Video Screencast Help
Cyber Security Group
Showing posts in English
Vince Kornacki | 16 Jan 2014 | 0 comments

In the last installment we planned the vertical password guessing attack and optimized our wordlist. Now let's get our hands dirty! Attackers utilize a variety of tools to automate password guessing attacks, including Hydra, Nmap in conjunction with the http-form-brute script, and homegrown scripts. However, for the purposes of this exercise we'll use Burp Suite Pro, the Swiss Army Knife of web application penetration testing. We'll leverage Burp Intruder functionality to launch the password guessing attack. Note that Burp Intruder functionality is only available within the commercial Burp Suite Pro, not the free Burp Suite. However, at only $299 per user per year, Burp...

Robert Shaker | 15 Jan 2014 | 0 comments

Google’s acquisition of Nest brings back memories from an old blog post I wrote a couple years back. One that was pontificating on the great advances in IP connected devices; way past phones, video game systems, video cameras, televisions to coffee machines, home lighting and HVAC, vehicle alarms, refrigerators, ovens, and heck, maybe toilets.

What a great world it will be when my refrigerator sends me a text message or posts to Facebook or OmniFocus that I need to buy milk and salami. It will be even better when I can log into my oven and tell it to turn on and cook a pot roast at 350 degrees for 4 hours so I come home to a great slow cooked meal or when my oven contacts the fire department when it lights my house on fire. I'm sure over time this great technology will be adopted by supermarkets to manage their nationwide chains remotely to ensure proper temperatures are maintained in their coolers and freezers and to then communicate with the refrigerator to automatically...

Jeannie Warner | 07 Jan 2014 | 1 comment

You spoke up, we listened! We know that information is only as useful as it is easy to find, access, and use – especially security intelligence. It’s our goal to continue to make it easier for the right team members to get the right information quickly. Thanks to input from our faithful customers, we have added the following new functionality to the DeepSight portal:

  • Groups – now user administrators can create groups within their organization, assign vulnerabilities to people within those groups, and create reports by individuals within the group to improve the activity tracking
  • ‘Cloning’ a current account – to save time in setup for a new user, customers can now clone an existing account with all the privileges of another user, and then simply specify the contact information
  • Introducing workflow tracking– when a user wants to assign alerts and review the activity on that alert, we can now track and report on this functionality throughout the...
MSS Global Threat Response | 06 Jan 2014 | 0 comments

Since the 14th of December, the SOC has noticed a substantial increase in the quantity of PHP code inclusion attacks against MSS customers. Specifically, attempts to compromise and infect internet facing webservers by injecting malicious PHP code have been observed. While the primary vulnerability being targeted (CVE-2012-1823) isn’t new, a significant uptick in attempts to exploit it is worthy of note. Proof of concept exploit code has been publically available for some time. At this time, it appears that only Linux webservers running out of date versions of PHP are vulnerable.

php-attack-blog-1.png

At the time of this post, more than sixty SOC customers have been affected by these exploit attempts. There is no clear correlation between this activity and any individual industry vertical, with customers in health, financial, telecommunications, local government, and more being...

uuallan | 26 Dec 2013 | 2 comments

Over the last few weeks Symantec has seen a significant spike in NTP reflection attacks accross the Internet.

NTP_Spike_0.png

NTP is the Network Time Protocol, it is a relatively obscure protocol that runs over port 123 UDP and is used to sync time between machines on a network.  If you have ever set up a home computer or server and been asked which time server you want to use, that is an NTP connection.

NTP is one of those set-it-and-forget-it protocols that is configured once and most network administrators don't worry about it after that.  Unfortunately, that means it is also not a service that is upgraded often, leaving it vulnerable to these reflection attacks.

How do NTP reflection attacks work?

Similar to DNS amplification attacks, the attacker sends a small forged packet that requests a large amount of data be sent to the target IP...

Vince Kornacki | 18 Dec 2013 | 0 comments

In our last blog series we explored horizontal password guessing attacks. Check out Horizontal Password Guessing Attacks Part I and Part II in case you missed them. This time we'll test our web application with vertical password guessing attacks. Whereas horizontal password guessing attacks entail trying only a few common passwords against a long list of usernames, vertical password guessing attacks entail trying a long list of passwords against a single username. But where do you get a long list of passwords? Wordlists are readily available on the internet. For example, CrackStation offers a ridiculous 15 GB wordlist containing 1,493,677,782 words. CrackStation also offers a more practical 684 MB wordlist containing approximately 64 million common passwords. However, before getting our hands dirty let's consider several important factors:

  • Does the web application allow valid account determination? For example, does login functionality return deterministic error...
Trent Healy | 11 Dec 2013 | 0 comments

 

Customers tend to ask me "how do I integrate data loss prevention into my enterprise"? Before any integration of a data loss solution, I give my customers an idea of where data loss can help them. Lets me discuss in an abstract case study.

One large oil company was concerned with losing their bid data to their competitors, and they wanted to understand how a data loss prevention solution can help guard their intellectual property. First to understand the threat to bid data we should start by understanding the underlying business processes that create that data (note: this is not all the processes involved, merely an abstract)

  1. The company performs a geological survey on land that is up for bid to see if it will produce oil, natural gas, etc. During this stage scientists are deployed to the land to do drilling and deploy equipment to view the layers of earth and rock below the surface of the land.
  2. Scientists...
Joseph.Rogalski | 04 Dec 2013 | 0 comments

As most of us have come to realize not all data is created equal and it should not be protected equally. Lets face it treating everything equal equals nothing but failure, frustration and a big bite out of your budget.  That being said we do need to protect our most valuable data appropriately based on risk and value or possible compliance requirements from cyber attacks.  What would happen if the most important data was encrypted by malware and held for ransom?  There is a very nasty piece of malware named cryptolocker that is doing just that.

Cryptolocker is a very nasty piece of malware that is encrypting Windows files shares and locking users out of their files.  The malware encrypts Office documents and other commonly used documents then denies access to the files.  Users are required to pay $300 for to have the files unencrypted and have a limited time to do so, 72 hours, before the private key is destroyed.  Researchers at...

Vince Kornacki | 15 Nov 2013 | 0 comments

​If security is a heavy duty chain, what's the weakest link? I'll give you a hint, it might be scribbled on a little yellow sticky note stuck on your monitor or stashed under your keyboard! That's right, passwords are the culprit! Brute force password guessing attacks are a favorite technique of malicious attackers everywhere. Whether the target is an SSH server, a financial web application, or a webmail application, as you read this sentence an attacker somewhere is launching a brute force password guessing attack. And before you finish this blog post, that attacker has likely cracked a password or two.

So what's the solution? Account lockout is widely regarded as an effective deterrent to brute force password guessing attacks. After a certain number of unsuccessful login attempts within a certain amount of time, the target user account is locked out for a certain amount of time. For example, after three unsuccessful login attempts within one hour, the target user account...

Vince Kornacki | 15 Nov 2013 | 0 comments

Welcome back! In our last installment we started planning our horizontal password guessing attack by identifying the ten most common passwords. Hopefully none of those terrible passwords are scrawled on little sticky notes anywhere in the vicinity of your cubicle! But what about usernames?  What usernames should we guess? If the target application employs an established username format, you can easily predict common usernames. For example, consider an application that constructs the username by combining the user's first initial and last name. For example, the username for John Doe would be "jdoe". According to the United States Social Security, these are the top ten male names issued during the 1980's:

      1. Michael
      2. Christopher
      3. Matthew
      4. Joshua
   ...