Developing an IR Process and Team

Credit to Author: brycecolquitt| Date: Wed, 21 Jan 2015 22:01:48 +0000

In our world today, we have an abundance of many things, among which are –unexpected events. Falling meteorites, terrorist attacks, hacktivist demonstrations, blackouts, tsunamis…. well, you get the point.Now, although the majority of events I just mentioned probably fall into a Disaster Recovery category, they are nonetheless events that greatly impact our personal lives and … Continue reading Developing an IR Process and Team

Read more

SSD Advisory – Teco SG2 and TP3 Vulnerabililites

Credit to Author: SSD / Noam Rathaus| Date: Mon, 04 Jul 2016 12:58:21 +0000

Vulnerabilities Description Multiple vulnerabilities have been found in Teco’s SG2 and TP3 product, these vulnerabilities allows attackers that are able to supply the products with a specially crafted file to cause it to execute arbitrary code. TECO TP3 PC-LINK tpc file parsing Stack Buffer Overflow Code Execution TECO uses their own propriety file format known … Continue reading SSD Advisory – Teco SG2 and TP3 Vulnerabililites

Read more

Using Machine Learning To Detect Anomalies

Credit to Author: dmitryc| Date: Mon, 21 Dec 2015 22:07:07 +0000

I’m going to start blogging more about detection of protocol/app anomalies, detection of lateral movement and/or data exfiltration, and more. For many years I have been watching users and applications furrow their way across networks and I’m gonna start data-dumping that info here 🙂 But…first…I manage a web server for a friend. It occurred to … Continue reading Using Machine Learning To Detect Anomalies

Read more

Oracle CSO is right

Credit to Author: dmitryc| Date: Tue, 11 Aug 2015 16:34:29 +0000

The internet (or at least twitter) is exploding regarding this, now deleted, post : Mary Ann Davidson blog post Let me start by saying that she is right. Yes, she’s right. Breaking the EULA is against the law. You can’t argue about that. You can’t argue that they should be paying a bug bounty. You … Continue reading Oracle CSO is right

Read more

Play some D!

Credit to Author: dmitryc| Date: Tue, 04 Aug 2015 14:33:59 +0000

Hi there. Long-time-no-blog 🙂 If you haven’t already, go read this: https://t.co/d2hwhmzzuz Note: this blog applies to Corporate networks. If you’re a coffee shop or a college, you’re on your own 🙂 I’ve been a network defender for many years. I currently work for a software company that builds network software which helps companies gain … Continue reading Play some D!

Read more

OpenSSL ACCF Vulnerability (CVE-2015-1793)

Credit to Author: SSD / Noam Rathaus| Date: Thu, 09 Jul 2015 14:12:03 +0000

A new vulnerability has been recently patched in OpenSSL: During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on … Continue reading OpenSSL ACCF Vulnerability (CVE-2015-1793)

Read more

REVIEW – “The Florentine Deception”, Carey Nachenberg

Credit to Author: p1| Date: Wed, 10 Jun 2015 16:22:25 +0000

BKFLODEC.RVW   20150609 “The Florentine Deception”, Carey Nachenberg, 2015, 978-1-5040-0924-9, U$13.49/C$18.91 %A   Carey Nachenberg http://florentinedeception.com %C   345 Hudson Street, New York, NY   10014 %D   2015 %G   978-1-5040-0924-9 150400924X %I   Open Road Distribution %O   U$13.49/C$18.91 www.openroadmedia.com %O  http://www.amazon.com/exec/obidos/ASIN/150400924X/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/150400924X/robsladesinte-21 %O   http://www.amazon.ca/exec/obidos/ASIN/150400924X/robsladesin03-20 %O   Audience n+ Tech 3 Writing 2 (see revfaq.htm for explanation) %P   321 p. %T   “The … Continue reading REVIEW – “The Florentine Deception”, Carey Nachenberg

Read more

REVIEW: “Security for Service Oriented Architectures”, Walter Williams

Credit to Author: p1| Date: Sun, 10 May 2015 23:13:31 +0000

BKSECSOA.RVW 20150130 “Security for Service Oriented Architectures”, Walter Williams, 2014, 978-1466584020, U$61.97 %A Walter Williams walt.williams@gmail.com %C #300 – 6000 Broken Sound Parkway NW, Boca Raton, FL 33487-2742 %D 2014 %G 978-1466584020 1466584025 %I CRC Press %O U$61.97 800-272-7737 http://www.bh.com/bh/ %O http://www.amazon.com/exec/obidos/ASIN/1466584025/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1466584025/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1466584025/robsladesin03-20 %O Audience i+ Tech 2 Writing 2 (see revfaq.htm for … Continue reading REVIEW: “Security for Service Oriented Architectures”, Walter Williams

Read more

Hardening guide for Tomcat 8 on RedHat 6.5 (64bit edition)

Credit to Author: eyalestrin| Date: Thu, 07 May 2015 18:30:34 +0000

This document explains the process of installation, configuration and hardening of Tomcat 8.x server, based on RedHat 6.5 default installation (IPTables and SELinux enabled by default), including support for TLS v1.2 and protection from BEAST attack and CRIME attack. Some of the features explained in this document are supported by only some of the Internet … Continue reading Hardening guide for Tomcat 8 on RedHat 6.5 (64bit edition)

Read more

REVIEW: “The Social Life of Information”, John Seely Brown/Paul Duguid

Credit to Author: p1| Date: Fri, 30 Jan 2015 18:39:51 +0000

BKSCLFIN.RVW   20130124 “The Social Life of Information”, John Seely Brown/Paul Duguid, 2000, 0-87584-762-5, U$24.95 %A   John Seely Brown %A   Paul Duguid %C   60 Harvard Way, Boston MA   02163 %D   2000 %G   0-87584-762-5 %I   Harvard Business School Press %O   U$25.95 617-495-6947 617-495-6700 617-495-6117 800-545-7685 %O  http://www.amazon.com/exec/obidos/ASIN/0875847625/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0875847625/robsladesinte-21 %O   http://www.amazon.ca/exec/obidos/ASIN/0875847625/robsladesin03-20 %O   Audience n+ Tech 2 Writing 2 … Continue reading REVIEW: “The Social Life of Information”, John Seely Brown/Paul Duguid

Read more

SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

Credit to Author: SSD / Ori Nimron| Date: Mon, 07 Jan 2019 13:21:59 +0000

Vulnerabilities Summary The following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a Linux distribution for small and medium enterprises by Koozali foundation. CVE CVE-2018-18072 Credit An independent security researcher, Karn Ganeshen has reported this vulnerability … Continue reading SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution

Read more