Paul’s Security Weekly #498 – Security News

President Trump is tweeting from an insecure phone, Asus gives Raspberry Pi a run for its money, how to use your heartbeat as a password, and can you revive an old laptop with a free OS? Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly http://traffic.libsyn.com/pauldotcom/Pauls_Security_Weekly__498_-_Security_News_converted.mp3

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/O5w431G3hMc/

Enterprise Security Weekly #30 – Jayne Groll and Alan Shimel, DevOps

Jayne Groll and Alan Shimel are both Co-Founders of the Florida-based software development and IT operations company, DevOps. Both carry extensive IT credentials, extensive industry experience, and a hunger for informing the masses. Full Show Notes Visit http://securityweekly.com/esw for all the latest episodes! http://traffic.libsyn.com/eswaudio/Enterprise_Security_Weekly__30_-_Jayne_Groll_and_Alan_Shimel_DevOps_converted.mp3

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/1VydSO2PLsY/

Cyber Probe – Capturing, Analysing and Responding to Cyber Attacks

Cyberprobe is a distributed software architecture for monitoring of networks against attack. It consists of two components: cyberprobe, which collects data packets and forwards them over a network in standard streaming protocols; and cybermon which decodes protocols, and invokes user-defined logic on the decoded data.Cyberprobe can be integrated with snort so that the captured data corresponds with an attackers IP address as detected by snort.Cybermon uses a LUA configuration file to describe what to do with the decoded information, providing great flexibility. Cybermon also supports a couple of packet injection techniques, allowing you to respond to attacks by resetting connections, or forging DNS responses.The Cyberprobe project is an open-source distributed architecture for real-time monitoring of networks against attack. The software consists of two components: a probe, which collects data packets and forwards it over a network in standard streaming protocols.a monitor, which receives the streamed packets, decodes the protocols, and interprets the information.These components can be used together or separately. For a simple configuration, they can be run on the same host, for more complex environments, a number of probes can feed a single monitor. For more detail, and to see where we are going, read the architecturepage.The probe, cyberprobe has the following features: The probe can be tasked to collect packets from an interface and forward any which match a configurable address list.The probe can be configured to receive Snort alerts. In this configuration, when an alert is received from Snort, the IP source address associated with the alert is dynamically targeted for a period of time. In such a configuration, the system will collect data from any network actor who triggers a snort rule and is thus identified as a potential attacker. The probe can optionally run a management interface which allows remote interrogation of the state, and alteration of the configuration. This allows dynamic alteration of the targeting map, and integration with other systems. The probe can be configured to deliver on one of two standard stream protocols.The monitor tool, cybermon has the following features: Collects packets delivered in stream protocols.Decodes packet protocols in and raises events in near-real-time.Decoded information is made available to user-configurable logic to define how the decoded data is handled. A simple configuration language is used (LUA) and example configurations are provided to monitor data volumes, display data hexdumps, or stash the data in files.Packet forgery techniques are included, which allow resetting TCP connections, and forging DNS responses. This can be invoked from your LUA in order to fight back against attacks on your network.Has a pub/sub delivery mechanism with subscribers for ElasticSearch, Google BigQuery and Gaffer graph store. Supports IP, TCP, UDP, ICMP, HTTP and DNS protocols, currently.The cybermon software includes some support for STIX as a threat indicator specification, and can create alerts on the presence of threats on the network.The code is targeted at the Linux platform, although it is generic enough to be applicable to other UN*X-like platforms. The easiest way to learn about the software is to follow our Quick Start tutorial.Download Cyber Probe

Link: http://feedproxy.google.com/~r/PentestTools/~3/5jvw4iR4VIk/cyber-probe-capturing-analysing-and.html

OWASP Security Shepherd – Web And Mobile Application Security Training Platform

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status. Where can I download Security Shepherd? Virtual Machine or Manual Setup You can download Security Shepherd VM’s or Manual Installation Packs from GitHub Docker There is also a docker image available from Dockerhub you can pull it down with docker pull ismisepaul/securityshepherd Note: You’ll need to get a shell on your docker container and run mysql and tomcat manually; docker run -i -p 80:80 -p 443:443 -p 27017:27017 -t ismisepaul/securityshepherd /bin/bash/usr/bin/mongod &/usr/bin/mysqld_safe &service tomcat7 startIf you don’t have authbind installed and configured on your host machine e.g. on Ubuntu you’ll need to do the following; sudo apt-get install authbind touch /etc/authbind/byport/80 touch /etc/authbind/byport/443 chmod 550 /etc/authbind/byport/80 chmod 550 /etc/authbind/byport/443 chown tomcat7 /etc/authbind/byport/80 chown tomcat7 /etc/authbind/byport/443 How do I setup Security Shepherd? We’ve got fully automated and step by step walkthroughs on our wiki page to help you get Security Shepherd up and running. What can Security Shepherd be used for? Security Shepherd can be used as a; Teaching Tool for All Application Security Web Application Pen Testing Training Platform Mobile Application Pen Testing Training Safe Playground to Practise AppSec Techniques Platform to demonstrate real Security Risk examples Why choose Security Shepherd? There are a lot of purposefully vulnerable applications available in the OWASP Project Inventory, and even more across the internet. Why should you use Security Shepherd? Here are a few reasons; Wide Topic Coverage Shepherd includes over sixty levels across the entire spectrum of Web and Mobile application security under a single project. Gentle Learning Curve Shepherd is a perfect for users completely new to security with levels increases in difficulty at a pleasant pace. Layman Write Ups Each security concept when first presented in Shepherd, is done so in layman terms so that anyone can beginner can absorb them. Real World Examples The security risks in Shepherd are real vulnerabilities that have had their exploit impact dampened to protect the application, users and environment. There are no simulated security risks which require an expected, specific attack vector in order to pass a level. Attack vectors when used on Shepherd are how they would behave in the real world. Scalability Shepherd can be used locally by a single user or easily as a server for a high amount of users. Highly Customisable Shepherd enables admins to set what levels are available to their users and in what way they are presented (Open, CTF and Tournament Layouts) Perfect for Classrooms Shepherd gives its players user specific solution keys to prevent students from sharing keys, rather than going through the steps required to complete a level. Scoreboard Security Shepherd has a configurable scoreboard to encourage a competitive learning environment. Users that complete levels first, second and third get medals on their scoreboard entry and bonus points to keep things entertaining on the scoreboard. User Management Security Shepherd admins can create users, create admins, suspend, unsuspend, add bonus points or take penalty points away user accounts with the admin user management controls. Admins can also segment their students into specific class groups. Admins can view the progress a class has made to identify struggling participants. An admin can even close public registration and manually create users if they wish for a private experience. Robust Service Shepherd has been used to run online CTFs such as the OWASP Global CTF and OWASP LATAM Tour CTF 2015, both surpassing 200 active users and running with no down time, bar planned maintenance periods. Configurable Feedback An administrator can enable a feedback process, which must be completed by users before a level is marked as complete. This is used both to facilitate project improvements based on feedback submitted and for system administrators to collect “Reports of Understanding" from their students. Granular Logging The logs reported by Security Shepherd are highly detailed and descriptive, but not screen blinding. If a user is misbehaving, you will know. Download SecurityShepherd

Link: http://feedproxy.google.com/~r/PentestTools/~3/aI8AIJiRJ90/owasp-security-shepherd-web-and-mobile.html

Targeted email attack against (open source?) developers

Second email I’ve received today (some headers omitted):
Return-Path:
Received: from unknown (HELO mail.bsme-mos.ru) (95.163.65.54)
by ariel.informaction.com with SMTP; 27 Jan 2017 11:25:22 -0000
Received: from unknown (HELO o) (zayavka@bsme-mos.ru@94.23.58.202)
by mail.bsme-mos.ru with SMTP; 27 Jan 2017 14:25:17 +0300
Subject: question
Date: Fri, 27 Jan 2017 12:25:26 +0100
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft […]

Link: https://hackademix.net/2017/01/27/targeted-email-attack-against-open-source-developers/

Startup Security Weekly #23 – Ron Gula, Gula Tech Adventures

Ron Gula is a serial entrepreneur with quite a track record; he’s known for co-founding Tenable, founding Network Security Wizards, and serving as VP of Intrusion Detection Products for Enterasys Networks. Full Show Notes Visit http://securityweekly.com/category/ssw/ for all the latest episodes! http://traffic.libsyn.com/sswaudio/Startup_Security_Weekly__23_-_Ron_Gula_Gula_Tech_Adventures_converted.mp3

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/gNdDN60qgNs/