389 matches found
Last Week’s Security news: PrintNightmare patches and Metasploit, Kaseya CVEs, Morgan Stanley Accellion FTA, Cisco BPA and WSA, Philips Vue PACS, CISA RVAs, Lazarus job offers
Hello guys! The third episode of Last Week’s Security news, July 5 - July 11. There was a lot of news last week. Most of them was again about PrintNightmare and Kaseya. The updates for PrintNightmare CVE-2021-34527 were finally released mid-week. It became possible not only to disable the service...
Last Week’s Security news: Cisco ASA, BIG-IQ, vSphere, Solaris, Dlink, iPhone %s, DarkRadiation, Google schema, John McAfee
Hello, today I want to experiment with a new format. I will be reading last weeks news from my @avleonovnews channel, which I found the most interesting. I do this mostly for myself, but if you like it too, then that would be great. Please subscribe to my YouTube channel and my Telegram...
Vulners NASL Plugin Feeds for OpenVAS 9
As I already wrote earlier, you can easily add third party nasl plugins to OpenVAS. So, my friends from Vulners.com realised generation of NASL plugins for OpenVAS using own security content. I've tested it for scanning CentOS 7 host. And it works = Let's see the whole process. I assume that we...
Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches
Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, Im using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presente...
Downloading and analyzing NVD CVE feed
In previous post "New National Vulnerability Database visualizations and feeds" I mentioned JSON NVD feed. Let's see what data it contains, how to download and analyse it. First of all, we need to download all files with CVEs from NVD database and save them to some directory. Unfortunately, there...
Downloading entire Vulners.com database in 5 minutes
Today I once again would like to talk about Vulners.com and why, in my opinion, it is the best vulnerability database that exist nowadays and a real game-changer. The main thing is transparency. Using Vulners you not only can search for security content see "Vulners – Google for hacker", but...
Vulnerability Databases: Classification and Registry
What publicly available Vulnerability Databases do we have? Well, I can only say that there are a lot of them and they are pretty different. Here I make an attempt to classify them. It's quite an ungrateful task. No matter how hard you try, the final result will be rather inaccurate and incomplet...
Vulnerability Quadrants
Hi everyone! Today I would like talk about software vulnerabilities. How to find really interesting vulnerabilities in the overall CVE flow. And how to do it automatically. First of all, let's talk why we may ever need to analyze software vulnerabilities? How people usually do their Vulnerability...
Adding third party nasl plugins to OpenVAS
If you want to develop nasl plugins for OpenVAS, you might be interested how to import them in scanner. So, I was also interested. First of all, I decided to copy one of existing nasl scripts. I chose script that successfully detected vulnerability on a target host. Thus, in the case of importing...
Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0
Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. You can read my description of the version 1.0 at "Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome". Killing feature of Vulners web scanner v. 2.0 is...
How to list, create, update and delete Grafana dashboards via API
I have been a Splunk guy for quite some time, 4 years or so. I have made several blog posts describing how to work with Splunk in automated manner see in appendix. But after their decision to stop their business in Russia last year, including customer support and selling software and services, it...
Kenna Security: Analyzing Vulnerability Scan data
I've been following Kenna Security before 2015 Risk I/O for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various vulnerability scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts an...
Petya the Great and why *they* don’t patch vulnerabilities
I really like this. Just imagine. Quiet, routine, everyday Vulnerability Management process in organizations: scanning-patching, scanning-patching, scanning-patching… And then. Suddenly! PEEETYYA!!! And at very same moment everything changes. People from different companies start to communicate...
GSM Community Edition and lagging OpenVAS Plugin Feed
As I already wrote in "Installing OpenVAS 9 from the sources", since May 2017 OpenVAS 9 is available in a form of free virtual appliance. It is called GSM Community Edition GCE and is based on Greenbone commercial product GSM ONE. What's the difference between GSM ONE and free GCE? GSM Community...
Converting Nmap xml scan reports to json
Unfortunately, Nmap can not save the results in json. All available output options: -oN filespec normal output -oX filespec XML output -oS filespec ScRipT KIdd|3 oUTpuT -oG filespec grepable output -oA basename Output to all formats And processing xml results may not be easy an easy task. Just lo...
Parsing Nessus v2 XML reports with python
Upd. This is an updated post from 2017. The original script worked pretty well for me until the most recent moment when I needed to get compliance data from Nessus scan reports, and it failed. So I researched how this information is stored in a file, changed my script a bit, and now I want to sha...
CWEs in NVD CVE feed: analysis and complaints
As you probably know, one of the ways to describe the nature of some software vulnerability is to provide corresponding CWE Common Weakness Enumeration ids. Let's see the CWE links in NVD CVE base. I have already wrote earlier how to deal with NVD feed using python in "Downloading and analyzing N...
New vulnersBot for Telegram with advanced searches and subscriptions
Vulners.com team have recently presented a new version of vulnerability intelligence bot for Telegram messenger. Now you can search for vulnerabilities and other security content by talking with bot. Searches For example, I've heard about new critical vulnerability in Samba called SambaCry by...
Vulnerability Management at Tinkoff Fintech School
In the last three weeks, I participated in Tinkoff Fintech School - educational program for university students. Together with my colleagues, we prepared a three-month practical Information Security course: 1 lecture per week with tests and home tasks. Each lecture is given by a member of our...
Vulristics: Microsoft Patch Tuesdays Q1 2021
Hello everyone! It has been 3 months since my last review of Microsoft vulnerabilities for Q4 2020. In this episode I want to review the Microsoft vulnerabilities for the first quarter of 2021. There will be 4 parts: January, February, March and the vulnerabilities that were released between the...
Adding custom NASL plugins to Tenable Nessus
Making custom NASL scripts plugins for Nessus is a pretty complicated process. Basically, NASL Nessus Attack Scripting Language is an internal instrument of Tenable and it seem that they are not really interested in sharing it with the community. The only publicly available official documentation...
Installing OpenVAS 9 from the sources
In last month Greenbone Networks and OpenVAS development team have finally presented new OpenVAS 9 with new GUI, improved multi-scanner support, improved asset management, etc. We have been waiting for this release for 2 years! Upd. Please note, that entire procedure for separating scanners onto...
Assessing Linux Security Configurations with SCAP Workbench
Recently I had a chance to work with OpenSCAP. It's a set of free and open-source tools for Linux Configuration Assessment and a collection security content in SCAP Security Content Automation Protocol format. In this post I will write about SCAP Workbench. It is a GUI application that can check...
Microsoft Patch Tuesday February 2020
IMHO, these are the two most interesting vulnerabilities in a recent Microsoft Patch Tuesday February 2020: Mysterious Windows RCE CVE-2020-0662. "To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary...
Last Week’s Security news: PrintNightmare, Kaseya, Intune, Metasploit Docker escape
Hello guys! The second episode of Last Week’s Security news from June 28 to July 4. The most interesting vulnerability of the last week is of course Microsoft Print Spooler "PrintNightmare". By sending an RpcAddPrinterDriverEx RPC request, for example over SMB, a remote, authenticated attacker ma...
Retrieving IT Asset lists from NetBox via API
A little bit more about IT Asset Inventory of Internal Network, that your IT team can provide. I have recently worked with NetBox - an open source IP address management IPAM and data center infrastructure management DCIM solution developed by well-known cloud hosting provider DigitalOcean. It's n...
Last Week’s Security news: Serious Sam in Metasploit, PetitPotam, Zimbra Hijack, Joint Advisory TOP30 CVEs
Hello everyone! Last Weeks Security News, July 26 - August 1. Serious Sam in Metasploit Last week I talked about the Serious Sam vulnerability CVE-2021-36934, also known as HiveNightmare. The name HiveNightmare comes from the fact that Windows stores its registry data in a small number of...
Microsoft Patch Tuesday February 2022
Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2022. I release it pretty late, because of the my previous big episode about the blindspots in the Knowledge Bases of Vulnerability Scanners. Please take a look if you havent seen it. Well, if you are even slightly...
QSC21, VMDR Training and Exam
Hello everyone! On the one hand, because of the pandemic, we have become more distant from each other. We work mostly remotely from home. Traveling to a conference in another country has become much more difficult than it used to be. Now it is not only expensive. It has become much more difficult...
Burp Suite Free Edition and NTLM authentication in ASP.net applications
As you know, Burp Suit is a scanner for advanced Web Application Security researchers. However, the free version of Burp is more like Firebug analogue, but much more functional. Let's see how to install it and use for website analysis. This analysis may be necessary to find vulnerabilities or...
Is Vulnerability Management more about Vulnerabilities or Management?
I've just read a nice article about Vulnerability Management in the Acribia blog in Russian. An extract and my comments below. In the most cases Vulnerability Management is not about Vulnerabilities, but about Management. Just filtering the most critical vulnerabilities is not enough. Practical...
Kaspersky Security Center 11 API: getting information about hosts and installed products
I spent a lot of time last week working with the new API of Kaspersky Security Center 11. KSC is the administration console for Kaspersky Endpoint Protection products. And it has some pretty interesting features besides the antivirus/antimalware, for example, vulnerability and patch management. S...
Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery
Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldnt be unusual for a US government agency, NSA or CIA to publish such a report. But when a globa...
Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities
Hello everyone! In this episode, lets take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into...
Vulners Linux Audit API for Host Vulnerability Detection: Manual Auditing, Python Scripting and Licensing
Hello everyone! This episode will be about Vulners Linux Audit API, which allows you to detect vulnerabilities on a Linux host knowing only the OS version and installed packages. I had a similar post about this 4 years ago, but some details have changed, so I came back to this topic. Manual Audit...
Deploying VirtualBox virtual machines with Vagrant
I often use virtual machines for various tasks: from building software packages to testing software products or PoCs for vulnerabilities. Creating a virtual machine in Oracle VirtualBox is a time-consuming and annoying process: set parameters of VM, attach iso, make dozens of clicks in OS...
Vulners Cloud Agents for Vulnerability Management
A very good news! Vulners Team is ready to present complete functionality for vulnerability audit. And it's not just an Audit API that you have to use somehow in your own scripts, but an enterprise ready product, like agent-based vulnerability scanning in Qualys and Tenable. You can try it for...
Last Week’s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins
Hello guys! The fourth episode of Last Week’s Security news, July 12 – July 18. I would like to start with some new public exploits. I think these 4 are the most interesting. If you remember, 2 weeks ago I mentioned the ForgeRock Access Manager and OpenAM vulnerability CVE-2021-35464. Now there i...
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. Its especially nice that all the code to support the new API was written and contributed ...
Microsoft Patch Tuesday May 2020: comments from VM vendors, promising stuff for phishing, troubles with SharePoint and lulz with Visual Studio
This will be my third Microsoft Patch Tuesday report in video and audio format. And for the third time in a row, Microsoft has addressed over a hundred vulnerabilities. With my Microsoft Patch Tuesday parser, it was possible to generate a report almost on the same day. But, of course, it takes mu...
Vulristics: Microsoft Patch Tuesdays Q2 2021
Hello everyone! Lets now talk about Microsoft Patch Tuesday vulnerabilities for the second quarter of 2021. April, May and June. Not the most exciting topic, I agree. I am surprised that someone is reading or watching this. For me personally, this is a kind of tradition. Plus this is an opportuni...
PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Management products
On May 21, I spoke at the PHDays 9 conference. I talked about new methods of Vulnerability Prioritization in the products of Vulnerability Management vendors. During my 15 minutes time slot I defined the problems that this new technology has to solve, showed why these problems could NOT be solved...
Barapass, Tsunami scanner, vulnerabilities in Windows DNS Server and SAP products, weird attack on Twitter
This episode is based on posts from my Telegram channel avleonovcom, published in the last 2 weeks. So, if you use Telegram, please subscribe. I update it frequently. Barapass update I recently released an update to my password manager barapass. BTW, it seems to be my only pet project at the MVP...
Spring4Shell, Spring Cloud Function RCE and Spring Cloud Gateway Code Injection
Hello everyone! This episode will be about last weeks high-profile vulnerabilities in Spring. Lets figure out what happened. Alternative video link for Russia: Of course, its amazing how fragmented the software development world has become. Now there are so many technologies, programming language...
Vulners Nmap plugin
In previous post about Vulners vulnerability detection plugins for Burp and Google Chrome, I mentioned that it would be great to have a plugin for some free publicly available tool, like Nmap. And guys from the Vulners Team have recently released Nmap plugin. Isn't it awesome? To detect...
Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 “Wormable” RCE and updates for February goldies
SMBv3 "Wormable" RCE Without a doubt, the hottest Microsoft vulnerability in March 2020 is the "Wormable" Remote Code Execution in SMB v3 CVE-2020-0796. The most commonly used names for this vulnerability are EternalDarkness, SMBGhost and CoronaBlue. There was a strange story of how it was...
Vulristics Vulnerability Score, Automated Data Collection and Microsoft Patch Tuesdays Q4 2020
In this episode I would like to make a status update of my Vulristics project. For those who dont know, in this project I retrieve publicly available vulnerability data and analyze it to better understand the severity of these vulnerabilities and better prioritize them. Currently, it is mainly...
New Advanced Dynamic Scan Policy Template in Nessus 8
According to Nessus 8.1.0 release notes, Tenable finally solved the problem with Mixed Plugin groups. At least partially. I will briefly describe the problem. Let's say we found out that some Nessus plugins crash our target systems. This happens rarely, but it happens. So, we decided to disable...
Microsoft Defender for Endpoint: Why You May Need It and How to Export Hosts via API in Python
Hello everyone! In this episode, I want to talk about Microsoft Defender for Endpoint. It’s not a well-known free Defender antivirus built in Windows 10, but an enterprise level solution with the similar name. Yes, the naming is pretty confusing. I will not repeat Microsofts marketing thesis. Jus...
Vulnerability Intelligence based on media hype. It works? Grafana LFI and Log4j “Log4Shell” RCE
Hello everyone! In this episode, I want to talk about vulnerabilities, news and hype. The easiest way to get timely information on the most important vulnerabilities is to just read the news regularly, right? Well, I will try to reflect on this using two examples from last week. I have a security...