Monthly Archives: November 2017

ZeroNights 2017: back to the cyber 80s

Last Friday, 17th of November, I attended the ZeroNights 2017 conference in Moscow. And it was pretty awesome. Thanks to the organizers! Here I would like to share some of my impressions.

my photo ZeroNights 2017

First of all, I want to say that two main Moscow events for information security practitioners, PHDays and ZeroNights, provide an excellent opportunity to meet all of the colleagues at once and to synchronize current views on important information security issues, including, of course, Vulnerability Management, the most relevant for me. My opinion is that this year’s behind-the-scene conversations were especially good. And this is the most valuable characteristic for the event.

Every ZeroNights event has it’s own style. This time it was some geeky cyber retro from 1980s, like in popular cult movie Kung Fury. The place was also changed from familiar Cosmos Hotel  to ZIL Culture Centre. It is the largest Palace of Culture from the Soviet Moscow times. The combination of US 80s cultural artifacts, RETROWAVE music with Soviet-style interiors (including, for example, statue of Lenin) made a pretty weird combination, but I liked it =)

I was unintentionally taking photos using some strange mode in camera and recorded a very short video fragment (3-5 seconds) for each photo. I decided to combine this fragments in a small video. This does not make much sense, but, perhaps, someone will find this “time-lapse” interesting 😉

Among the great presentations and workshops, there were also a small exhibition. This year there was two Vulnerability Management vendors: Beyond Security and Qualys.

Continue reading

Harassment scandals, Sheldon Cooper, Black Mirror and blockchain

Lots of good jokes in a popular TV show The Big Bang Theory are related to Sheldon Cooper’s bureaucracy in interpersonal relationships: all these “roommate agreement”, “relationship agreement”, etc.

Harassment scandals, Sheldon Cooper, Black Mirror and blockchain

However, because of these endless harassment scandals in media, now it seems like a best practice of some kind. 😉

roommate agreement

I’m not particularly interested in who is right or wrong in any particular scandal. But the scheme itself seems corrupted.

In the current reality, when any joint action can be post factum presented as violent and committed under pressure, even after 10-20 years, and can lead to very sad consequences, any oral arrangements are rapidly depreciating.

Continue reading

Vulnerability Management vendors and massive Malware attacks (following the Bad Rabbit)

After the latest Bad Rabbit ransomware attack all Top VM vendors Qualys, Tenable, Rapid7 wrote blog posts on this topic on the same day. Two days later Tripwire also published own  review. Why do they care? They do not make antiviruses, endpoint protection or firewalls – the common tools against this kind of threats. So, what’s the point?

VM vendors BadRabbit

Well, they do it is obviously to promote their products and services. But how exactly?

Continue reading

Study Vulnerability Assessment in Tenable University for free

Not so long ago, Tenable presented renewed online training platform – Tenable University. It is publicly available even for non-customers, for example, for Nessus Home users. However, not all courses are available in this case.

Login screen

I decided to check it out, registering as non-customer.

Sign up

Continue reading

Exploitability attributes of Nessus plugins: good, bad and Vulners

Exploitability is one of the most important criteria for prioritizing vulnerabilities. Let’s see how good is the exploit-related data of Tenable Nessus NASL plugins and whether we can do it better.

Nessus exploitability

What are the attributes related to exploits? To understand this, I parsed all nasl plugins and got the following results.

Continue reading