Lucene search
K
AvleonovMost viewed

389 matches found

Information Security Automation
Information Security Automation
added 2019/02/11 10:31 a.m.81 views

No left boundary for Vulnerability Detection

It's another common problem in nearly all Vulnerability Management products. In the post "What’s wrong with patch-based Vulnerability Management checks?" I wrote about the issues in plugin descriptions, now let's see what can go wrong with the detection logic. The problem is that Vulnerability...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/01/08 10:15 p.m.80 views

Packabit project: building Nmap deb packages for Ubuntu

During the long New Year holidays 30 dec - 8 jan I started a new project: Vagrant-based Linux package builder called Packabit. I thought it might be nice to have scripts that will automatically build a Linux packages from sources and will NOT litter main system with unnecessary packages. Somethin...

7.4AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/05/24 2:33 p.m.80 views

Outpost24 Appsec Scale for Web Application Scanning

Today I would like to write about yet another Outpost24 product - cloud Web Application Scanner Appsec Scale. It is available in the same interface as Outpost24 Outscan, that I reviewed earlier. Select APPSEC SCALE in the start menu and you can scan web applications: New application If you don't...

0.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2022/07/06 12:13 p.m.79 views

Vulnerability Management news and publications #1

Hello everyone! In this episode, I will try to revive Security News with a focus on Vulnerability Management. On the one hand, creating such reviews requires free time, which could be spent more wisely, for example, on open source projects or original research. On the other hand, there are...

7.5CVSS9.7AI score0.99999EPSS
Exploits226
Information Security Automation
Information Security Automation
added 2022/06/25 12:32 p.m.79 views

Microsoft Patch Tuesday June 2022: Follina RCE, NFSV4.1 RCE, LDAP RCEs and bad patches

Hello everyone! This will be an episode about the Microsoft vulnerabilities that were released on June Patch Tuesday and also between May and June Patch Tuesdays. Alternative video link for Russia: On June Patch Tuesday, June 14, 56 vulnerabilities were released. Between May and June Patch...

10CVSS9.3AI score0.99374EPSS
Exploits67
Information Security Automation
Information Security Automation
added 2019/07/09 1:42 p.m.79 views

The most magnificent thing about Vulnerabilities and who is behind the magic

What I like the most about software vulnerabilities is how "vulnerability", as a quality of a real object and the computer program is real, literally appears from nothing. Let's say we have a fully updated server. We turn it off, lock it in a safe and forget about it for half a year. Six months...

1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/04/06 5:40 p.m.77 views

Rapid7 Nexpose in 2017

Last year I tested Rapid7 Nexpose and wrote two posts about installation and use of Nexpose Community Edition and Nexpose API. I didn't follow news of this vendor for a about year. Today I watched live demo of Nexpose latest version. It has some new interesting features, improvements and ideas,...

6.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2024/11/12 10:48 p.m.76 views

November Microsoft Patch Tuesday

November Microsoft Patch Tuesday. 125 CVEs, 35 of which were added since October MSPT. 2 vulnerabilities with signs of exploitation in the wild: Elevation of Privilege - Windows Task Scheduler CVE-2024-49039 Disclosure/Spoofing - NTLM Hash CVE-2024-43451 No signs of exploitation, but with a priva...

9.8CVSS7.5AI score0.81817EPSS
Exploits1
Information Security Automation
Information Security Automation
added 2018/11/13 10:41 p.m.76 views

VB-Trend 2018 Splunk Conference

Today I attended VB-Trend 2018 Splunk conference organized by system integrator VolgaBlob. Video fragments from the event: Comparing to "Splunk Discovery Day", the conference was much smaller less than 100 people, focused on technical aspects, Information Security and informal communication. And...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2023/04/27 10:3 p.m.74 views

Microsoft Patch Tuesday April 2023: CLFS EoP, Word RCE, MSMQ QueueJumper RCE, PCL6, DNS, DHCP

Microsoft Patch Tuesday April 2023: CLFS EoP, Word RCE, MSMQ QueueJumper RCE, PCL6, DNS, DHCP. Hello everyone! This episode will be about Microsoft Patch Tuesday for April 2023, including vulnerabilities that were added between March and April Patch Tuesdays. Alternative video link for Russia:...

9.8CVSS9AI score0.95454EPSS
Exploits20
Information Security Automation
Information Security Automation
added 2021/08/11 10:18 p.m.74 views

Last Week’s Security News: Black Hat Pwnie Awards, iPhone Checks Photos, Evil Windows Print Server, Cisco VPN Routers Takeovers

Hello everyone! Last Weeks Security News, August 1 - August 8. Black Hat Pwnie Awards Last week was more quiet than normal with Black Hat USA and DEF CON security conferences. I would like to start with the Pwnie Awards, which are held annually at Black Hat. Its like an Oscar or Tony in the...

10CVSS0.09691EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2017/10/31 9:29 p.m.74 views

Starting/stopping Amazon EC2 instances using CLI and Python SDK

It's a very good practice to scan your perimeter from the outside of your network, simulating an attacker. However, you will need to deploy the scanners somewhere to do this. Hosting on Amazon EC2 can be a good and cost-effective option, especially if you start instances with vulnerability scanne...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/10/22 9:26 p.m.74 views

ISACA Moscow Vulnerability Management Meetup 2017

Last Thursday, I attended a very interesting event entirely dedicated to Vulnerability Management - open ISACA Moscow meetup. Me and my former colleague from Mail.Ru Group Dmitry Chernobaj presented there our joint report "Enterprise Vulnerability Management: fancy marketing brochures and the...

6.6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2024/02/01 5:7 p.m.72 views

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review. Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a loo...

9.8CVSS10AI score0.99984EPSS
Exploits130
Information Security Automation
Information Security Automation
added 2020/10/25 8:51 p.m.72 views

Nessus Essentials with offline registration and plugin updates

In this episode, I would like to talk about Nessus Essentials and, in particular, how to register and update it without direct internet access. Nothing complicated, but there are a couple of pitfalls that I would like to share. Lets say you need to scan a host in a critical autonomous segment whe...

0.5AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/06/12 2:28 p.m.72 views

U.S. sanctions against Russian cybersecurity companies

I never thought that I will write here about state sanctions. Usually I try to ignore political topics. But now it's necessary. Yesterday OFAC introduced sanctions against 5 Russian companies. I would like to mention 3 of them: Digital Security - one of the leading Russian Information Security...

6.5AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/02/28 10:10 a.m.71 views

Tenable IO WAS Chrome Extension

In the comments of the previous post about Tenable IO WAS Fergus Cooney mentioned a new Google Chrome extension for Tenable IO WAS, that should help in configuring scan Authentication setting. You can install it in Chrome Web Store. The idea is great. Authentication process in modern web...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/08/22 6:11 p.m.70 views

CyberThursday: Asset Inventory, IT-transformation in Cisco, Pentest vs. RedTeam

Two weeks ago I was speaking at a very interesting information security event - CyberThursday. This is a meeting of a closed Information Security practitioners group. The group is about 70 people, mainly from the financial organizations, telecoms and security vendors. These meetings have a rather...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2022/02/18 5:0 p.m.69 views

VMconf 22: Blindspots in the Knowledge Bases of Vulnerability Scanners

Hello everyone! This video was recorded for the VMconf22 Vulnerability Management conference. I want to talk about the blind spots in the knowledge bases of Vulnerability Scanners and Vulnerability Management products. This report was presented in Russian at Tenable Security Day 2022. The video i...

5CVSS7.6AI score0.23061EPSS
Exploits4
Information Security Automation
Information Security Automation
added 2022/12/24 10:55 p.m.68 views

Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions

Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link for...

6.8CVSS0.5AI score0.85762EPSS
Exploits7
Information Security Automation
Information Security Automation
added 2017/04/26 6:25 p.m.68 views

Vulnerability subscriptions in terms of business

The question is: do we really need an employee in organization that deals with vulnerabilities in infrastructure on a full-time basis? Since this is similar to what I do for living, I would naturally say that yes, it is necessary. But as person, who makes security automation, I can say that there...

10AI score0.21274EPSS
Exploits4
Information Security Automation
Information Security Automation
added 2023/06/25 12:35 a.m.65 views

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP. Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. Alternative...

9.8CVSS9.1AI score0.99964EPSS
Exploits29
Information Security Automation
Information Security Automation
added 2021/09/13 10:38 p.m.65 views

Microsoft Defender for Endpoint: The Latest Versions of Antivirus Engine & Signatures

In a previous episode on Microsoft Defender for Endpoint, I described how to get a list of antivirus engine and signatures versions for the hosts in your infrastructure using the Microsoft Graph API. But the problem remains. You know the versions that are currently installed on the hosts. But whe...

6.6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2021/04/08 2:1 a.m.65 views

AM Live Vulnerability Management Conference Part 2: What was I talking about there

Hello all! It is the second part about AM Live Vulnerability Management conference. In the first part I made the timecodes for the 2 hours video in Russian. Here I have combined all my lines into one text. What is Vulnerability Management? Vulnerability Management process is the opposite of the...

0.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/09/08 7:26 p.m.65 views

Making Expect scripts for SSH Authentication and Privilege Elevation

Expect can help you to automate interactive console applications. For example, expect script can go to some Linux host via SSH with password authentication, make additional authentication procedures su, sudo to elevate privileges and execute some commands. Like Vulnerability and Compliance...

0.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2022/05/23 8:56 p.m.64 views

Vulristics May 2022 Update: CVSS redefinitions and bulk adding Microsoft products from MS CVE data

Hello everyone! In this episode, I want to talk about the latest updates to my open source vulnerability prioritization project Vulristics. Alternative video link for Russia: CVSS redefinitions A fairly common problem: we have a CVE without an available CVSS vector and score. For example, this wa...

8.9AI score0.1372EPSS
Exploits2
Information Security Automation
Information Security Automation
added 2018/07/08 9:22 p.m.64 views

Free High-Tech Bridge ImmuniWeb Application Discovery service

Today I would like to talk about another service for application security analysis by High-Tech Bridge. It's called ImmuniWeb Application Discovery. This service can get information about your web and mobile applications available from the Internet. Believe me, this is not so obvious for a large...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2023/01/10 8:7 p.m.63 views

How Debian OVAL content is structured

Hello everyone! As we saw in the last episode, the results of vulnerability detection for one host produced by two different APIs can vary greatly. Therefore, in order to find out the truth, it is necessary to understand what vulnerability data is provided by the Linux distribution vendor and how...

7.5CVSS0.9AI score0.02402EPSS
Exploits1
Information Security Automation
Information Security Automation
added 2019/03/11 3:16 p.m.62 views

First steps with Docker: installation in CentOS 7, vulnerability assessment, interactive mode and saving changes

Docker and containerization are literally everywhere. IMHO, this changes the IT landscape much more than virtualization and clouds. Let's say you have a host, you checked it and find out that there are no vulnerable packages. But what's the point if this host runs Docker containers with their own...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/02/13 10:32 a.m.62 views

Who should protect you from Cyber Threats?

The world is becoming increasingly dependent on information technologies. 1. Government. More and more states provide digital services for their citizens and rely complex information systems. 2. Business. There are no more companies that do not have IT infrastructure on-premises or cloud. IT...

Exploits0
Information Security Automation
Information Security Automation
added 2018/10/30 11:53 p.m.61 views

Splunk Discovery Day Moscow 2018

Today I attended the Splunk Discovery Day 2018 conference. It is something like a local equivalent of the famous Splunk .conf. More than 200 people have registered. The event was held in the luxury Baltschug Kempinski hotel in the very center of Moscow with a beautiful view of the Red Square and...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2023/04/23 11:11 p.m.60 views

Vulristics News: EPSS v3 Support, Integration into Cloud Advisor

Vulristics News: EPSS v3 Support, Integration into Cloud Advisor. Hello everyone! This episode will focus on the news from my open source Vulristics project for vulnerability analysis and prioritization. Alternative video link for Russia: https://vk.com/video-149273431456239122 EPSS v3 The third...

9.8CVSS9.7AI score0.95845EPSS
Exploits34
Information Security Automation
Information Security Automation
added 2018/09/15 9:22 p.m.59 views

Psychological Aspects of Vulnerability Remediation

In my opinion, Remediation is the most difficult part of Vulnerability Management process. If you know the assets in your organization and can assess them, you will sooner or later produce a good enough flow of critical vulnerabilities. But what the point, if the IT team will not fix them?...

0.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/08/31 9:17 p.m.59 views

Great OpenVAS news: delay in plugin feed will be dropped, new GVM-Tools for remote management released

Jan Oliver Wagner, CEO of Greenbone and OpenVAS Community leader sent recently several messages to community email list with the great news. First of all, Greenbone decided to drop two weeks delay in a free plugin feed, that was implemented in June 2017 and made some OpenVAS users pretty nervous....

6.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2023/05/27 10:39 p.m.58 views

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE. Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch...

9.8CVSS9.5AI score0.94683EPSS
Exploits11
Information Security Automation
Information Security Automation
added 2018/08/04 12:30 a.m.58 views

Sending tables from Atlassian Confluence to Splunk

Sometimes when we make automated analysis with Splunk, it might be necessary to use information that was entered or edited manually. For example, the classification of network hosts: do they belong to the PCI-DSS Scope or another group critical hosts or not. In this case, Confluence can be quite ...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/04/04 9:57 a.m.57 views

Can a Vulnerability Scan break servers and services?

The most serious problem of Vulnerability Scanners is that they are too complex and unpredictable. Usually they don't affect the target hosts, but when they do, welcome to hell! And if you scan huge infrastructure, tens thousands hosts and more, it's not "if" the scanner will break the server it'...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2020/02/24 12:14 a.m.56 views

Forrester report for Rapid7: number juggling and an excellent overview of Vulnerability Management problems

I recently read Forrester's 20-page report "The Total Economic Impact Of Rapid7 InsightVM". It is about the Cost Savings And Business Benefits that Vulnerability Management solution can bring to the organizations. In short, I didn't like everything related to money. It seems like juggling with...

0.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/08/20 2:56 p.m.56 views

Asset Inventory for Internal Network: problems with Active Scanning and advantages of Splunk

In the previous post, I was writing about Asset Inventory and Vulnerability Scanning on the Network Perimeter. Now it's time to write about the Internal Network. I see a typical IT-infrastructure of a large organization as monstrous favela, like Kowloon Walled City in Hong Kong. At the beginning ...

6.5AI score
Exploits0
Information Security Automation
Information Security Automation
added 2022/06/13 8:43 p.m.55 views

Vulners Linux Audit API: Security Bulletin Publication Dates in Results

Hello everyone! In this short episode, I want to talk about the new feature in Vulners Linux API. Alternative video link for Russia: Linux security bulletin publication dates are now included in scan results. Why is it useful? A few words why this Linux Audit API is needed. You collect a list of...

4.6CVSS6.5AI score0.00365EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2020/02/12 10:59 a.m.55 views

Crypto AG scandal

The article in The Washington Post is really huge, but even a brief glance is enough to see how absolutely amazing this Crypto scandal is. A great example of chutzpah. "Crypto AG was a Swiss company specialising in communications and information security. It was jointly owned by the American CIA...

1.5AI score
Exploits0
Information Security Automation
Information Security Automation
added 2020/04/13 4:4 p.m.54 views

AVLEONOV Podcast

I finally launched my own podcast. These are the audio tracks from my videos with some minimal changes, but it may be more convenient for someone to follow me this way. You can try to find my podcast in your podcast player by searching for "avleonov" well, at least it works in Podcast Addict or a...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/01/11 11:19 a.m.54 views

Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine

If you use Vulners.com vulnerability search engine, you probably know that it has a real "Time Machine". Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI: In most cases, the vendor just...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/11/16 2:52 p.m.54 views

Harassment scandals, Sheldon Cooper, Black Mirror and blockchain

Lots of good jokes in a popular TV show The Big Bang Theory are related to Sheldon Cooper's bureaucracy in interpersonal relationships: all these "roommate agreement", "relationship agreement", etc. However, because of these endless harassment scandals in media, now it seems like a best practice ...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/08/05 12:53 a.m.52 views

What I expect from IT Asset Inventory

The main problem of vulnerability management, in my opinion, is that it is not always clear whether we know about ALL network hosts existing in our infrastructure or not. So, not the actual process of scanning and the detection of vulnerabilities, but the lack of knowledge what we should scan...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/02/22 9:9 a.m.52 views

Masking Vulnerability Scan reports

Continuing the series of posts about Kenna "Analyzing Vulnerability Scan data", "Connectors and REST API" and similar services. Is it actually safe to send your vulnerability data to some external cloud service for analysis? Leakage of such information can potentially cause great damage to your...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/01/17 9:39 p.m.51 views

Confluence REST API for reading and updating wiki pages

In previous posts I wrote how to automate the work with Atlassian Jira, including automated ticket labeling. Now let's try to use REST API of another popular Atlassian product - Confluence wiki engine. What you may want to automate in Confluence? Obviously, it may be useful to read the pages that...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2020/12/05 7:19 p.m.49 views

MaxPatrol VM: An Ambitious Vision for Vulnerability Management Transformation

In this episode, I would like to share my thoughts about the new Vulnerability Management product by Positive Technologies - MaxPatrol VM. It was presented on November 16th, at the Standoff365 online conference full video in Russian. The presentation and concept of the product were very good. I...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/08/03 10:58 a.m.49 views

Not for Russians

Let's talk about web-site blocking. Not about cases of government censorship, not about cases where content is blocked for copyright reasons and not even about sanctions. I want to pay attention to the cases when companies block access to their own sites voluntarily for user from the whole countr...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/07/05 5:33 p.m.49 views

Petya, M.E.Doc and the problem of trust

I've already mentioned in "Petya the Great and why they don’t patch vulnerabilities", that NotPetya ransomware seems trivial from Vulnerability Management point of view. It uses known Windows vulnerabilities, that were patched by Microsoft long time ago. Despite of this, I was really interested i...

6.7AI score
Exploits0
Total number of security vulnerabilities389