Shodan is a powerful tool for doing passive reconnaissance. It’s also a great source of information that you can put to good use to monitor your publicly available assets. Shodan acts as a search engine (also see: : What is Shodan.io?), whatever that is connected to the internet will get indexed by their crawlers.
I wrote a script that takes one parameter (ideally a string) and
Fetches the information that is available at Shodan for … Read more.
Somebody at $work asked me to give some more insight on Shodan, what it is and how you can put it to good use. I shared the presentation on Slideshare.
What is shodan from Koen Van Impe
Centralized logging is essential during incident response. If you can only rely on local logs then you risk losing crucial information when reconstructing the timeline of a security incident. Local logs should not be trusted during an incident as they might have been altered by an intruder. Additionally centralized logging allows you to combine different log sources into one data set for investigation.
I used a couple of centralized log solutions in the past, including … Read more.
I updated my page on WannaCry with information on the latest NotPetya ransomware attack : https://www.wannacry.be.
There are several solutions for copying files between Windows hosts, the protocol that most file transfers in the Windows world will default to is SMB (yes, thats the same protocol as used by Wannacry). What alternatives are available? The pre-requisites are
Audit and logging capabilities, each transfer should be logged; One central server where files get pushed to and pulled from; Authentication, before a file transfer can happen, the user should authenticate; Secure transfer of … Read more.
Both Dragos and ESET released two reports on the analysis of malware attacking power grids.
According to Dragos the adversary group labeled as ELECTRUM is responsible for the cyber attack on the Ukraine electric grid in 2016.
I created a mindmap based on the info in the Dragos document. It’s available on https://github.com/cudeso/tools/tree/master/CRASHOVERRIDE
https://www.us-cert.gov/ncas/alerts/TA17-163A https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf https://dragos.com/blog/crashoverride/
Kerberos is an authentication protocol that works on the basis of tickets that allows clients to connect to services over an insecure network and still allow clients to prove their identity in a secure manner.
The steps described below are a compilation of what I found when reading on Kerberos. Feel free to share your comments!
These are the steps necessary for a client to obtain an authenticated and verified request to a service (for … Read more.
I compiled a list of -hopefully- useful tips and help for dealing with the WannaCry ransomware. I try to keep the page updated as soon as new information is available.
See https://www.wannacry.be/. Feedback is welcome!
A major wave of ransomware called WannaCry / Wcry / WannaCrypt has hit many organizations around the world, causing panic among many users, system administrators and security professionals. The details of the ransomware have been covered in detail at other posts
Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware Player 3 Has Entered the Game: Say Hello to ‘WannaCry’ Massive outbreak of ransomware variant infects large amounts of computers around … Read more.
I published an article on IBM Security Intelligence on The Apache Struts 2 Vulnerability and the Importance of Patch Management.
The post describes a vulnerability in Struts 2, a free, open source framework for creating Java web applications that allows attackers to execute arbitrary code.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.