•September 15, 2014 • Leave a Comment
Everything you ever wanted to know about scanning (and then some)!
Security Guru and trainer Justin Hutchens has recently released an exceptional book on network scanning with Kali Linux. The book starts out with the very basics of network scanning and progresses through stages to more advanced scans and even exploitation.
All the basics are present, like using Nmap, ARPing, Scapy and other tools to perform varied levels of discovery, port scanning and fingerprinting. You are then masterfully shown how to greatly expand the capabilities and functions of these tools by using scripting.
But it doesn’t stop there, you then move on to using scanning tools and Burp Suite to perform Denial of Service attacks, SQL injection and Metasploit attacks. Because really what is a scanning book without including offensive attacks? :)
The book is easy to read and follow using step-by-step instructions and screen views. It is setup in sections (called “Recipes”) so that if you want to know how to perform Layer 4 discovery using Scapy or DoS attacks with Nmap, you just go directly to that particular section.
I have worked with Justin on a couple projects and he is one of the most talented security teachers and authors that I have ever met. He covers material in this book that I have never seen covered anywhere else. If you have any interest in network scanning or want to learn a lot more about it, get this book!
Available at Packt Publishing and Amazon.com.
*** UPDATE *** The book version has some print quality issues that have been reported. The Electronic version has no known issues. Will provide more information when available.
•September 8, 2014 • Leave a Comment
On Friday the US Army activated what it is calling a “Cyber Protection Brigade”.
According to a post on Army.mil’s website:
“The Army is activating a Cyber Protection Brigade today, and discussing a new cyber branch that could be established as early as next month.
Command Sgt. Maj. Rodney D. Harris, Army Cyber Command, said the branch announcement could come as early as the second week of October, during the Association of the U.S. Army’s annual meeting.
The Cyber Protection Brigade is being activated by the U.S. Army Network Enterprise Technology Command at Fort Gordon, Georgia. It’s the first brigade of its kind in the Army and the nucleus of the new unit will be its cyber protection teams, according to the command.”
The cyber soldiers who are highly trained by the military will help defend the Army’s systems, but will also include offensive strike teams.
“The cyber teams will be roughly platoon-sized, but vary depending on their mission. The combat-mission or offense teams are larger, Harris said. The network defense or cyber-protection teams are mid-size.”
The Army may create a new cyber branch next month. It can take up to three years to train a NCO cyber leader, making it one of the longest training cycles. And with computer attacks increasing every day, the Army is focusing on obtaining and retaining troops who have cyber skills.
•August 27, 2014 • Leave a Comment
A Memorandum released last week by the Office of Inspector General revealed that numerous “High-Risk” security vulnerabilities were found in the Joint Polar Satellite System’s (JPSS) Ground System.
According to the report, a security audit of NOAA’s Information Technology security program found serious security issues with the JPSS Ground System which gathers information from weather satellites and provides it to worldwide users. It also provides command and control for current and future weather satellites.
The system is considered a “High Impact” IT system, or a system “for which the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic effect on organizational operations, organizational assets or individuals.”
The report showed that the number of High-Risk vulnerabilities rose from 14,486 in the first quarter of 2012 to 23,868 in the second quarter of 2014:
As you can see from the chart, the vulnerabilities have gone up and down over the last couple years as vulnerabilities have been found and patched. But overall the current vulnerabilities are about 2/3 higher than in the beginning of 2012.
High-Risk vulnerabilities are defined in the report as ones that are “relatively easy for attackers to exploit and gain control over system components.” The vulnerabilities found seem the same as would be found in any corporate security audit and including the following issues:
- Out of date software or missing security patches
- Insecurely configured software
- Unnecessary user privileges
- Passwords and auditing settings do not meet policy standards
- Unnecessary software applications that need to be removed or disabled
The issues found even included the “Heartbleed” vulnerability, which has since been remediated.
The numerous other vulnerabilities are of major concern and the software tools to exploit some of the vulnerabilities are publicly available. For the full report, check out the “Correspondance” PDF link on the Inspector General page.
•August 18, 2014 • Leave a Comment
Chinese hackers seem to be at it again. This time hitting Community Health Systems, a large US medical group that runs over 200 hospitals in 29 states. According to reports from Foxnews, the attackers were able to steal 4.5 million records.
A filing with the U.S. Securities and Exchange Commission stated that computer security company Mandiant assisted in the forensics investigation and “believe the attacker was an “Advanced Persistent Threat” group originating from China who used highly sophisticated malware and technology to attack the Company’s systems.“
According to the filing the data was “non-medical patient identification data” and did not include “patient credit card, medical or clinical information“. The company is notifying the affected patients and apparently offering them identity theft protection services.
As financial information was not recovered, the information would most likely be used in further social engineering type attacks – for example, using the information gained to attempt to access patients accounts or data from other companies or websites.
For those interested in learning more about Mandiant and their research of Chinese APT attacks, check out their “APT1: Exposing One of China’s Cyber Espionage Units” intelligence center report.