Vulnerability Intelligence based on media hype. It works? Grafana LFI and Log4j “Log4Shell” RCE. Hello everyone! In this episode, I want to talk about vulnerabilities, news and hype. The easiest way to get timely information on the most important vulnerabilities is to just read the news regularly, right? Well, I will try to reflect on this using two examples from last week.
I have a security news telegram channel https://t.me/avleonovnews that is automatically updated by a script using many RSS feeds. And the script even highlights the news associated with vulnerabilities, exploits and attacks.
QSC21, VMDR Training and Exam. Hello everyone! On the one hand, because of the pandemic, we have become more distant from each other. We work mostly remotely from home. Traveling to a conference in another country has become much more difficult than it used to be. Now it is not only expensive. It has become much more difficult to obtain visas, there are restrictions related to vaccines, tests, quarantines, etc. And sometimes the borders are simply closed and it is impossible to get there.
On the other hand, we have become paradoxically closer to each other. Conferences have become much more online-oriented. And the main event of Qualys, QSC 21 Las Vegas, is now available to everyone with no delays or restrictions. This year, I not only watched the show, but also took VMDR training, passed the exam and received a certificate. I want to talk about this in this episode.
Conference
I will only state the main idea. Of course the way I understood it. Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA), btw not related to a security blogger Brian Krebs, started the conference by talking about attacks. There will only be more of them, and it will be more difficult to mitigate these attacks. Of course, if companies could be protected with prohibitive measures, that would be fine. But the problem is that in order for a company to be competitive, it must build the “permissive environment”. Especially in our COVID times.
Vulristics Command Line Interface, improved Product & Vuln. Type Detections and Microsoft Patch Tuesday November 2021. Hello everyone! In this episode I want to highlight the latest changes in my Vulristics project. For those who don’t know, this is a utility for prioritizing CVE vulnerabilities based on data from various sources.. Currently Microsoft, NVD, Vulners, AttackerKB.
Command Line Interface
I started working on the CLI for Vulristics. Of course, it is not normal to edit scripts every time to release a report.
VMconf 22 Vulnerability Management conference: Call For Papers started. Hello everyone! This episode will be about the VMconf 22 Vulnerability Management conference. CFP started on November 1, which will last a month and a half. So please submit your talk or share this video with someone who might be interested.
Let’s talk about the conference itself. All started with a post in my Telegram channel. I have looked at the listings of cybersecurity conferences and have not seen a global event dedicated entirely to Vulnerability Management.
Specialized conferences are mainly about SOC, DLP, AntiFraud, cryptography. Conferences with broad topics are aimed mainly at C-level executives or hardcore offensive specialists. Conferences are usually very regional. Of course, there are events organized by VM vendors, but their marketing goals are clear and there are usually no CFPs (Calls For Papers) at these events. In our COVID times, it has become much more difficult to attend offline events due to various restrictions.
So, it would be great to have our own independent international online Vulnerability Management event. From the community (in a very broad, global sense) and for the community. For interesting content and development of horizontal connections between people, not for marketing. And we will do it.
I’ve never talked so much about myself in public. It was like giving advises to yourself from the past. An interesting experience. It took about an hour and a half. And now I will try to mention the main points.
University
I talked about studying at the university. The fact that we go to university to gain knowledge and skills. But this is not the only reason. The university diploma makes it easier to find a job and participate in emigration programs if you ever want to. For example, this is a requirement for a for the European Blue Card. Networking at the university is also important.
My experience of studying at Bauman Moscow State Technical University was definitely positive. Although I believe that there could be more practical courses on Operating Systems, networking and programming. On the other hand, there could be much less mathematics. I have the best memories from the Theoretical Foundations of Information Security course and the course based on CISSP exam.
Microsoft Defender for Endpoint: The Latest Versions of Antivirus Engine & Signatures. In a previous episode on Microsoft Defender for Endpoint, I described how to get a list of antivirus engine and signatures versions for the hosts in your infrastructure using the Microsoft Graph API. But the problem remains. You know the versions that are currently installed on the hosts. But where can you get the latest versions that should be installed there?
I haven’t found any pretty solution for this. I parse public html pages on the Microsoft site I’ll show you how I do it. If you know something better, please write in the comments.
How to get Antivirus-related Data from Microsoft Defender for Endpoint using Intune and Graph API. Hello everyone! In this episode, I would like to tell you how I tried to get automatically antivirus-related data (current status, engine and signature version, last full scan date) from Microsoft Defender for Endpoint using Microsoft Intune and the Graph API.
Why is this necessary?
You might assume that if the Defender for Endpoint agent is installed on the host, everything should be fine automatically. But in fact, the antivirus engine and signature versions may be outdated, real-time protection may be disabled. And so all this needs to be monitored.
Grapf API
This will be the third episode about Microsoft Enterprise Security APIs. The first was about Defender and Defender API, the second was about Intune and the Intune API. And today I’m going to talk about the Grapf API, which should probably replace all the other APIs and should be more logical and easier. Although in my opinion it is even strangier and poorly documented. I didn’t like it.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.
