April 7, 2019 – Hack Naked News #217

    This week, software flaw exposed most dell computers to remote hacking, Israel neutralizes cyber attack by blowing up a building with hackers, an expert that found hundreds of vulnerable Jenkins plugins, a bug in Mirai code allows crashing C2 servers, and how researchers discovered a highly stealthy Microsoft Exchange Backdoor! In the expert […]
The post April 7, 2019 – Hack Naked News #217 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/VOLvN7Sucew/

Leadership Articles – Business Security Weekly #127

    In the Leadership and Communications segment, How to build a startup, You Don’t Have To Be Nice To Be Respected. Boeing and the Importance of Encouraging Employees to Speak Up, and more! Leadership Articles How to build a startup: 7 tips from Keith Krach Moonshot Thinking For C-Level Executives In The Age Of […]
The post Leadership Articles – Business Security Weekly #127 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/a1gMc-vldlM/

Joy – A Package For Capturing And Analyzing Network Flow Data And Intraflow Data, For Network Research, Forensics, And Security Monitoring

Joy is a BSD-licensed libpcap-based software package for extracting data features from live network traffic or packet capture (pcap) files, using a flow-oriented model similar to that of IPFIX or Netflow, and then representing these data features in JSON. It also contains analysis tools that can be applied to these data files. Joy can be used to explore data at scale, especially security and threat-relevant data.JSON is used in order to make the output easily consumable by data analysis tools. While the JSON output files are somewhat verbose, they are reasonably small, and they respond well to compression.Joy can be configured to obtain intraflow data, that is, data and information about events that occur within a network flow, including:the sequence of lengths and arrival times of IP packets, up to some configurable number of packets.the empirical probability distribution of the bytes within the data portion of a flow, and the entropy derived from that value,the sequence of lengths and arrival times of TLS records,other non-encrypted TLS data, such as the list of offered ciphersuites, the selected ciphersuite, the length of the clientKeyExchange field, and the server certificate strings,DNS names, addresses, and TTLs,HTTP header elements and the first eight bytes of the HTTP body, andthe name of the process associated with the flow, for flows originate or terminate on the host on which pcap is running.Joy is intended for use in security research, forensics, and for the monitoring of (small scale) networks to detect vulnerabilities, threats and other unauthorized or unwanted behavior. Researchers, administrators, penetration testers, and security operations teams can put this information to good use, for the protection of the networks being monitored, and in the case of vulnerabilities, for the benefit of the broader community through improved defensive posture. As with any network monitoring tool, Joy could potentially be misused; do not use it on any network of which you are not the owner or the administrator.Flow, in positive psychology, is a state in which a person performing an activity is fully immersed in a feeling of energized focus, deep involvement, and joy. This second meaning inspired the choice of name for this software package.Joy is alpha/beta software; we hope that you use it and benefit from it, but do understand that it is not suitable for production use.TLS FingerprintingWe have recently released the largest and most informative open source TLS fingerprint database. Among other features, our approach builds on previous work by being fully automated and annotating TLS fingerprints with significantly more information. We have built a set of python tools to enable the application of this database, as well as the generation of new databases with the help of Joy. For more information, please see the TLS fingerprinting documentation.Relation to Cisco ETAJoy has helped support the research that paved the way for Cisco’s Encrypted Traffic Analytics (ETA), but it is not directly integrated into any of the Cisco products or services that implement ETA. The classifiers in Joy were trained on a small dataset several years ago, and do not represent the classification methods or performance of ETA. The intent of this feature is to allow network researchers to quickly train and deploy their own classifiers on a subset of the data features that Joy produces. For more information on training your own classifier, see saltUI/README or reach out to joy-users@cisco.com.CreditsThis package was written by David McGrew, Blake Anderson, Philip Perricone and Bill Hudson {mcgrew,blaander,phperric,bhudson}@cisco.com of Cisco Systems Advanced Security Research Group (ASRG) and Security and Trust Organization (STO).Release 4.3.0Add IPv6 support to Joy and libjoyIPFix collection and export only support IPv4NFv9 only supports IPv4Anonymization only supports IPv4 addressesSubnet labeling only supports IPv4 addressesRelease 4.2.0Re-write joy.c to use libjoy libraryUpdated joy.c to utilize multi-threads for flow processingUpdated unit tests and python tests to reflect new code changesRemoved guts of the updater process to prepare for re-writeFixed bug in processing multiple files on the command lineOther minor bug fixesRelease 4.0.3Added support for make install for CentosRelease 4.0.2Add support for fingerprintingRelease 4.0.1We are pleased to announce the 4.0.1 release of the package, which has these features:Add additional API’s for parent application processing of Flow Records and data featuresFixed TCP retransmission and out of order detectionBetter identification of IDP packetFixed some memory usage issuesFixed minor bugsRemoved dead codeRelease 4.0.0We are pleased to announce the 4.0.0 release of the package, which has these features:Add support for building with autotools. ./configure;make clean;makeRelease 3.0.0We are pleased to announce the 3.0.0 release of the package, which has these features:Modified JOY infrastructure code to be thread safe. Allowed support multiple work threads for packet processing.Each worker thread uses own output file.Removed global variables for Config.Modified code infrastructure to use Config Structure.Modified the Makefile system to build the JOY infrastructure as a static and shared library.Implemented an API for utilizing the JOY Library (joy_api.[hc]).Implemented a Vector Packet Processing integration scheme to utilize VPP native infrastructure when building that integration.Created 2 API test programs, joy_api_test.c and joy_api_test2.c.Modified existing test programs to link against static JOY library instead of re-compiling the infrastructure code.Modified versioning to use Common Security Module (CSM) conventions.Modified build_pkg to accept package version on the command line.Cleaned up coverity errors and warnings.Various bug fixes.Release 2.0We are pleased to announce the 2.0 release of the package, which has these features:The JSON schema has been updated to be better organized, more readable, and more searchable (by putting searchable keywords as the JSON names),The new sleuth tool replaces query/joyq, and brings new functionality such as —fingerprint,Much improved documentation, which covers the joy and sleuth tools, examples, and the JSON schema (see using-joy)Quick StartJoy has been successfully run and tested on Linux (Debian, Ubuntu, CentOS, and Raspbian), Mac OS X and Windows. The system has been built with gcc and GNU make, but it should work with other development environments as well.Go to the Wiki for a guide on building: Build InstructionsDownload Joy

Link: http://www.kitploit.com/2019/05/joy-package-for-capturing-and-analyzing.html

SaaS Product, Cloudneeti – Paul’s Security Weekly #601

Guru Pandurangi is the CEO and Founder of Cloudneeti, to talk about how their SaaS product is delivering continuous cloud security and compliance assurance to businesses migrating or using cloud providers such as Azure, AWS, Office365, to develop and host their applications! To learn more about Cloudneeti, visit:https://securityweekly.com/cloudneeti Full Show Notes Follow us on Twitter: […]
The post SaaS Product, Cloudneeti – Paul’s Security Weekly #601 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/7Mc0eSmPapk/

The Canary Tool, Thinkst – Paul’s Security Weekly #601

Haroon Meer is the CEO and Researcher at Thinkst. He is coming on the show to talk about why hackers should create companies, and some of the technical details behind Thinkst’ tool Canary! Full Show Notes Follow us on Twitter: https://www.twitter.com/securityweekly Hosts             Announcements
The post The Canary Tool, Thinkst – Paul’s Security Weekly #601 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/Z9MoAvhZNmA/

Fujifilm, Facebook, & Black Holes – Paul’s Security Weekly #601

    Serious vulnerabilities found in Fujifilm x-ray devices, Facebook could be fined 5 billion over privacy violations, preinstalled malware on bootleg streaming devices, hackers using SIM swapping to steal cryptocurrency, and how a 29 year old computer scientist created the algorithm that took the first ever picture of a black hole! Paul’s Stories Chrome […]
The post Fujifilm, Facebook, & Black Holes – Paul’s Security Weekly #601 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/ba_8IKB4Tbk/

Cutter – Free And Open-Source GUI For Radare2 Reverse Engineering Framework

Cutter is a free and open-source GUI for radare2 reverse engineering framework. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers.Downloading a releaseCutter is available for all platforms (Linux, macOS, Windows). You can download the latest release here.macOS: Download the latest .dmg file or use Homebrew Cask brew cask install cutter.Windows: Download the latest Zip archive.Linux: Download the latest AppImage file. Then just make it executable and run it:chmod +x ./<appimage_file>Building from sourcesTo build Cutter on your local machine, please follow this guide: Building from sourceDockerTo deploy cutter using a pre-built Dockerfile, it’s possible to use the provided configuration. The corresponding README.md file also contains instructions on how to get started using the docker image with minimal effort.DocumentationYou can find our documentation here.HelpRight now the best place to obtain help from Cutter developers and community is to contact us on:https://t.me/r2cutter#cutter on irc.freenode.net@r2gui on TwitterDownload Cutter

Link: http://feedproxy.google.com/~r/PentestTools/~3/tox-LUVg8Io/cutter-free-and-open-source-gui-for.html

Thomas Hatch, SaltStack – Application Security Weekly #58

    Thomas is the creator of the Salt open source software project and the CTO of SaltStack, the company behind Salt. He has spent his career writing software to orchestrate and automate the work of securing and maintaining enterprise IT infrastructure from core data center systems to the very edge of the network and […]
The post Thomas Hatch, SaltStack – Application Security Weekly #58 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/wxnwAv2_Dko/

How To Think Like An Investor, Will Lin – Business Security Weekly #124

Will is a Partner and a Founding Investor at ForgePoint Capital. He has been an avid technology enthusiast for decades: building his first computer in elementary school and starting online businesses while completing his bachelor’s degree from the University of California, Berkeley. Full Show Notes Hosts         Announcements Register for our upcoming […]
The post How To Think Like An Investor, Will Lin – Business Security Weekly #124 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/WHW_r1ecBIE/