If you are hosting a web application, then the only open TCP ports through your firewall should be 80 and 443. If anything tries to connect on other ports such as 23, 3389, 12345, etc. then it’s more than likely hostile. More so, for example, if you see attempts to connect to sequential port numbers Read more about Use Splunk to Locate Port Scanners[…]
Overview The FBI assesses a group of malicious cyber actors—likely located in Iran—use Virtual Private Server infrastructure hosted in the United States to compromise government, corporate, and academic computer networks based in the Middle East, Europe and the United States. This infrastructure is used in conjunction with identified malicious domains to support a broad cyber Read more about Watering Hole Attacks[…]
A cyber war is coming, our adversaries are preparing for battle by flooding the United States consumer electronics market with devices that they can control and gather intelligence from (digital spies). TheUnited States is the most power country in the world when it comes to air superiority, logistics, and technological advantages in most areas of operation. Read more about The USA has a Mothership[…]
Blacklists Part of a defense in depth strategy for cyber security is having the hostile attacker deal with multiple obstacles before reaching the his objective. You can thwart many script kiddies with a just a couple layers. However, a determined attacker, won’t stop after encountering your firewall and anti-virus. Do yourself a favor and add another Read more about Blacklists[…]
When creating web applications these days security must come first. Building the application without security and then attempting to retrofit it with security after the fact is a fruitless exercise. There will always be an excuse from upper management that it isn’t a high enough priority to secure it properly, “just fix the worst vulnerabilities and quickly Read more about My Application Security Notes[…]
Palo Alto Networks released an update to PAN-OS yesterday, which patches five vulnerabilities: Critical – Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface (PAN-SA-2016-0005). High – Unauthenticated Command Injection in Management Web Interface (PAN-SA-2016-0003). Medium – Unauthenticated Stack Exhaustion in GlobalProtect/SSL VPN Web Interface (PAN-SA-2016-0004). Medium – ESM Console XSS vulnerability (PAN-SA-2016-0001). Low – Command Injection in Command Line Interface Read more about 5 New Palo Alto Networks PAN-OS Vulnerabilities[…]
This vulnerability, CVE 2016-1287, should get your attention if you are using any of the Cisco ASA firewalls listed below, you should patch immediately: Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA 5500-X Series Next-Generation Firewalls Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers Cisco ASA 1000V Cloud Read more about Critical Remote Code Execution Vulnerability on Cisco ASA Firewalls[…]
While conducting an Air Assault on a wireless network, my weapon of choice is the Aircrack-ng suite. The suite contains around 18 tools depending on the version, but I will only mention a few here (Airmon-ng, Airodump-ng, Aireplay-ng, and most famously Aircrack-ng). I used a separate application named Crunch to create a brute-force dictionary. Airmon-ng (Enable Read more about How to Crack WPA2 PSK with Aircrack-ng[…]
The Metasploit Framework is not something that runs out and exploits all available targets automatically. This is not a script kiddie tool for aiming and pulling a trigger. This a serious toolbox full of modules, exploits, and payload templates. You need to know how to put it all together to get anything meaningful out of Read more about My Metasploit Framework Notes[…]
I’ve been noticing this for weeks now. A massive NTP amplification attack from Guangzhou China on Roseville California.