Monthly Archives: August 2017

Burp Suite Free Edition and NTLM authentication in ASP.net applications

As you know, Burp Suit is a scanner for advanced Web Application Security researchers. However, the free version of Burp is more like Firebug analogue, but much more functional.

Let’s see how to install it and use for website analysis. This analysis may be necessary to find vulnerabilities or somehow automate the work with the site. Let’s take, for example, ASP.net applications with NTLM-authorization, which is rather unpleasant to analyze.

Go to the site https://portswigger.net/burp/freedownload and download burp installer as a bash script:

Burp Suite Free Edition

Continue reading

What’s inside Vulners.com database and when were security objects updated last time

As I already wrote earlier, the main advantage of Vulners.com, in my opinion, is openness. An open system allows you to look under the hood, make sure that everything works fine and ask developers uncomfortable questions why there were no updates for a long time for some types of security objects.

You can do this by using the https://vulners.com/api/v3/search/stats/ request, that I already mentioned in “Downloading entire Vulners.com database in 5 minutes

First of all, let’s look at the security objects. This will give us an understanding of Vulners.com basis.

Vulners objects

Continue reading

What’s new in Gartner WAF Magic Quadrant 2017?

To tell the truth, I was not much interested in Web Application Firewall market since the time when I was doing competitive analysis in Positive Technologies. And a few days ago Gartner published a fresh WAF research with interesting Magic Quadrants. I decided to figure out what’s new there.

Here you can download full Gartner WAF MQ 2017 report for free. Thanks to Positive Technologies for such an opportunity!

First of all, let’s look at the illustrations. I took the Magic Quadrant from this year’s report:

Gartner Magic Quadrant WAF 2017

And for comparison from 2014 and 2015 reports:

Gartner Magic Quadrant WAF 2014 and 2015.

The first thing that caught my eye was Akamai in the leaders! And apparently this will be the main message.

Continue reading

Carbon Blacking your sensitive data it’s what the agents normally do

But usually without such consequences. In this situation with Carbon Black, I am most interested in the actual reasons of all this media noise. From what point business as usual becomes a scandal. Ok, when you see Carbon Black customer’s private files in public access at Virus Total it’s a 100% epic fail. But what about other options.

Carbon Black and DirectDefense Illustration from investigation by DirectDefense 

  1. Agent makes file analysis by himself on user’s host. It’s probably ok. Some paranoid person, like me, may say that it’s possible that data may leak during the update process, like in case of M.E.Doc. But it probably can be detected it in traffic somehow.
  2. Agent sends file to the vendor’s cloud for further analysis in some private multiscanner. Vendor will have copy of your private data. What if this data will leak? Are you sure that vendor will bear responsibility for this?
  3. Agent sends file to vendor’s cloud, vendor than sends it to some third-party for analysis. Are you sure vendors that you use doesn’t do this? How can you investigate this? What will be your next actions if you figure out that they do it without your permission?
  4. Agent sends file to the vendor’s cloud, vendor then sends it to some third-party for analysis, third-party opens access to this file for a wide range of people.

Continue reading

Downloading entire Vulners.com database in 5 minutes

Today I once again would like to talk about Vulners.com and why, in my opinion, it is the best vulnerability database that exist nowadays and a real game-changer.

The main thing is transparency. Using Vulners you not only can search for security content (see “Vulners – Google for hacker“), but download freely all available content from the database for your own offline analysis. And more than this, you can even see how Vulners actually works and evaluate how fresh and full the content is.

Vulners collections

Why you may need to download full security content database? For example, you may want to create something like vulnerability quadrants.

Vulnerability Quadrant

Continue reading