With the rise of social media, a crossed the entire globe, companies needed a way to speed up load times for large files such as photos, videos, and software downloads. The following description comes from Wikipedia on Content Delivery Networks:
A content delivery network, or content distribution network (CDN), is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end users. CDNs came into existence in the late 1990s as a means for alleviating the performance bottlenecks of the Internet, even as the Internet was starting to become a mission-critical medium for people and enterprises. Since then, CDNs have grown to serve a large portion of the Internet content today, including web objects (text, graphics and scripts), downloadable objects (media files, software, documents), applications (e-commerce, portals), live streaming media, on-demand streaming media, and social media sites.
CDNs are a layer in the internet ecosystem. Content owners such as media companies and e-commerce vendors pay CDN operators to deliver their content to their end users. In turn, a CDN pays Internet service providers (ISPs), carriers, and network operators for hosting its servers in their data centers.
CDN is an umbrella term spanning different types of content delivery services: video streaming, software downloads, web and mobile content acceleration, licensed/managed CDN, transparent caching, and services to measure CDN performance, load balancing, Multi CDN switching and analytics and cloud intelligence. CDN vendors may cross over into other industries like security, with DDoS protection and web application firewalls (WAF), and WAN optimization.
With a industry that is tool/software centric we can lose sight on the true solution within Cyber Security. Many companies will buy a specific product to be the “silver bullet” to all their Cyber Security needs, but unfortunately that product will never truly exist. If we as an industry truly want to succeed in this game of Cat and Mouse we must go back to the basics and create “solutions” that are vendor agnostic. Many frame-works have been created to help us get their, but many of them depend on extensive knowledge and resources (People) to make them succeed.
Security Operations Automation and Response
SOAR (Security Operations Automation and Response) is a solution to be that “magic bullet”, at least according to the main vendors in this space (Splunk>Phantom, Swimlane, and Demisto>Cortex). The problem with traditional SOAR platforms is normally you get “locked” into that specific platform. You may spend hundreds of hours creating your “playbooks” to increase your automation needs, unfortunately if you ever decide to leave that specific vendor chances are you will have to re-create those playbooks. What we are doing at Sorsnce Enterprise Labs is trying to create a vendor agnostic solution to help fill this gap.
As a Application Security Engineer/Security Researcher, I spend a lot of time tinkering within my home lab. Unfortunately, my home lab has become more than just a habit….. an obsession maybe? However, you can check out some incredible home lab setups by checking out this subreddit r/homelab. I recently posted my current server rack setup, you can find that post here.
Regardless of spending money and time tinkering within my home lab, I have never had a chance to setup a proper SSL Cert management system. I was always reminded with the self-signed certificate error messages from Firefox or Chrome.
So I decided lets go ahead and create a super simple opensource cert management system with OpenSSL.
I am announcing a vulnerability that I found in he UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer’s MarketCard balance, and also could lead to Customer Information Disclosure.
vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer’s MarketCard balance, and also could lead to Customer Information Disclosure. The vulnerability is due to lack of proper validation of the UPC bar code present on the MarketCard. An attacker could exploit this vulnerability by generating a copy of a customer’s bar code. An exploit could allow the attacker to access all funds located within the MarketCard or allow unauthenticated disclosure of information.
tl;dr We use PowerShell to continuously monitor any executed .exe files then get the file locations and pass it to the VirusTotal API to get a virus report. We use an “if else” statement to make a decision to alert our “Security Team” and to remove that file from Windows. The advantage of using this script allows the user to check with the vast amount of data in the VirusTotal database in an automated fashion. Make sure you change the variables in the Readme for PowerAV.ps1.
PowerAV is a PowerShell script designed to monitor your system processes and sends hash data to the VirusTotal cloud for analysis. This information can be very valuable/robust for your SOC (Security Operation Center), the idea would be to convert this PowerShell script to a thin client to run as a background process to monitor processes once they are triggered. This script would trip an email alert once malware was executed, see below for a screenshot of what a typical alert might look like.
Does it feel like your computer is running (or rather, crawling) slowly? You may be a victim of cryptomining—cyber criminals’ latest tool du jour. A couple of weeks ago, Reuters reported that thousands of websites, including ones run by U.S. and UK government agencies, were infected with cryptomining code. As we covered recently, many enterprising hackers also use this attack method to take advantage of the surge in online viewing activity around high-profile events such as the 2018 Winter Olympics.
Cryptomining may be the latest cyber attack rising, but what is it, exactly? According to MIT Technology Review, “Mining is a computationally intensive process that computers comprising a cryptocurrency network complete to verify the transaction record, called the blockchain, and receive digital coins in return.” In other words, “miners” work to solve complex mathematical problems in order to generate income in the form of digital currency, such as Bitcoin, Ethereum, Monero and others. This mining process requires serious hardware and significant CPU resources to “create” cryptocurrency.
Let us clarify right away, we are not talking about how to track your own cell phone in case it’s lost or stolen. We are talking about tracking everyone that lives, breathes and wears a cell phone.
This is actually incredibly easy and we think that people should be aware of that.
If a representative of a phone service provider with 10 million customers came into my office and asked this question “What would it take to track every move of our 10 million customers?”. My answer would be “An intern and 6 months“. Then we’d insist the intern will need a desk, a computer, basic programming and algebra skills. That’s all it takes.
Imagine for a minute that you are the intern in question. Congratulations and welcome to our company! Your internship begins now, this document will introduce you to everything you need to know.
We’ll go over the basics of cellular networks, geolocation principles, technologies readily available in every cell phone and how to leverage all of that into a truly real-time planet-scale mass surveillance system.
When I sit across the table from CISOs and ask, “has your organization been affected by ransomware recently?” the answer is almost always “of course!” However, when asked on how they are handling it, they are typically looking to me for an answer. While I believe that training the human and having in-line security appliances are certainly important, I wanted to share a solution that uses resources already built into Windows. This solution utilizes PowerShell and Windows File Services Resource Manager to automatically lock out a user account when ransomware activities are detected.
Installing FSRM First and foremost, you will need to set up FSRM on your file servers. This feature is part of the File Services Role and can be installed with the following PowerShell command (all one line).
I have been in the IT Security field for about 5 years now, and starting with desktop support and administration we always needed a way to have console access to our Cisco equipment just in case the internet went down or there was a configuration issue with our equipment. With this solution it does just that, grants physical access to remote users. Required equipment to set up console access and remote reboot.
To setup console access you must have a CradlePoint activated with a valid SIM card. Plug your Raspberry Pi into port 2 on the CradlePoint (port 1 is set to NAT by default) this will give you a public IP address. You should be able to SSH into your Raspberry Pi at this time, log into the pi and install picocom:
pi@raspberry:~ $ sudo apt-get install picocom
Now plug your serial cable into the raspberry pi. Change directories to the /dev and run the following command.
pi@raspberry:/dev $ sudo picocom ttyUSB0
Now you should have console access to your Cisco equipment.