NSS Labs Threat Capabilities Report Available

threatglasses1NSS Labs just released their latest Threat Capabilities Report found HERE. Its a short yet interesting report covering  widely used applications that were exploited after September of 2014. They list the top applications, operating systems and countries hosting command and control call homes. This one is free to download. Below is a summary from the report.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Anyconnect 4.0 – Whats New – Why Consider – Free Migrations

AnyconnectLogo1Cisco released Anyconnect 4.0 this past November (more on the announcement HERE). Here is a really good video summarizing Anyconnect HERE.

Anyconnect is Cisco’s flagship VPN solution providing users access to internal sources from anywhere, on any device regardless of physical location. Anyconnect has many bells and whistles such as “always on” meaning auto-connecting when off network yet turning off when on a trusted network, throttling apps that eat up bandwidth, checking the posture of devices prior to permitting connectivity (anti virus, system updates, etc), security for selective apps and many more. Cisco’s old VPN client IPsec is end of life (more HERE) so hopefully those using IPsec have migrated. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (4 votes cast)

Article In Hack Insight Press – Sophisticated Phishing with the WiFi Pineapple Mark V

SecMag1Hack Insight Press published one of my blog posting in their February issue that focuses on the WiFi Pineapple. My original post can be found HERE. The magazine article can be found HERE. In summary, this article talks about how to use the Wifi Pineapple Mark V by Hak5 to perform a phishing attack attack.

A description of the what the February Issue contains is shown below. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Penetration Testing with Raspberry Pi – Book Now Available!

PenTestingRas1My buddy and coauthor Aamir Lakhani and I are very proud to present our second book … “Penetration Testing With Raspberry Pi“. This book can be found on Packt’s website HERE and should start being seen on most online stores such as Amazon, Barns and Noble the next few days.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.3/5 (3 votes cast)

Why Migrate From Cisco NAC Appliance To ISE?

why1I have received the question why should I migrate from NAC appliance to Identity Services Engine (ISE)?” a handful of times. This post will provide some reasons why you should consider migrating over. Regarding how to migrate and what discounts you could receive by migrating, see this post that covers these questions HERE.

Lets start off by looking at Cisco NAC and ISE.  Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Here’s What Happens When You Install the Top 10 Download.com Apps

crowded1

The people at howtogeek.com wrote a pretty funny yet sad post about research they performed. The concept is they went to download.com and downloaded the top 10 most popular downloads onto a virtual windows system to see what would happen (they skipped a few Anti Viruses since it doesn’t make sense to install more than one but outside of that went through the list). As shown in the previous screenshot, most of the software was laced with malware pretty much killing the functionality of their test system. The ironic thing is download.com has disclaimers on their website stating they don’t post software with malware, trojans or malicious adware before during or after the installation of software being shared (shown later in the post). According to the results from the howtogeek team, this is obviously not the case. I guess those old sayings are right about nothing is free and if its too good to be true … it probably is. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

When Does Cloud Make Sense For Security?

cloudsecurity1I see a lot of hesitation from administrators when having a conversation about cloud based security. People seem to be uneasy with the idea of having anything security related managed outside of their company walls. Some administrators express concerns that there is a potential weakness opening up a connection from their inside network to the cloud (even though it is encrypted) while others feel uneasy about having people outside their staff accessing equipment for maintenance or other purposes. I’ve also had the question “what happens if a client sharing a security device in the cloud gets compromised? Will that impact our business”? (I’ve never heard of this happening and there are hundreds of cloud offerings available today). These are just a few concerns that gives cloud based security a bad reputation before it is evaluated for its true potential.

Cloud Security should be looked at as a method of outsourcing security. Why would you want to do this? There are many benefits and for some situations such as locations spread across the world, cloud is the only feasible answer. Here are some of the top benefits of going cloud based security. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Free FSU Online Security Classes : Offensive Computer Security

FSUCS1

The Computer Science department at Florida State University is offering free computer security class lectures. You can find the entire CIS4930 and CIS5930 courses online HERE. These are the Spring 2014 classes so the content is pretty current. There are 26 lessons ranging from lock picking to launching attacks with Metasploit. Videos include lecture slides to download. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)