Friday, July 28, 2017

Lazy BlackHat Presentations Crawler

Many infosec professionals joined Las Vegas to attend the BlackHat security conference. As I’m not part of those lucky people so I’m waiting for the presentations (they are published when the talk is completed). But I don’t have time to lose sitting in front of my computer and pressing F5… So let’s crawl them automatically…

curl -s\ 
| egrep '*\.pdf' \
| awk -F '"' '{ print $4 }' \
| while read URL
  F=$(basename $URL)
  if [ ! -r $F ]; then
     curl -s -o $F $URL
     echo "Scrapped $f"

Quick and dirty but it works…

[The post Lazy BlackHat Presentations Crawler has been first published on /dev/random]

from Xavier

[SANS ISC] TinyPot, My Small Honeypot

I published the following diary on “TinyPot, My Small Honeypot“.

Running honeypots is always interesting to get an overview of what’s happening on the Internet in terms of scanners or new threats. Honeypots are useful not only in the Wild but also on your internal networks. There are plenty of solutions to deploy honeypots with more or less nice features (depending on the chosen solution). They are plenty of honeypots which can simulate specific services or even mimic a complete file system, computer or specific hardware… [Read more]


[The post [SANS ISC] TinyPot, My Small Honeypot has been first published on /dev/random]

from Xavier

"NIST Has Spoken - Death to Entropy, Love Live the Passphrase!"

NIST has spoken, and I could not be more excited. For years the security community has inflicted one of the most painful behaviors to date, the dreaded, complex password. I've watched many times in horror as security researchers made fun of ordinary computer users for using simple passwords, often calling out hacked databases of passwords … Continue reading NIST Has Spoken - Death to Entropy, Love Live the Passphrase!

from lspitzner

Friday, July 21, 2017

TLS 1.2 Support added to Windows Server 2008

This post is authored by Arden White, Senior Program Manager, Windows Servicing and Delivery.

As a follow-up to our announcement regarding TLS 1.2 support at Microsoft we are announcing that support for TLS1.1/TLS 1.2 on Windows Server 2008 is now available for download as of July 18th, 2017. We’re offering this support in recognition that our customers have a strong demand for support for these newer protocols in their environment and in recognition of the extended lifetime of Windows Server 2008 under the Windows Server Premium Assurance offering.

This update for Windows Server 2008 will include support for both TLS 1.1 and TLS 1.2. For application compatibility purposes, these protocols will be disabled by default in a manner similar to the TLS 1.1/TLS 1.2 support that was disabled by default in Windows 7 and Windows Server 2008 R2. After downloading and installing the update these protocols can be enabled by setting the registry keys described in KB4019276.

This update is being made available on the following timeline:

Release Date Channels Classification
July 18, 2017 Microsoft Catalog
August 15, 2017 Windows Update/WSUS/Catalog Optional
September 12, 2017 Windows Update/WSUS/Catalog Recommended

from Microsoft Secure Blog Staff

Thursday, July 20, 2017

[SANS ISC] Bots Searching for Keys & Config Files

I published the following diary on “Bots Searching for Keys & Config Files“.

If you don’t know our “404” project, I would definitively recommend having a look at it! The idea is to track HTTP 404 errors returned by your web servers. I like to compare the value of 404 errors found in web sites log files to “dropped” events in firewall logs. They can have a huge value to detect ongoing attacks or attackers performing some reconnaissance… [Read more]


[The post [SANS ISC] Bots Searching for Keys & Config Files has been first published on /dev/random]

from Xavier

Tuesday, July 18, 2017

A commitment to security and transparency at Microsoft Inspire 2017

Microsoft Inspire (formerly Worldwide Partner Conference) gathered 16,000 attendees from around the world last week in Washington DC. At the event, Microsoft reaffirmed its commitment to its partners and its mission to “empower people to be more productive”. To kick off an exciting week, CEO Satya Nadella made five major announcements during the first vision keynote, including the introduction of Microsoft 365.

Commitment to security and transparency

During the vision keynote on day two, President and Chief Legal Officer Brad Smith provided updates and affirmation of Microsoft’s commitment to security and privacy. Smith promised dedication to security, saying, “Technology for technology’s sake isn’t particularly valuable. Applying technology towards solving human problems is where you unlock the value”. Smith presented a four-part integrated approach to confront ever-evolving cybersecurity threats: Platform, Intelligence, Partners, and Policies. With the cloud being bigger than ever before, Smith says every business has a digital opportunity. Microsoft has committed “new energy, new focus, new resources” to responding to security threats faster and better than ever before. These cloud principles and improved security features in Microsoft 365 will give partners better end to end security management. Better security and transparency help Microsoft and its partners build trust, and “move technology forward without leaving people behind”.

Security focused product announcements

Microsoft 365

Microsoft 365 is a new solution that combines software, management, and security options into a single subscription. Partners can choose from two solutions, Microsoft 365 Enterprise and Microsoft 365 Business. Both options provide productivity and security capabilities and a cohesive experience across applications and devices, while simplifying delivery and management for IT.

  • Microsoft 365 Enterprise
    • Includes Office 365 Enterprise, Windows 10 Enterprise, and Enterprise Mobility + Security
    • Available in two plans, as Microsoft 365 E3 and Microsoft 365 E5
    • Available August 1
  • Microsoft 365 Business 
    • Includes Office 365 Business Premium, security and management features for Office apps and Windows 10 devices, upgrade rights to Windows 10, and a centralized IT console
    • For small and medium-sized businesses
    • Available in public preview on August 2


Partners can play a vital role in General Data Protection Regulation, or GDPR, by assessing customers’ readiness and helping them adapt to it.

Security Partner Playbook

Help your customers protect against breaches, detect breaches, and respond to breaches with a comprehensive security solution. This playbook focuses coverage on Microsoft products and services that play a critical role in securing this environment. Download the playbook here.

Microsoft Introduces the New Secure Productive Enterprise Offer

Microsoft recently announced its new hero offer called Secure Productive Enterprise (SPE). SPE provides the latest technology across Windows, Office 365, and Enterprise Mobility + Security (EMS). Frankly, it couldn’t come at a better time as businesses and consumers are increasingly aware of cybersecurity concerns. Here’s what partners can expect in terms of security capabilities from the innovative Microsoft stack and how they can leverage those capabilities to serve customers.


Inspire was surely an inspiring week for the partners who attended. With continued advances in the cloud and a better way for partners to build a modern, cohesive, and secure work environment with Microsoft 365, it should also be an exciting year.

from Microsoft Secure Blog Staff

Wednesday, July 12, 2017

[SANS ISC] Backup Scripts, the FIM of the Poor

I published the following diary on “Backup Scripts, the FIM of the Poor“.

File Integrity Management or “FIM” is an interesting security control that can help to detect unusual changes in a file system. By example, on a server, they are directories that do not change often. Example with a UNIX environment:

  • Binaries & libraries in /usr/lib, /usr/bin, /bin, /sbin, /usr/local/bin, …
  • Configuration files in /etc
  • Devices files in /dev

[Read more]


[The post [SANS ISC] Backup Scripts, the FIM of the Poor has been first published on /dev/random]

from Xavier

Monday, July 10, 2017

Holistic security strategy: how greater integration improves detection and response time

Today’s attackers have moved beyond “smash and grab” tactics to more sophisticated methods intended to maintain a long-term presence. These evolving threats complicate detection efforts as many organizations have variety of point solutions that make it difficult to effectively detect advanced threats and attack campaigns.

Piecemeal approaches create challenges and might hamper security. Each new solution deploys unique vendor-specific dashboards, consoles, and logs that don’t always integrate well. Because of these communication blind spots, industry reports indicate that some threats can go undetected for about 100 days.

Rapid detection and response are critical in modern cloud and hybrid environments. Some organizations use Security Information and Event Management (SIEM) solutions to better correlate the information from a variety of tools. SIEM solutions aren’t without shortcomings—they rely on human analysis which can stretch the capacity of a workforce.

So, what can you do to improve security and more quickly respond to threats? To begin, it’s important to develop a security ecosystem around solutions that integrate and provide a holistic view of your environment – across users, data, apps, devices, and infrastructure. By working with technology vendors who create solutions that you can connect and integrate, you can improve your organization’s response times.

Getting—and staying—in front of today’s evolving threats requires more meaningful, comprehensive visibility, regardless of the products or endpoints or vendor partner. This is the kind of holistic view you need to detect and respond to threats with greater speed and accuracy.

We discuss security integration in greater detail in our latest eBook, 7 steps to a holistic security strategyDownload it today to learn more about security integration and other strategies for holistic security.

To learn more about Microsoft’s holistic approach to security, visit Microsoft Secure.

from Microsoft Secure Blog Staff

Sunday, July 9, 2017

[SANS ISC] A VBScript with Obfuscated Base64 Data

I published the following diary on “A VBScript with Obfuscated Base64 Data“.

A few months ago, I posted a diary to explain how to search for (malicious) PE files in Base64 data. Base64 is indeed a common way to distribute binary content in an ASCII form. There are plenty of scripts based on this technique. On my Macbook, I’m using a small service created via Automator to automatically decode highlighted Base64 data and submit them to my Viper instance for further analysis… [Read more]

[The post [SANS ISC] A VBScript with Obfuscated Base64 Data has been first published on /dev/random]

from Xavier

Thursday, July 6, 2017

Latin America is stepping up to the plate in cybersecurity policy

A year ago Inter-American Development Bank (IDB) and the Organization of American States (OAS) asked themselves a question about cybersecurity: “Are We Ready in Latin America and the Caribbean?”. The conclusion of their 200 page report was essentially “No”, raising an alarm about Latin America’s critical situation in the cybersecurity arena. The report showed that Latin America was extremely vulnerable to potentially devastating cyber-attacks. Four in five states did not have cybersecurity strategies or plans for protecting critical infrastructure. Two in three lacked a any sort of command and control center for cybersecurity crises. Enforcement of laws against cyber-attacks was almost universally weak.

The last 12 months have seen the start of what looks like a remarkable turnaround. Take as an example Argentina, which will host the G20 in 2018. Only a few weeks ago, Argentine President Macri met with American President Trump to start bilateral work on cybersecurity, uniting the two states against cybercriminals and aiming to make cyberspace open, reliable and safe. The basis of this cooperation is not novel per se. The two allies are seeking to increase the coordination of their cyber politics, to share information and to foster private-public partnerships in the protection of key infrastructure. It may not be a novel approach but what matters most is that it is happening and that for the Argentine government it is real rather than window-dressing.

The IDB and OAS 2016 report noted the importance of legislative frameworks, investigation, the processing of electronic evidence, and the training of judges and prosecutors in the field of cybersecurity. It also urged states to inform public and private sector organizations when vulnerabilities are identified. Fortunately, this call to action did not fall on deaf ears and, within the past year, we have seen accelerating improvements in Latin America’s approach to cybercrime and cybersecurity legislation. The capstone of this was April 2017’s OAS resolution to increase cooperation, transparency, predictability, and stability in cyberspace. As well as aligning themselves with the global approach to cybersecurity outlined by the UNGGE, the OAS decided to establish a working group to drive enhancements to members’ cybersecurity legislation.

This OAS resolution is matched by a range of other actions that prove the good intentions of the different Latin American countries involved. In May, a group of military and government cyber experts from Latin America, the Caribbean, and the United States met at the “Partner Nation Command, Control, Communications, Computers and Cyberspace Symposium” (PNC5S). Their aim was to discuss the different strategies they could adopt in the face of every escalating threats in cyberspace. This type of regional cooperation is essential to tackling cybercrime and also to building up the resilience of cyberspace in the face to ever escalating cyberattacks.

All of this effort by Latin American governments does not matter simply because the United States or the European Union or China or the United Nations think it matters. Nor is the promotion of this agenda simply a convenient way to ensure Latin America isn’t a “weak link” in global approaches to dealing with cyberthreats and cybercrime. No, rather, these steps taken by Latin American governments matter because technology and cyberspace are becoming increasingly central to the interests of Latin America itself. For example, ICT industry revenues in Latin America are expected to increase by 20.3% from 2016 to 2017. Guadalajara, Mexico is being touted as a new Silicon Valley, driving billions in ICT exports and attracting investment from around the world. The International Conference on Software Engineering was held in the region for the first time in 2017 (in Buenos Aires).

The tide of change that has hit Europe, the US and Asia has not missed out Latin America. Governments from this part of the world have come to realize that lagging behind the curve is not an option, and it is reassuring to see those same governments stepping up to the plate. By learning from other parts of the world and from each other, countries across Latin America will assure their citizens, businesses, and public sector organizations can secure the economic, social, and even political benefits of technologies such as cloud, big data, and the Internet of Things. If in a year from now the IDB and the OAS were to ask again if Latin America is ready for this new future, the answer would likely be far more positive.

from Paul Nicholas

Wednesday, July 5, 2017

"#OUCH Newsletter is Out - Gaming Online Safely and Securely"

The Julyedition of the OUCH! security awareness newsletter is out. OUCH! is the world's longest running and most trusted security awareness newsletter. Each month we share key points on a specific security topic for the ordinary computer user in over 25 languages. For July we focus on helping gamers make the most of their play … Continue reading #OUCH Newsletter is Out - Gaming Online Safely and Securely

from lspitzner

"European Security Awareness Summit - Call For Presentations"

We are super excited to announce the Call for Presentations for the3rd Annual European Security Awareness Summit to be held 6/7 December, 2017 in London. This is the largest event of its kind bringing security awareness officers and industry experts from around the world together to learn and share from each other the latest challenges, … Continue reading European Security Awareness Summit - Call For Presentations

from lspitzner