Defense
By default, a ‘domain user’ can read mostly everything in active directory. I’m not sure every sysadmin knows this as I often find passwords stored in the description filed (see the example screenshot, this was from a domain user with no third-party tools leveraged). Read more “New Year , New You! Securing Active Directory”
Defense
I’ve spent the last 24 hours (including a sleeps) gathering intel, testing in the lab and looking at what the path traversal and RCE for the F5 BIG-IP as outlined in CVE-2020-5902 looks like.
Well I’ll be honest.. the whole scenario is a bit of a bloody mess! We’ve got people leaving management interfaces exposed to the internet, we’ve got a vulnerability that’s incredibly old in a security appliance (it’s not exactly uber 1337 either) and we’ve had the release scenario that’s probably ruined peoples weekends and weeks (I’m not going into an Offensive Securitry Tools debate/argument, if you want that go talk to a brick wall or someone else!)
CTF
Today we look at a vulnerable web application room based upon the Hitman series!
https://tryhackme.com/room/gamezone
This is a fun room where we see an old but common vulnerability in untrusted user input lead to sensitive information disclosure (hashed credentials) which results in a threat actor gaining initial access. From here we then discover there is a weak security configuration (in effective network segmentation) and a vulnerable unpatched service. This chain leads to total system compromise. Read more “Try Hack Me: Part 5 – Game Zone”
Guides
Covenant is a .NET c2 (Command & Control) Framework that aims to highlight the attack surface of .NET and aid red teamers! Today I’m going to jump into slip space with a Halo themed blog on my first use of Covenant in the lab. Let’s hope I don’t need Cortana to get this deployed (yes I’m a massive Halo nerd!)
First thing let’s head over to GitHub and check out the install notes:
The architecture seems to look like this:
Read more “Owning the Covenant like a Chief! – C2 Framework Review”
Defense
Yesterday I published a quick blog which looked at what we could do an out of the box Windows server to monitor file integrity and audit/alert upon actions such as modify or deletes. This is however rather clunks and not really for business use, so next stop the open source world! Today we are going to look at OSSEC! Now before some people go mad about security and open source…. OSSEC is used in Alien Vault’s solution, is compliant with PCI and is used worldwide by loads of organisations and universities etc. Open source tools and security go hand in hand, stop with your crazy talk! Now we’ve got that rant over with let’s get onto the fun business!
OSSEC is an open source host intrusion detection solution which we can use to upgrade our auditing and alerting solution to be more feature rich and provide a centralised solution, for more info on OSSEC please visit their website – https://www.ossec.net/ Read more “Upgrading our file integrity monitoring solution using open source technologies – Part 1”
Breach
As reported across major news networks over the world, British Airways has suffered a data breach that not only includes customer data but also includes payment details. Details from 380,000 customers have been accessed by an unauthorised third party. More details can be found on news sites such as:
https://www.theregister.co.uk/2018/09/06/british_airways_hacked/
https://www.bbc.com/news/uk-england-london-45440850
It’s likely that attackers have compromised a web service which is linked to payment services, however no specific details have been released yet so until then we can only speculate.
In this post we look at the information reported by British Airways, guidance for customers from BA, ourselves and NCSC but also we discuss the steps business’s should be taking to ensure they have a strong security posture, especially where customer data is concerned. Read more “British Airways breach”
Defense
I’ve worked with a lot of organisations over the years and seen lots of ways of doing certain things. Policy implementation is one of those! I’m in a fortunate position where I get to see different people’s policy documents, their systemic implementations and even interview staff to see how these work on the ground. So, I thought I’d write about password policies!
Humans like to be efficient and people also struggle to deal with the huge volume of identify management and authentication solutions they are presented with. Just think, how many passwords are required in everyday life?
The list goes on and on! Then let’s add in corporate IT services….
Anyone who’s worked in an office will have seen familiar sites of the following:
Threat Intel
Welcome to another threat update, this week we look at some interesting twitter dumpster fires and a highly targeted ransomware campaign
You got root sir but that’s not a hack! The world turns upside-down and inside out when @cybergibbons and a band of hackers go on rage mode at the claims from John McAfee and BitFi that their wallet is un-hackable and the ‘restrictions’ placed on the bug bounty.
https://twitter.com/officialmcafee/status/1024385313966379010
@ingnl caused some fun when they recommend not using password managers which went down well with the twitter infosec community. Just so everyone is aware, we recommend using a password manager.
Defense
Phishing is very likely the most common attack vector, in fact so common that the following stat is called out:
“a 2016 study reports that 91% of cyberattacks and the resulting data breach begin with a phishing email”
Setting up the Social Engineering toolkit or custom phishing solution takes a little time, luckily Microsoft have added in attack simulation features into Office 365! This let’s in house teams perform a range of simulated attacks in safe manner against your organisation. In this post we are going to run through the steps required to create and run a phishing attack simulation!
Threat Intel
Welcome to another Threat Week update, today we are going to look at some of the active threats in the wild and in the news.
Common attack vectors are still the usual suspects. Phishing, drive by infections, insecure internet exposed services (e.g. FTP, RDP, SSH, web services etc.) We’ve seen phishing attacks using legitimate services such as Zoho CRM to hijack their mail domain to bypass mail filters, so again good education plus technical controls are the best defence against these attacks.
Xservus run a vulnerable lab which hosts honeypots, web services and is used to detect threats. The following graph showcases external threats detected. Read more “July Threat Update”
