The Truth about Social Media Content Delivery Networks

With the rise of social media, a crossed the entire globe, companies needed a way to speed up load times for large files such as photos, videos, and software downloads. The following description comes from Wikipedia on Content Delivery Networks:

content delivery network, or content distribution network (CDN), is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end users. CDNs came into existence in the late 1990s as a means for alleviating the performance bottlenecks of the Internet,[1][2] even as the Internet was starting to become a mission-critical medium for people and enterprises. Since then, CDNs have grown to serve a large portion of the Internet content today, including web objects (text, graphics and scripts), downloadable objects (media files, software, documents), applications (e-commerceportals), live streaming media, on-demand streaming media, and social media sites.[3]

CDNs are a layer in the internet ecosystem. Content owners such as media companies and e-commerce vendors pay CDN operators to deliver their content to their end users. In turn, a CDN pays Internet service providers (ISPs), carriers, and network operators for hosting its servers in their data centers.

CDN is an umbrella term spanning different types of content delivery services: video streaming, software downloads, web and mobile content acceleration, licensed/managed CDN, transparent caching, and services to measure CDN performance, load balancing, Multi CDN switching and analytics and cloud intelligence. CDN vendors may cross over into other industries like security, with DDoS protection and web application firewalls (WAF), and WAN optimization.

Continue reading The Truth about Social Media Content Delivery Networks

Open-Source SOAR Solution : Part 1

With a industry that is tool/software centric we can lose sight on the true solution within Cyber Security. Many companies will buy a specific product to be the “silver bullet” to all their Cyber Security needs, but unfortunately that product will never truly exist. If we as an industry truly want to succeed in this game of Cat and Mouse we must go back to the basics and create “solutions” that are vendor agnostic. Many frame-works have been created to help us get their, but many of them depend on extensive knowledge and resources (People) to make them succeed.

Security Operations Automation and Response

SOAR (Security Operations Automation and Response) is a solution to be that “magic bullet”, at least according to the main vendors in this space (Splunk>Phantom, Swimlane, and Demisto>Cortex). The problem with traditional SOAR platforms is normally you get “locked” into that specific platform. You may spend hundreds of hours creating your “playbooks” to increase your automation needs, unfortunately if you ever decide to leave that specific vendor chances are you will have to re-create those playbooks. What we are doing at Sorsnce Enterprise Labs is trying to create a vendor agnostic solution to help fill this gap.

Continue reading Open-Source SOAR Solution : Part 1

Open-Source SSL Cert Management

As a Application Security Engineer/Security Researcher, I spend a lot of time tinkering within my home lab. Unfortunately, my home lab has become more than just a habit….. an obsession maybe? However, you can check out some incredible home lab setups by checking out this subreddit r/homelab. I recently posted my current server rack setup, you can find that post here.

Regardless of spending money and time tinkering within my home lab, I have never had a chance to setup a proper SSL Cert management system. I was always reminded with the self-signed certificate error messages from Firefox or Chrome.

So I decided lets go ahead and create a super simple opensource cert management system with OpenSSL.

Continue reading Open-Source SSL Cert Management

Announcing CVE-2018-12076

I am announcing a vulnerability that I found in he UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer’s MarketCard balance, and also could lead to Customer Information Disclosure.

The data (as submitted to Mitre) is below:

Vulnerability Announcement

Suggested description

vulnerability in the UPC bar code of the Avanti Markets MarketCard could  allow an unauthenticated, local attacker to access funds within the  customer’s MarketCard balance, and also could lead to Customer Information Disclosure. The vulnerability is due to lack of proper validation of the UPC bar code present on the MarketCard. An attacker could exploit this vulnerability by generating a copy of a customer’s bar code. An exploit could allow the attacker to access all funds located within the MarketCard or allow unauthenticated disclosure of information.

Continue reading Announcing CVE-2018-12076

PowerShell Anti-Virus with VirusTotal API

tl;dr We use PowerShell to continuously monitor any executed .exe files then get the file locations and pass it to the VirusTotal API to get a virus report. We use an “if else” statement to make a decision to alert our “Security Team” and to remove that file from Windows. The advantage of using this script allows the user to check with the vast amount of data in the VirusTotal database in an automated fashion. Make sure you change the variables in the Readme for PowerAV.ps1.

PowerAV is a PowerShell script designed to monitor your system processes and sends hash data to the VirusTotal cloud for analysis. This information can be very valuable/robust for your SOC (Security Operation Center), the idea would be to convert this PowerShell script to a thin client to run as a background process to monitor processes once they are triggered. This script would trip an email alert once malware was executed, see below for a screenshot of what a typical alert might look like.

Email sent from PowerAV

Continue reading PowerShell Anti-Virus with VirusTotal API

Five Things to Know about Cryptomining

Does it feel like your computer is running (or rather, crawling) slowly? You may be a victim of cryptomining—cyber criminals’ latest tool du jour. A couple of weeks ago, Reuters reported that thousands of websites, including ones run by U.S. and UK government agencies, were infected with cryptomining code. As we covered recently, many enterprising hackers also use this attack method to take advantage of the surge in online viewing activity around high-profile events such as the 2018 Winter Olympics.

Cryptomining may be the latest cyber attack rising, but what is it, exactly? According to MIT Technology Review, “Mining is a computationally intensive process that computers comprising a cryptocurrency network complete to verify the transaction record, called the blockchain, and receive digital coins in return.” In other words, “miners” work to solve complex mathematical problems in order to generate income in the form of digital currency, such as Bitcoin, Ethereum, Monero and others. This mining process requires serious hardware and significant CPU resources to “create” cryptocurrency.

To put this in perspective, a representative from Hitaveita Sudurnesja, an energy company in Iceland, said he expected “Iceland’s virtual currency mining to double its energy consumption to about 100 megawatts this year.” This is significantly more than what is used by the country’s entire population of 340,000. Continue reading Five Things to Know about Cryptomining