Security Beyond the Sandbox – AMP overview from Talos

sandbox3Joe Malenfant from the Cisco Talos team wrote a great post summering Cisco’s Advanced Malware Protection AMP (original post found HERE). The focus of the article is going beyond sandbox technology.

A few years ago sandboxing technology really came of age in the security industry. The ability to emulate an environment, detonate a file without risk of infection, and analyze its behavior became quite a handy research tool. Since then, sandboxes have become relatively popular (not nearly on the same scale as anti-virus or firewalls) and can be found in larger organizations. You may even have purchased a sandbox a few years ago, but it’s likely that your malware analysis needs have gone beyond the traditional sandboxing technologies that simply extract suspicious samples, analyze in a local virtual machine, and quarantine. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Ashley Madison Data Leak Analysis from Dr. Chaos – Deadline Has Passed

romney_ashley_madison

I posted about the Ashley Madison breach HERE. For those that are not following this, Ashley Madison, the popular affair website was breached by a group calling themselves The Impact Team. They threaten to leak customer records if Ashley Madison didn’t shutdown their website. Ashley Madison is still up and the deadline has passed so The Impact Team posted access to all 30 million customer records. My buddy Aamir aka Dr Chaos summed up the current state of this situation. His post can be found HERE.

Hackers attacked Ashley Madison (known as AM by its users), the dating site for married couples that promotes infidelity. They walked away with 30 million records containing site user information. While the initial ramifications seem obvious, the story continues to unfold with recent news that email addresses were discovered that originated from government agencies, high level politicians, and certain celebrities. The data represents a treasure trove of sensitive and extremely private data that has a high potential for causing damage to individuals. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Hacker shows he can locate, unlock and remote start GM vehicles

carhacker1

Wow another automobile attack! This time the hacker can abuse anybody using the OnStar RemoteLink mobile app. In summary, don’t use the OnStar RemoteLink app until a patch is available or you may find one day that somebody has been joy riding in your car.

Samy Kamkar posted about this vulnerability on Computerworld including a video demonstrating his tool built to abuse this vulnerability in the app. The original post and video can be found HERE. He will be talking more about this next week at the Blackhat/DEFCON conferences.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Analyze Malware With Cuckoo Sandbox

cuckooPeople have asked me to recommend a tool that can be used to analyze files for viruses that does more than standard anti-virus. Usually the need is to prove something being flagged by a security product is actually malicious verses a false positive alert. There are enterprise level sandbox solutions such as Cisco’s ThreatGRID sandbox that offer this (more on this found HERE) however one very popular open source free option is Cuckoo. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Talos on Phishing: Hook, Line and Sinker: Catching Unsuspecting Users Off Guard

phishing-attack

Cisco’s research team Talos wrote a interesting article on their research on Phishing. The original post can be found HERE. For those that don’t know what Phishing is, its the cyber attack where a malicious party pretends to be a legitimate source with the goal to trick a victim into clicking a email, accessing a website, or just giving up sensitive data. Here is the Talos article.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (2 votes cast)

Book Review: Penetration Testing With Raspberry Pi

raspberrypiBerislav Kucan from net-security.org posted a nice writeup on the book Aamir Lakahni and I wrote on penetration testing using a Raspberry Pi. The original write up can be found HERE.

Introduction

Raspberry Pi is a small and portable single board computer that can be transformed into a penetration testing system. This book will show you how. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Breaking SSH, VNC, and other passwords with Kali Linux and Hydra

crackedMy buddy Aamir Lakhani aka drchaos wrote a great post on breaking SSH, VNC and other services. The original post can be found HERE.

Hydra is a very fast and effective network login cracker. It will help you perform brute force attacks against SSH servers, VNC, and other services. When you launch Hydra it will launch the GUI in Kali, however in this tutorial we will use xHydra, which is the command line version of the tool. The command line version of the tool gives you much for flexibility in how to use the tool.

Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

4 Million Records Stolen – U.S. Office of Personnel Management Hacked!

www.usnews

According to datalossdb.org, the U.S Department of the Interior, U.S. Office of Personnel Management lost 4 Million records from a massive data breach. Dataloss lists “At least 4 million names, dates and place of birth, Social Security numbers, benefit selections, job assignments, performance ratings and training information of current and former Federal employees compromised by hackers”. USNEWS.com wrote the following article about this breach found below (original post found HERE).  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)