Starting/stopping Amazon EC2 instances using CLI and Python SDK
It’s a very good practice to #scan your perimeter from the outside of your network, simulating an attacker. However, you will need to deploy the scanners somewhere to do this. Hosting on #AmazonEC2 can be a good and cost-effective option, especially if you start instances with #vulnerability scanners only when it’s necessary and keep them stopped at other time.
So, in this post I will give some examples of how to manage #Amazon instances automatically using the #AWS CLI or Python SDK (boto3): start/stop the instance and get the public ip address.
#python #AWS #AmazonEC2 #Amazon #Concept
Read more: https://avleonov.com/2017/11/01/startingstopping-amazon-ec2-instances-using-cli-and-python-sdk/
It’s a very good practice to #scan your perimeter from the outside of your network, simulating an attacker. However, you will need to deploy the scanners somewhere to do this. Hosting on #AmazonEC2 can be a good and cost-effective option, especially if you start instances with #vulnerability scanners only when it’s necessary and keep them stopped at other time.
So, in this post I will give some examples of how to manage #Amazon instances automatically using the #AWS CLI or Python SDK (boto3): start/stop the instance and get the public ip address.
#python #AWS #AmazonEC2 #Amazon #Concept
Read more: https://avleonov.com/2017/11/01/startingstopping-amazon-ec2-instances-using-cli-and-python-sdk/
Exploitability attributes of Nessus plugins: good, bad and Vulners
Exploitability is one of the most important criteria for prioritizing vulnerabilities. Let’s see how good is the exploit-related data of #Tenable #Nessus #NASL plugins and whether we can do it better.
What are the attributes related to exploits? To understand this, I parsed all nasl plugins and got the following results.
#vulnerscom #Tenable #SAINT #PacketStorm #Nessus #NASL #Metasploit #malware #exploits #Exploithub #ExploitDB #DSquare #D2Elliot #Core #Canvas #VulnerabilityManagement #VulnerabilityDatabases
Read more: https://avleonov.com/2017/11/02/exploitability-attributes-of-nessus-plugins-good-bad-and-vulners/
Exploitability is one of the most important criteria for prioritizing vulnerabilities. Let’s see how good is the exploit-related data of #Tenable #Nessus #NASL plugins and whether we can do it better.
What are the attributes related to exploits? To understand this, I parsed all nasl plugins and got the following results.
#vulnerscom #Tenable #SAINT #PacketStorm #Nessus #NASL #Metasploit #malware #exploits #Exploithub #ExploitDB #DSquare #D2Elliot #Core #Canvas #VulnerabilityManagement #VulnerabilityDatabases
Read more: https://avleonov.com/2017/11/02/exploitability-attributes-of-nessus-plugins-good-bad-and-vulners/
Study Vulnerability Assessment in Tenable University for free
Not so long ago, #Tenable presented renewed online training platform – #Tenable University. It is publicly available even for non-customers, for example, for #Nessus Home users. However, not all courses are available in this case.
I decided to check it out, registering as non-customer.
#Tenableio #TenableSecurityCenter #Nessus #VulnerabilityManagement
Read more: https://avleonov.com/2017/11/09/study-vulnerability-assessment-in-tenable-university-for-free/
Not so long ago, #Tenable presented renewed online training platform – #Tenable University. It is publicly available even for non-customers, for example, for #Nessus Home users. However, not all courses are available in this case.
I decided to check it out, registering as non-customer.
#Tenableio #TenableSecurityCenter #Nessus #VulnerabilityManagement
Read more: https://avleonov.com/2017/11/09/study-vulnerability-assessment-in-tenable-university-for-free/
Alexander V. Leonov
Study Vulnerability Assessment in Tenable University for free
Not so long ago, Tenable presented renewed online training platform - Tenable University. It is publicly available even for non-customers, for example, for Nessus Home users. However, not all courses are available in this case. I decided to check it out,…
Vulnerability Management vendors and massive Malware attacks (following the Bad Rabbit)
After the latest Bad Rabbit #ransomware attack all Top VM vendors #Qualys, #Tenable, #Rapid7 wrote blog posts on this topic on the same day. Two days later #Tripwire also published own review. Why do they care? They do not make antiviruses, #endpoint protection or firewalls – the common tools against this kind of threats. So, what’s the point?
Well, they do it is obviously to promote their products and services. But how exactly?
#Tripwire #Tenable #Rapid7 #ransomware #Qualys #mimicatz #IOC #EternalBlue #ComplianceCheck #BadRabbit #AltxSoft #VulnerabilityManagement #ComplianceManagement
Read more: https://avleonov.com/2017/11/10/vulnerability-management-vendors-and-massive-malware-attacks-following-the-badrabbit/
After the latest Bad Rabbit #ransomware attack all Top VM vendors #Qualys, #Tenable, #Rapid7 wrote blog posts on this topic on the same day. Two days later #Tripwire also published own review. Why do they care? They do not make antiviruses, #endpoint protection or firewalls – the common tools against this kind of threats. So, what’s the point?
Well, they do it is obviously to promote their products and services. But how exactly?
#Tripwire #Tenable #Rapid7 #ransomware #Qualys #mimicatz #IOC #EternalBlue #ComplianceCheck #BadRabbit #AltxSoft #VulnerabilityManagement #ComplianceManagement
Read more: https://avleonov.com/2017/11/10/vulnerability-management-vendors-and-massive-malware-attacks-following-the-badrabbit/
Harassment scandals, Sheldon Cooper, Black Mirror and blockchain
Lots of good jokes in a popular #TV show The Big Bang Theory are related to Sheldon Cooper’s bureaucracy in interpersonal relationships: all these “roommate agreement”, “relationship agreement”, etc.
However, because of these endless harassment scandals in media, now it seems like a best practice. 😉
I’m not particularly interested in who is right or wrong in any particular scandal. But the scheme itself seems corrupted.
In the current reality, when, as we can see, **any joint action** can be post factum **presented as violent and committed under pressure** , even after 10-20 years, and can lead to very sad consequences, any oral arrangements are rapidly depreciating.
#privacy #contract #blockchain #Concept
Read more: https://avleonov.com/2017/11/16/harassment-scandals-sheldon-cooper-black-mirror-and-blockchain/
Lots of good jokes in a popular #TV show The Big Bang Theory are related to Sheldon Cooper’s bureaucracy in interpersonal relationships: all these “roommate agreement”, “relationship agreement”, etc.
However, because of these endless harassment scandals in media, now it seems like a best practice. 😉
I’m not particularly interested in who is right or wrong in any particular scandal. But the scheme itself seems corrupted.
In the current reality, when, as we can see, **any joint action** can be post factum **presented as violent and committed under pressure** , even after 10-20 years, and can lead to very sad consequences, any oral arrangements are rapidly depreciating.
#privacy #contract #blockchain #Concept
Read more: https://avleonov.com/2017/11/16/harassment-scandals-sheldon-cooper-black-mirror-and-blockchain/
ZeroNights 2017: back to the cyber 80s
Last Friday, 17th of November, I attended the ZeroNights 2017 conference in Moscow. And it was pretty awesome. Thanks to the organizers! Here I would like to share some of my impressions.
First of all, I want to say that two main Moscow events for information security practitioners, #PHDays and ZeroNights, provide an excellent opportunity to meet all of the colleagues at once and to synchronize current views on important information security issues, including, of course, #VulnerabilityManagement, the most relevant for me. My opinion is that this year’s behind-the-scene conversations were especially good. And this is the most valuable characteristic for the event.
Every ZeroNights event has it’s own style. This time it was some geeky cyber retro from 1980s, like in popular cult movie Kung Fury. The place was also changed from familiar Cosmos Hotel to ZIL Culture Centre. It is the largest Palace of Culture from the Soviet Moscow times. The combination of US 80s cultural artifacts, RETROWAVE music with Soviet-style interiors (including, for example, statue of Lenin) made a pretty weird combination, but I liked it =)
I was unintentionally taking photos using some strange mode in camera and recorded a very short video fragment (3-5 seconds) for each photo. I decided to combine this fragments in a small video. This does not make much sense, but, perhaps, someone will find this “time-lapse” interesting 😉
Among the great presentations and workshops, there were also a small exhibition. This year there was two #VulnerabilityManagement vendors: #BeyondSecurity and #Qualys.
#Yandex #WAS #w3af #SecuriTeam #SDLC #SAST #Qualys #mimikatz #Kaspersky #DAST #CloudAgents #BurpSuite #BeyondSecurity #AVDS #VulnerabilityManagement #Events #ZeroNights
Read more: https://avleonov.com/2017/11/19/zeronights-2017-back-to-the-cyber-80s/
Last Friday, 17th of November, I attended the ZeroNights 2017 conference in Moscow. And it was pretty awesome. Thanks to the organizers! Here I would like to share some of my impressions.
First of all, I want to say that two main Moscow events for information security practitioners, #PHDays and ZeroNights, provide an excellent opportunity to meet all of the colleagues at once and to synchronize current views on important information security issues, including, of course, #VulnerabilityManagement, the most relevant for me. My opinion is that this year’s behind-the-scene conversations were especially good. And this is the most valuable characteristic for the event.
Every ZeroNights event has it’s own style. This time it was some geeky cyber retro from 1980s, like in popular cult movie Kung Fury. The place was also changed from familiar Cosmos Hotel to ZIL Culture Centre. It is the largest Palace of Culture from the Soviet Moscow times. The combination of US 80s cultural artifacts, RETROWAVE music with Soviet-style interiors (including, for example, statue of Lenin) made a pretty weird combination, but I liked it =)
I was unintentionally taking photos using some strange mode in camera and recorded a very short video fragment (3-5 seconds) for each photo. I decided to combine this fragments in a small video. This does not make much sense, but, perhaps, someone will find this “time-lapse” interesting 😉
Among the great presentations and workshops, there were also a small exhibition. This year there was two #VulnerabilityManagement vendors: #BeyondSecurity and #Qualys.
#Yandex #WAS #w3af #SecuriTeam #SDLC #SAST #Qualys #mimikatz #Kaspersky #DAST #CloudAgents #BurpSuite #BeyondSecurity #AVDS #VulnerabilityManagement #Events #ZeroNights
Read more: https://avleonov.com/2017/11/19/zeronights-2017-back-to-the-cyber-80s/
Alexander V. Leonov
ZeroNights 2017: back to the cyber 80s
Last Friday, 17th of November, I attended the ZeroNights 2017 conference in Moscow. And it was pretty awesome. Thanks to the organizers! Here I would like to share some of my impressions.
SOC Forum 2017: How I Learned to Stop Worrying and Love Massive Malware Attacks
Today I spoke at #SOCForum 2017 in Moscow. It was a great large-scale event about Security Operation Centers. 2,700 people registered. Lots of people in suits 😉 . And lots of my good fellows.
The event was held in Radisson Royal Congress Park. There were three large halls for presentations and a huge space for exhibition/networking.
I would like to mention а stand of #PositiveTechnologies. They have shown today their new PT Security Intelligence Portal with #dashboards for executives and joint service with #SolarSecurity for providing #GosSOPKA functionality. Some stands were dedicated to Russian government Information Security initiatives: #GosSOPKA, #BDUFSTEC #vulnerability database and #FinCERT of the Central Bank of Russia.
During my presentation, I was talking how massive #malware (ransomware) attacks can be useful for an organization. Quite a provocative topic, right? 😉 I meant it in the sense that all the hype around #malware attack can help Information Security team to do the the following things:
* Establish useful policies, like mandatory #Windows host reboot after patch installation
* Ban some convenient, but dangerous functionality, like smb file sharing between workstations
* Implement useful processes, like system hardening (e.g. against mimikatz) or continuous processing of #CERT (FinCERT) bulletins
#YuriyBosov #WannaCry #SolarSecurity #SOCForum #ransomware #PositiveTechnologies #notPetya #MonaArkhipova #mimikatz #GosSOPKA #FinCERT #CERT #BDUFSTEC #BadRabbit #Acribia #Video #Events
Read more: https://avleonov.com/2017/11/22/soc-forum-2017-how-i-learned-to-stop-worrying-and-love-massive-malware-attacks/
Today I spoke at #SOCForum 2017 in Moscow. It was a great large-scale event about Security Operation Centers. 2,700 people registered. Lots of people in suits 😉 . And lots of my good fellows.
The event was held in Radisson Royal Congress Park. There were three large halls for presentations and a huge space for exhibition/networking.
I would like to mention а stand of #PositiveTechnologies. They have shown today their new PT Security Intelligence Portal with #dashboards for executives and joint service with #SolarSecurity for providing #GosSOPKA functionality. Some stands were dedicated to Russian government Information Security initiatives: #GosSOPKA, #BDUFSTEC #vulnerability database and #FinCERT of the Central Bank of Russia.
During my presentation, I was talking how massive #malware (ransomware) attacks can be useful for an organization. Quite a provocative topic, right? 😉 I meant it in the sense that all the hype around #malware attack can help Information Security team to do the the following things:
* Establish useful policies, like mandatory #Windows host reboot after patch installation
* Ban some convenient, but dangerous functionality, like smb file sharing between workstations
* Implement useful processes, like system hardening (e.g. against mimikatz) or continuous processing of #CERT (FinCERT) bulletins
#YuriyBosov #WannaCry #SolarSecurity #SOCForum #ransomware #PositiveTechnologies #notPetya #MonaArkhipova #mimikatz #GosSOPKA #FinCERT #CERT #BDUFSTEC #BadRabbit #Acribia #Video #Events
Read more: https://avleonov.com/2017/11/22/soc-forum-2017-how-i-learned-to-stop-worrying-and-love-massive-malware-attacks/
Vulnerability Management for Network Perimeter
Network Perimeter is like a door to your organization. It is accessible to everyone and #vulnerability exploitation does not require any human interactions, unlike, for example, phishing attacks. Potential attacker can automate most of his actions searching for an easy target. It’s important not to be such of target. 😉
What does it mean to control the network perimeter? Well, practically this process consist of two main parts:
* Assessing network hosts that are facing Internet using some Network Scanner (Nessus, #OpenVAS, #Qualys, MaxPatrol. #FSecure Radar, etc.)
* Assessing application servers, e.g. Web Servers, on these hosts using some special tools, e.g. Web Application Scanners (Acunetix, #BurpSuite, #Qualys #WAS, #Tenableio #WAS, #HighTechBridge ImmuniWeb, etc.)
Active scanning is a good method of perimeter assessment. Dynamics of the assets is relatively low, comparing with the Office Network. Perimeter hosts usually stays active all the time, including the time when you are going to #scan scanning them. 😉
Most of the dangerous vulnerabilities can be detected without authorization: problems with encryption (OpenSSL #Heartbleed, #Poodle, etc.). #RCE and DoS of web servers and frameworks (Apache Struts and #Equifax case)
The best results can be achieved with scanners deployed outside of your network. Thus, you will see your Network Perimeter the same way a potential attacker sees it. But certainly, you will be in a better position:
* You can ask your IT administrators to add your network and #WAS scanners in white list, so they will not be banned.
* You can check and correlate #scan results of remote #scanner with (authenticated?) #scan results produced by the #scanner deployed in your organization’s network and thus filtering false positives.
What about the targets for scanning? How should you get them?
#Tenableio #Splunk #QualysWAS #Qualys #python #Poodle #OpenVAS #OpenSSL #Nessus #Maxpatrol #HighTechBridge #Heartbleed #FSecureRadar #Equifax #BurpSuite #AtlassianJIRA #ApacheStruts #Acunetix #VulnerabilityManagement #PerimeterServices #Concept
Read more: https://avleonov.com/2017/11/28/vulnerability-management-for-network-perimeter/
Network Perimeter is like a door to your organization. It is accessible to everyone and #vulnerability exploitation does not require any human interactions, unlike, for example, phishing attacks. Potential attacker can automate most of his actions searching for an easy target. It’s important not to be such of target. 😉
What does it mean to control the network perimeter? Well, practically this process consist of two main parts:
* Assessing network hosts that are facing Internet using some Network Scanner (Nessus, #OpenVAS, #Qualys, MaxPatrol. #FSecure Radar, etc.)
* Assessing application servers, e.g. Web Servers, on these hosts using some special tools, e.g. Web Application Scanners (Acunetix, #BurpSuite, #Qualys #WAS, #Tenableio #WAS, #HighTechBridge ImmuniWeb, etc.)
Active scanning is a good method of perimeter assessment. Dynamics of the assets is relatively low, comparing with the Office Network. Perimeter hosts usually stays active all the time, including the time when you are going to #scan scanning them. 😉
Most of the dangerous vulnerabilities can be detected without authorization: problems with encryption (OpenSSL #Heartbleed, #Poodle, etc.). #RCE and DoS of web servers and frameworks (Apache Struts and #Equifax case)
The best results can be achieved with scanners deployed outside of your network. Thus, you will see your Network Perimeter the same way a potential attacker sees it. But certainly, you will be in a better position:
* You can ask your IT administrators to add your network and #WAS scanners in white list, so they will not be banned.
* You can check and correlate #scan results of remote #scanner with (authenticated?) #scan results produced by the #scanner deployed in your organization’s network and thus filtering false positives.
What about the targets for scanning? How should you get them?
#Tenableio #Splunk #QualysWAS #Qualys #python #Poodle #OpenVAS #OpenSSL #Nessus #Maxpatrol #HighTechBridge #Heartbleed #FSecureRadar #Equifax #BurpSuite #AtlassianJIRA #ApacheStruts #Acunetix #VulnerabilityManagement #PerimeterServices #Concept
Read more: https://avleonov.com/2017/11/28/vulnerability-management-for-network-perimeter/
Atlassian Jira, Python and automated labeling
I have already wrote about #Atlassian Jira automation in “Automated task processing with JIRA API“. But all examples there were with using of #curl. So, I decided to make one more post about Jira #API. This time with #python examples and about labeling issues (nice wordplay, right? ;-)).
You can use labeles for organizing issues on Jira Scrum and #Kanban Boards, Jira Dashboards or just for advanced searching (e.g. `labels = "LabelName"`)
Let’s start from the basics.
### How to search Jira issues from your own #python scripts?
It’s easy. Send a post request to _/rest/api/2/search/_ with some JQL expression. Jira server will return first 50 matching issues. If you need more, set a **startAt** parameter and repeat post requests while the number of issues you requested is less than **total** number of founded issues (parameter in response).
#scrum #python #Kanban #json #AtlassianJIRA #Atlassian #API
Read more: https://avleonov.com/2017/11/30/atlassian-jira-python-and-automated-labeling/
I have already wrote about #Atlassian Jira automation in “Automated task processing with JIRA API“. But all examples there were with using of #curl. So, I decided to make one more post about Jira #API. This time with #python examples and about labeling issues (nice wordplay, right? ;-)).
You can use labeles for organizing issues on Jira Scrum and #Kanban Boards, Jira Dashboards or just for advanced searching (e.g. `labels = "LabelName"`)
Let’s start from the basics.
### How to search Jira issues from your own #python scripts?
It’s easy. Send a post request to _/rest/api/2/search/_ with some JQL expression. Jira server will return first 50 matching issues. If you need more, set a **startAt** parameter and repeat post requests while the number of issues you requested is less than **total** number of founded issues (parameter in response).
#scrum #python #Kanban #json #AtlassianJIRA #Atlassian #API
Read more: https://avleonov.com/2017/11/30/atlassian-jira-python-and-automated-labeling/