Category Archives: Concept

Vulnerability Management for Network Perimeter

Network Perimeter is like a door to your organization. It is accessible to everyone and vulnerability exploitation does not require any human interactions, unlike, for example, phishing attacks. Potential attacker can automate most of his actions searching for an easy target. It’s important not to be such of target. 😉

Vulnerability Management for Network Perimeter

What does it mean to control the network perimeter? Well, practically this process consist of two main parts:

  • Assessing network hosts that are facing Internet using some Network Scanner (Nessus, OpenVAS, Qualys, MaxPatrol. F-Secure Radar, etc.)
  • Assessing application servers, e.g. Web Servers, on these hosts using some special tools, e.g. Web Application Scanners (Acunetix, Burp Suite, Qualys WAS, Tenable.io WAS, High-Tech Bridge ImmuniWeb, etc.)

Active scanning is a good method of perimeter assessment. Dynamics of the assets is relatively low, comparing with the Office Network. Perimeter hosts usually stays active all the time, including the time when you are going to scan scanning them. 😉

Most of the dangerous vulnerabilities can be detected without authorization: problems with encryption (OpenSSL Heartbleed, Poodle, etc.). RCE and DoS of web servers and frameworks (Apache Struts and Equifax case)

The best results can be achieved with scanners deployed outside of your network. Thus, you will see your Network Perimeter the same way a potential attacker sees it. But certainly, you will be in a better position:

  • You can ask your IT administrators to add your network and WAS scanners in white list, so they will not be banned.
  • You can check and correlate scan results of remote scanner with (authenticated?) scan results produced by the scanner deployed in your organization’s network and thus filtering false positives.

What about the targets for scanning? How should you get them?

Continue reading

Harassment scandals, Sheldon Cooper, Black Mirror and blockchain

Lots of good jokes in a popular TV show The Big Bang Theory are related to Sheldon Cooper’s bureaucracy in interpersonal relationships: all these “roommate agreement”, “relationship agreement”, etc.

Harassment scandals, Sheldon Cooper, Black Mirror and blockchain

However, because of these endless harassment scandals in media, now it seems like a best practice of some kind. 😉

roommate agreement

I’m not particularly interested in who is right or wrong in any particular scandal. But the scheme itself seems corrupted.

In the current reality, when any joint action can be post factum presented as violent and committed under pressure, even after 10-20 years, and can lead to very sad consequences, any oral arrangements are rapidly depreciating.

Continue reading

Starting/stopping Amazon EC2 instances using CLI and Python SDK

It’s a very good practice to scan your perimeter from the outside of your network, simulating an attacker. However, you will need to deploy the scanners somewhere to do this. Hosting on Amazon EC2 can be a good and cost-effective option, especially if you start instances with vulnerability scanners only when it’s necessary and keep them stopped at other time.

Amazon AWS python

So, in this post I will give some examples of how to manage Amazon instances automatically using the AWS CLI or Python SDK (boto3): start/stop the instance and get public ip address.

Continue reading

VirtualBox GuestAdditions for Linux Guest OS

I often work with VirtualBox virtual machines and need to install GuestAdditions to use GUI applications comfortably. So, I decided to collect here some configuration scripts.

VirtualBox GuestAdditions

CentOS 7

In the configuration a new VirtualBox machine I add 2 network adapters:

  • Host Only Network
  • NAT

Installing clean CentOS (CentOS-7-x86_64-DVD-1611)

Continue reading

Automating Opera browser with Selenium WebDriver and Python

The right way to automate a web application is, certainly, to understand how this application works, by using burp (see “Burp Suite Free Edition and NTLM authentication in ASP.net applications“) for example, retrieve all necessary requests and learn how to use them.

However, this is sometimes so difficult and confusing, especially when the site owners are actively fighting with automation attempts. In this case, you may want to automate somehow the work on the highest level, with the graphical elements of the site. You can view them as some pictures, as SikuliX does (“SikuliX: the last chance for automation“, or as some elements of code, as Selenium IDE does (“Selenium, SikuliX and Facebook posting“).

But it would much better to control the browser itself from the Python scripts. And this can be done with Selenium WebDriver.

Selenium WebDriver, Python and Opera browser

Guys from Guru99 have wrote me a letter about their free course about Selenium.

This course looks pretty good. In the first part you can find a detailed description of Selenium components and the project history. After reading this, I finally decided that the Selenium WebDriver suited me best. Examples of WebDriver usage are written in Java, and I wanted to use Python. But since the calls are the same, lessons of this course are still more than useful.

And despite the fact that Selenium is usually used with Firefox, I tried to use it with Chromium-based Opera. This browser is very popular in Russia because of some unique features. 😉

Continue reading