Security Balancetrying to bring balance to the Force |
 |
I was trying to find words to add to this post from Anton Chuvakin about the current state of log analysis, caused by the numbers in the last Verizon report. I simply can’t find anything to add. He’s dead right about everything. If you are interested in log analysis / log management, that’s something to [...]
I was reading about the new framework from SourceFire, Razorback, and I realized it has a lot of similarities with TCG’s IF-MAP. There is a lot of vendors mentioning things go beyond the simple correlation so common in the SIEM tools. It is a drive from CORRELATION to COOPERATION between security tools. That’s awesome. Instead of [...]
I don’t hide it from anybody; when doing pentests, my favorite approach was to simply browse information in open shares until I could find some user credentials there (yes, in big organizations, they are always there: scripts, source code, ini files…). With those in hands, try to see what else I was able to have [...]
New Firefox versions will warn you when your Flash plugin is out of date. This is a cool idea and will help users that are not aware of the need to update software like Flash and Acrobat Reader. I can also see this as the beginning of a trend to centralize the updating of all the crap [...]
A was reading this article about AppLocker, the application control system from Microsoft that runs on Windows Server 2008R2 and Windows 7 clients. There seems to be some very good improvements there, specially the “automatic rule creation” part. In, short, an organization can build its “gold image” desktop, with all necessary apps, and run the automatic [...]
It’s kind of stupid to post it in yet another blog, but this will be just a quick note to mention the new NMAP version and also point to a very good post on the SecuriTeam blog about what’s new in the new version. A very good summary.
I’m maybe a little (a lot?) late on this, but I was reading this nice description of a packet capture analysis from the SANS forensics blog and just found that Wireshark can read SSL encrypted connections if you provide the private key! This is really nice ans useful. Here is a screenshot (also from SANS [...]
Sometimes we spend so much time discussion network based IDS that we end up not looking at other interesting places to look for intrusion signs. There is a very nice post on SANS ISC Diary today about an organization that has one of its border routers compromised and detected it through a periodical configuration file [...]
I’m a bit late on this subject, but I think it’s worth a post. For those who usually do pentesting and usually get some access to Windows boxes, but are looking for a specific credential (like a domain admin), impersonating access tokens available can be a very useful approach. The details about how to do [...]
I was very excited to read about TCG IF-MAP on Chris Hoff’s blog last week. Chris found that interesting as something that could bring some light to the “cloud nightmare” and to virtualization issues. I like IF-MAP, however, because it raises the security intelligence level on the network. Today most of SIEM installations are working [...]
