Being part of the blue team it is helpful to have familiarity with routing protocols as they help you move traffic throughout the network and if you don’t well, then you have come to a good place to start. Routing protocols can be classified into two different categories: exterior and interior. Exterior routing protocols focus on routing from a network to the internet while ... READ MORE
Defense
Segmenting, Subnetting and You
I completed a week of Cisco Certified Network Associate (CCNA) training and passed the exam. I learned an interesting bit about how to quickly subnet. I would like to focus on how to subnet quickly without a calculator. For blue teamers, this skill is useful for implementing and evaluating segmentation. For red teamers, it can be useful for determining the number of potential ... READ MORE
Flash….Thunder!
So another year has passed and what an active year it was, chocked full of security events, breaches, and account dumps! Accounts that have been breached continue to pop up on multiple sale sites and we continue to see a trend that has plagued the industry for years and years... password reuse. I know what you're thinking, oh boy another blog about password reuse and why ... READ MORE
Encryption Basics: HMAC
We have covered a method for key exchange, and we have covered a way to implement public key encryption and message signing. Our topic today is hash-based message authentication codes or HMAC (a subset of message authentication codes). An HMAC provides us with most of the features of message signing, but it is quicker. There are times when you will use one over the other, and ... READ MORE
Penetration Panel Follow-Up: Defensive Best Practices
We recently held a Penetration Panel webinar that consisted of a nice mix of our attack and defense teams. The event afforded participants an opportunity to submit questions to the experts prior to the start of the webinar. One of the questions that I was slated to answer was "Describe the best practice methods you've discovered work best to prevent/detect unauthorized access." ... READ MORE
Encryption Basics: RSA
Number two in our encryption basics series. This time we are going to get into a well-known form of public key encryption, RSA. I plan on giving the same boiler plate warning for each of these; if you promise not to use this for encrypting anything truly important, you are allowed to skip the next couple of lines. The programs contained herein (obligatory lawyer speak) are for ... READ MORE
Encryption Basics: DHKE
As a side project I have been doing some self-study on encryption to better understand it. It is how we protect our data as it travels across the internet or when at rest, we use concepts from it to verify that we sent messages, and whole currency schemes are built around the idea. Encryption is an incredibly dense topic and it is easy to mess up. As such, all of the code I ... READ MORE
Ghosts in the Machines
Methods for the prevention, detection, and removal of ghosts in digital networks We often find that clients are so focused on preventing attacks from malicious living humans that they completely neglect the threat posed by ghosts. With that in mind, today’s post focuses on defensive measures that can be implemented to (1) prevent ghost infestations; (2) detect paranormal ... READ MORE
Sophos UTM Home Edition 5 – SSL VPN
The topic of today's post is setting up an SSL VPN through the Sophos UTM Home Edition. The ease-of-use VPN solution was one of my primary reasons for pursuing this particular UTM in the first place, and so I think it's a topic definitely worth exploring. There are a variety of VPN options within the UTM. I'll only be covering the SSL option here. If you are looking to set up a ... READ MORE
Sophos UTM Home Edition 4 – Definitions and Rules
UPDATE: Part 5 - SSL VPN is now available. In the first and second posts in this series, we stepped through the installation of the Sophos UTM. Two weeks ago, we finished up the setup process. Now, we're going to start exploring the meat and potatoes of Sophos' free UTM solution. This week, I'm going to cover establishing definitions and ... READ MORE