Three Public Policy Recommendation for Privacy & IT Security

Posted on February 5, 2016 by valdesjo

As many in the UK are fighting a rear-guard action to prevent the most shocking provisions of the IP Bill becoming law (incl. secrecy and loose definitions), I was invited to provide three public policy recommendations for strengthening IT security in the EU. Instead of trying to limit specific powers (such as backdoors) here are some more radical options, more likely to resolve the continuous tug-of-war cyber civil liberties and the security services have been engaging in a while.

View original post 1,240 more words

OPSEC In the Post Snowden World

Posted on July 26, 2014 by valdesjo

Krypt3ia

OPSEC:

Operations security (OPSEC) is a term originating in U.S. military jargon, as a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information
~Wikipedia

I would take this definition further to include the tactics and methods of protecting your information from being compromised by the adversary. Compromise not only by technical means but also social and other means as well. (i.e. giving that information to the wrong people by being too trusting or careless with it) Given the focus I have seen online and in the media about “secure communications” by technologies that may or may not be worth trusting. I just can’t help but feel that the majority of people…

View original post 1,540 more words

Fast easy Linux Monitoring with Bash

Posted on June 10, 2014 by valdesjo

Skizzle Sec

When it comes to security on a large scale it is usually necessary to setup IDS/IPS to monitor network traffic. But what happens if the attacker already has backdoors installed on your Linux box? The following script will take care of just that, giving the admin a bird’s eye view of what is currently going on, on his system.

This script monitors network traffic, system changes, recent and current logins, user permissions, command aliases, and cronjobs.

~Jamin Becker

View original post

The Spy Files: Extracting Word Documents from a Packet Capture

Posted on May 5, 2014 by valdesjo

The Krypt

For anyone interested in network security and pen testing stuff, Wireshark is the tool to get, as it reveals pretty much everything about a network, the hosts and active services present, traffic volumes, payloads and sometimes login details as well. I was hoping to demonstrate some of that here, using a (publicly available) .pcap file I acquired from somewhere.

My personal method is to start by constructing a picture of the network, which is time consuming but sets the scene for whatever analysis. There are three IP addresses worth looking at:

* 192.168.0.100 – Appears to be a virtual machine running on VMware, and providing a large number of services, including IMAP, MySQL, POP3, HTTPS, domain services, Kerberos, Sun RPC and SMUX.
* 192.168.0.150 – Another VM making a load of requests through outgoing port 34988, so it had to be a proxy server.
* 224.0.0.22 – Multicast router.

In…

View original post 479 more words

What is Packet Inspection?

Posted on May 5, 2014 by valdesjo

IPv6 Secure Communications Project

Originally posted on the XeroCrypt Blog

Packet inspection is something we’ll read about a lot, especially with the Communications Data Bill going through at the moment, and other stuff. It’s directly related to the how of surveillance, traffic management and sometimes censorship. The technology for intercepting Internet traffic and scanning content is commercially available, but who is using it, and how is it being used? As it happens, Deep Packet Inspection (DPI) is deployed widely enough that there’s a good chance everything going over the Internet unencrypted is being read as it crosses the public Internet.

An Overview of Packet Inspection
First it’s important to recognise there’s a difference between packet inspection and Deep Packet Inspection (DPI).
Invented around the mid-1990s, packet inspection was originally for use in a stateful firewall/IDS setup, which is useful where applications might change the ports they’re communicating on, or where someone might attempt…

View original post 1,147 more words

1-15 April 2014 Cyber Attacks Timeline

Posted on April 24, 2014 by valdesjo

Hackmageddon.com

And here it is the timeline reporting the Cyber Attacks happened during the first half of April 2014, a month probably long remembered within the Infosec Chronicles for the discovery of the terrible Heartbleed bug (two attacks have been recorded, so far, related to this devastating vulnerability).

Besides the infamous Heartbleed, the most important events of this timeline are related to Cyber Crime. Germany in particular had a bad surprise, with the discovery of a list of 18 million compromised e-mail accounts and passwords, affecting all major German Internet service providers. The list of the remarkable targets also includes Lacie, victim of a malware putting at risk the users who performed on-line purchases from the company web site, the Harley Medical Group (500,000 accounts potentially compromised) and, once again, South Korea where unknown hackers were able to steal the personal information of about 200,000 credit card users, racking up…

View original post 197 more words

Detecting OpenSSL-Heartbleed with Nmap & Exploiting with Metasploit

Posted on April 21, 2014 by valdesjo

CYBER ARMS - Computer Security

You can now quickly detect the OpenSSL-Heartbleed vulnerability very quickly on a network using the ever popular nmap command, and with the latest modules from Metasploit you can quickly see the exploit in action.

For this tutorial I will be using a WordPress server and Kali Linux running in two separate VMWare virtual machines.

For a vulnerable server, I used one of Turnkey Linux WordPress VMs. There are security updates available for Turnkey’s WordPress, but during the VM setup, and for this tutorial, I purposefully told the VM NOT to install the security updates so I could test for the OpenSSL vulnerability.

Once the WordPress VM was configured (just answer a few simple questions) I then fired up my Kali Linux VM.

Nmap has created a Heartbleed script that does a great job of detecting vulnerable servers. The script may not be available in your version of Kali, so…

View original post 426 more words

AOL Moloch is PCAP Elasticsearch full packet search

Posted on March 16, 2014 by valdesjo

BigSnarf blog

https://github.com/bigsnarfdude/moloch

Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic.

Installation is pretty simple for a POC

Spin up an Ubuntu box
Update all the packages
git clone https://github.com/bigsnarfdude/moloch
follow tutorial if you must http://blog.alejandronolla.com/2013/04/06/moloch-capturing-and-indexing-network-traffic-in-realtime
cd moloch
./easybutton-singlehost.sh
follow prompts
load sample PCAPs from http://digitalcorpora.org/corp/nps/scenarios/2009-m57-patents/net
Have fun with Moloch

View original post

Selective VPN routing [Solution: DSVR]

Posted on November 16, 2013 by valdesjo

Add your thoughts here… (optional)

Darran Boyd

Before sharing about what I believe is my best solution yet, i’ll take a walk down memory lane…

Client VPN

Got my first VPN account (PPTP/L2TP) and happily used it from my various Windows/Mac/iOS clients. Very quickly I came across a few limitations, namely:

1) Only one device at a time could use the VPN.
2) More restricted clients did not have a client side capability to configure the VPN (like the Apple TV/PS3)
3) When a device was on the VPN, all traffic went down it – not ideal from a performance perspective, and when you’re location is determine by IP (e.g. Google Maps).
4) Minor at the time, but could not have multiple VPNs running.

Router VPN [+Source Based Routing]

Configuring VPN connection at a single aggregation point (i.e. the router) was the next step, as this did solve some of the limitations (1 & 2 above). After a…

View original post 723 more words

Hacking Your Way Through Airports and Hotels

Posted on November 15, 2013 by valdesjo

Hacking Your Way Through Airports and Hotels.

Want to know how to hack travelers and hotel networks in a matter of minutes? On a recent trip, Nabil Ouchn (@toolswatch) decided to do some some security analysis with a piece of hardware called the PwnPad – a penetration testing tablet – and a few other tools to see what kind of mischief he could get into.

Ouchn is the founder of ToolsWatch.org and the organizer of the Arsenal Tools exhibit at the BlackHat Conferences in both the US and Europe since 2011. ToolsWatch is a free interactive service designed to help auditors, penetration testers, and other security professionals keep their ethical hacking toolbox up to date with the latest and greatest resources.

Ouchn has over 15 years of experience in vulnerability management, compliance assessment and penetration testing, and Co-Founder of an innovative SaaS Multi-Engines Threats Scanning Solution. His adventure began one day at an undisclosed European airport where he had a layover while heading to another country through a connecting flight.

My Security Trip

A great WordPress.com site