CVE-2020-27130 – Path Traversal on CISCO Security Manager

CVSS 9.1 – CWE-35

“A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.

The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.”

On the 16/11/2020 a POC for a range of CISCO device vulnerabilities was released on GitHub by https://twitter.com/frycos.

Read more “CVE-2020-27130 – Path Traversal on CISCO Security Manager”

Secure Remote Access VPN

If your VPN can be brute forced, I hate to break it to you, but it’s got a bit of a design/implementation problem! Now I’m not going to go into VPN RCE’s (we’ve seen a lot of them in recent times) but let’s look at what we can do to protect our remote access services! Read more “Secure Remote Access VPN”

Modern Windows Device Security Assurance

Imagine the scenario… your environment is fully cloud based. there are no domain controllers, you have no “corporate” network and every device is an island. Here we are going to explore what that world might look like from a security pov. This is the modern Windows environment.

  • Devices are enrolled to Azure AD
  • Devices are managed by Intune
  • Office 365 is deployed in cloud only mode

As a security professional on either the offensive of defensive side you have a new landscape to deal with. No longer are you running responder and moving latterly via WMI/RPC, PowerShell or RDP, because well there isn’t a ‘network’ per say. Read more “Modern Windows Device Security Assurance”

Things you wish you had done!

Hindsight is great

When you get online/into the virtual office at 0900 on a Monday morning the last thing you want to be greeted with is something like this:

Ransomware and various other major cyber incidents are not fun to deal with, they hard everyone, from the end customer, your staff and ultimately your bottom line. We hate ransomware so we’ve put together a quick list of things to think about to help you prepare not only to prevent but also to respond so that hopefully your security posture holds strong but also if it does falter you can recover in a timely manner without any bitcoin payments being made! Read more “Things you wish you had done!”

Living without FEAR, UNCERTAINTY & DOUBT

Lack of HTTPS does not automatically mean that you…

An industry mainly filled with good people but too many sharks

It’s becoming more and more common, I see content posted online, I hear people in meetings (hell I’ve been invited into some ‘opportunities’) and the basic theme seems to be:

  • Fill your profile with as many buzzwords as possible
  • Try and make your organisation seems legit and have links to the police and security services
  • Call out crazy stuff like the lack of HTTPS as “TOTALLY COMPROMISED”
  • Ignore science
  • Post sales adverts under Security Services and Police posts to leach ‘authority’
  • Constantly use statistics to back up their position
  • Use social swarming (multiple people from the same company will rally around to defend/attack someone who questions the narrative)
Read more “Lack of HTTPS does not automatically mean that you are “totally compromised”!”

Regular Security Operations Activities – Small Business Edition

Introduction

Barely a day goes by without reading about a new breach, organisations both large and small are under constant thread from cyber criminals and most organisations are either living in ignorant bliss or are one mistake away from being pwn3d. To this end I wanted to publish a list of activities that small businesses can conduct on a regular basis to help improve their security posture. The focus here is on organisations that operate an active directory domain environment but some of the areas can apply to many systems/architectures.

Read more “Regular Security Operations Activities – Small Business Edition”

Cyber Incident Response – Have you planned to fail?

Drill, drill more and drill again

I’ve worked with hundreds of companies over the years and one area I consistently see them struggle with is incident response drills. Sure I see some board level table top simulations but nothing says i’m ready more than practising actual responses.

In table tops people mainly assume the log files exist, they assume the resources are there, they assume the best. I’m not a pessimist but I assume breach and assume things will go wrong (even with preperation).

So to help people I put together an Incident Response planning toolkit workbook. This excel document is a rough guide of different types of incidents and different horror levels (there’s a cool D00M flavoured easter egg in there too). Now one thing, you will need to tailor this. BEC for example can be very simple to repel and remediate, however the cost and impact of BEC can be huge (even if it’s a single mailbox) so take the numbers in here with a pinch of salt and tailor it to suit your needs.

Fail to Plan, Plan to Fail

Failing to plan for a cyber incident both large or small is a sure fire way to ensure you are planning to fail! So with this in mind we thought we’d share a quick workbook to try and kick start your mind into NOT planning to fail!

Read more “Cyber Incident Response – Have you planned to fail?”

Learn all the things!

Many of you will know I’m a massive fan of learning all the things, but also I’m a huge fan of sharing intel, knowledge and experiances because I know when you are starting in a field, the world can seem too big to know things! So to this end, I’ve put together a quick list of tools that I believe are required you have some knowledge of for the PenTest+.

Where possible links to tools and download locations have been provided. Clearly you can deploy a security testing distro such as Kali Linux, Parrot etc. buy you may want to simply install Ubunt or use Windows and WSL 2. Read more “Learn all the things!”

17 Remote Code Execution Vulnerabilities in this month’s patch…

Windows DNS Server

This is really a major issues for Active Directory Domain Controllers.
CVE-2020-1350 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

We can see there are 2,133 servers on Shodan that are exposed however this exploit doesn’t rely on exposure, a client request from inside the network to a malicious DNS server could be used to exploit the domain controller. Read more “17 Remote Code Execution Vulnerabilities in this month’s patch Tuesday release!”

Perimeter Security Vendor Hell – Unauthenticated RCE’s and other…

Disclaimer

If your can’t take an honest view on real challegnes we face you probably want to click the back button now!
The three laws of IT apply:

  • Software has bugs
  • Hardware breaks
  • Humans Make Mistakes

It doens’t mean however we shoulnd’t strive to do better! so now that’s out of the way here’s a fast blog on shit you should care about and patch (if you haven’t already!)

Also please note these are not ALL the vulnerabilities you should care about, just some choice ones that are enough to make you cry!

Introduction

“Don’t worry, we’ve got that behind a firewall or VPN!” is something I’ve heard a lot over the years, which to be honest is starting to look more and more worrying. Think that’s just me giving my opinion? Well think again, here we have collated SOME of the vulnerabilities in security products which if unpatched/mitigated really leave you. well quite insecure!

Read more “Perimeter Security Vendor Hell – Unauthenticated RCE’s and other crazy you didn’t want in your security devices!”
Copyright (c) Xservus Limited