![]() |
|
|
|
Why we Don't Deserve the Internet: Memcached Reflected DDoS Attacks., (Tue, Feb 27th)Let me start off by saying: If you have a memcached server in your environment that is exposed to the internet, then you should stop scanning for them, and spend your time writing a resume instead. Either because you do not want to work in an utterly incompetent organization like that, or if you are responsible for the exposed server, then well.. write a resume for a simpler job. (I was going to suggest a job here. But I can't come up with a job a sysadmin would be qualified for in a case like this)
Categories: Security
ISC Stormcast For Tuesday, February 27th 2018 https://isc.sans.edu/podcastdetail.html?id=5887, (Tue, Feb 27th)Categories: Security
Cracking AD Domain Passwords (Password Assessments) - Part 1 - Collecting Hashes, (Mon, Feb 26th)In my last 2 posts we discussed recovering passwords in a penetration test, first by using password spraying and then by using LLMNR (using the responder tool). In both cases we discussed that it’s pretty likely that you’ll recover domain admin credentials in these steps.
Categories: Security
ISC Stormcast For Monday, February 26th 2018 https://isc.sans.edu/podcastdetail.html?id=5885, (Mon, Feb 26th)Categories: Security
Retrieving malware over Tor on Windows, (Sun, Feb 25th)I found an easier way to retrieve malware over Tor on Windows, using free open-source software.
Categories: Security
Blackhole Advertising Sites with Pi-hole, (Sun, Feb 25th)A coworker told me a few weeks ago that he started using Pi-hole to block all advertising and that got me curious. I checked the hardware requirements and already had a server I could install this on. I used CentOS 7.4 as my platform but before starting, make sure selinux isn't running because it isn't supported (It is one of the checks the installation script does). To check execute:
Categories: Security
ISC Stormcast For Friday, February 23rd 2018 https://isc.sans.edu/podcastdetail.html?id=5883, (Fri, Feb 23rd)Categories: Security
CIS Controls Version 7, (Fri, Feb 23rd)The Center for Internet Security (CIS) has been working diligently to update the CIS Controls (formerly known as the Critical Security Controls). A compelling feature of the CIS Controls is their regular updates that reflect the current cyber threats that face organizations, both small and large. The CIS Controls are the product of a truly global collaboration effort. “The CIS Controls have always been the product of a global community of adopters, vendors, and supporters, and V7 will be no exception,” said Tony Sager, CIS Senior Vice President and Chief Evangelist for the CIS Controls.
Categories: Security
Troy Hunt has just updated his list of "pwndpasswords" to over half a billion! Download is here for anyone doing password cracking: https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/, (Thu, Feb 22nd)=============== Rob VandenBrink Metafore
Categories: Security
Passwords Part 2 - Passwords off the Wire using LLMNR, (Thu, Feb 22nd)We ended yesterday’s story with what we hope was a successful password spray. Let’s assume that we can then use one of the accounts we harvested in that exercise to VPN in and RDP to a host on the inside network.
Categories: Security
ISC Stormcast For Thursday, February 22nd 2018 https://isc.sans.edu/podcastdetail.html?id=5881, (Thu, Feb 22nd)Categories: Security

Hashcat 4.1.0 is released today. Some algo's added, but primary for me is a 10-20% performance boost for common hashes. https://hashcat.net/forum/thread-7317-post-39390.html#pid39390 , (Wed, Feb 21st)=============== Rob VandenBrink Compugen
Categories: Security
Should We Call it Quits for Passwords? Or, "Password Spraying for the Win!", (Wed, Feb 21st)Ok, maybe that's a bit dramatic. But for most companies with web services, the answer is a serious "yes" for ditching passwords for those services. Why is that? Let's talk about how the typical external pentest might go.
Categories: Security
ISC Stormcast For Wednesday, February 21st 2018 https://isc.sans.edu/podcastdetail.html?id=5879, (Wed, Feb 21st)Categories: Security
Statically Unpacking a Brazilian Banker Malware, (Tue, Feb 20th)After going through an almost endless amount of encoded droppers and loader scripts while analyzing a Brazilian banker, I finally managed to reach the actual payload, an interestingly packed/encrypted banking malware. How I statically unpacked this payload is the subject of today’s diary and I hope it will help you in your future analysis.
Categories: Security
ISC Stormcast For Tuesday, February 20th 2018 https://isc.sans.edu/podcastdetail.html?id=5877, (Tue, Feb 20th)Categories: Security
Analyzing MSI files, (Mon, Feb 19th)Xavier wrote a diary entry about an interesting malware sample: MSI files.
Categories: Security
ISC Stormcast For Monday, February 19th 2018 https://isc.sans.edu/podcastdetail.html?id=5875, (Mon, Feb 19th)Categories: Security
Finding VBA signatures in .docm files, (Sun, Feb 18th)Last week I researched how to detect signed VBA code in Word .doc files.
Categories: Security
|