Lucene search
K
AvleonovRecent

389 matches found

Information Security Automation
Information Security Automation
added 2019/10/27 8:19 p.m.16 views

Zbrunk search launcher and event types statistics

I also changed the priorities. Now I think it would be better not to integrate with Grafana, but to create own dashboards and GUI. And to begin with, I created a simple interface for Searching and Deleting events. upd. 16.12.2019 A small update on Zbrunk. First of all, I created a new API call th...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/10/14 1:26 a.m.225 views

CentOS 8 with IceWM Desktop Environment

Do you need CentOS 8 with IceWM as desktop Operating System? Most likely not. Especially if you want it to work smoothly without any worries and troubles. However, if you enjoy playing with new desktop environments, you might find it fun. My reasons were as follows: 1. I wanted to use the same...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/09/23 12:1 a.m.146 views

Dante SOCKS5 server with authentication

It's not so obvious that socks servers with authentication are a necessary thing. 1. You can run a "local socks service" simply by connecting to a remote host via ssh with -D 2. Most of software products, that support socks, don't support socks servers with authentication The last fact I find ver...

0.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/09/17 12:35 p.m.83 views

Barapass console Password Manager

I decided to publish my simple console Password Manager. I called it barapass github. I've been using It for quite some time in Linux and in Windows in WSL. Probably it will also work natively in Windows and MacOS with minimal fixes, but I haven't tried it yet. Why do people use password managers...

Exploits0
Information Security Automation
Information Security Automation
added 2019/08/25 8:6 p.m.13 views

Zbrunk universal data analysis system

Zbrunk project github began almost like a joke. And in a way it is. In short, my friends and I decided to make an open-source MIT license tool, which will be a kind of alternative to Splunk for some specific tasks. So, it will be possible to: Put structured JSON events in Zbrunk using http...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/08/12 10:58 a.m.138 views

How to get the Organization Units (OU) and Hosts from Microsoft Active Directory using Python ldap3

I recently figured out how to work with Microsoft Active Directory using Python 3. I wanted to get a hierarchy of Organizational Units OUs and all the network hosts associated with these OUs to search for possible anomalies. If you are not familiar with AD, here is a good thread about the...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/08/11 8:22 p.m.86 views

Publicly available Tenable .audit scripts

This is most likely a slowpoke news, but I just found out that Tenable .audit files with formalized Compliance Management checks are publicly available and can be downloaded without any registration. However, you must accept the looooong license agreement. So, I have two completely theoretical!...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/07/17 3:7 p.m.382 views

Kaspersky Security Center 11 API: getting information about hosts and installed products

I spent a lot of time last week working with the new API of Kaspersky Security Center 11. KSC is the administration console for Kaspersky Endpoint Protection products. And it has some pretty interesting features besides the antivirus/antimalware, for example, vulnerability and patch management. S...

7.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/07/09 1:42 p.m.79 views

The most magnificent thing about Vulnerabilities and who is behind the magic

What I like the most about software vulnerabilities is how "vulnerability", as a quality of a real object and the computer program is real, literally appears from nothing. Let's say we have a fully updated server. We turn it off, lock it in a safe and forget about it for half a year. Six months...

1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/05/31 8:37 p.m.329 views

PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Management products

On May 21, I spoke at the PHDays 9 conference. I talked about new methods of Vulnerability Prioritization in the products of Vulnerability Management vendors. During my 15 minutes time slot I defined the problems that this new technology has to solve, showed why these problems could NOT be solved...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/05/01 3:8 p.m.42 views

Code IB 2019: Vulnerability Management Masterclass

On March 29, I held one hour master class "HOW to avoid excessive formalism in Vulnerability Management process" at Code IB Profi 2019. Everything went quite well and I've got 88% positive ratings. Not bad result ^^. The main feature of the conference was a very special audience. The only way to...

0.6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/04/29 11:16 a.m.44 views

Vulnerability Management vendors and Vulnerability Remediation problems

It's not a secret, that Vulnerability Management vendors don't pay much attention to the actual process of fixing vulnerabilities, that they detect in the infrastructure Vulnerability Remediation. Although it seems to be the main goal of VM products: to make vulnerabilities fixed and whole IT...

0.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/04/15 9:5 a.m.127 views

Why Asset Management is so important for Vulnerability Management and Infrastructure Security?

When people ask me how should they start building Vulnerability Management process in their organization well, sometimes it happens, I advice them to create an effective Asset Management process first. Because it's the foundation of the whole Infrastructure Security. The term "Asset Management" h...

0.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/04/04 9:57 a.m.57 views

Can a Vulnerability Scan break servers and services?

The most serious problem of Vulnerability Scanners is that they are too complex and unpredictable. Usually they don't affect the target hosts, but when they do, welcome to hell! And if you scan huge infrastructure, tens thousands hosts and more, it's not "if" the scanner will break the server it'...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/03/11 3:16 p.m.62 views

First steps with Docker: installation in CentOS 7, vulnerability assessment, interactive mode and saving changes

Docker and containerization are literally everywhere. IMHO, this changes the IT landscape much more than virtualization and clouds. Let's say you have a host, you checked it and find out that there are no vulnerable packages. But what's the point if this host runs Docker containers with their own...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/03/04 10:38 a.m.587 views

Vulnerability Management at Tinkoff Fintech School

In the last three weeks, I participated in Tinkoff Fintech School - educational program for university students. Together with my colleagues, we prepared a three-month practical Information Security course: 1 lecture per week with tests and home tasks. Each lecture is given by a member of our...

9.3CVSS8.2AI score0.99988EPSS
Exploits83
Information Security Automation
Information Security Automation
added 2019/02/28 10:10 a.m.71 views

Tenable IO WAS Chrome Extension

In the comments of the previous post about Tenable IO WAS Fergus Cooney mentioned a new Google Chrome extension for Tenable IO WAS, that should help in configuring scan Authentication setting. You can install it in Chrome Web Store. The idea is great. Authentication process in modern web...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/02/25 1:14 p.m.182 views

Martian Vulnerability Chronicles

Well, there should have been an optimistic post about my vulnerability analysis & classification pet-project. Something like "blah-blah-blah the situation is pretty bad, tons of vulnerabilities and it's not clear which of them can be used by attackers. BUT there is a way how to make it better usi...

7.2CVSS0.1AI score0.00651EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2019/02/20 10:1 a.m.249 views

First look at Tenable.io Web Application Scanner (WAS)

When Tenable firstly announced Web Application Security scanner as a part of their new Tenable.io platform, it was quite intriguing. Certainly, they already had some WAS functionality before in Nessus. For example, path traversal check was pretty good. But this functionality was quite fragmental...

0.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/02/18 10:54 a.m.117 views

How to make Email Bot service in Python

First of all, why you may want to use such service? Despite the fact that currently there are so many different channels of communication including various messaging apps, Email is still a default and universal way to do it. Literally every enterprise service supports email notifications, even if...

7.5AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/02/13 10:32 a.m.62 views

Who should protect you from Cyber Threats?

The world is becoming increasingly dependent on information technologies. 1. Government. More and more states provide digital services for their citizens and rely complex information systems. 2. Business. There are no more companies that do not have IT infrastructure on-premises or cloud. IT...

Exploits0
Information Security Automation
Information Security Automation
added 2019/02/11 10:31 a.m.81 views

No left boundary for Vulnerability Detection

It's another common problem in nearly all Vulnerability Management products. In the post "What’s wrong with patch-based Vulnerability Management checks?" I wrote about the issues in plugin descriptions, now let's see what can go wrong with the detection logic. The problem is that Vulnerability...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/02/07 8:24 a.m.146 views

Retrieving data from Splunk Dashboard Panels via API

Fist of all, why might someone want to get data from the panels of a dashboard in Splunk? Why it might be useful? Well, if the script can process everything that human analyst sees on a Splunk dashboard, all the automation comes very natural. You just figure out what routine operations the analys...

7.4AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/02/04 11:37 a.m.89 views

Open Positioner: my new project for tracking IT and security jobs

The idea of my new project is to retrieve the data from job-searching websites and provide better filtering, searching and visualization. I think for the most people who read this, searching for a job in Internet is a pretty common activity. Even if you are not going to change job right now, it...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/01/30 9:31 a.m.93 views

Vulnerability Life Cycle and Vulnerability Disclosures

Vulnerability Life Cycle diagram shows possible states of the vulnerability. In a previous post I suggested to treat vulnerabilities as bugs. Every known vulnerability, as same as every bug, was implemented by some software developer at some moment of time and was fixed at some moment of time...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/01/28 9:41 a.m.163 views

What is a vulnerability and what is not?

It looks like a pretty simple question. I used it to started my MIPT lecture. But actually the answer is not so obvious. There are lots of formal definitions of a vulnerability. For example in NIST Glossary there are 17 different definitions. The most popular one used in 13 documents is:...

7.2CVSS7.8AI score0.2704EPSS
Exploits39
Information Security Automation
Information Security Automation
added 2019/01/17 8:24 p.m.121 views

Creating Splunk Alerts using API

As I mentioned in "Accelerating Splunk Dashboards with Base Searches and Saved Searches", Splunk Reports are basically the Saved Searches. Moreover, Splunk Alerts are also the same Saved Searches with some additional parameters. The question is what parameters you need to set to get the right...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/01/11 11:17 p.m.171 views

What’s wrong with patch-based Vulnerability Management checks?

My last post about Guinea Pigs and Vulnerability Management products may seem unconvincing without some examples. So, let's review one. It's a common problem that exists among nearly all VM vendors, I will demonstrate it on Tenable Nessus. If you perform vulnerability scans, you most likely seen...

6.6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/01/10 9:49 p.m.161 views

Managing JIRA Scrum Sprints using API

Atlassian Jira is a great tool for organizing Agile processes, especially Scrum. But managing Scrum Sprints manually using Jira web GUI maybe time consuming and annoying. So, I decided to automate some routine operations using JIRA API and Python. The API calls are described on the official page ...

0.4AI score
Exploits0
Information Security Automation
Information Security Automation
added 2019/01/08 10:15 p.m.80 views

Packabit project: building Nmap deb packages for Ubuntu

During the long New Year holidays 30 dec - 8 jan I started a new project: Vagrant-based Linux package builder called Packabit. I thought it might be nice to have scripts that will automatically build a Linux packages from sources and will NOT litter main system with unnecessary packages. Somethin...

7.4AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/12/29 4:29 p.m.84 views

MIPT/PhysTech guest lecture: Vulnerabilities, Money and People

On December 1, I gave a lecture at the Moscow Institute of Physics and Technology informally known as PhysTech. This is a very famous and prestigious university in Russia. In Soviet times, it trained personnel for Research Institutes and Experimental Design Bureaus, in particular for the Soviet...

0.6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/12/24 10:36 p.m.275 views

New Advanced Dynamic Scan Policy Template in Nessus 8

According to Nessus 8.1.0 release notes, Tenable finally solved the problem with Mixed Plugin groups. At least partially. I will briefly describe the problem. Let's say we found out that some Nessus plugins crash our target systems. This happens rarely, but it happens. So, we decided to disable...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/12/21 6:21 p.m.196 views

Guinea Pig and Vulnerability Management products

IMHO, security vendors use the term "Vulnerability Management" extremely inaccurate. Like a guinea pig, which is not a pig and is not related to Guinea, the current Vulnerability Management products are not about the actual practically exploitable vulnerabilities and not really about the...

Exploits0
Information Security Automation
Information Security Automation
added 2018/12/05 1:10 p.m.45 views

PRYTEK meetup: Breach and Attack Simulation or Automated Pentest?

Last Tuesday, November 27, I spoke at "Business Asks for Cyber Attacks" meetup organized by PRYTEK investment platform. The event was held at the PRYTEK Moscow office in a beautiful XIX century building of a former textile manufactory. The goal of the meetup was to talk about new approaches in...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/11/29 11:50 a.m.96 views

Making Vulnerable Web-Applications: XXS, RCE, SQL Injection and Stored XSS ( + Buffer Overflow)

In this post I will write some simple vulnerable web applications in python3 and will show how to attack them. This is all for educational purposes and for complete beginners. So please don't be too hard on me. As a first step I will create a basic web-application using twisted python web server...

8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/11/13 10:41 p.m.75 views

VB-Trend 2018 Splunk Conference

Today I attended VB-Trend 2018 Splunk conference organized by system integrator VolgaBlob. Video fragments from the event: Comparing to "Splunk Discovery Day", the conference was much smaller less than 100 people, focused on technical aspects, Information Security and informal communication. And...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/11/11 7:51 p.m.219 views

Making CVE-1999-0016 (landc) vulnerability detection script for Windows NT

The fair question is why in 2018 someone might want to deal with Windows NT and vulnerabilities in it. Now Windows NT is a great analogue of DVWA Damn Vulnerable Web Application, but for operating systems. There are a lot of well-described vulnerabilities with ready-made exploits. A great tool fo...

5CVSS6.8AI score0.95739EPSS
Exploits1
Information Security Automation
Information Security Automation
added 2018/11/05 7:22 a.m.554 views

Adding custom NASL plugins to Tenable Nessus

Making custom NASL scripts plugins for Nessus is a pretty complicated process. Basically, NASL Nessus Attack Scripting Language is an internal instrument of Tenable and it seem that they are not really interested in sharing it with the community. The only publicly available official documentation...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/10/30 11:53 p.m.61 views

Splunk Discovery Day Moscow 2018

Today I attended the Splunk Discovery Day 2018 conference. It is something like a local equivalent of the famous Splunk .conf. More than 200 people have registered. The event was held in the luxury Baltschug Kempinski hotel in the very center of Moscow with a beautiful view of the Red Square and...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/10/28 10:31 p.m.359 views

Deploying VirtualBox virtual machines with Vagrant

I often use virtual machines for various tasks: from building software packages to testing software products or PoCs for vulnerabilities. Creating a virtual machine in Oracle VirtualBox is a time-consuming and annoying process: set parameters of VM, attach iso, make dozens of clicks in OS...

0.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/10/24 10:17 p.m.144 views

What’s new in Nessus 8

Today Tenable released a new version of their famous vulnerability scanner - Nessus 8. The existing scanner nodes don't see the updates yet, but the installation binaries are already available. So you may try to install it. This major release will be way more positive than the previous one. Of...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/10/21 5:51 p.m.86 views

Accelerating Splunk Dashboards with Base Searches and Saved Searches

Let's say we have a Splunk dashboard with multiple panels. Each panel has its own search request and all of these requests work independently and simultaneously. If they are complex enough, rendering the dashboard may take quite a long time and some panels may even fall by timeout. How to avoid...

7.5AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/09/26 9:18 p.m.96 views

How to create and manage Splunk dashboards via API

In the previous post "How to correlate different events in Splunk and make dashboards" I mentioned that Splunk dashboards can be presented in a simple XML form. You can generate it with some script and then copy-past it in Splunk GUI. However, this manual operations can make the process of...

7.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/09/23 5:37 p.m.133 views

ISACA Moscow Vulnerability Management Meetup 2018

Last Thursday, September 20th, I spoke at ISACA Moscow "Vulnerability Management" Meetup held at Polytechnic University. The only event in Moscow devoted solely to Vulnerability Management. So I just had to take part in it. The target audience of the event - people who implement the vulnerability...

0.5AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/09/15 9:22 p.m.59 views

Psychological Aspects of Vulnerability Remediation

In my opinion, Remediation is the most difficult part of Vulnerability Management process. If you know the assets in your organization and can assess them, you will sooner or later produce a good enough flow of critical vulnerabilities. But what the point, if the IT team will not fix them?...

0.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/09/08 7:26 p.m.65 views

Making Expect scripts for SSH Authentication and Privilege Elevation

Expect can help you to automate interactive console applications. For example, expect script can go to some Linux host via SSH with password authentication, make additional authentication procedures su, sudo to elevate privileges and execute some commands. Like Vulnerability and Compliance...

0.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/09/05 7:57 p.m.424 views

Retrieving IT Asset lists from NetBox via API

A little bit more about IT Asset Inventory of Internal Network, that your IT team can provide. I have recently worked with NetBox - an open source IP address management IPAM and data center infrastructure management DCIM solution developed by well-known cloud hosting provider DigitalOcean. It's n...

7.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/09/01 6:12 p.m.432 views

Assessing Linux Security Configurations with SCAP Workbench

Recently I had a chance to work with OpenSCAP. It's a set of free and open-source tools for Linux Configuration Assessment and a collection security content in SCAP Security Content Automation Protocol format. In this post I will write about SCAP Workbench. It is a GUI application that can check...

Exploits0
Information Security Automation
Information Security Automation
added 2018/08/22 6:11 p.m.70 views

CyberThursday: Asset Inventory, IT-transformation in Cisco, Pentest vs. RedTeam

Two weeks ago I was speaking at a very interesting information security event - CyberThursday. This is a meeting of a closed Information Security practitioners group. The group is about 70 people, mainly from the financial organizations, telecoms and security vendors. These meetings have a rather...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/08/20 2:56 p.m.56 views

Asset Inventory for Internal Network: problems with Active Scanning and advantages of Splunk

In the previous post, I was writing about Asset Inventory and Vulnerability Scanning on the Network Perimeter. Now it's time to write about the Internal Network. I see a typical IT-infrastructure of a large organization as monstrous favela, like Kowloon Walled City in Hong Kong. At the beginning ...

6.5AI score
Exploits0
Total number of security vulnerabilities389