We recently held a Penetration Panel webinar that consisted of a nice mix of our attack and defense teams. The event afforded participants an opportunity to submit questions to the experts prior to the start of the webinar. One of the questions that I was slated to answer was "Describe the best practice methods you've discovered work best to prevent/detect unauthorized access." ... READ MORE
Defense
Encryption Basics: RSA
Number two in our encryption basics series. This time we are going to get into a well-known form of public key encryption, RSA. I plan on giving the same boiler plate warning for each of these; if you promise not to use this for encrypting anything truly important, you are allowed to skip the next couple of lines. The programs contained herein (obligatory lawyer speak) are for ... READ MORE
Encryption Basics: DHKE
As a side project I have been doing some self-study on encryption to better understand it. It is how we protect our data as it travels across the internet or when at rest, we use concepts from it to verify that we sent messages, and whole currency schemes are built around the idea. Encryption is an incredibly dense topic and it is easy to mess up. As such, all of the code I ... READ MORE
Ghosts in the Machines
Methods for the prevention, detection, and removal of ghosts in digital networks We often find that clients are so focused on preventing attacks from malicious living humans that they completely neglect the threat posed by ghosts. With that in mind, today’s post focuses on defensive measures that can be implemented to (1) prevent ghost infestations; (2) detect paranormal ... READ MORE
Sophos UTM Home Edition 5 – SSL VPN
The topic of today's post is setting up an SSL VPN through the Sophos UTM Home Edition. The ease-of-use VPN solution was one of my primary reasons for pursuing this particular UTM in the first place, and so I think it's a topic definitely worth exploring. There are a variety of VPN options within the UTM. I'll only be covering the SSL option here. If you are looking to set up a ... READ MORE
Sophos UTM Home Edition 4 – Definitions and Rules
UPDATE: Part 5 - SSL VPN is now available. In the first and second posts in this series, we stepped through the installation of the Sophos UTM. Two weeks ago, we finished up the setup process. Now, we're going to start exploring the meat and potatoes of Sophos' free UTM solution. This week, I'm going to cover establishing definitions and ... READ MORE
Sophos UTM Home Edition – 3 – The Setup
UPDATE: Part 4 – Definitions and Rules and Part 5 - SSL VPN are now available. It's been quite a while since I wrote the initial two Sophos UTM posts. I recently upgraded from a really old, re-purposed HP box to a slightly-less-old Dell Precision 670 courtesy of steiner, and I took the opportunity to document the setup process. This post assumes you have followed the ... READ MORE
CTF – Exploit PCAP Walkthrough
RSM recently hosted a Capture the Flag competition for high school students in partnership with the University of Mount Union. Our team attempted to craft challenging but "solvable" problems for the participants to complete. When I was writing my challenges (they fell mostly in the Forensics category) my goal was to make problems that were something a high school student ... READ MORE
Password Filtering: Taking Bad Decisions Away from Users
(Originally published by @fluffy_bs) I recently had this conversation with a client following a pen test: Client: "What is our biggest security hole?" Me: "Your password policy is incredibly weak. We were able to brute-force passwords such as Winter14, Password1, and Company1. Client: "We just had a meeting where we reiterated our security policy. I told ... READ MORE
Vulnerabilities 2014: Moving Forward
2014 saw the release of a number of critical vulnerabilities that caused media storms and left script kiddies on the edge of their seats in anticipation of public exploits. These high impact vulnerabilities included, but were not limited to: Heartbleed CVE-2014-0160 Various ShellShocks CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, ... READ MORE