The Cuckoo Sandbox is an automated malware analysis sandbox where malware can be safely run to study its behavior. The benefits of setting up a Cuckoo Sandbox is immense. Having a private and an open source malware sandbox means that you can run any suspicious file without worrying about sensitive data being leaked to a public forum such as VirusTotal. Plus, this malware sandbox can be tailored toward your business security needs and tools. This guide will provide you with a basic installed and configured Cuckoo Sandbox to begin dynamically analyzing malware in a safe environment. Read more “Cuckoo Sandbox Setup Tutorial”
The technology industry and financial industry aren’t seeing eye to eye on the new security protocol TLS 1.3. The most recent implementation that is deployed is TLS 1.2 that was released in 2008, so an update to the TLS specification is due for an update.
TLS stands for Transport Layer Security and encrypts the data that is transferred between you and whichever web server you have requested a website from and is used for virtual private networks so that remote workers can access company data securely. Read more “Banks are trying to weaken a new security protocol”
The Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) lawsuit last year to get more information on the ties between the FBI and Best Buy’s Geek Squad. It turns out that Geek Squad doubles as an FBI informant.
The lawsuit was started after a California doctor was prosecuted for possessing child pornography and the doctor revealed that the FBI found out about the photos from Geek Squad in a Best Buy in Kentucky. After the EFF received the requested documents from the FOIA, they discovered that the relationship between Geek Squad and the FBI goes back ten years. Read more “Geek Squad doubles as FBI informant”
Another unsecured storage bucket has been discovered by the UpGuard Cyber Risk Team that exposed 50.4 gigabytes of sensitive data from Capital One. The discovery was made on January 15th, 2018 at the “capitalone-appliance” subdomain and was configured to allow public access.
If you read my article on Security Onion planning and the mention of Snort/Suricata, Bro, and ELSA left you with questions, or if you haven’t read my Security Onion (SO) planning article but are looking for explanations of the various detection and analysis tools then this is the article for you. This is a Security Onion primer, and not part of the installation and configuration series. Read more “Security Onion Primer”
Security Onion is used for network security monitoring in which it analyses network traffic and computer logs sent to it by OSSEC, a host intrusion detection system (HIDS). The Overview section of Security Onion’s Github page describes it as a proactive tool, “Network Security Monitoring (NSM) is, put simply, monitoring your network for security-related events. It might be proactive when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. Whether you’re tracking an adversary or trying to keep malware at bay, NSM provides context, intelligence and situational awareness of your network.”
Security Onion (SO) was designed and is maintained by Doug Burks and is helped with maintenance by Wes Lambert (testing). Support for SO is handled through Google Groups, and you can expect a response within 24 hours but typically less. Read more “Security Onion Set Up Part 1: Planning”
Password cracking might be my favorite attack vector in the modern IoT landscape. There’s just something magical about firing up hashcat or John the Ripper and pitting your hardware against the product of questionable, human password choices.
Let’s begin with a brief walkthrough of hashcat. For those unfamiliar, a hash is an encrypted string of text, usually password text in the context of Information Security. Supporting a lot of different hashing algorithms, hashcat has an option for cracking almost any kind of hash. Read more “Aggressive Hash Cracking with Clouds and Chains”
Anonymous: Operation Beast purpose is to bring down websites and social media accounts that create and distribute beastiality images and video. Surprisingly, not all states and countries have laws against beastiality partly making Operation Beast a political movement. I had the opportunity to speak with two of the leaders of the operation – Priscilla, and Rekt.