Tag Archives: Atlassian Confluence

CyberThursday: Asset Inventory, IT-transformation in Cisco, Pentest vs. RedTeam

Two weeks ago I was speaking at a very interesting information security event – CyberThursday. This is a meeting of a closed Information Security practitioners group. The group is about 70 people, mainly from the financial organizations, telecoms and security vendors.

CyberThursday 2018 Asset Inventory

These meetings have a rather unique atmosphere. Almost everyone knows each other. The event has no permanent place. It constantly moves between the offices of large Russian companies. The hoster, usually a CISO, can bring his IT and InfoSec colleagues. For others, only “bring a friend” format is available. This helps keep the event focussed and very informal. Participants propose and approve the topics by voting in the chat group. There is no place for marketing, all topics are practical and relevant.

Continue reading

Asset Inventory for Network Perimeter: from Declarations to Active Scanning

In the previous post, I shared some of my thoughts about the good Asset Inventory system. Of course, for me as a Security Specialist, it would be great if IT will provide such magical system. 🙂 But such an ideal situation is rarely possible. So now let’s see how to build an Asset Inventory system using the resources of Information Security team.

There are no special secrets. It’s necessary to get information about the assets from all available IT systems and then get the rest of the data using our own Assessment tools. I would like to start with hosts on Network Perimeter. The Network Perimeter targets are available at any time for hacker attacks, that’s why this part of the network is the most critical.

Asset Inventory for Network Perimeter

Network Perimeter is like the Wall in the Game of Thrones. The same white walkers are hiding behind the wall and our task is to find the breaches in the wall faster than potential intruders. “Night gathers, and now my watch begins”. (c)

Perimeter is changing constantly. And we should understand at any time what hosts are currently exposed in every office and every external hosting platform.

We can get information about external hosts using some Vulnerability Scanner located on external host in the Internet. I have already wrote about it briefly in  Vulnerability Management for Network Perimeter. Here I would like focus on how we can understand which hosts should be scanned and what useful information we can get from the raw scan results.

Continue reading

Sending tables from Atlassian Confluence to Splunk

Sometimes when we make automated analysis with Splunk, it might be necessary to use information that was entered or edited manually. For example, the classification of network hosts: do they belong to the PCI-DSS Scope or another group critical hosts or not.

Sending tables from Atlassian Confluence to Splunk

In this case, Confluence can be quite a convenient tool for maintaining such a registry. Page with a table can be created very quickly and multiple employees can immediately start working with it.

Let’s see how to convert such table, export it to Splunk and use it with other data.

Continue reading

Confluence REST API for reading and updating wiki pages

In previous posts I wrote how to automate the work with Atlassian Jira, including automated ticket labeling. Now let’s try to use REST API of another popular Atlassian product – Confluence wiki engine.

Confluence REST API

What you may want to automate in Confluence? Obviously, it may be useful to read the pages that your colleagues regularly update and then use this data in some scripts as an input. You may also want to update your own Confluence pages, for example to post Vulnerability Scanning results. 😉

Continue reading

Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome

What is the main idea of version-based vulnerability detection, especially for Web Applications? With an access to the HTTP response (html, headers, scripts, etc.), you can get the name and version of some standards web application (e.g. CMS, CRM, wiki, task tracker) or names and versions of software components that this web application uses: web server, libraries, frameworks, and so on.

Vulners plugins for Burp Suite Professional and Google Chrome

Next step is to get all known vulnerabilities and exploits  for this software. This is the typical task for Vulners.com – largest database and security content searching system (see “Vulners – Google for hacker“).

So, guys from Vulners Team made a set of useful regular expressions for detecting software names and versions – https://vulners.com/api/v3/burp/rules.  You can use this rules in your own scripts and if you want something that will work out of the box, you can try existing plugins for Burp Suite and Google Chrome.

In this post I would like to show how the detection rules work, present new Vulners Burp API and vulnerability detection plugins for Burp Suite and Google Chrome.

Continue reading