Tag Archives: python

VMconf 22: Blindspots in the Knowledge Bases of Vulnerability Scanners

1 Reply

Hello everyone! This video was recorded for the VMconf22 Vulnerability Management conference. I want to talk about the blind spots in the knowledge bases of Vulnerability Scanners and Vulnerability Management products.

This report was presented in Russian at Tenable Security Day 2022. The video is here.

Potential customers rarely worry about the completeness of the Knowledge Base when choosing a Vulnerability Scanner. They usually trust the VM vendors’ claims of the “largest vulnerability base” and the total number of detection plugins. But in fact the completeness is very important. All high-level vulnerability prioritization features are meaningless unless the vulnerability has been reliably detected. In this presentation, I will show the examples of blindspots in the knowledge bases of vulnerability management products, try to describe the causes and what we (as customers and the community) can do about it.

Continue reading

Career Navigator talk for IT Hub College

Leave a reply

Last week I gave a “Career Navigator” talk for the students of the IT Hub College in Moscow. By the way, this college has a very interesting practical information security program. If it is relevant for you, check it out.

I’ve never talked so much about myself in public. It was like giving advises to yourself from the past. An interesting experience. It took about an hour and a half. And now I will try to mention the main points.

University

I talked about studying at the university. The fact that we go to university to gain knowledge and skills. But this is not the only reason. The university diploma makes it easier to find a job and participate in emigration programs if you ever want to. For example, this is a requirement for a for the European Blue Card. Networking at the university is also important.

My experience of studying at Bauman Moscow State Technical University was definitely positive. Although I believe that there could be more practical courses on Operating Systems, networking and programming. On the other hand, there could be much less mathematics. I have the best memories from the Theoretical Foundations of Information Security course and the course based on CISSP exam.

Continue reading

Microsoft Defender for Endpoint: The Latest Versions of Antivirus Engine & Signatures

Leave a reply

In a previous episode on Microsoft Defender for Endpoint, I described how to get a list of antivirus engine and signatures versions for the hosts in your infrastructure using the Microsoft Graph API. But the problem remains. You know the versions that are currently installed on the hosts. But where can you get the latest versions that should be installed there?

I haven’t found any pretty solution for this. I parse public html pages on the Microsoft site I’ll show you how I do it. If you know something better, please write in the comments.

Continue reading

Getting Hosts from Microsoft Intune MDM using Python

5 Replies

Today I want to talk about Microsoft Intune. It is a Mobile Device Management platform.

Well, I think that the importance of MDM systems has become much higher than it was before the days of covid-19. Simply because a lot more people now work remotely using corporate laptops. And if these people don’t connect to the corporate network using a VPN, you most likely won’t see any activity from their devices in Active Directory. This means that you will not understand whether the device is active or not. And it will be impossible to get the correct security metrics for these devices.

Mobile device management is a solution to this problem as it maintains a connection between the laptop and the cloud server. MDM can collect various parameters from hosts, but for me the most important parameter is the timestamp. I will not describe all the features of Microsoft Intune here. Simply because at this stage they are not very interesting to me. The task I needed to solve was how to get the timestamp of the last activity for all hosts in Microsoft Intune using the official API. And since this is poorly documented, I want to share it with you.

Continue reading

Vulners Linux Audit API for Host Vulnerability Detection: Manual Auditing, Python Scripting and Licensing

3 Replies

Hello everyone! This episode will be about Vulners Linux Audit API, which allows you to detect vulnerabilities on a Linux host knowing only the OS version and installed packages. I had a similar post about this 4 years ago, but some details have changed, so I came back to this topic.

Continue reading

Add new features to Notepad++ using Python scripts: keyboard shortcut to insert current time

Leave a reply

I have to say, I spend a lot of time daily in Notepad++ text editor for Windows. I keep my “logbook” there. I record what I am doing now and what needs to be done. This allows me not to keep everything in my head and switch the context more efficiently. I can recommend this to everyone. And it is especially useful to note when you started working on a task and when you finished. This gives an understanding of what actually takes your time. I’m not a fan of very strict and formal techniques such as pomodoro, but using some form of time management is good.

Add new features to Notepad++ using Python scripts: keyboard shortcut to insert current time

Recording timestamps manually is inconvenient. It would be much easier to press a key combination and automatically insert the current timestamp into the document. It turned out that this is possible, and even more – you can get the results of any Python script this way!

Continue reading

Parsing Nessus v2 XML reports with python

13 Replies

Upd. This is an updated post from 2017. The original script worked pretty well for me until the most recent moment when I needed to get compliance data from Nessus scan reports, and it failed. So I researched how this information is stored in a file, changed my script a bit, and now I want to share it with you.

Previous post about Nessus v2 reports I was writing mainly about the format itself. Now let’s see how you can parse them with Python.

Please don’t work with XML documents the same way you process text files. I adore bash scripting and awk, but that’s an awful idea to use it for XML parsing. In Python you can do it much easier and the script will work much faster. I will use lxml library for this.

So, let’s assume that we have Nessus xml report. We could get it using Nessus API (upd. API is not officially supported in Nessus Professional since version 7) or SecurityCenter API. First of all, we need to read content of the file.

Continue reading