Lucene search
K
AvleonovRecent

389 matches found

Information Security Automation
Information Security Automation
added 2018/08/16 10:3 a.m.32 views

Asset Inventory for Network Perimeter: from Declarations to Active Scanning

In the previous post, I shared some of my thoughts about the good Asset Inventory system. Of course, for me as a Security Specialist, it would be great if IT will provide such magical system. But such an ideal situation is rarely possible. So now let's see how to build an Asset Inventory system...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/08/05 12:53 a.m.52 views

What I expect from IT Asset Inventory

The main problem of vulnerability management, in my opinion, is that it is not always clear whether we know about ALL network hosts existing in our infrastructure or not. So, not the actual process of scanning and the detection of vulnerabilities, but the lack of knowledge what we should scan...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/08/04 12:30 a.m.56 views

Sending tables from Atlassian Confluence to Splunk

Sometimes when we make automated analysis with Splunk, it might be necessary to use information that was entered or edited manually. For example, the classification of network hosts: do they belong to the PCI-DSS Scope or another group critical hosts or not. In this case, Confluence can be quite ...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/07/29 8:7 p.m.106 views

Sending FireEye HX data to Splunk

FireEye HX is an agent-based Endpoint Protection solution. Something like an antivirus, but focused on Advanced Persistent Threats APT. It has an appliance with GUI where you can manage the agents and see information about detected security incidents. As with any agent-based solution, it's...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/07/19 3:13 p.m.89 views

How to correlate different events in Splunk and make dashboards

Recently I've spent some time dealing with Splunk. Despite the fact that I have already done various Splunk searches before, for example in "Tracking software versions using Nessus and Splunk", the correlation of different events in Splunk seems to be a very different task. And there not so many...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/07/08 9:22 p.m.64 views

Free High-Tech Bridge ImmuniWeb Application Discovery service

Today I would like to talk about another service for application security analysis by High-Tech Bridge. It's called ImmuniWeb Application Discovery. This service can get information about your web and mobile applications available from the Internet. Believe me, this is not so obvious for a large...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/06/14 8:20 p.m.90 views

Qualys Security Conference Virtual 2018. New Agents, Patch Management and Free Services

Today I attended a very interesting online event - Qualys Security Conference Virtual 2018. It consisted of 11 webinars, began at 18:00 and will end at 03:45 Moscow time. Not the most convenient timing for Russia, but it was worth it. Last time I was at offline QSC event in 2016, so for me it was...

7.5AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/06/12 2:28 p.m.72 views

U.S. sanctions against Russian cybersecurity companies

I never thought that I will write here about state sanctions. Usually I try to ignore political topics. But now it's necessary. Yesterday OFAC introduced sanctions against 5 Russian companies. I would like to mention 3 of them: Digital Security - one of the leading Russian Information Security...

6.5AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/06/09 10:33 p.m.95 views

PHDays8: Digital Bet and thousands tons of verbal ore

It's time to write about Positive Hack Days 8: Digital Bet conference, which was held May 15-16 at the Moscow World Trade Center. It was the main Russian Information Security event of the first half of 2018. More than 4 thousand people attended! More than 50 reports, master classes and round tabl...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/06/05 3:57 p.m.1961 views

Vulnerability Databases: Classification and Registry

What publicly available Vulnerability Databases do we have? Well, I can only say that there are a lot of them and they are pretty different. Here I make an attempt to classify them. It's quite an ungrateful task. No matter how hard you try, the final result will be rather inaccurate and incomplet...

7.5CVSS7.9AI score0.99993EPSS
Exploits55
Information Security Automation
Information Security Automation
added 2018/05/24 2:33 p.m.80 views

Outpost24 Appsec Scale for Web Application Scanning

Today I would like to write about yet another Outpost24 product - cloud Web Application Scanner Appsec Scale. It is available in the same interface as Outpost24 Outscan, that I reviewed earlier. Select APPSEC SCALE in the start menu and you can scan web applications: New application If you don't...

0.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/05/08 3:42 p.m.152 views

Potential RCE in Nessus 7 and attacks on Vulnerability Scanners

A few days ago I saw an interesting youtube video UPD. 14.05.18 Not available anymore in my Facebook feed. It is demonstrating the exploitation of the RCE vulnerability in Tenable Nessus Professional 7.0.3. Currently we have very few information about this vulnerability: only youtube video, which...

8.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/05/06 12:34 a.m.143 views

Outpost24 OUTSCAN for detecting vulnerabilities on your network perimeter

Today I would like to write a post about Outpost24. This company was founded in 2001. For comparison, Tenable was founded in 2002 and Qualys in 1999. So, it's a company with a pretty long history. Outpost24 make Vulnerability Management & Web Application Security products and provide various...

Exploits0
Information Security Automation
Information Security Automation
added 2018/04/30 10:56 p.m.20 views

CISO Forum and the problems of Vulnerability Databases

Last Tuesday, April 24, I was at "CISO FORUM 2020: glance to the future". I presented there my report "Vulnerability Databases: sifting thousands tons of verbal ore". In this post, I'll briefly talk about this report and about the event itself. My speech was the last in the program. At the same...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/04/22 12:23 p.m.108 views

CyberCentral Summit 2018 in Prague

Almost whole last week I spent in Prague at CyberCentral conference. It was a pretty unique experience for me. I was for the first time at the International conference as a speaker. And not only I presented my report there, but lead the round table on Vulnerability Management and participated in ...

7.2AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/04/06 10:6 a.m.136 views

Vulchain scan workflow and search queries

This post will be about my Vulnerability Scanner project - Vulchain. Recently I've spent couple of my weekends almost exclusively on coding: refactoring the scan engine, creating API and GUI. I was doing it because of the conferences, where I will be speaking soon: April 11-13 CyberCentral in...

7.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/03/28 5:34 p.m.174 views

OpenVAS Knowledge Base become smaller

At 23 January Jan Oliver Wagner, leader of OpenVAS project and Greenbone CEO, sent an email with a subject "Attic Cleanup". In this message, he mentioned, that some NASL plugins will be excluded from the public NVT / Greenbone Community Feed GCF soon. On the one hand it seems logical. These old...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/03/22 8:20 p.m.153 views

A few words about Gartner’s “Magic Quadrant for Application Security Testing” 2018

February and March are the hot months for marketing reports. I already wrote about IDC and Forrester reports about Vulnerability Management-related markets. And this Monday, March 19, Gartner released new "Magic Quadrant for Application Security Testing". You can buy it on the official website fo...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/03/20 3:34 p.m.213 views

My short review of “The Forrester Wave: Vulnerability Risk Management, Q1 2018”

Last week, March 14, Forrester presented new report about Vulnerability Risk Management VRM market. You can purchase it on official site for $2495 USD or get a free reprint on Rapid7 site. Thanks, Rapid7! I've read it and what to share my impressions. I was most surprised by the leaders of the...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/03/16 12:25 p.m.47 views

My short review of “IDC Worldwide Security and Vulnerability Management Market Shares 2016”

On February 12 IDC published new report about Security and Vulnerability Management market. You can buy it on the official website for $4500. Or you can simply download free extract on Qualys website Thanks, Qualys!. I've read it and now I want to share my impressions. I think it's better start...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/03/14 5:19 p.m.48 views

Dealing with Nessus logs

Debugging Nessus scans is a very interesting topic. And it is not very well described even in Tenable University course. It become especially interesting when you see strange network errors in the scan results. Let's see how we can troubleshoot Nessus scans without sending Nessus DB files to...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/03/11 6:41 p.m.714 views

Converting Nmap xml scan reports to json

Unfortunately, Nmap can not save the results in json. All available output options: -oN filespec normal output -oX filespec XML output -oS filespec ScRipT KIdd|3 oUTpuT -oG filespec grepable output -oA basename Output to all formats And processing xml results may not be easy an easy task. Just lo...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/03/02 12:55 p.m.171 views

Non-reliable Nessus scan results

Do you perform massive unauthenticated vulnerability scans with Nessus? It might be a bad idea. It seems that Nessus is not reliable enough to assess hundreds and thousands of hosts in one scan and can lose some valuable information. The thing is that sometimes Nessus does not detect open ports a...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/02/22 9:9 a.m.52 views

Masking Vulnerability Scan reports

Continuing the series of posts about Kenna "Analyzing Vulnerability Scan data", "Connectors and REST API" and similar services. Is it actually safe to send your vulnerability data to some external cloud service for analysis? Leakage of such information can potentially cause great damage to your...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/02/21 10:16 a.m.193 views

Tenable University: Nessus Certificate of Proficiency

Yesterday I finished "Nessus Certificate of Proficiency" learning plan at Tenable University and passed the final test. Here I would like to share my impressions. First of all, few words about my motivation. I use Nessus literally every day at work. So, it was fun to check my knowledge. I already...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/02/15 11:6 a.m.172 views

Kenna Security: Connectors and REST API

In the last post about Kenna Security cloud service I mentioned their main features for analyzing data from different vulnerability scanners. Now let's see how to import Tenable Nessus scan results in Kenna. Here you can see the list of connectors for all supported products: Three connectors for...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/02/05 4:45 p.m.46 views

Nessus Manager disappeared and Tenable.io On-Prem was announced

If you open Tenable Products page right now you will not see Nessus Manager there anymore. Nessus Manager page "The Power of Nessus for Teams" was also deleted. However, it is still mentioned in the product comparison. Agent-Based Scanning in SecurityCenter and SecurityCenter Continuous View "...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/02/04 9:51 p.m.48 views

Making simple Nmap SPA web GUI with Apache, AngularJS and Python Twisted

The last time I was developing dynamic web applications years ago. I used CGI and PHP back then. Now I am really interested in a modern approach, when you have a Single Page Web Application SPA written in HTML and JavaScript, that makes http requests to some external API. It's pretty cool, becaus...

6.6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/01/24 5:19 p.m.1507 views

Vulners Web Vulnerability Scanner plugin for Google Chrome v. 2.0

Vulners Team released today the second version of their Web Vulnerability Scanning plugin for Google Chrome browser. You can read my description of the version 1.0 at "Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome". Killing feature of Vulners web scanner v. 2.0 is...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/01/20 10:27 p.m.857 views

Kenna Security: Analyzing Vulnerability Scan data

I've been following Kenna Security before 2015 Risk I/O for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various vulnerability scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts an...

2.6CVSS9.2AI score0.02079EPSS
Exploits1
Information Security Automation
Information Security Automation
added 2018/01/17 9:39 p.m.51 views

Confluence REST API for reading and updating wiki pages

In previous posts I wrote how to automate the work with Atlassian Jira, including automated ticket labeling. Now let's try to use REST API of another popular Atlassian product - Confluence wiki engine. What you may want to automate in Confluence? Obviously, it may be useful to read the pages that...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/01/11 11:19 a.m.54 views

Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine

If you use Vulners.com vulnerability search engine, you probably know that it has a real "Time Machine". Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI: In most cases, the vendor just...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2018/01/05 6:59 p.m.48 views

Vulchain Scanner: 5 basic principles

New Year holidays in Russia lasts 10 days this year! Isn't it an excellent opportunity to start a new project? So, I decided to make my own active network vulnerability scanner - Vulchain. Why? Well, first of all, it's fun. You can make the architecture from scratch, see the difficulties invisibl...

6.4AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/12/29 1:40 p.m.315 views

Vulners Nmap plugin

In previous post about Vulners vulnerability detection plugins for Burp and Google Chrome, I mentioned that it would be great to have a plugin for some free publicly available tool, like Nmap. And guys from the Vulners Team have recently released Nmap plugin. Isn't it awesome? To detect...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/12/19 11:14 p.m.17 views

Microsoft security solutions against ransomware and APT

Last Tuesday I was invited to Microsoft business breakfast "Effective protection against targeted and multilevel attacks". Here I would like to share some of my thoughts on this. Need to mention that the food was delicious and the restaurant of Russian Geographical Society is a very lovely place...

6.6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/12/13 7:30 p.m.182 views

New Nessus 7 Professional and the end of cost-effective Vulnerability Management (as we knew it)

It's an epic and really sad news. When people asked me about the cost-effective solution for Vulnerability Management I usually answered: "Nessus Professional with some additional automation through Nessus API". With just a couple of Nessus Professional scanning nodes it was possible to scan all...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/12/10 11:58 a.m.208 views

Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome

What is the main idea of version-based vulnerability detection, especially for Web Applications? With an access to the HTTP response html, headers, scripts, etc., you can get the name and version of some standards web application e.g. CMS, CRM, wiki, task tracker or names and versions of software...

4CVSS5.2AI score0.01264EPSS
Exploits1
Information Security Automation
Information Security Automation
added 2017/12/01 9:36 p.m.47 views

Processing .docx and .xlsx files with Python

MS Office documents are probably one of the most inconvenient and poorly formalized data sources. It's much better to keep all the data in specialized databases or at least in wiki. But in real life, MS Office documents are in active use in nearly every organization. Simply because it is a flexib...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/11/30 8:46 p.m.42 views

Atlassian Jira, Python and automated labeling

I have already wrote about Atlassian Jira automation in "Automated task processing with JIRA API". But all examples there were with using of curl. So, I decided to make one more post about Jira API. This time with python examples and about labeling issues nice wordplay, right? . You can use label...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/11/27 9:10 p.m.32 views

Vulnerability Management for Network Perimeter

Network Perimeter is like a door to your organization. It is accessible to everyone and vulnerability exploitation does not require any human interactions, unlike, for example, phishing attacks. Potential attacker can automate most of his actions searching for an easy target. It's important not t...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/11/22 8:59 p.m.95 views

SOC Forum 2017: How I Learned to Stop Worrying and Love Massive Malware Attacks

Today I spoke at SOC Forum 2017 in Moscow. It was a great large-scale event about Security Operation Centers. 2,700 people registered. Lots of people in suits . And lots of my good fellows. The event was held in Radisson Royal Congress Park. There were three large halls for presentations and a hu...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/11/18 10:16 p.m.95 views

ZeroNights 2017: back to the cyber 80s

Last Friday, 17th of November, I attended the ZeroNights 2017 conference in Moscow. And it was pretty awesome. Thanks to the organizers! Here I would like to share some of my impressions. First of all, I want to say that two main Moscow events for information security practitioners, PHDays and...

6.8AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/11/16 2:52 p.m.54 views

Harassment scandals, Sheldon Cooper, Black Mirror and blockchain

Lots of good jokes in a popular TV show The Big Bang Theory are related to Sheldon Cooper's bureaucracy in interpersonal relationships: all these "roommate agreement", "relationship agreement", etc. However, because of these endless harassment scandals in media, now it seems like a best practice ...

6.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/11/10 8:29 p.m.33 views

Vulnerability Management vendors and massive Malware attacks (following the Bad Rabbit)

After the latest Bad Rabbit ransomware attack all Top VM vendors Qualys, Tenable, Rapid7 wrote blog posts on this topic on the same day. Two days later Tripwire also published own review. Why do they care? They do not make antiviruses, endpoint protection or firewalls - the common tools against...

7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/11/09 2:11 p.m.35 views

Study Vulnerability Assessment in Tenable University for free

Not so long ago, Tenable presented renewed online training platform - Tenable University. It is publicly available even for non-customers, for example, for Nessus Home users. However, not all courses are available in this case. I decided to check it out, registering as non-customer. Logged in...

6.7AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/11/02 4:5 p.m.155 views

Exploitability attributes of Nessus plugins: good, bad and Vulners

Exploitability is one of the most important criteria for prioritizing vulnerabilities. Let's see how good is the exploit-related data of Tenable Nessus NASL plugins and whether we can do it better. What are the attributes related to exploits? To understand this, I parsed all nasl plugins and got...

7.3AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/10/31 9:29 p.m.74 views

Starting/stopping Amazon EC2 instances using CLI and Python SDK

It's a very good practice to scan your perimeter from the outside of your network, simulating an attacker. However, you will need to deploy the scanners somewhere to do this. Hosting on Amazon EC2 can be a good and cost-effective option, especially if you start instances with vulnerability scanne...

7.1AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/10/22 9:26 p.m.74 views

ISACA Moscow Vulnerability Management Meetup 2017

Last Thursday, I attended a very interesting event entirely dedicated to Vulnerability Management - open ISACA Moscow meetup. Me and my former colleague from Mail.Ru Group Dmitry Chernobaj presented there our joint report "Enterprise Vulnerability Management: fancy marketing brochures and the...

6.6AI score
Exploits0
Information Security Automation
Information Security Automation
added 2017/10/21 2:10 p.m.596 views

CWEs in NVD CVE feed: analysis and complaints

As you probably know, one of the ways to describe the nature of some software vulnerability is to provide corresponding CWE Common Weakness Enumeration ids. Let's see the CWE links in NVD CVE base. I have already wrote earlier how to deal with NVD feed using python in "Downloading and analyzing N...

7.5CVSS8.2AI score0.04733EPSS
Exploits2
Information Security Automation
Information Security Automation
added 2017/10/04 5:57 p.m.4500 views

Vulners NASL Plugin Feeds for OpenVAS 9

As I already wrote earlier, you can easily add third party nasl plugins to OpenVAS. So, my friends from Vulners.com realised generation of NASL plugins for OpenVAS using own security content. I've tested it for scanning CentOS 7 host. And it works = Let's see the whole process. I assume that we...

6.9CVSS7.3AI score0.00673EPSS
Exploits1
Total number of security vulnerabilities389