389 matches found
Security News: Microsoft Patch Tuesday August 2021, Phishers Started Using reCAPTCHA, Scan 1 IP and Go to Jail
Hello everyone! Yet another news episode. Microsofts August Patch Tuesday Lets start with Microsofts August Patch Tuesday. I think the most interesting thing is that it contains a fix for the PetitPotam vulnerability. I talked about this vulnerability two weeks ago. At the time, Microsoft had no...
How to get Antivirus-related Data from Microsoft Defender for Endpoint using Intune and Graph API
Hello everyone! In this episode, I would like to tell you how I tried to get automatically antivirus-related data current status, engine and signature version, last full scan date from Microsoft Defender for Endpoint using Microsoft Intune and the Graph API. Why is this necessary? You might assum...
Last Weekโs Security News: Black Hat Pwnie Awards, iPhone Checks Photos, Evil Windows Print Server, Cisco VPN Routers Takeovers
Hello everyone! Last Weeks Security News, August 1 - August 8. Black Hat Pwnie Awards Last week was more quiet than normal with Black Hat USA and DEF CON security conferences. I would like to start with the Pwnie Awards, which are held annually at Black Hat. Its like an Oscar or Tony in the...
Last Weekโs Security news: Serious Sam in Metasploit, PetitPotam, Zimbra Hijack, Joint Advisory TOP30 CVEs
Hello everyone! Last Weeks Security News, July 26 - August 1. Serious Sam in Metasploit Last week I talked about the Serious Sam vulnerability CVE-2021-36934, also known as HiveNightmare. The name HiveNightmare comes from the fact that Windows stores its registry data in a small number of...
How to fix โNessus failed to load the SSH private keyโ error?
If you are using Nessus to scan Linux hosts and authenticate by key, you may encounter this problem. You have generated the keys correctly, placed the public key on a remote server. You can connect to this server using the private key. ssh -p22 -i privatekey [email protected] But when...
Last Weekโs Security news: Pegasus, SeriousSAM, Sequoia
Hello everyone! After 4 episodes of the Last Weeks Security news, I decided to change the format. I will no longer try to cover all the important news, because it takes a long time to prepare such reviews. So, from now on, I will focus only on a few news of the past week, which I subjectively...
My thoughts on the โ2021 Gartner Market Guide for Vulnerability Assessmentโ. What about the quality?
The Gartner Vulnerability Management Reports are one of the few marketing reports that I try to read regularly. This started back in the days when I was working for a VM vendor doing competitive analysis. Gartner is one of the few organizations that think about Vulnerability Assessment and...
Last Weekโs Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins
Hello guys! The fourth episode of Last Weekโs Security news, July 12 โ July 18. I would like to start with some new public exploits. I think these 4 are the most interesting. If you remember, 2 weeks ago I mentioned the ForgeRock Access Manager and OpenAM vulnerability CVE-2021-35464. Now there i...
Vulristics Microsoft Patch Tuesday July 2021: Zero-days EoP in Kernel and RCE in Scripting Engine, RCEs in Kernel, DNS Server, Exchange and Hyper-V
Hello everyone! For the past 9 months, Ive been doing Microsoft Patch Tuesday reviews quarterly. Now I think it would be better to review the July Patch Tuesday while the topic is still fresh. And that will save us some time in the next Last Weekโs Security news episode. So, July Patch Tuesday, 1...
Last Weekโs Security news: PrintNightmare patches and Metasploit, Kaseya CVEs, Morgan Stanley Accellion FTA, Cisco BPA and WSA, Philips Vue PACS, CISA RVAs, Lazarus job offers
Hello guys! The third episode of Last Weekโs Security news, July 5 - July 11. There was a lot of news last week. Most of them was again about PrintNightmare and Kaseya. The updates for PrintNightmare CVE-2021-34527 were finally released mid-week. It became possible not only to disable the service...
Vulristics: Microsoft Patch Tuesdays Q2 2021
Hello everyone! Lets now talk about Microsoft Patch Tuesday vulnerabilities for the second quarter of 2021. April, May and June. Not the most exciting topic, I agree. I am surprised that someone is reading or watching this. For me personally, this is a kind of tradition. Plus this is an opportuni...
Last Weekโs Security news: PrintNightmare, Kaseya, Intune, Metasploit Docker escape
Hello guys! The second episode of Last Weekโs Security news from June 28 to July 4. The most interesting vulnerability of the last week is of course Microsoft Print Spooler "PrintNightmare". By sending an RpcAddPrinterDriverEx RPC request, for example over SMB, a remote, authenticated attacker ma...
Vulristics HTML Report Update: Table for Products, Table for Vuln. Types and โPrevalenceโ
Hi guys! I was on vacation this week. So I had time to work on my Vulristics project. For those who dont know, this is a framework for prioritizing known CVE vulnerabilities. I was mainly grooming the HTML report. I added a logo at the top, set a max width for the report, added a timestamp when t...
Last Weekโs Security news: Cisco ASA, BIG-IQ, vSphere, Solaris, Dlink, iPhone %s, DarkRadiation, Google schema, John McAfee
Hello, today I want to experiment with a new format. I will be reading last weeks news from my @avleonovnews channel, which I found the most interesting. I do this mostly for myself, but if you like it too, then that would be great. Please subscribe to my YouTube channel and my Telegram...
PHDays 10: U.S. Sanctions, My Talk on Vulristics, Other Great Talks Related to VM
Today I will talk about the Positive Hack Days conference, which took place on May 20 and May 21 in Moscow. I can say that this was and remains the main event for Information Security Practitioners in Russia. First of all, I have to say a few words about the sanctions. The organizer of the event,...
Getting Hosts from Microsoft Intune MDM using Python
Today I want to talk about Microsoft Intune. It is a Mobile Device Management platform. Well, I think that the importance of MDM systems has become much higher than it was before the days of covid-19. Simply because a lot more people now work remotely using corporate laptops. And if these people...
AM Live Vulnerability Management Conference Part 2: What was I talking about there
Hello all! It is the second part about AM Live Vulnerability Management conference. In the first part I made the timecodes for the 2 hours video in Russian. Here I have combined all my lines into one text. What is Vulnerability Management? Vulnerability Management process is the opposite of the...
AM Live Vulnerability Management Conference Part 1: Full video in Russian + Timecodes in English
Hello all! 2 weeks ago I participated in the best online event fully dedicated to Vulnerability Management in Russia. It was super fun and exciting. Thanks to all the colleagues and especially to Lev Paley for the great moderation! I have talked out completely. Everything I wanted and the way I...
Vulristics: Microsoft Patch Tuesdays Q1 2021
Hello everyone! It has been 3 months since my last review of Microsoft vulnerabilities for Q4 2020. In this episode I want to review the Microsoft vulnerabilities for the first quarter of 2021. There will be 4 parts: January, February, March and the vulnerabilities that were released between the...
Vulristics: Beyond Microsoft Patch Tuesdays, Analyzing Arbitrary CVEs
Hello everyone! In this episode I would like to share an update for my Vulristics project. For those who dont know, in this project I am working on an alternative vulnerability scoring based on publicly available data to highlight vulnerabilities that need to be fixed as soon as possible. Roughly...
Microsoft Defender for Endpoint: Why You May Need It and How to Export Hosts via API in Python
Hello everyone! In this episode, I want to talk about Microsoft Defender for Endpoint. Itโs not a well-known free Defender antivirus built in Windows 10, but an enterprise level solution with the similar name. Yes, the naming is pretty confusing. I will not repeat Microsofts marketing thesis. Jus...
Vulners Linux Audit API for Host Vulnerability Detection: Manual Auditing, Python Scripting and Licensing
Hello everyone! This episode will be about Vulners Linux Audit API, which allows you to detect vulnerabilities on a Linux host knowing only the OS version and installed packages. I had a similar post about this 4 years ago, but some details have changed, so I came back to this topic. Manual Audit...
Vulristics Vulnerability Score, Automated Data Collection and Microsoft Patch Tuesdays Q4 2020
In this episode I would like to make a status update of my Vulristics project. For those who dont know, in this project I retrieve publicly available vulnerability data and analyze it to better understand the severity of these vulnerabilities and better prioritize them. Currently, it is mainly...
My projects that are not related to Information Security: Yennysay TTS and PyTouchOk companion app
Thanks to the long New Year holidays in Russia, I had time to work on my own projects that are not related to information security. I released them on github and recorded short demos by the way, Zoom is quite convenient for this! ?. Yennysay is a GUI text-to-speach tool that uses a free offline T...
MaxPatrol VM: An Ambitious Vision for Vulnerability Management Transformation
In this episode, I would like to share my thoughts about the new Vulnerability Management product by Positive Technologies - MaxPatrol VM. It was presented on November 16th, at the Standoff365 online conference full video in Russian. The presentation and concept of the product were very good. I...
Nessus Essentials with offline registration and plugin updates
In this episode, I would like to talk about Nessus Essentials and, in particular, how to register and update it without direct internet access. Nothing complicated, but there are a couple of pitfalls that I would like to share. Lets say you need to scan a host in a critical autonomous segment whe...
Microsoft Patch Tuesday September 2020: Zerologon and other exploits, RCEs in SharePoint and Exchange
I would like to start this post by talking about Microsoft vulnerabilities, which recently turned out to be much more serious than it seemed at first glance. Older Vulnerabilities with exploits "Zerologon" Netlogon RCE CVE-2020-1472 One of them is, of course, the Netlogon vulnerability from the...
Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation, useful for phishing and others
This time I would like to review not only the vulnerabilities that were published in the last August Microsoft Patch Tuesday, but also the CVEs that were published on other, not Patch Tuesday, days. Of course, if there are any. But lets start with the vulnerabilities that were presented on MS Pat...
Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint
I am doing this episode about July vulnerabilities already in August. There are 2 reasons for this. First of all, July Microsoft Patch Tuesday was published in the middle of the month, as late as possible. Secondly, in the second half of July I spent my free time mostly on coding. And I would lik...
Barapass, Tsunami scanner, vulnerabilities in Windows DNS Server and SAP products, weird attack on Twitter
This episode is based on posts from my Telegram channel avleonovcom, published in the last 2 weeks. So, if you use Telegram, please subscribe. I update it frequently. Barapass update I recently released an update to my password manager barapass. BTW, it seems to be my only pet project at the MVP...
Microsoft Patch Tuesday June 2020: The Bleeding Ghost of SMB
This time, Microsoft addressed 129 vulnerabilities: 11 critical and 118 important. In fact, in the file that I exported from the Microsoft website, I saw 2 more CVEs CVE-2020-1221, CVE-2020-1328 related to Microsoft Dynamics 365 on-premises. But there is no information on them on the Microsoft...
How to list, create, update and delete Grafana dashboards via API
I have been a Splunk guy for quite some time, 4 years or so. I have made several blog posts describing how to work with Splunk in automated manner see in appendix. But after their decision to stop their business in Russia last year, including customer support and selling software and services, it...
Add new features to Notepad++ using Python scripts: keyboard shortcut to insert current time
I have to say, I spend a lot of time daily in Notepad++ text editor for Windows. I keep my โlogbookโ there. I record what I am doing now and what needs to be done. This allows me not to keep everything in my head and switch the context more efficiently. I can recommend this to everyone. And it is...
Microsoft Patch Tuesday May 2020: comments from VM vendors, promising stuff for phishing, troubles with SharePoint and lulz with Visual Studio
This will be my third Microsoft Patch Tuesday report in video and audio format. And for the third time in a row, Microsoft has addressed over a hundred vulnerabilities. With my Microsoft Patch Tuesday parser, it was possible to generate a report almost on the same day. But, of course, it takes mu...
Anti-Phishing process with advanced phishing attacks simulation
This time I want to write about the service of my friends from Antiphish. They call it โsecurity awareness and employee behaviour management platformโ. Simply put, they teach company employees how to detect and avoid phishing attacks. By the way, they are great guys, made a demo for me, prepared...
Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities
Easiest task ever? Making the reviews of Microsoft Patch Tuesday vulnerabilities should be an easy task. All vulnerability data is publicly available. Even better, dozens of reviews have already been written. Just read them, combine and post. Right? Not really. In fact it is quite boring and...
AVLEONOV Podcast
I finally launched my own podcast. These are the audio tracks from my videos with some minimal changes, but it may be more convenient for someone to follow me this way. You can try to find my podcast in your podcast player by searching for "avleonov" well, at least it works in Podcast Addict or a...
Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 โWormableโ RCE and updates for February goldies
SMBv3 "Wormable" RCE Without a doubt, the hottest Microsoft vulnerability in March 2020 is the "Wormable" Remote Code Execution in SMB v3 CVE-2020-0796. The most commonly used names for this vulnerability are EternalDarkness, SMBGhost and CoronaBlue. There was a strange story of how it was...
Parsing Nessus v2 XML reports with python
Upd. This is an updated post from 2017. The original script worked pretty well for me until the most recent moment when I needed to get compliance data from Nessus scan reports, and it failed. So I researched how this information is stored in a file, changed my script a bit, and now I want to sha...
Forrester report for Rapid7: number juggling and an excellent overview of Vulnerability Management problems
I recently read Forrester's 20-page report "The Total Economic Impact Of Rapid7 InsightVM". It is about the Cost Savings And Business Benefits that Vulnerability Management solution can bring to the organizations. In short, I didn't like everything related to money. It seems like juggling with...
Microsoft Patch Tuesday February 2020
IMHO, these are the two most interesting vulnerabilities in a recent Microsoft Patch Tuesday February 2020: Mysterious Windows RCE CVE-2020-0662. "To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary...
Crypto AG scandal
The article in The Washington Post is really huge, but even a brief glance is enough to see how absolutely amazing this Crypto scandal is. A great example of chutzpah. "Crypto AG was a Swiss company specialising in communications and information security. It was jointly owned by the American CIA...
Is Vulnerability Management more about Vulnerabilities or Management?
I've just read a nice article about Vulnerability Management in the Acribia blog in Russian. An extract and my comments below. In the most cases Vulnerability Management is not about Vulnerabilities, but about Management. Just filtering the most critical vulnerabilities is not enough. Practical...
Big Microsoft day: EOL for Win7, Win2008 and crypt32.dll
Big Microsoft day. End-of-life for Windows 7 desktops and Windows 2008 servers strictly speaking Windows Server 2008 R2. I think that today many security guys had a fun task to count how many host hosts with win7 and win2008 they still have in the organization. So, Asset Management is a necessity...
IT Security in The New Pope
Lol, IT Security is everywhere. Even in the first episode of "The New Pope" TV series the sequel of "The Young Pope", 2016 some monks change credentials in the Vatican's IT systems under cover of night. This happened after, well, some unexpected changes in the corporate culture and organizational...
0day RCE in Firefox
This seems like a pretty interesting vulnerability CVE-2019-17026 in Firefox and Thunderbird in Windows, MacOS and Linux. "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this...
The first Zbrunk dashboard and other news
The long New Year holiday season in Russia was not in vain. I had time to work on Zbrunk. As you can see, I made my first dashboard and added other features. No more timestamps in code I added functions to get Unix timestamps from lines in human-readable time format, e.g. "2019.12.10 13:00:00"...
CISO Forum 2019: Vulnerability Management, Red Teaming and a career in Information Security abroad
Today, at the very end of 2019, I want to write about the event I attended in April. Sorry for the delay . This doesn't mean that CISO Forum 2019 was not Interesting or I had nothing to share. Not at all! In fact, it was the most inspiring event of the year, and I wanted to make a truly monumenta...
Detectify Asset Inventory and Monitoring
Continuing the topic about perimeter services. As I mentioned earlier, I don't think that the external perimeter services should be considered as a fully functional replacement for custom Vulnerability Management processes. I would rather see their results as an additional feed showing the proble...
Vulnerability Management Product Comparisons (October 2019)
Here I combined two posts 1.2 from my telegram channel about comparisons of Vulnerability Management products that were recently published in October 2019. One of them was more marketing, published by Forrester, the other was more technical and published by Principled Technologies. I had some...