389 matches found
Dante SOCKS5 server with authentication
It's not so obvious that socks servers with authentication are a necessary thing. 1. You can run a "local socks service" simply by connecting to a remote host via ssh with -D 2. Most of software products, that support socks, don't support socks servers with authentication The last fact I find ver...
Retrieving data from Splunk Dashboard Panels via API
Fist of all, why might someone want to get data from the panels of a dashboard in Splunk? Why it might be useful? Well, if the script can process everything that human analyst sees on a Splunk dashboard, all the automation comes very natural. You just figure out what routine operations the analys...
What’s new in Nessus 8
Today Tenable released a new version of their famous vulnerability scanner - Nessus 8. The existing scanner nodes don't see the updates yet, but the installation binaries are already available. So you may try to install it. This major release will be way more positive than the previous one. Of...
Outpost24 OUTSCAN for detecting vulnerabilities on your network perimeter
Today I would like to write a post about Outpost24. This company was founded in 2001. For comparison, Tenable was founded in 2002 and Qualys in 1999. So, it's a company with a pretty long history. Outpost24 make Vulnerability Management & Web Application Security products and provide various...
getsploit from Vulners.com
Kirill Isox Ermakov, the founder of Vulners, has recently presented a new open-source tool for searching and downloading exploits - getsploit. Let's say we want to pentest some WordPress blog. For example, this website avleonov.com. We can get WordPress version simply using curl: $ curl -s...
How to get the Organization Units (OU) and Hosts from Microsoft Active Directory using Python ldap3
I recently figured out how to work with Microsoft Active Directory using Python 3. I wanted to get a hierarchy of Organizational Units OUs and all the network hosts associated with these OUs to search for possible anomalies. If you are not familiar with AD, here is a good thread about the...
Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB
Hello everyone! Lets take a look at Microsofts September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays as usual, they were in Microsoft Edge, the final number is 90...
Vulchain scan workflow and search queries
This post will be about my Vulnerability Scanner project - Vulchain. Recently I've spent couple of my weekends almost exclusively on coding: refactoring the scan engine, creating API and GUI. I was doing it because of the conferences, where I will be speaking soon: April 11-13 CyberCentral in...
Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs
Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs. Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays...
ISACA Moscow Vulnerability Management Meetup 2018
Last Thursday, September 20th, I spoke at ISACA Moscow "Vulnerability Management" Meetup held at Polytechnic University. The only event in Moscow devoted solely to Vulnerability Management. So I just had to take part in it. The target audience of the event - people who implement the vulnerability...
Microsoft Patch Tuesday December 2021
Hello everyone! Its even strange to talk about other vulnerabilities, while everyone is so focused on vulnerabilities in log4j. But life doesnt stop. Other vulnerabilities appear every day. And of course, there are many critical ones among them that require immediate patching. This episode will b...
What’s new in Gartner WAF Magic Quadrant 2017?
To tell the truth, I was not much interested in Web Application Firewall market since the time when I was doing competitive analysis in Positive Technologies. And a few days ago Gartner published a fresh WAF research with interesting Magic Quadrants. I decided to figure out what's new there. Here...
Carbon Blacking your sensitive data it’s what the agents normally do
But usually without such consequences. In this situation with Carbon Black, I am most interested in the actual reasons of all this media noise. From what point business as usual becomes a scandal. Ok, when you see Carbon Black customer's private files in public access at Virus Total it's a 100%...
How to get Antivirus-related Data from Microsoft Defender for Endpoint using Intune and Graph API
Hello everyone! In this episode, I would like to tell you how I tried to get automatically antivirus-related data current status, engine and signature version, last full scan date from Microsoft Defender for Endpoint using Microsoft Intune and the Graph API. Why is this necessary? You might assum...
Why Asset Management is so important for Vulnerability Management and Infrastructure Security?
When people ask me how should they start building Vulnerability Management process in their organization well, sometimes it happens, I advice them to create an effective Asset Management process first. Because it's the foundation of the whole Infrastructure Security. The term "Asset Management" h...
New National Vulnerability Database visualizations and feeds
Recently, the National Institute of Standards and Technology NIST introduced a new version of National Vulnerability Database NVD website.  I will not say that I liked this redesign: IMHO, old website with US flag was much prettier and useful: But the very fact that the site is developing, I...
Automating Opera browser with Selenium WebDriver and Python
The right way to automate a web application is, certainly, to understand how this application works, by using burp see "Burp Suite Free Edition and NTLM authentication in ASP.net applications" for example, retrieve all necessary requests and learn how to use them. However, this is sometimes so...
PHDays 11: towards the Independence Era
Hello everyone! In this episode, I want to talk about the Positive Hack Days 11 conference, which took place on May 18 and 19 in Moscow. As usual, I want to express my personal opinion about this event. Alternative video link for Russia: As I did last year, I want to start talking about this...
SSH, SFTP, public key authentication and python
SFTP is a simple and fairly reliable way to share the information within the organization. Let's look at the situation when you need to pick up some files from a remote host with authorization by public key. And after that, let's see how to use it with in python. Moreover, let's see how to work...
Creating Splunk Alerts using API
As I mentioned in "Accelerating Splunk Dashboards with Base Searches and Saved Searches", Splunk Reports are basically the Saved Searches. Moreover, Splunk Alerts are also the same Saved Searches with some additional parameters. The question is what parameters you need to set to get the right...
How to make Email Bot service in Python
First of all, why you may want to use such service? Despite the fact that currently there are so many different channels of communication including various messaging apps, Email is still a default and universal way to do it. Literally every enterprise service supports email notifications, even if...
What’s inside Vulners.com database and when were security objects updated last time
As I already wrote earlier, the main advantage of Vulners.com, in my opinion, is openness. An open system allows you to look under the hood, make sure that everything works fine and ask developers uncomfortable questions why there were no updates for a long time for some types of security objects...
Dealing with cybersquatting, typosquatting and phishing
It won't be a secret to say that phishing remains one of the most effective attack vectors. For example, your colleague receives by email a malicious web link that looks like a link to your corporate portal and opens it. If your Vulnerability and Patch Management programs are not good enough see...
Vulristics HTML Report Update: Table for Products, Table for Vuln. Types and “Prevalence”
Hi guys! I was on vacation this week. So I had time to work on my Vulristics project. For those who dont know, this is a framework for prioritizing known CVE vulnerabilities. I was mainly grooming the HTML report. I added a logo at the top, set a max width for the report, added a timestamp when t...
CyberCentral Summit 2018 in Prague
Almost whole last week I spent in Prague at CyberCentral conference. It was a pretty unique experience for me. I was for the first time at the International conference as a speaker. And not only I presented my report there, but lead the round table on Vulnerability Management and participated in ...
Microsoft Patch Tuesday January 2022
Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2022. Traditionally, I will use my open source Vulristics tool for analysis. This time I didnt make any changes to how connectors work. The report generation worked correctly on the first try. python3.8 vulristics.py...
Sending FireEye HX data to Splunk
FireEye HX is an agent-based Endpoint Protection solution. Something like an antivirus, but focused on Advanced Persistent Threats APT. It has an appliance with GUI where you can manage the agents and see information about detected security incidents. As with any agent-based solution, it's...
Microsoft Patch Tuesday November 2022: Exchange ProxyNotShell RCE, JScript9, MoTW, OpenSSL, Edge, CNG, Print Spooler
Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link for Russia: The most importan...
September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM
September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM. Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went...
Microsoft Patch Tuesday March 2023: Outlook EoP, MOTW Bypass, Excel DoS, HTTP/3 RCE, ICMP RCE, RPC RCE
Hello everyone! This episode will be about Microsoft Patch Tuesday for March 2023, including vulnerabilities that were added between February and March Patch Tuesdays. Alternative video link for Russia: As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I...
CISO Forum 2019: Vulnerability Management, Red Teaming and a career in Information Security abroad
Today, at the very end of 2019, I want to write about the event I attended in April. Sorry for the delay . This doesn't mean that CISO Forum 2019 was not Interesting or I had nothing to share. Not at all! In fact, it was the most inspiring event of the year, and I wanted to make a truly monumenta...
How to create and manage Splunk dashboards via API
In the previous post "How to correlate different events in Splunk and make dashboards" I mentioned that Splunk dashboards can be presented in a simple XML form. You can generate it with some script and then copy-past it in Splunk GUI. However, this manual operations can make the process of...
Making Vulnerable Web-Applications: XXS, RCE, SQL Injection and Stored XSS ( + Buffer Overflow)
In this post I will write some simple vulnerable web applications in python3 and will show how to attack them. This is all for educational purposes and for complete beginners. So please don't be too hard on me. As a first step I will create a basic web-application using twisted python web server...
SOC Forum 2017: How I Learned to Stop Worrying and Love Massive Malware Attacks
Today I spoke at SOC Forum 2017 in Moscow. It was a great large-scale event about Security Operation Centers. 2,700 people registered. Lots of people in suits . And lots of my good fellows. The event was held in Radisson Royal Congress Park. There were three large halls for presentations and a hu...
Microsoft Patch Tuesday February 2023: Win Graphics RCE, Edge RCE, Publisher SFB, CLFS EoP, Exchange RCEs, Word RCE, HoloLens1
Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2023, including vulnerabilities that were added between January and February Patch Tuesdays. Alternative video link for Russia: This month I decided to change the format a bit. Now I share my impression of Microsoft...
PHDays8: Digital Bet and thousands tons of verbal ore
It's time to write about Positive Hack Days 8: Digital Bet conference, which was held May 15-16 at the Moscow World Trade Center. It was the main Russian Information Security event of the first half of 2018. More than 4 thousand people attended! More than 50 reports, master classes and round tabl...
ZeroNights 2017: back to the cyber 80s
Last Friday, 17th of November, I attended the ZeroNights 2017 conference in Moscow. And it was pretty awesome. Thanks to the organizers! Here I would like to share some of my impressions. First of all, I want to say that two main Moscow events for information security practitioners, PHDays and...
Vulnerability Life Cycle and Vulnerability Disclosures
Vulnerability Life Cycle diagram shows possible states of the vulnerability. In a previous post I suggested to treat vulnerabilities as bugs. Every known vulnerability, as same as every bug, was implemented by some software developer at some moment of time and was fixed at some moment of time...
How to correlate different events in Splunk and make dashboards
Recently I've spent some time dealing with Splunk. Despite the fact that I have already done various Splunk searches before, for example in "Tracking software versions using Nessus and Splunk", the correlation of different events in Splunk seems to be a very different task. And there not so many...
Qualys Security Conference Virtual 2018. New Agents, Patch Management and Free Services
Today I attended a very interesting online event - Qualys Security Conference Virtual 2018. It consisted of 11 webinars, began at 18:00 and will end at 03:45 Moscow time. Not the most convenient timing for Russia, but it was worth it. Last time I was at offline QSC event in 2016, so for me it was...
Open Positioner: my new project for tracking IT and security jobs
The idea of my new project is to retrieve the data from job-searching websites and provide better filtering, searching and visualization. I think for the most people who read this, searching for a job in Internet is a pretty common activity. Even if you are not going to change job right now, it...
Publicly available Tenable .audit scripts
This is most likely a slowpoke news, but I just found out that Tenable .audit files with formalized Compliance Management checks are publicly available and can be downloaded without any registration. However, you must accept the looooong license agreement. So, I have two completely theoretical!...
Accelerating Splunk Dashboards with Base Searches and Saved Searches
Let's say we have a Splunk dashboard with multiple panels. Each panel has its own search request and all of these requests work independently and simultaneously. If they are complex enough, rendering the dashboard may take quite a long time and some panels may even fall by timeout. How to avoid...
Microsoft Patch Tuesday January 2023: ALPC EoP, Win Backup EoP, LocalPotato, Exchange, Remote RCEs
Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2023, including vulnerabilities that were added between December and January Patch Tuesdays. Alternative video link for Russia: As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilitie...
Barapass console Password Manager
I decided to publish my simple console Password Manager. I called it barapass github. I've been using It for quite some time in Linux and in Windows in WSL. Probably it will also work natively in Windows and MacOS with minimal fixes, but I haven't tried it yet. Why do people use password managers...
MIPT/PhysTech guest lecture: Vulnerabilities, Money and People
On December 1, I gave a lecture at the Moscow Institute of Physics and Technology informally known as PhysTech. This is a very famous and prestigious university in Russia. In Soviet times, it trained personnel for Research Institutes and Experimental Design Bureaus, in particular for the Soviet...
Microsoft Patch Tuesday October 2022: Exchange ProxyNotShell RCE, Windows COM+ EoP, AD EoP, Azure Arc Kubernetes EoP
Hello everyone! This episode will be about Microsoft Patch Tuesday for October 2022, including vulnerabilities that were added between September and October Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link for Russia: $ cat...
February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW
February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW. Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting...
AM Live Vulnerability Management Conference Part 1: Full video in Russian + Timecodes in English
Hello all! 2 weeks ago I participated in the best online event fully dedicated to Vulnerability Management in Russia. It was super fun and exciting. Thanks to all the colleagues and especially to Lev Paley for the great moderation! I have talked out completely. Everything I wanted and the way I...
No left boundary for Vulnerability Detection
It's another common problem in nearly all Vulnerability Management products. In the post "What’s wrong with patch-based Vulnerability Management checks?" I wrote about the issues in plugin descriptions, now let's see what can go wrong with the detection logic. The problem is that Vulnerability...