Defense
Ok so i’ve been showing how alot of things do NOT get audited in Windows out of the box (on Twitter obviously) so I thought I’d export the CSV which you can import to enable some of the advanced logging features into a GPO without so many clicks (RSA sucks!)
So here is a CSV file that you can use to import! this isn’t everything you need to do, but it’s a start!
Read more “Make Logging Great Again (MLGA)”
Defense
CVSS 9.1 – CWE-35
“A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.
The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.”
On the 16/11/2020 a POC for a range of CISCO device vulnerabilities was released on GitHub by https://twitter.com/frycos.
Read more “CVE-2020-27130 – Path Traversal on CISCO Security Manager”
Defense
If your VPN can be brute forced, I hate to break it to you, but it’s got a bit of a design/implementation problem! Now I’m not going to go into VPN RCE’s (we’ve seen a lot of them in recent times) but let’s look at what we can do to protect our remote access services! Read more “Secure Remote Access VPN”
Defense
Imagine the scenario… your environment is fully cloud based. there are no domain controllers, you have no “corporate” network and every device is an island. Here we are going to explore what that world might look like from a security pov. This is the modern Windows environment.
As a security professional on either the offensive of defensive side you have a new landscape to deal with. No longer are you running responder and moving latterly via WMI/RPC, PowerShell or RDP, because well there isn’t a ‘network’ per say. Read more “Modern Windows Device Security Assurance”