Security Posts

Infocon: green

SANS Internet Storm Center, InfoCON: green - Sat, 2019/04/20 - 23:46
Analyzing UDF Files with Python
Categories: Security Posts

Facebook Fails, Russian Hacks, and More Security News This Week

Wired: Security - Sat, 2019/04/20 - 15:00
The Mueller report, Facebook goofs, and more of the week's top security news.
Categories: Security Posts

Y después de Semana Santa: Eventos, Cursos y Charlas en Madrid, Cartagena de Índias, Málaga, Sevilla y Online. @elevenpaths @luca_d3 @0xWord

Un informático en el lado del mal - Sat, 2019/04/20 - 07:33
Es sábado, y la semana que viene ya toca volver al trabajo. Así que yo vuelvo a la rutina de traeros la lista de eventos, charlas, cursos y saraos varios a los que puedes apuntarte para la semana que viene. Estos son los que tengo en el radar de lo que vamos a hacer nosotros. Toma nota que son un buen montón y en Madrid, Colombia, Málaga, Sevilla, Melilla y Online.
Figura 1: Y después de Semana Santa: Eventos, Cursos y Charlas
en Madrid, Cartagena de Índias, Málaga, Sevilla y Online.
Lo primero que tenemos es un taller de Introducción a la Seguridad de la Información que se va a realizar los días 23 y 24 de Abril en el Centro Tecnológico de Melilla, donde participaremos desde ElevenPaths. Una oportunidad para estar en contacto con nuestros compañeros si eres de Melilla.
La próxima semana, dentro del programa de formación sobre #ciberseguridad de @MSecureTIC, apoyado por @telefonica_ed, estaremos impartiendo el curso "Introducción a la Seguridad de la Información". Toda la info aquí
Categories: Security Posts

What is Port Scanning?

BreakingPoint Labs Blog - Sat, 2019/04/20 - 02:46
Port scanning is the one of the oldest mechanisms used in network security scanning, service…
Categories: Security Posts

Mirai is still alive and using multiple old exploits on home routers

BreakingPoint Labs Blog - Sat, 2019/04/20 - 02:46
Ixia’s Application Threat Intelligence (ATI) security researchers continue to hunt for the latest…
Categories: Security Posts

Key Findings of the Ixia Security Report

BreakingPoint Labs Blog - Sat, 2019/04/20 - 02:46
Ixia just released its third annual security study—the Ixia 2019 Security Report. This report…
Categories: Security Posts

Network Flow Monitoring: The ABCs of Network Visibility

BreakingPoint Labs Blog - Sat, 2019/04/20 - 02:46
This is another in a series of blogs on the important concepts of network managment. Today's topic…
Categories: Security Posts

PayPal, Netflix, Gmail, and Uber users among targets in new wave of DNS hijacking attacks

BreakingPoint Labs Blog - Sat, 2019/04/20 - 02:46
Since March 29, 2019, Ixia’s Application and Threat Intelligence (ATI) center has been tracking the…
Categories: Security Posts

Survey finds concerns related to cloud monitoring

BreakingPoint Labs Blog - Sat, 2019/04/20 - 02:46
This week Ixia, a Keysight business, released the results of a survey we conducted in December 2018…
Categories: Security Posts

Software Defined Networks (SDN): The ABCs of Network Visibility

BreakingPoint Labs Blog - Sat, 2019/04/20 - 02:46
If you have been involved in networking over the last several years, then you have heard the term…
Categories: Security Posts

The Malware Cloaking Device and How to Beat It

BreakingPoint Labs Blog - Sat, 2019/04/20 - 02:46
Shortly before his sudden but inevitable demise, Ensign Redshirt reported that he detected no…
Categories: Security Posts

Monitoring performance where the action is: on the network edge

BreakingPoint Labs Blog - Sat, 2019/04/20 - 02:46
Intelligence is spreading out in organizations--moving closer to the customer, closer to customer-…
Categories: Security Posts

Lightwave Innovation Reviews Honors Ixia AresONE 400GE Test Platform

BreakingPoint Labs Blog - Sat, 2019/04/20 - 02:46
At Ixia, we were delighted to see one of our most exciting new products, AresONE, be recognized by…
Categories: Security Posts

Extracting “Stack Strings” from Shellcode

Didier Stevens - Sat, 2019/04/20 - 02:00
A couple of years ago, I wrote a Python script to enhance Radare2 listings: the script extract strings from stack frame instructions. Recently, I combined my tools to achieve the same without a 32-bit disassembler: I extract the strings directly from the binary shellcode. What I’m looking for is sequences of instructions like this: mov dword [ebp – 0x10], 0x61626364. In 32-bit code, that’s C7 45 followed by one byte (offset operand) and 4 bytes (value operand). Or: C7 45 10 64 63 62 61. I can write a regular expression for this instruction, and use my tool re-search.py to extract it from the binary shellcode. I want at least 2 consecutive mov … instructions: {2,}. I’m using option -f because I want to process a binary file (re-search.py expects text files by default). And I’m using option -x to produce hexadecimal output (to simplify further processing). I want to get rid of the bytes for the instruction and the offset operand. I do this with sed: I could convert this back to text with my tool hex-to-bin.py: But that’s not ideal, because now all characters are merged into a single line. My tool python-per-line.py gives a better result by processing this hexadecimal input line per line: Remark that I also use function repr to escape unprintable characters like 00. This output provides a good overview of all API functions called by this shellcode. If you take a close look, you’ll notice that the last strings are incomplete: that’s because they are missing one or two characters, and these are put on the stack with another mov instruction for single or double bytes. I can accommodate my regular expression to take these instructions into account: This is the complete command: re-search.py -x -f "(?:\xC7\x45.....){2,}(?:(?:\xC6\x45..)|(?:\x66\xC7\x45...))?" shellcode.bin.vir | sed "s/66c745..//g" | sed "s/c[67]45..//g" | python-per-line.py -e "import binascii" "repr(binascii.a2b_hex(line))"
Categories: Security Posts

Analyzing UDF Files with Python, (Fri, Apr 19th)

SANS Internet Storm Center, InfoCON: green - Sat, 2019/04/20 - 00:05
Yesterday, Xavier wrote a diary entry about malicious UDF files. I wrote about the analysis of .ISO files before, and it turns out the same techniques work for UDF files too. Python module isoparser can also parse UDF files: We can retrieve the content: And calculate the hash of the contained EXE:   Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Give Your Network An Unfair Advantage Against Hidden Malware

BreakingPoint Labs Blog - Fri, 2019/04/19 - 20:46
The IT role is extremely hard today. Whether you are part of the DevOps or SecOps team makes no…
Categories: Security Posts

Announcing the community-oriented osquery fork, osql

For months, Facebook has been heavily refactoring the entire osquery codebase, migrating osquery away from standard development tools like CMake and integrating it with Facebook’s internal tooling. Their intention was to improve code quality, implement additional tests, and move the project to a more modular architecture. In practice, the changes sacrificed support for a number of architectures, operating systems, and a variety of useful developer tools that integrate well only with the standard build system preferred by the open-source C++ community. Worse still, the project’s new inward focus has greatly delayed the review of community contributions — effectively stalling development of features or fixes for the needs of the community — without a clear end in sight. Lacking a roadmap or predictable release cycle, user confidence in the project has fallen. Enterprises are postponing their planned osquery deployments and searching for alternative solutions. Many of the most secure organizations in the world have already invested in making osquery the absolute best endpoint management solution for their needs. Being forced to look elsewhere would be a waste of their investment, and leave them relying on less effective alternatives. That is why we are announcing the community-oriented osquery fork: osql. What are the goals of osql? With osql, we are committed to restoring the community’s confidence in the osquery project, to making the development process more open and predictable, and to reviewing and accepting community contributions more quickly. Our goal is to restore direct community participation. An open and transparent development process In the immediate term, osql will be maintained as a “soft-fork.” We will closely track Facebook’s upstream updates without diverging from the codebase. Plenty of completed work is simply waiting upstream, in Pull Requests. We prepared a workflow through which the osql project can accept Pull Requests that the community deems stable enough to be shipped, but which have been ignored by the upstream maintainers. The community can pick and choose its priorities from those contributions, and incorporate them into the next release of osql. The osql organization on GitHub will be a hub for community projects Continuous Integration, Continuous Delivery We’ve also integrated a much-needed public CI using Azure Pipelines, which will build and run tests at each commit. Find the results here. The CI will help us build, test, and release faster and more frequently. We are committing to release a new osql binary (package installer) on a regular monthly cadence. We will communicate the changes that users can expect in the next release. They will know when to expect it, and that the version they download has passed all tests. Determine if the latest code is building for all platforms, at a glance Restoring standard tool support for developers We rewrote the build system from scratch to return it to CMake, the C++ community’s de-facto standard for building projects. This effort was non-trivial, but we believe it was central to preserving the project’s compatibility with open-source toolchains. The libraries and tools that represent the foundation of modern C++ development, such as Boost or the LLVM/Clang compiler toolchain, all support CMake natively. The most-used third party libraries use CMake as well, making it quite easy to include them in a CMake-based project. Developers benefit from built-in CMake support in their IDEs. Visual Studio, VS Code, CLion and QtCreator can all easily open a project from its CMakeLists file, enabling a precise view of the project’s structure and the outputs of its build process. They’ll also regain the convenience of CMake-supporting static analyzer frameworks, like Clang’s scan-build, which helps discover critical bugs across an entire project. By re-centering everything around a CMake build process, we made osql a more developer-friendly project than upstream osquery. If you would like to see for yourself and begin contributing to osql, check out the build guide. Work conveniently in the Visual Studio Code IDE, with CMake integration What’s next for osql Our work is just beginning! We plan to continue improving the automation of osql releases. Initially, osql releases will be unsigned binaries/packages. The next priority for the project is to implement a secure code-signing step into the CI procedure, so that every release is a binary signed by the “osql” organization. The osquery project’s build process used to allow you to choose whether to download or to build third-party dependencies, thanks to easily modifiable Homebrew formulas. Not only that, you could also choose from where these dependencies were downloaded. That is no longer true for osquery currently, but we will restore that ability in osql (a task made easier thanks to CMake). We also plan to extend the public CI for osql to enable it to test PRs opened against upstream osquery. This will help the community review those PRs, and provide a kind of quality assurance for their inclusion in a future release of osql. In the longer term, thanks to CMake’s support for building on various platforms, it will be possible for osql to be built for whatever new systems that the community demands. Want More? Let’s Talk When we originally ported osquery to Windows, we didn’t imagine it would become so big, or that it would outgrow what Facebook alone could maintain. A whole community of organizations now deploy and depend on osquery. That’s why we’ve launched osql, the community-oriented osquery fork. If you are part of this community and are interested in porting to other platforms, need special features from the project, or want some customization done to the core, join our osquery/osql support group or contact us!
Categories: Security Posts

Ethical hacking as a post-graduation opportunity

AlienVault Blogs - Thu, 2019/04/18 - 15:00
The world of cybersecurity is an ever-changing one of constant preemptive preparation, where companies are forced to hunt for any kinks in their defenses to ensure that they’re as protected as possible. Working as an ethical hacker allows information technology graduates to come into the job market and aid companies in finding those kinks so that they can remain safe in a world of increasing cybercrime. As the world of cybersecurity grows more linked with everyday life, it’s important to know what awaits those entering this job market. Great pay Ethical hacking is a skilled trade, reserved for those that know their way around design and programming. The average salary for ethical hacking offers a wide range - between $24,760 and $132,322. There are also many freelancing opportunities for one-time or part time positions, which can offer multiple opportunities and flexible pay. For graduates looking to deal with school loans or simply wishing to jumpstart their finances, the high ceiling of earning averages provides an excellent opportunity Rapid growth Ethical hacking is one of the swiftest growing areas for information technology graduates, if for no other reason than for demand. The increasingly connected internet of things is forcing companies to have a powerful online presence, which then needs to be defended. As more and more companies become connected to the internet, the need for ethical hackers to test their defenses increases as well. In fact, the United States Bureau of Labor Statistics expect to see information security analysts, a category which includes ethical hackers, to see job growth increase by as much as 28% from 2016 to 2026. This is four times the job growth that other sectors expect to see, which sits around 7%. The job growth for ethical hacking is due to the increased need for online security, and means that graduates entering the field can expect a surplus of available positions. Additionally, the constant growth of jobs equates to advanced job options, as graduates are likely to always be able to find another position if the need arises. Increasing skill sets Graduates are likely to have been focusing on one or two subjects while going through their collegiate career. Ethical hacking provides an excellent way to diversify the skills one has learned, as well as providing opportunities to grow in acclaim. Many ethical hacking positions may require brief training courses that will end with the ethical hacker being rewarded with certification and verification of skills. While often optional, this is highly recommended, as certified ethical hacking professionals earn significantly more than their non-certified peers. Ultimately, many experts believe ethical hacking to be one of the most prominent fields of information security analysis in the future. Ethical hacking is both one of the newest and one of the swiftest growing areas of InfoSec. For graduates looking to join the professional world, ethical hacking provides excellent ways to earn a great entry-level salary and bolster your abilities.
Categories: Security Posts

Hack of the day #2: Command-Line Interface helpers

Hex blog - Thu, 2019/04/11 - 13:04
The problem The “command-line input” (CLI), situated at the bottom of IDA’s window, is a very powerful tool to quickly execute commands in the language that is currently selected. Typically, that language will be Python, and one can use helpers such as idc.here() to retrieve the address of the cursor location. However, when some debuggers … Continue reading Hack of the day #2: Command-Line Interface helpers
Categories: Security Posts

Pattern Welding Explained as Wearable Art

Niels Provos - Tue, 2018/08/28 - 06:37

Pattern-Welding was used throughout the Viking-age to imbue swords with intricate patterns that were associated with mystical qualities. This visualization shows the pattern progression in a twisted road with increasing removal of material. It took me two years of intermittent work to get to this image. I liked this image so much that I ordered it for myself as a t-shirt and am looking forward for people asking me what the image is all about. If you want to get a t-shirt yourself, you can order this design via RedBubble. If you end up ordering a t-shirt, let me know if it ends up getting you into any interesting conversations!

Categories: Security Posts
Syndicate content