389 matches found
Asset Inventory for Network Perimeter: from Declarations to Active Scanning
In the previous post, I shared some of my thoughts about the good Asset Inventory system. Of course, for me as a Security Specialist, it would be great if IT will provide such magical system. But such an ideal situation is rarely possible. So now let's see how to build an Asset Inventory system...
What I expect from IT Asset Inventory
The main problem of vulnerability management, in my opinion, is that it is not always clear whether we know about ALL network hosts existing in our infrastructure or not. So, not the actual process of scanning and the detection of vulnerabilities, but the lack of knowledge what we should scan...
Sending tables from Atlassian Confluence to Splunk
Sometimes when we make automated analysis with Splunk, it might be necessary to use information that was entered or edited manually. For example, the classification of network hosts: do they belong to the PCI-DSS Scope or another group critical hosts or not. In this case, Confluence can be quite ...
Sending FireEye HX data to Splunk
FireEye HX is an agent-based Endpoint Protection solution. Something like an antivirus, but focused on Advanced Persistent Threats APT. It has an appliance with GUI where you can manage the agents and see information about detected security incidents. As with any agent-based solution, it's...
How to correlate different events in Splunk and make dashboards
Recently I've spent some time dealing with Splunk. Despite the fact that I have already done various Splunk searches before, for example in "Tracking software versions using Nessus and Splunk", the correlation of different events in Splunk seems to be a very different task. And there not so many...
Free High-Tech Bridge ImmuniWeb Application Discovery service
Today I would like to talk about another service for application security analysis by High-Tech Bridge. It's called ImmuniWeb Application Discovery. This service can get information about your web and mobile applications available from the Internet. Believe me, this is not so obvious for a large...
Qualys Security Conference Virtual 2018. New Agents, Patch Management and Free Services
Today I attended a very interesting online event - Qualys Security Conference Virtual 2018. It consisted of 11 webinars, began at 18:00 and will end at 03:45 Moscow time. Not the most convenient timing for Russia, but it was worth it. Last time I was at offline QSC event in 2016, so for me it was...
U.S. sanctions against Russian cybersecurity companies
I never thought that I will write here about state sanctions. Usually I try to ignore political topics. But now it's necessary. Yesterday OFAC introduced sanctions against 5 Russian companies. I would like to mention 3 of them: Digital Security - one of the leading Russian Information Security...
PHDays8: Digital Bet and thousands tons of verbal ore
It's time to write about Positive Hack Days 8: Digital Bet conference, which was held May 15-16 at the Moscow World Trade Center. It was the main Russian Information Security event of the first half of 2018. More than 4 thousand people attended! More than 50 reports, master classes and round tabl...
Vulnerability Databases: Classification and Registry
What publicly available Vulnerability Databases do we have? Well, I can only say that there are a lot of them and they are pretty different. Here I make an attempt to classify them. It's quite an ungrateful task. No matter how hard you try, the final result will be rather inaccurate and incomplet...
Outpost24 Appsec Scale for Web Application Scanning
Today I would like to write about yet another Outpost24 product - cloud Web Application Scanner Appsec Scale. It is available in the same interface as Outpost24 Outscan, that I reviewed earlier. Select APPSEC SCALE in the start menu and you can scan web applications: New application If you don't...
Potential RCE in Nessus 7 and attacks on Vulnerability Scanners
A few days ago I saw an interesting youtube video UPD. 14.05.18 Not available anymore in my Facebook feed. It is demonstrating the exploitation of the RCE vulnerability in Tenable Nessus Professional 7.0.3. Currently we have very few information about this vulnerability: only youtube video, which...
Outpost24 OUTSCAN for detecting vulnerabilities on your network perimeter
Today I would like to write a post about Outpost24. This company was founded in 2001. For comparison, Tenable was founded in 2002 and Qualys in 1999. So, it's a company with a pretty long history. Outpost24 make Vulnerability Management & Web Application Security products and provide various...
CISO Forum and the problems of Vulnerability Databases
Last Tuesday, April 24, I was at "CISO FORUM 2020: glance to the future". I presented there my report "Vulnerability Databases: sifting thousands tons of verbal ore". In this post, I'll briefly talk about this report and about the event itself. My speech was the last in the program. At the same...
CyberCentral Summit 2018 in Prague
Almost whole last week I spent in Prague at CyberCentral conference. It was a pretty unique experience for me. I was for the first time at the International conference as a speaker. And not only I presented my report there, but lead the round table on Vulnerability Management and participated in ...
Vulchain scan workflow and search queries
This post will be about my Vulnerability Scanner project - Vulchain. Recently I've spent couple of my weekends almost exclusively on coding: refactoring the scan engine, creating API and GUI. I was doing it because of the conferences, where I will be speaking soon: April 11-13 CyberCentral in...
OpenVAS Knowledge Base become smaller
At 23 January Jan Oliver Wagner, leader of OpenVAS project and Greenbone CEO, sent an email with a subject "Attic Cleanup". In this message, he mentioned, that some NASL plugins will be excluded from the public NVT / Greenbone Community Feed GCF soon. On the one hand it seems logical. These old...
A few words about Gartner’s “Magic Quadrant for Application Security Testing” 2018
February and March are the hot months for marketing reports. I already wrote about IDC and Forrester reports about Vulnerability Management-related markets. And this Monday, March 19, Gartner released new "Magic Quadrant for Application Security Testing". You can buy it on the official website fo...
My short review of “The Forrester Wave: Vulnerability Risk Management, Q1 2018”
Last week, March 14, Forrester presented new report about Vulnerability Risk Management VRM market. You can purchase it on official site for $2495 USD or get a free reprint on Rapid7 site. Thanks, Rapid7! I've read it and what to share my impressions. I was most surprised by the leaders of the...
My short review of “IDC Worldwide Security and Vulnerability Management Market Shares 2016”
On February 12 IDC published new report about Security and Vulnerability Management market. You can buy it on the official website for $4500. Or you can simply download free extract on Qualys website Thanks, Qualys!. I've read it and now I want to share my impressions. I think it's better start...
Dealing with Nessus logs
Debugging Nessus scans is a very interesting topic. And it is not very well described even in Tenable University course. It become especially interesting when you see strange network errors in the scan results. Let's see how we can troubleshoot Nessus scans without sending Nessus DB files to...
Converting Nmap xml scan reports to json
Unfortunately, Nmap can not save the results in json. All available output options: -oN filespec normal output -oX filespec XML output -oS filespec ScRipT KIdd|3 oUTpuT -oG filespec grepable output -oA basename Output to all formats And processing xml results may not be easy an easy task. Just lo...
Non-reliable Nessus scan results
Do you perform massive unauthenticated vulnerability scans with Nessus? It might be a bad idea. It seems that Nessus is not reliable enough to assess hundreds and thousands of hosts in one scan and can lose some valuable information. The thing is that sometimes Nessus does not detect open ports a...
Masking Vulnerability Scan reports
Continuing the series of posts about Kenna "Analyzing Vulnerability Scan data", "Connectors and REST API" and similar services. Is it actually safe to send your vulnerability data to some external cloud service for analysis? Leakage of such information can potentially cause great damage to your...
Tenable University: Nessus Certificate of Proficiency
Yesterday I finished "Nessus Certificate of Proficiency" learning plan at Tenable University and passed the final test. Here I would like to share my impressions. First of all, few words about my motivation. I use Nessus literally every day at work. So, it was fun to check my knowledge. I already...
Kenna Security: Connectors and REST API
In the last post about Kenna Security cloud service I mentioned their main features for analyzing data from different vulnerability scanners. Now let's see how to import Tenable Nessus scan results in Kenna. Here you can see the list of connectors for all supported products: Three connectors for...
Nessus Manager disappeared and Tenable.io On-Prem was announced
If you open Tenable Products page right now you will not see Nessus Manager there anymore. Nessus Manager page "The Power of Nessus for Teams" was also deleted. However, it is still mentioned in the product comparison. Agent-Based Scanning in SecurityCenter and SecurityCenter Continuous View "...
Making simple Nmap SPA web GUI with Apache, AngularJS and Python Twisted
The last time I was developing dynamic web applications years ago. I used CGI and PHP back then. Now I am really interested in a modern approach, when you have a Single Page Web Application SPA written in HTML and JavaScript, that makes http requests to some external API. It's pretty cool, becaus...
Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0
Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. You can read my description of the version 1.0 at "Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome". Killing feature of Vulners web scanner v. 2.0 is...
Kenna Security: Analyzing Vulnerability Scan data
I've been following Kenna Security before 2015 Risk I/O for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various vulnerability scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts an...
Confluence REST API for reading and updating wiki pages
In previous posts I wrote how to automate the work with Atlassian Jira, including automated ticket labeling. Now let's try to use REST API of another popular Atlassian product - Confluence wiki engine. What you may want to automate in Confluence? Obviously, it may be useful to read the pages that...
Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine
If you use Vulners.com vulnerability search engine, you probably know that it has a real "Time Machine". Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI: In most cases, the vendor just...
Vulchain Scanner: 5 basic principles
New Year holidays in Russia lasts 10 days this year! Isn't it an excellent opportunity to start a new project? So, I decided to make my own active network vulnerability scanner - Vulchain. Why? Well, first of all, it's fun. You can make the architecture from scratch, see the difficulties invisibl...
Vulners Nmap plugin
In previous post about Vulners vulnerability detection plugins for Burp and Google Chrome, I mentioned that it would be great to have a plugin for some free publicly available tool, like Nmap. And guys from the Vulners Team have recently released Nmap plugin. Isn't it awesome? To detect...
Microsoft security solutions against ransomware and APT
Last Tuesday I was invited to Microsoft business breakfast "Effective protection against targeted and multilevel attacks". Here I would like to share some of my thoughts on this. Need to mention that the food was delicious and the restaurant of Russian Geographical Society is a very lovely place...
New Nessus 7 Professional and the end of cost-effective Vulnerability Management (as we knew it)
It's an epic and really sad news. When people asked me about the cost-effective solution for Vulnerability Management I usually answered: "Nessus Professional with some additional automation through Nessus API". With just a couple of Nessus Professional scanning nodes it was possible to scan all...
Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome
What is the main idea of version-based vulnerability detection, especially for Web Applications? With an access to the HTTP response html, headers, scripts, etc., you can get the name and version of some standards web application e.g. CMS, CRM, wiki, task tracker or names and versions of software...
Processing .docx and .xlsx files with Python
MS Office documents are probably one of the most inconvenient and poorly formalized data sources. It's much better to keep all the data in specialized databases or at least in wiki. But in real life, MS Office documents are in active use in nearly every organization. Simply because it is a flexib...
Atlassian Jira, Python and automated labeling
I have already wrote about Atlassian Jira automation in "Automated task processing with JIRA API". But all examples there were with using of curl. So, I decided to make one more post about Jira API. This time with python examples and about labeling issues nice wordplay, right? . You can use label...
Vulnerability Management for Network Perimeter
Network Perimeter is like a door to your organization. It is accessible to everyone and vulnerability exploitation does not require any human interactions, unlike, for example, phishing attacks. Potential attacker can automate most of his actions searching for an easy target. It's important not t...
SOC Forum 2017: How I Learned to Stop Worrying and Love Massive Malware Attacks
Today I spoke at SOC Forum 2017 in Moscow. It was a great large-scale event about Security Operation Centers. 2,700 people registered. Lots of people in suits . And lots of my good fellows. The event was held in Radisson Royal Congress Park. There were three large halls for presentations and a hu...
ZeroNights 2017: back to the cyber 80s
Last Friday, 17th of November, I attended the ZeroNights 2017 conference in Moscow. And it was pretty awesome. Thanks to the organizers! Here I would like to share some of my impressions. First of all, I want to say that two main Moscow events for information security practitioners, PHDays and...
Harassment scandals, Sheldon Cooper, Black Mirror and blockchain
Lots of good jokes in a popular TV show The Big Bang Theory are related to Sheldon Cooper's bureaucracy in interpersonal relationships: all these "roommate agreement", "relationship agreement", etc. However, because of these endless harassment scandals in media, now it seems like a best practice ...
Vulnerability Management vendors and massive Malware attacks (following the Bad Rabbit)
After the latest Bad Rabbit ransomware attack all Top VM vendors Qualys, Tenable, Rapid7 wrote blog posts on this topic on the same day. Two days later Tripwire also published own review. Why do they care? They do not make antiviruses, endpoint protection or firewalls - the common tools against...
Study Vulnerability Assessment in Tenable University for free
Not so long ago, Tenable presented renewed online training platform - Tenable University. It is publicly available even for non-customers, for example, for Nessus Home users. However, not all courses are available in this case. I decided to check it out, registering as non-customer. Logged in...
Exploitability attributes of Nessus plugins: good, bad and Vulners
Exploitability is one of the most important criteria for prioritizing vulnerabilities. Let's see how good is the exploit-related data of Tenable Nessus NASL plugins and whether we can do it better. What are the attributes related to exploits? To understand this, I parsed all nasl plugins and got...
Starting/stopping Amazon EC2 instances using CLI and Python SDK
It's a very good practice to scan your perimeter from the outside of your network, simulating an attacker. However, you will need to deploy the scanners somewhere to do this. Hosting on Amazon EC2 can be a good and cost-effective option, especially if you start instances with vulnerability scanne...
ISACA Moscow Vulnerability Management Meetup 2017
Last Thursday, I attended a very interesting event entirely dedicated to Vulnerability Management - open ISACA Moscow meetup. Me and my former colleague from Mail.Ru Group Dmitry Chernobaj presented there our joint report "Enterprise Vulnerability Management: fancy marketing brochures and the...
CWEs in NVD CVE feed: analysis and complaints
As you probably know, one of the ways to describe the nature of some software vulnerability is to provide corresponding CWE Common Weakness Enumeration ids. Let's see the CWE links in NVD CVE base. I have already wrote earlier how to deal with NVD feed using python in "Downloading and analyzing N...
Vulners NASL Plugin Feeds for OpenVAS 9
As I already wrote earlier, you can easily add third party nasl plugins to OpenVAS. So, my friends from Vulners.com realised generation of NASL plugins for OpenVAS using own security content. I've tested it for scanning CentOS 7 host. And it works = Let's see the whole process. I assume that we...