within Cisco, explores the ongoing race between attackers and defenders, and how users are becoming ever weaker links in the security chain. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Penetration Testing with Raspberry Pi – Book Now Available!

PenTestingRas1My buddy and coauthor Aamir Lakhani and I are very proud to present our second book … “Penetration Testing With Raspberry Pi“. This book can be found on Packt’s website HERE and should start being seen on most online stores such as Amazon, Barns and Noble the next few days.  Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Top 10 Splunk and Cisco Highlights in 2014

Summary_-_Cisco_Security_Suite_-_Splunk_4.2_(96430)Friea Berg at Splunk wrote a nice article summarizing some of the latest highlights of how Splunk and Cisco have been teaming up to provide end to end security visibility and protection. You can find the original post HERE.

Over the past 7 years Cisco and Splunk have built a broad and multi-faceted relationship.

Internally Cisco IT, security, engineering and other teams use Splunk software every day for operational intelligence and security analytics. Cisco shared details at Splunk’s 2014 user conference in a session titled How Cisco IT Moved from Reactive to Proactive and Even Predictive with Splunk” and Cisco’s CSIRT team commented a blog post on Security Logging in an Enterprise … [W]e moved to Splunk from a traditional SIEM as Splunk is designed and engineered for ‘big data’ use cases.” Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

njRAT Malware – remote control malware

njRAT_goedist

My buddy Aamir Lakahni wrote a cool post on how to setup a njRAT (remote access toolkit). The original post can be found at drchaos.com via HERE.

Warning: The ideas, concepts and opinions expressed in this blog are intended to be used for educational purposes only. The misuse of the information from this article can result in criminal charges brought against the persons in question. Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials.

One of the most popular malware tools being used today is a RAT (remote access toolkit) named njRAT. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Why Migrate From Cisco NAC Appliance To ISE?

why1I have received the question why should I migrate from NAC appliance to Identity Services Engine (ISE)?” a handful of times. This post will provide some reasons why you should consider migrating over. Regarding how to migrate and what discounts you could receive by migrating, see this post that covers these questions HERE.

Lets start off by looking at Cisco NAC and ISE.  Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Don’t Trust All Phone Calls: Phone Scams 2.0

phone-scammer

There are many methods criminals will use to steal money that fall outside of normal attack channels. I was having dinner with a buddy from work and heard one of the most outrageous social engineering attack methods he recently experienced. To summarize, he had attackers call his home phone and try to get him to install malicious software. He figured out they were full of it yet went along with the scam for 20 minutes to see where they would take things. This post will cover his experience and variations of this attack seen in the wild.

Lesson learned …. don’t trust somebody just because they called you. Make sure to tell your friends and family this message. If you do some Google research, you will find many non-technical people are being tricked by this form of attack. Continue reading

VN:F [1.9.22_1171]
Rating: 4.7/5 (3 votes cast)

Here’s What Happens When You Install the Top 10 Download.com Apps

crowded1

The people at howtogeek.com wrote a pretty funny yet sad post about research they performed. The concept is they went to download.com and downloaded the top 10 most popular downloads onto a virtual windows system to see what would happen (they skipped a few Anti Viruses since it doesn’t make sense to install more than one but outside of that went through the list). As shown in the previous screenshot, most of the software was laced with malware pretty much killing the functionality of their test system. The ironic thing is download.com has disclaimers on their website stating they don’t post software with malware, trojans or malicious adware before during or after the installation of software being shared (shown later in the post). According to the results from the howtogeek team, this is obviously not the case. I guess those old sayings are right about nothing is free and if its too good to be true … it probably is. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)