Defense

Creating a honeypot for CVE-2021-41773 (Path Traversal and RCE)

A path traversal vulnerability and exploit just dropped in the wild for a specific version of Apache (Apache/2.4.49). This vulnerability allows an unauthenticated attacker to execute a path traversal attack (and now shown RCE if MOD_CGI is enabled) to read files outside of the virtual directory path bounds. This only affects a single version of Apache, there’s a fair few of these online, however it’s very unlikely all are vulnerable. The vulnerability requires specific permissions to be configured.

A screenshot of a video game Description automatically generated with medium confidence

Read more “Creating a honeypot for CVE-2021-41773 (Path Traversal and RCE)”

Guides

Reporting an email as phishing in Office 365 with…

Did you ever just ignore or delete a phishing email? I mean that’s great in one sense that you won’t have any negative impact. But if the email did get past the mail security filters, you can report it using the “Mark as phishing” option.

What if as well you wanted to not only enable users to report but also pass the intelligence onto the NCSC Suspicious Email Reporting Service (SERS)? How cool would that be! Well, have no fear people, we are going to show you how easy this stuff is to deploy and configure. Read more “Reporting an email as phishing in Office 365 with NCSC SERS”

Leadership

The Art of Cyber

Cyber Security is an intersection of different activities, processes and capabilities. It uses skills from multiple traditional roles. As such the definition of it, often seems to lie in the reader. I did a poll the other day on twitter where ~30% of people thought a scenario I described wasn’t cyber because basically an “IT” person did the activity or they made assumptions that the IT person was told to do it (they were not). This led me to try and describe what Cyber means to me:

Read more “The Art of Cyber”
Defense

Can Cyber Deception be used as a force for…

Scams, Disinformation & Supply Chain Compromise

Now this might come to a shock to some of you but I’m not actually (as my LinkedIn profile currently says) Tony Stark! I know, shocking but it’s true. Why I’m experimenting with this will hopefully be apparent after reading this post (although this isn’t an explanation specifically). What I’m looking at is how deception is used from a range of perspectives from marketing, cybercrime and how we can use deception in a positive way, to actively defend ourselves from the cyber criminals! Read more “Can Cyber Deception be used as a force for good?”

Defense

Cloud Security – 26 Foundational Security Practises and Capabilities…

That is quite the catchy title don’t you agree? Ok so that needs some work and when we think about cloud security, we need to realise that Computing as a Service isn’t a silver bullet.

One Cloud to Rule them all and in the darkness bind them

Ok so the cloud was promised as the saviour of IT and Cyber security but the promise vs the reality. Well, let’s be frank, they don’t really match up. But have no fear – secure cloud design is here (omg cringe)! Ok now we have that out of my system let’s look at some basic cloud security considerations to make when thinking about cloud services.

Checklist

Ok so the world doesn’t work with a checklist however, if you are like me you will want to use lists and aides to jog the little grey cells into action. Let’s think about cloud services and security: Read more “Cloud Security – 26 Foundational Security Practises and Capabilities Checklist”

Defense

Defending against authentication attacks

Ok so my most popular blog on pwndefend is about using Hydra… so I guess that’s all the goodies using it for good things, right? Probably not but it does help people understand the weaknesses of single factor authentication systems without supplementary controls.

So, let’s look at authentication defences, but let’s do this from an attacker perspective! (The opposite of what helps an attacker usually helps defend). Crazy madness right, let’s get to it!

Foundations of Sand

Ok so authentication is a key security control in computer systems. To understand the challenge around authentication and think it’s all a technical problem is to error.

See most modern computer systems require at least two things to authenticate:

  • A Username
  • A Password

Read more “Defending against authentication attacks”

Defense

Cyber Security Tips – Keeping your digital self, safe!

Not even most of my digital life is in the enterprise security space, whilst this is great if you have access to technology budgets, security specialists and modern business class solutions, this doesn’t really fit into the general populations landscape of technology. I thought I’d take a high-level exploration of what digital security looks for people who aren’t security nerds! This is a bit of an experiment for me as it’s a journey into a world where although some things apply to me (obviously I’m human), some of this from a thinking/blogging point of view aren’t my comfort space. So, let’s see what a world outside of being a nerd look like!

Commons Risks

I’m thinking the risk landscape is still broad however when we think about risks, I reckon a general view model may look at some of the following scenarios:

  • Fraud/Scams
  • Sextortion
  • Phishing
  • Social Media Account Takeover
  • Device Theft
  • Device Loss
  • Equipment Failure/Data Loss
  • Threat from known individuals with physical access
  • Human Error

Read more “Cyber Security Tips – Keeping your digital self, safe!”

Defense

Exposed VMWARE vCenter Servers around the world (CVE-2021-22005)

There’s a new CVE in town but don’t think it’s the only problem you get when you expose administrative interfaces to the wild west of the internet (yeeha or something). Let’s go on a quick exploration of what the world looks like with the help of our friends at Shodan and then let’s see the ramblings of Dan when looking at how benign enumeration and exploration of services can work. Let’s get started looking at the world, a quick face analysis on Shodan with vmware as a product shows a hit or two, what we are going to focus on is vCenter but you know.. you might want to review your attack surfaces so any exposed services (damn people expose some risky stuff!) Read more “Exposed VMWARE vCenter Servers around the world (CVE-2021-22005)”

A screenshot of a computer Description automatically generated with medium confidence Threat Intel

CVE-2021-38647 – Open Management Infrastructure (OMI) RCE – Linux…

Situation

Ok so the situation is as per usual a bit fluid, when this first dropped I was looking at this with a “azure” lense, however as time goes on it appears this likely also covers any Linux distro with the Azure/SCOM/OMS agents installed. This may change the profile of risk considerable, not only from a public facing attack surafce but highly likely from a lateral movement persspective. I’m going to keep updating this as more intel comes in. (sorry I’d be clearer if I had a clearer picture myself)

This week 4 vulnerabilities were disclosed which affect Azure virtual machines running the Open Management Infrastructure (OMI) agent (think PowerShell remoting). As above the scope seems to be slightly wider with regard to SCOM/AZURE and OMS/Sentinel etc. agents for Linux (I want to confirm all of this but for now it seems this is the position)

Essentially these vulnerabilities allow for both network-based remove code execution (RCE) and local privilege escalation (LPE).

  • There is evidence of exploitation in honeypots.
  • There is a public proof of concept available for the RCE.
  • The internet facing attack surface from a global perspective seems low based on the data in Shodan and Censys however I’m not convinced this is currently giving a clear picture.
    • So, check your azure networks, Vms and firewalls would be a sensible idea

Read more “CVE-2021-38647 – Open Management Infrastructure (OMI) RCE – Linux hosts”

Copyright (c) Xservus Limited