Talking Technical Security. All the stuff I find interesting and enjoy. Covering Protective Monitoring, Penetration Testing, Network Security Monitoring, Forensics, and Incident Response. Go deep!
Entropy in a given character set
This is a python program to work out the Bits of Entropy for a given character set for a specific password size. In other words how random can a password be at a specific size when drawn from a range of characters.
Why tunnel SSH through a proxy server? An attacker could use this technique as an initial reverse connection or to enhance their capability once they have a foothold on a system. It allows an attacker to create an outbound connection using secure-shell (SSH) protocol utilising a proxy server to bypass firewall restrictions that would prevent native ssh port (TCP Port 22) reaching the Internet. Once an outbound connection via SSH is established a reverse tunnel can be created to provide the attacker access back into the environment using a graphical interface such as RDP or VNC. Tunnel out using a proxy server Setup the tunnel The Squid Proxy is configured to use the CONNECT method for HTTPS (SSL/TLS) only by default as it could not otherwise relay the encrypted protocol. The use of the CONNECT method is considered unsafe and generally the only port it would be configured for is 443 So one thing the attacher must do, is to configure the end point SSH server to listen on port 44
In this post I wanted show how a Squid Proxy could be used with OpenDNS to provide a simple but effective security for home or small business. This blog post was inspired by the SANS course SEC530 Security Architecture & Engineering which leads to the GIAC Defensible Security Architecture (GDSA) certification. This is a great course for anyone looking to develop and improve their 'full stack' defensive posture. Monitoring is by courtesy of SOF-ELK , one of the many tools by those nice people at SANS . SOF-ELK is used in a few SANS course including FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response , and SEC555 SIEM with Tactical Analytics . OpenDNS Enterprise is now Cisco Umbrella , however, the OpenDNS Home service is available for free and small businesses can use the Prosumer services for a modest fee. The fist step is to install a CentOS 7 minimal and then apply the latest updates. In order to use the OpenDNS Home service I inst
Unsecured cloud storage are often the cause of breaches. It regularly makes the headlines when an Amazon S3 bucket is found with public access and contains tens of thousands or even millions of records including PII (Personally Identifiable Information) such as addresses, phone numbers and email addresses. The same problem can beset Azure, or I guess, any cloud platform, and while defaults have improved it is still a common misconfiguration that can lead to a breach. Recently I found myself needing to examine some Azure storage to check for misconfigured public access on some Azure storage accounts. A colleague suggested a script he'd come across Invoke-EnumerateAzureBlobs (thanks Stephen). The PowerShell script can be used to find storage accounts and then enumerate files within that storage account if the permissions allow it. The original article can be found here and the github repo here . I would recommend reading the original post. On this occasion I used the this to