Video Screencast Help
Cyber Security Group
Showing posts in English
uuallan | 15 Nov 2013 | 0 comments

On October 23rd the Internet Corporation for Assigned Names and Numbers (ICANN) announced the roll out of the first 4 gTLDS under its New gTLD Program. The new domains could pose a potential security threat to your organization.

gTLD stands for Generic Top Level Domain, these are widely used domains that are open to anyone who wants to register one like .com, .net, and .org.  gTLD domains are distinct from Country Code Top Level Domains (ccTLD) like .us, .uk, and .nz in that ccTLD often have some restrictions in place as to who can register a domain and they are maintained by the individual country's Network Informatin Center (NIC) -- though this task is often outsourced. 

Prior to the announcement of the New gTLD Program initiating a new gTLD was a costly and laborious task, in fact the last set of new gTLDs to roll out (.aero, ....

MSS Global Threat Response | 07 Nov 2013 | 0 comments

EXECUTIVE SUMMARY:

Who:  Anonymous - a politically motivated group of hacktivists (mostly US and UK based).

What:  Multiple Operations have been named by various groups, the primary two are OpNov5th and OpVendetta.  These Operations may involve Denial of Service and website defacement attacks directed at Government facilities around the world.

When:  Circa November 5th 2013.

Why:  November 5th is the anniversary for activists and hacktivists to gather online and in public to protest Government.  It is known to Anonymous members as “Guy Fawkes day”.

THREAT DETAILS:

Members of the hacktivist group Anonymous, based out of the US and the UK, have publicly stated they will target "all" government facilities across the globe in support of the ‘Occupy’ movement.  Anonymous calls this a day of "global civil...

uuallan | 15 Oct 2013 | 0 comments

One commonly used method of Distributed Denial of Service (DDoS) attack is a DNS Amplification attack.  DNS Amplification takes advantage of the stateless nature of DNS requests to create forged DNS requests through open recursive DNS servers and directs those requests to the target of the DDoS attack.

If the last sentence seemed like complete gibberish, it might help to given an example.  A hactivist decides she has a grudge against your fast food company becuase you only offer your Halloween Pumpkin Milkshake 2 months a year.  This hacker controls a botnet with 5,000 nodes, which can launch a 100 Megabit attack against your website.  This is not enough to take down your website, so you don't worry about it.  But, our determined hactivist has done his homework and identifies thousands of open resolvers.  An open resolver is a caching DNS server that allows anyone to make queries (if you have one you really should disable it).  

...
MSS Global Threat Response | 03 Oct 2013 | 0 comments

EXECUTIVE SUMMARY:

On Monday September 30, 2013, an article was posted on the Symantec Security Response blog detailing Symantec’s efforts at sinkholing 500,000 of the bots belonging to the ZeroAccess botnet. As of August 2013, the botnet is one of the largest in existence today with a population in upwards of 1.9 million computers. ZeroAccess uses peer-to-peer (P2P) as its command-and-control (C&C) communications mechanism.

In March of this year, Symantec security engineers began to study the mechanisms used by ZeroAccess bots to communicate with each other in an attempt to determine if they could be sinkholed. On June 29, they observed a new version of ZeroAccess being distributed through the P2P network. The updated version addressed the design flaw that made the botnet vulnerable to being sinkholed. However, Symantec was still successful in sinkholing a large portion of the botnet.

On July 16, Symantec began sinkholing...

Vince Kornacki | 03 Oct 2013 | 2 comments

Welcome back to the "Android Mobile Application Penetration Test Tricks" blog series! We'll continue to examine techniques that you can use while performing your own mobile application penetration tests. In our last installment we configured BusyBox, and in this installment we'll utilize BusyBox functionality in order to monitor filesystem changes during mobile application execution. Let's jump right in! First launch the emulator with the "partition-size" and "no-snapshot" options:

    $ emulator64-arm -avd myEmulator -partition-size 512 -no-snapshot

As discussed in the last installment, setting the "partition-size" option to a large value such as 512 MB will allow us to make changes to the "/system" partition. Including the "-no-snapshot" option prevents hardware configuration conflicts introduced by the "...

Vince Kornacki | 03 Oct 2013 | 1 comment

Welcome back to the "Android Mobile Application Penetration Test Tricks" blog series! We'll continue to examine techniques that you can use while performing your own mobile application penetration tests. In this installment we'll configure BusyBox, an extremely useful utility that combines tiny versions of many common UNIX utilities into a single small executable. The trusty ADB (Android Debug Bridge) command contains an option to launch a shell within the Android emulator:

    $ adb shell
    root@android:/ # pwd
    /
    root@android:/ # ls
    acct
    cache
    config
    ...OUTPUT TRUNCATED...
    ueventd.goldfish.rc...

Jeannie Warner | 18 Sep 2013 | 1 comment

EXECUTIVE SUMMARY:

On Tuesday September 17, 2013, Symantec’s Security Response organization published a whitepaper report on Hidden Lynx, a Chinese APT group of professional hackers with advanced capabilities.  Evidence suggests that Hidden Lynx is a Chinese state sponsored hacker group with affiliations to “Operation Aurora”.  This group was responsible for the compromise of security firm Bit9’s digital code-signing certificate, used to sign 32 pieces of malware.  They have been involved in a number of operations over the last four years. 

The group offers a “hackers for hire” operation that is tasked with retrieving information from a wide range of corporate and government targets.  They are a highly efficient team who can undertake multiple campaigns at once, breach some of the world’s best-protected organizations, and can quickly change their tactics to achieve their goal. 

They usually...

Vince Kornacki | 16 Sep 2013 | 0 comments

Just like a web application penetration test, a mobile application penetration test is not voodoo magic, but rather an exercise in knowledge, prioritization, and efficiency. During years of hard work, penetration testers hone their methodology and develop efficient ways of applying their knowledge in order to identify specific vulnerabilities within mobile applications. The "Android Mobile Application Penetration Test Tricks" blog series will examine some techniques that you can use while performing your own penetration tests. The same concepts apply to conducting application penetration tests within Apple iOS, but obviously the implementation details are different.

In order to get your Android emulator functional, please refer to Christopher Emerson's excellent "Android Application Security Assessments" blog series. Learn how to...

phlphrrs | 27 Aug 2013 | 0 comments

Now, more than ever, is it important to demand that your cloud services provider provides complete transparency regarding the security and compliance measures they use and have in place to protect your companies’ sensitive information and intellectual property.  The more that companies drive critical IT and Data from the many distributed corporate data centers to a smaller number of cloud services could result in potential disaster for companies around the world when transparency is not made available, whether purposely or by sheer oversight.  In meeting with many customers, I’m discovering that while there are many large cloud service providers that offer quite an array of services and capabilities, there is little to no transparency regarding security and compliance information transparency.  For instance, many cloud providers have their own firewalls, monitoring and controls to ensure that attacks, APTs, malware and otherwise unauthorized activity, but...

Joseph.Rogalski | 26 Aug 2013 | 0 comments

Many times penetration tests are conducted because they are required because of policy or for compliance that may be for an industry or legal requirement.   This is all well and good and when issues are discovered and there always are issues we prioritize and address them. 

I was visiting with a customer recently who was going through a fire drill as there was a mass phishing attack yesterday on their company that appeared to come from Human Resources and was offering a free $25 gift card and the user just needed to login with your domain username and password then enter your home address.   My customer was trying to identify who internally received the email and was looking to their spam and mail protection provider to quickly provide this to no avail.  Unfortunately for my customer Information Security does not own this service and as we progressed further in the conversation he proceeded to tell me all the issues they are having with it....