Category Archives: Productology

Nessus Essentials with offline registration and plugin updates

Nessus Essentials with offline registration and plugin updates. In this episode, I would like to talk about Nessus Essentials and, in particular, how to register and update it without direct internet access. Nothing complicated, but there are a couple of pitfalls that I would like to share.

Nessus Essentials with offline updates

Let’s say you need to scan a host in a critical autonomous segment where Internet access is strictly prohibited. In such scenarios, Nessus Essentials is really suitable. It is a fully functional network vulnerability scanner with a good vulnerability knowledgebase. It can be registered and updated offline! And most importantly, it’s free even for corporate use! There is, of course, a 16 IP addresses limit, but in this case it is not really important.

Continue reading

Microsoft Patch Tuesday September 2020: Zerologon and other exploits, RCEs in SharePoint and Exchange

Microsoft Patch Tuesday September 2020: Zerologon and other exploits, RCEs in SharePoint and Exchange. I would like to start this post by talking about Microsoft vulnerabilities, which recently turned out to be much more serious than it seemed at first glance.

Older Vulnerabilities with exploits

“Zerologon” Netlogon RCE (CVE-2020-1472)

One of them is, of course, the Netlogon vulnerability from the August 2020 Patch Tuesday. It’s called “Zerologon”. I would not say that Vulnerability Management vendors completely ignored it. But none of them (well, maybe only ZDI) emphasized in their reports that this vulnerability would be a real disaster.

Continue reading

Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation, useful for phishing and others

Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation, useful for phishing and others. This time I would like to review not only the vulnerabilities that were published in the last August Microsoft Patch Tuesday, but also the CVEs that were published on other, not Patch Tuesday, days. Of course, if there are any.

But let’s start with the vulnerabilities that were presented on MS Patch Tuesday on August 11th. There were 120 vulnerabilities: 17 of them are Critical and 103 Important. My vulristics script could not find public exploits for these vulnerabilities on Vulners.com.

Continue reading

Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint

Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint. I am doing this episode about July vulnerabilities already in August. There are 2 reasons for this. First of all, July Microsoft Patch Tuesday was published in the middle of the month, as late as possible. Secondly, in the second half of July I spent my free time mostly on coding. And I would like to talk more about this.

Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint

Vulristics

I decided to release my Microsoft Patch Tuesday reporting tool as part of a larger open source project (github). I named it Vulristics (from “Vulnerability” and “Heuristics”). I want this to be an extensible framework for analyzing publicly available information about vulnerabilities.

Let’s say we have a vulnerability ID (CVE ID) and we need to decide whether it is really critical or not. We will probably go to some vulnerability databases (NVD, CVE page on the Microsoft website, Vulners.com, etc.) and somehow analyze the descriptions and parameters. Right? Such analysis can be quite complex and not so obvious. My idea is to formalize it and make it shareable. It may not be the most efficient way to process data, but it should reflect real human experience, the things that real vulnerability analysts do. This is the main goal.

Continue reading

Barapass, Tsunami scanner, vulnerabilities in Windows DNS Server and SAP products, weird attack on Twitter

Barapass, Tsunami scanner, vulnerabilities in Windows DNS Server and SAP products, weird attack on Twitter. This episode is based on posts from my Telegram channel avleonovcom, published in the last 2 weeks. So, if you use Telegram, please subscribe. I update it frequently.

Barapass, Tsunami scanner, vulnerabilities in Windows DNS Server and SAP products, weird attack on Twitter

Barapass update

I recently released an update to my password manager barapass. BTW, it seems to be my only pet project at the MVP stage, which I use every day.

What’s new:

  1. Now I am sure that it works on Windows 10 without WSL. And you can run it beautifully even with the icon. ? Read more about installation in Windows in this file.
  2. Not only “copy the next value to the clipboard” (or “revolver mode” ) is now possible in the search results section. You can also get the previous value or copy the same value one again if it was somehow erased in the clipboard. Previously, I had to retype the search request each time to do this, and it was quite annoying. By the way, I unexpectedly discovered that the user input history inside the application magically works in the Windows shell (using up and down arrows) without any additional coding. On Linux it does not.
  3. You can set a startup command, for example, to decrypt the container.
  4. The startup command and quick (favorite) commands are now in settings.json and not hard-coded.
  5. settings.json, container files and decrypted files are now in “files” directory. It became more convenient to update barapass, just change the scripts in the root directory and that’s it. I divided the scripts into several files, now it should be more clear how it works.

So, if you need a minimalistic console password manager in which you can easily use any encryption you like – welcome! You can read more about barapass in my previous post.

Continue reading

How to list, create, update and delete Grafana dashboards via API

How to list, create, update and delete Grafana dashboards via API. I have been a Splunk guy for quite some time, 4 years or so. I have made several blog posts describing how to work with Splunk in automated manner (see in appendix). But after their decision to stop their business in Russia last year, including customer support and selling software and services, it was just a matter of time for me to start working with other dashboarding tools.

How to list, create, update and delete Grafana dashboards via API

For me, Grafana has become such a tool. In this post I want to describe the basic API operations with Grafana dashboards, which are necessary if you need to create and update dozens and hundreds of dashboards. Doing all this in the GUI will be painful. Grafana has a pretty logical and well-documented API. The only tricky moments I had were getting a list of all dashboard and editing an existing dashboard.

Continue reading

Anti-Phishing process with advanced phishing attacks simulation

Anti-Phishing process with advanced phishing attacks simulation. This time I want to write about the service of my friends from Antiphish. They call it “security awareness and employee behaviour management platform”. Simply put, they teach company employees how to detect and avoid phishing attacks.

By the way, they are great guys, made a demo for me, prepared custom templates, like in real PoC for a corporate client. Thanks so much for the excellent work!

The main idea

When you sign in to the Antiphish interface, you see the dashboards with information about the people who studied security courses, were tested during the course and were checked using emulated phishing attacks (some of these attacks are amazing, and I’ll show them at the end). This is the main idea. How can you protect your organization from phishing attacks? Educate people and constantly provoke them. Not just to send an email and see the employees who visited your “malicious” website. No, there should be a process!

Continue reading