Scaner-VS: Vulnerability Management solution for Russian Military
Scaner-VS is a Vulnerability Assessment system developed by Moscow-based #NPOEchelon. It’s pretty popular in Russian government organizations, especially in Russian Army, because it comply all government requirements, has all necessary certificates and is relatively cheap.
As for requirements and certificates, #NPOEchelon itself is an important certification authority, so they know how to do the things right. It’s not a secret product or something. You can request trial version freely at https://scaner-vs.ru/version-for-testing/. But note, that it is only available in Russian. I am also sorry, but screenshots in this post will be also in Russian. I will try to do my best to describe them properly.
When you fill the form on Echelon website, you will soon get a link to 3.3 gb .iso file by #email. Run it in #VirtualBox virtual machine (choose #Debian 64 or #Debian 32).
Here is a boot menu. Choose first default option.
Some seconds later you will see #Linux desktop environment with Scaner-VS web-GUI opened in #Firefox.
#Windows #VirtualBox #ScanerVS #OpenVAS #NPOEchelon #NMap #Nessus #Kali #ITGrundschutz #Greenbone #CESA #CentOS #AstraLinux #VulnerabilityManagement #ComplianceManagement
Read more: https://avleonov.com/2017/09/07/scaner-vs-vulnerability-management-solution-for-russian-military/
Scaner-VS is a Vulnerability Assessment system developed by Moscow-based #NPOEchelon. It’s pretty popular in Russian government organizations, especially in Russian Army, because it comply all government requirements, has all necessary certificates and is relatively cheap.
As for requirements and certificates, #NPOEchelon itself is an important certification authority, so they know how to do the things right. It’s not a secret product or something. You can request trial version freely at https://scaner-vs.ru/version-for-testing/. But note, that it is only available in Russian. I am also sorry, but screenshots in this post will be also in Russian. I will try to do my best to describe them properly.
When you fill the form on Echelon website, you will soon get a link to 3.3 gb .iso file by #email. Run it in #VirtualBox virtual machine (choose #Debian 64 or #Debian 32).
Here is a boot menu. Choose first default option.
Some seconds later you will see #Linux desktop environment with Scaner-VS web-GUI opened in #Firefox.
#Windows #VirtualBox #ScanerVS #OpenVAS #NPOEchelon #NMap #Nessus #Kali #ITGrundschutz #Greenbone #CESA #CentOS #AstraLinux #VulnerabilityManagement #ComplianceManagement
Read more: https://avleonov.com/2017/09/07/scaner-vs-vulnerability-management-solution-for-russian-military/
Sending and receiving emails automatically in Python
There are different situations, when you may want to process #email messages automatically. I will give some examples related to Vulnerability Management:
* Send a message to your colleagues that you are going to start a network #vulnerability #scan or #WAS #scan. It is much better than investigating performance problems in a hurry.
* Send the results of #vulnerability scanning to colleagues or a responsible employee. Many patch management and configuration issues can be delegated to the end user directly without bothering IT department.
* Process the response (if any) on your message. If it is not, you can send another message or escalate the problem.
* Send a report with the current security status in the organization to your colleagues and boss.
* Some systems you can integrate by #email only. They will send messages to some #email address and you will process them automatically.
* Maybe you do not like existing #email clients and you want to write your own? 😉
In any case, the ability to send e-mails can be very useful. How to do this in python? Let’s assume that your IT team has granted you access to #smtp and #imap servers.
#WAS #smtplib #smtp #imap #Google #gmail #easyimap #API
Read more: https://avleonov.com/2017/09/14/sending-and-receiving-emails-automatically-in-python/
There are different situations, when you may want to process #email messages automatically. I will give some examples related to Vulnerability Management:
* Send a message to your colleagues that you are going to start a network #vulnerability #scan or #WAS #scan. It is much better than investigating performance problems in a hurry.
* Send the results of #vulnerability scanning to colleagues or a responsible employee. Many patch management and configuration issues can be delegated to the end user directly without bothering IT department.
* Process the response (if any) on your message. If it is not, you can send another message or escalate the problem.
* Send a report with the current security status in the organization to your colleagues and boss.
* Some systems you can integrate by #email only. They will send messages to some #email address and you will process them automatically.
* Maybe you do not like existing #email clients and you want to write your own? 😉
In any case, the ability to send e-mails can be very useful. How to do this in python? Let’s assume that your IT team has granted you access to #smtp and #imap servers.
#WAS #smtplib #smtp #imap #Google #gmail #easyimap #API
Read more: https://avleonov.com/2017/09/14/sending-and-receiving-emails-automatically-in-python/
Automating Opera browser with Selenium WebDriver and Python
The right way to automate a web application is, certainly, to understand how this application works, by using burp (see “Burp Suite Free Edition and #NTLM authentication in ASP.net applications“) for example, retrieve all necessary requests and learn how to use them.
However, this is sometimes so difficult and confusing, especially when the site owners are actively fighting with automation attempts. In this case, you may want to automate somehow the work on the highest level, with the graphical elements of the site. You can view them as some pictures, as #SikuliX does (“SikuliX: the last chance for automation“, or as some elements of code, as #Selenium IDE does (“Selenium, #SikuliX and #Facebook posting“).
But it would much better to control the browser itself from the Python scripts. And this can be done with #Selenium #WebDriver.
Guys from Guru99 have wrote me a letter about their free course about #Selenium.
This course looks pretty good. In the first part you can find a detailed description of #Selenium components and the project history. After reading this, I finally decided that the #Selenium #WebDriver suited me best. Examples of #WebDriver usage are written in Java, and I wanted to use Python. But since the calls are the same, lessons of this course are still more than useful.
And despite the fact that #Selenium is usually used with #Firefox, I tried to use it with Chromium-based #Opera. This browser is very popular in Russia because of some unique features. 😉
#WebDriver #Selenium #python #Opera #Chromium #BeautifulSoup #Concept #API
Read more: https://avleonov.com/2017/09/17/automating-opera-browser-with-selenium-webdriver-and-python/
The right way to automate a web application is, certainly, to understand how this application works, by using burp (see “Burp Suite Free Edition and #NTLM authentication in ASP.net applications“) for example, retrieve all necessary requests and learn how to use them.
However, this is sometimes so difficult and confusing, especially when the site owners are actively fighting with automation attempts. In this case, you may want to automate somehow the work on the highest level, with the graphical elements of the site. You can view them as some pictures, as #SikuliX does (“SikuliX: the last chance for automation“, or as some elements of code, as #Selenium IDE does (“Selenium, #SikuliX and #Facebook posting“).
But it would much better to control the browser itself from the Python scripts. And this can be done with #Selenium #WebDriver.
Guys from Guru99 have wrote me a letter about their free course about #Selenium.
This course looks pretty good. In the first part you can find a detailed description of #Selenium components and the project history. After reading this, I finally decided that the #Selenium #WebDriver suited me best. Examples of #WebDriver usage are written in Java, and I wanted to use Python. But since the calls are the same, lessons of this course are still more than useful.
And despite the fact that #Selenium is usually used with #Firefox, I tried to use it with Chromium-based #Opera. This browser is very popular in Russia because of some unique features. 😉
#WebDriver #Selenium #python #Opera #Chromium #BeautifulSoup #Concept #API
Read more: https://avleonov.com/2017/09/17/automating-opera-browser-with-selenium-webdriver-and-python/
New National Vulnerability Database visualizations and feeds
Recently, the National Institute of Standards and Technology (NIST) introduced a new version of National Vulnerability Database (NVD) website.
I will not say that I liked this redesign. IMHO, old website with US flag was much prettier and useful. But the very fact that the site is developing, I really like very much. Let’s see what’s new there.
#SCAP #OVAL #NVD #NIST #NCP #json #CWE #CVSS #CVE #CPE #CIS #VulnerabilityDatabases
Read more: https://avleonov.com/2017/09/24/new-national-vulnerability-database-visualizations-and-feeds/
Recently, the National Institute of Standards and Technology (NIST) introduced a new version of National Vulnerability Database (NVD) website.
I will not say that I liked this redesign. IMHO, old website with US flag was much prettier and useful. But the very fact that the site is developing, I really like very much. Let’s see what’s new there.
#SCAP #OVAL #NVD #NIST #NCP #json #CWE #CVSS #CVE #CPE #CIS #VulnerabilityDatabases
Read more: https://avleonov.com/2017/09/24/new-national-vulnerability-database-visualizations-and-feeds/
Alexander V. Leonov
New National Vulnerability Database visualizations and feeds
Recently, the National Institute of Standards and Technology (NIST) introduced a new version of National Vulnerability Database (NVD) website.  I will not say that I liked this redesign: IMHO, old website with US flag was much prettier and useful: But the…
Downloading and analyzing NVD CVE feed
In previous post “New National Vulnerability Database visualizations and feeds” I mentioned JSON #NVD feed.
Let’s see what data it contains, how to download and analyse it.
#python #NVD #json #CVSS #CVE #CPE #VulnerabilityDatabases
Read more: https://avleonov.com/2017/10/03/downloading-and-analyzing-nvd-cve-feed/
In previous post “New National Vulnerability Database visualizations and feeds” I mentioned JSON #NVD feed.
Let’s see what data it contains, how to download and analyse it.
#python #NVD #json #CVSS #CVE #CPE #VulnerabilityDatabases
Read more: https://avleonov.com/2017/10/03/downloading-and-analyzing-nvd-cve-feed/
VirtualBox GuestAdditions for Linux Guest OS
I often work with #VirtualBox virtual machines and need to install GuestAdditions to use GUI applications comfortably. So, I decided to collect here some configuration scripts.
### #CentOS 7
In the configuration a new #VirtualBox machine I add 2 network adapters:
* Host Only Network
* NAT
Installing clean #CentOS (CentOS-7-x86_64-DVD-1611)
#VirtualBoxGuestAdditions #VirtualBox #CentOS #Concept
Read more: https://avleonov.com/2017/10/04/virtualbox-guestadditions-for-linux-guest-os/
I often work with #VirtualBox virtual machines and need to install GuestAdditions to use GUI applications comfortably. So, I decided to collect here some configuration scripts.
### #CentOS 7
In the configuration a new #VirtualBox machine I add 2 network adapters:
* Host Only Network
* NAT
Installing clean #CentOS (CentOS-7-x86_64-DVD-1611)
#VirtualBoxGuestAdditions #VirtualBox #CentOS #Concept
Read more: https://avleonov.com/2017/10/04/virtualbox-guestadditions-for-linux-guest-os/
Vulners NASL Plugin Feeds for OpenVAS 9
As I already wrote earlier, you can easily add third party nasl plugins to #OpenVAS. So, my friends from Vulners.com realised generation of #NASL plugins for #OpenVAS using own security content. I’ve tested it for scanning #CentOS 7 host. And it works =)
Let’s see the whole process.
#vulnerscom #OpenVAS #NASL #CESA #CentOS #VulnerabilityManagement #VulnerabilityDatabases
Read more: https://avleonov.com/2017/10/04/vulners-nasl-plugin-feeds-for-openvas-9/
As I already wrote earlier, you can easily add third party nasl plugins to #OpenVAS. So, my friends from Vulners.com realised generation of #NASL plugins for #OpenVAS using own security content. I’ve tested it for scanning #CentOS 7 host. And it works =)
Let’s see the whole process.
#vulnerscom #OpenVAS #NASL #CESA #CentOS #VulnerabilityManagement #VulnerabilityDatabases
Read more: https://avleonov.com/2017/10/04/vulners-nasl-plugin-feeds-for-openvas-9/
CWEs in NVD CVE feed: analysis and complaints
As you probably know, one of the ways to describe the nature of some software #vulnerability is to provide corresponding #CWE (Common Weakness Enumeration) ids. Let’s see the #CWE links in #NVD #CVE base.
I have already wrote earlier how to deal with #NVD feed using #python in “Downloading and analyzing #NVD #CVE feed“. You can easily get CWEs ids iterating over `cve_dict['CVE_Items']`.
#python #NVD #CWE #cvedetails #CVE #VulnerabilityDatabases
Read more: https://avleonov.com/2017/10/21/cwes-in-nvd-cve-feed-analysis-and-complaints/
As you probably know, one of the ways to describe the nature of some software #vulnerability is to provide corresponding #CWE (Common Weakness Enumeration) ids. Let’s see the #CWE links in #NVD #CVE base.
I have already wrote earlier how to deal with #NVD feed using #python in “Downloading and analyzing #NVD #CVE feed“. You can easily get CWEs ids iterating over `cve_dict['CVE_Items']`.
#python #NVD #CWE #cvedetails #CVE #VulnerabilityDatabases
Read more: https://avleonov.com/2017/10/21/cwes-in-nvd-cve-feed-analysis-and-complaints/
ISACA Moscow Vulnerability Management Meetup 2017
Last Thursday, I attended a very interesting event entirely dedicated to #VulnerabilityManagement – open #ISACA Moscow meetup. Me and my former colleague from #MailRuGroup #DmitryChernobaj presented there our joint report “Enterprise Vulnerability Management: fancy marketing brochures and the real-life troubles”.
The number of registered participants totalled 120. As I can tell looking at the photo below, there were about 80 people in the hall after the second presentation. For a highly focussed local information security event, it’s a lot. According to the organizers, it was the largest #ISACA Moscow meetup. Thanks to everyone who came!
I would like to mention a well-structured agenda. There were 4 presentations arranged in order: from the most theoretical / methodical to the most practical. And our presentation was the last one.
#TenableSecurityCenter #SANS #OlegBoyko #MailRuGroup #ITIL #ISACA #EkaterinaPukhareva #DmitryChernobaj #COBIT #AlexBodryk #VulnerabilityManagement #Events
Read more: https://avleonov.com/2017/10/23/isaca-moscow-vulnerability-management-meetup-2017/
Last Thursday, I attended a very interesting event entirely dedicated to #VulnerabilityManagement – open #ISACA Moscow meetup. Me and my former colleague from #MailRuGroup #DmitryChernobaj presented there our joint report “Enterprise Vulnerability Management: fancy marketing brochures and the real-life troubles”.
The number of registered participants totalled 120. As I can tell looking at the photo below, there were about 80 people in the hall after the second presentation. For a highly focussed local information security event, it’s a lot. According to the organizers, it was the largest #ISACA Moscow meetup. Thanks to everyone who came!
I would like to mention a well-structured agenda. There were 4 presentations arranged in order: from the most theoretical / methodical to the most practical. And our presentation was the last one.
#TenableSecurityCenter #SANS #OlegBoyko #MailRuGroup #ITIL #ISACA #EkaterinaPukhareva #DmitryChernobaj #COBIT #AlexBodryk #VulnerabilityManagement #Events
Read more: https://avleonov.com/2017/10/23/isaca-moscow-vulnerability-management-meetup-2017/
Starting/stopping Amazon EC2 instances using CLI and Python SDK
It’s a very good practice to #scan your perimeter from the outside of your network, simulating an attacker. However, you will need to deploy the scanners somewhere to do this. Hosting on #AmazonEC2 can be a good and cost-effective option, especially if you start instances with #vulnerability scanners only when it’s necessary and keep them stopped at other time.
So, in this post I will give some examples of how to manage #Amazon instances automatically using the #AWS CLI or Python SDK (boto3): start/stop the instance and get the public ip address.
#python #AWS #AmazonEC2 #Amazon #Concept
Read more: https://avleonov.com/2017/11/01/startingstopping-amazon-ec2-instances-using-cli-and-python-sdk/
It’s a very good practice to #scan your perimeter from the outside of your network, simulating an attacker. However, you will need to deploy the scanners somewhere to do this. Hosting on #AmazonEC2 can be a good and cost-effective option, especially if you start instances with #vulnerability scanners only when it’s necessary and keep them stopped at other time.
So, in this post I will give some examples of how to manage #Amazon instances automatically using the #AWS CLI or Python SDK (boto3): start/stop the instance and get the public ip address.
#python #AWS #AmazonEC2 #Amazon #Concept
Read more: https://avleonov.com/2017/11/01/startingstopping-amazon-ec2-instances-using-cli-and-python-sdk/