Microsoft’s Local Administrator Password Solution (LAPS)
Hackers, incident responders, and penetration testers alike know that valid credential reuse is one of the most common real-world vulnerabilities in today’s networks. Valid credential reuse dominates as the top vulnerability in Verizon’s 2014/2015 Data Breach Investigations Reports Microsoft networks remain amongst the most vulnerable and exploited due to the way in which Active Directory is typically deployed: A base image is created with a standard local administrator password, which is duplicated on all workstations in the environment. When an attacker compromises any workstation, the local administrator password hash can be obtained and used to access every other workstation using the classic Active Directory exploit Pass-the-Hash (PtH). This methodology is described in detail in FireEye/Mandiant M-Trends 2015 case studies.
Statistics Will Crack Your Password
When hackers or penetration testers compromise a system and want access to clear text passwords from a database dump, they must first crack the password hashes that are stored. Many attackers approach this concept headfirst: They try any arbitrary password attack they feel like trying with little reasoning. This discussion will demonstrate some effective methodologies for password cracking and how statistical analysis of passwords can be used in conjunction with tools to create a time boxed approach to efficient and successful cracking.
Navigating Today’s Shared Security Responsibility Model in the Cloud
How do you protect the confidentiality, integrity, and availability of systems and data in your organization’s growing cloud environments? It starts by understanding your responsibility.
Addressing security in a public cloud environment is slightly different than in your on-premises data centers. When you move systems and data to the cloud, security responsibilities become shared between your organization and the cloud service provider. Infrastructure as a Service (IaaS) providers, such as Amazon Web Services (AWS), are responsible for securing the underlying infrastructure that supports the cloud, and you are responsible for anything you put on the cloud or connect to the cloud.
NIST Cybersecurity Framework vs. NIST Special Publication 800-53
With the recent high-profile attacks on Sony and Anthem, it’s clear that cyber risks continue to grow and that organizations need to do more to strengthen their cybersecurity defenses. Security frameworks exist to guide the implementation and management of security controls, and they should be used by any organization looking to intelligently manage cyber risk. A security framework helps prevent a haphazard approach to information security, and reduces potential gaps in the organization’s security efforts. The ideal framework provides a complete guide to current information security best practices while leaving room for an organization to customize its implementation of controls to its unique needs and risk profile. Several existing and well-known cybersecurity frameworks include COBIT 5, ISO 27000, and NIST 800-53. Recently, a new framework has come into play: NIST’s “Framework for Improving Critical Infrastructure Cybersecurity.”
Cloud Security Best Practices for Amazon Web Services (AWS)
Over the last 18-months we have seen more and more of our clients turn to IaaS (Infrastructure-as-a-Service) providers to support their enterprise infrastructure needs. While there are obvious benefits to utilizing these types of services, such as reducing the complexity associated with managing an enterprise infrastructure, moving to the cloud can also introduce new security concerns. Most often these concerns arise as a result of misconfigured cloud instances.
CRITICAL: Bash “Shellshock” Vulnerability
On September 24, 2014, a vulnerability in Bash—now referred to as the ‘Shellshock’ bug—was publicly announced after its discovery last week by Stephane Chazelas. Security experts expect the Shellshock bug to have significant and widespread impact, potentially more devastating than Heartbleed.
Why You Should Add Joern to Your Source Code Audit Toolkit
Joern is a static analysis tool for C / C++ code. It builds a graph that models syntax. The graphs are built out using Joern’s fuzzy parser. The fuzzy parser allows for Joern to parse code that is not necessarily in a working state (i.e., does not have to compile). Joern builds this graph with multiple useful properties that allow users to define meaningful traversals. These traversals can be used to identify potentially vulnerable code with a low false-positive rate.
CRITICAL: New Internet Explorer Zero-day Vulnerability
Only a few weeks after Heartbleed hit the Internet by storm, reports of another serious zero-day vulnerability are starting to circulate within the security community. Over the weekend Microsoft released Security Advisory 2963983, which details a new remote code execution vulnerability impacting ALL versions of Internet Explorer (IE6-IE11). Microsoft is aware of “limited, targeted attacks that attempt to exploit the vulnerability.” The company is currently investigating public reports of the vulnerability and it has yet to publicize details to the reserved CVE-2014-1776, but there are steps organizations can take to protect against this threat.
CRITICAL: HeartBleed Vulnerability
There is a new critical vulnerability affecting a widely used version of OpenSSL called HeartBleed (CVE-2014-0160). This new bug allows an attacker to read system memory remotely, without authentication. It has been reported that 60-70% of the Internet is affected. Immediate action should be taken to identify vulnerable systems within your environment and take necessary steps to mitigate risk associated with this critical vulnerability.
Whats up with WhatsApp’s Security?
Facebook’s acquisition announcement coincided with the starting week of Project Neptune’s beta program. Project Neptune is Praetorian’s new mobile application security testing platform that allows companies to keep pace with rapid mobile development cycles by incorporating continuous, on-demand security testing. And what’s a better way to properly kick off our beta program than to test a publicly available mobile app worth $19 billion? Within minutes, Project Neptune picked up on several SSL-related security issues affecting the confidentiality of WhatsApp user data that passes in transit to back-end servers. This is the kind of stuff the NSA would love. It basically allows them—or an attacker—to man-in-the-middle the connection and then downgrade the encryption so they can break it and sniff the traffic. These security issues put WhatsApp user information and communications at risk.