Archive
NTLMv2 – no problems
I really like when someone takes the time to show how fragile our networks really are.
Use a sniffer to collect your favourite ntlmv2 challenge and plug it into your monster hashcat box. Plug it in and turn it up on high until it warms the room and soon…
Out comes your one of your corporate colleagues password! (Serve warm) 🤟
https://research.801labs.org/cracking-an-ntlmv2-hash/amp/?__twitter_impression=true
Cert pinning bypass on okHttp
One of the security controls that mobile makes strong use of is certificate pinning.
There is a library that is commonly used by a lot of application development teams called okHttp.
Mix these two together and you have a pretty good recipe for success but what if your application isn’t built to prevent an advisary from tampering with it?
Learn how to bypass this library and defeat certificate pinning in this article.
https://captmeelo.com/pentest/2020/02/24/bypass-okhttp-cert-pinning.html
Hackers Were Inside Citrix for Five Months — Krebs on Security
https://krebsonsecurity.com/2020/02/hackers-were-inside-citrix-for-five-months/
To understand why guessing a password for one of your users is so easy is to understand that your organization is only as strong as its weakest link.
Even an organization that provides security solutions like Citrix can be a victim.
Learning how to educate our users on password hygiene, investing in multi factor methods of authentication and making an investment into FIDO (https://fidoalliance.org) may be the only way we will see a return on investment in cybersecurity.
Docker Registries Expose Hundreds of Orgs to Malware, Data Theft | Threatpost
If you were wondering how an attacker can gain access to your organization when you were so careful to validate your software and your laptops and your employees, what out for how they run your software.
Docker base images have long been the target of the more sophisticated attacker now. Let’s face it, creating and setting up tomcat to run your platform isn’t really something that any development team can do so why not use a prebuilt image? It can be so easy to setup a repository and start with a known good base image but watch out for the wolf in sheep’s clothing.
https://threatpost.com/docker-registries-malware-data-theft/152734/
Certificate Expiry – Doh
Don’t you just hate when that happens – you have a nice, professional website that is generating revenue for your company and someone forgets to renew the TLS certificate!
Packt Publishing sure does today when it seems clear that almost all of its visitors will not be able to connect to their website.
It happens to many of us and it is due to poor certificate management. Microsoft Teams announced that they had surpassed Slack as the number one platform for messaging and collaboration but recently experienced an outage due to an expired certificate. Imagine how that affected their reputation and think of the brand impact that could have resulted in incalculable loss!
Whether you have 1 SSL/TLS Certificate protecting your website or you have setup an extensive server farm both inside and outside your organization, managing certificate renewal can bite you in the A$$.
Think strongly about a certificate management program that can alert you to thinks like certificate expiry for items like websites, Internet of Things and even network devices. With the push to ensure that we adopt https everywhere, you will need to manage certificates for almost every endpoint we use for mail, for file and print services and of course for all of the applications that use web based browsers. Even some of the desktop application are just shells that use a custom shell to deliver http based content so you may also have outage associated with certificates for some of the popular applications like Slack and Teams on your desktop.
Prevent outage by discovering and being aware of all of your certificates before someone else tells you!
Security Analyst - Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH 