December 2011
62 posts
New Tools Bypass Wireless Router Security | Krebs... →
Security researchers have released new tools that can bypass the encryption used to protect many types of wireless routers. Ironically, the tools take advantage of design flaws in a technology pushed by the wireless industry that was intended to make the security features of modern routers easier to use.
“If you think technology can solve your security problems, then you don’t...”
– Bruce Schneier
3 tags
Sometimes the developers are the weakest link
Like the title says, sometimes the careless developers are the weakest link and the reason an organization’s network gets compromised.
In this particular assessment the team spent close to a month trying to find a way in via the organization’s main website, email server, database servers, routers and firewalls. We were hitting well configured and security hardened systems and we were...
1 tag
Another physical pentest, another kit
As I was preparing the kit for another physical pentest, it dawned on me that my kit is getting smaller, better and I don’t have to change it so often anymore. This one below seems to be the best default so far.
Packed on a GORUCK Echo I have:
A GORUCK Radio Ruck Field pocket containing most of my kit
A small pouch with my mini-trauma kit
A CountyComm SO LED attached to the MOLLE...
Help me raise awareness and support for the Green... →
I’m trying to raise money and donate it to the Green Beret Foundation. The Green Beret Foundation provides unconventional resources to facilitate the special needs of Special Forces operators wounded, ill and injured and imparts unique support to the Special Forces community.
Often, those that go and give it all come back injured. That’s my story too. An IED exploded on the road we...
“Within a few months of its availability, new technology helps the bad guys at...”
“A Priest, a Minister, and a Rabbi Maxim: People lacking imagination, skepticism,...”
The Original 12 →
rerererereset asked: Are there any particular books you'd recommend someone read who was interested in your field?
Another physical pentest
A few months ago I had to perform a physical penetration test in which I was tasked with trying to infiltrate the building of my customer, find the CEO or any other high-ranking executive’s laptop and make a copy of the hard drive.
I performed my recon for 2 weeks. The building had cameras everywhere so I had to be careful where I was walking, I wasn’t sure whether the security...
1 tag
Chasing the ghost in the machine
On one project I was brought in to try to find out how internal, proprietary and confidential information was being leaked out of the company. This was a case of corporate espionage.
The security people inside the company were completely clueless. They monitored the network and firewall to try to find where the leak was coming from. They tried for several months and by the time I was brought in...
“Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a...”
– Bruce Schneier
livin' the dream: A Step-by-Step Guide to Transfer... →
An easy guide to get your hostnames out of GoDaddy. The reason? Well, beside being crappy and having the worst customer support and services they support SOPA.
2 tags
“These men could have been bad guys, intent on doing harm. Thankfully, however,...”
– Anatomy of a Red Team Attack
“The more a given technology causes hassles or annoys security personnel, the...”
OPSEC process
Identification of the critical information to be protected
Threats analysis
Vulnerabilities analysis
Risks assessment
Application of the countermeasures
Attacking the Kill Chain →
No person acts truly random, and no person has truly infinite resources at their disposal. Thus, it behooves us in CND (Computer Network Defense) to record, track, and group information on our sophisticated adversaries to develop profiles. With these profiles, we can draw inferences, and with those inferences, we can be more adaptive and effectively defend our data. After all, that’s what...
1 tag
The Importance of Red Teams
Red Teams are more important than ever today. Cases like the recent RSA attack show that companies should be hiring professionals to perform all kinds of pentests, including simulations of cases like social engineering, spear phishing email attacks, download and spread of malicious code via trusted files.
The press and some of the security journalists are talking about the new threat: APT. APT...
Inside NSA Red Team Secret Ops With Government's... →
Reposted because several readers asked questions that this article from 2008 answers.
What are red teams, you ask? They’re sort of like the special forces units of the security industry—highly skilled teams that clients pay to break into the clients’ own networks. These guys find the security flaws so they can be patched before someone with more nefarious plans sneaks in. The NSA has made...
“Show Me Maxim: No serious security vulnerability, including blatantly obvious...”
“Security must begin at the top of an organization. It is a leadership issue, and...”
“There are effective, simple, & low-cost counter-measures (at least partial...”
“You should only use security hardware, software, and strategies you understand.”
“The bad guys don’t obey our security policies”
“People often represent the weakest link in the security chain and are...”
– Bruce Schneier - Secrets and Lies
“Insider Risk Maxim: Most organizations will ignore or seriously underestimate...”
Keep your pockets closed
This is not a post about security. This is a post about the simple things based on experience that are passed along and that stay with you, making your life easier, especially when you are under stress or undergoing extreme physical exertion.
When I was in basic training SSGT M., our drill sergeant, made sure we would always button or zip our BDU pockets or rucksacks close. He was very serious...
“Most of the time when security appears to be working, it’s because no adversary...”
“Most organizations will become so focused on prevention (which is very difficult...”
“Proper Planning and Preparation Prevents Piss Poor Performance”
“People and organizations can’t keep secrets.”
“The methods that will most effectively minimize the ability of intruders to...”
– Kevin Mitnick
Professionals hack people...
The title of this post is part of one of Bruce Schneier’s quotes:
Amateurs hack systems, professionals hack people.
Sometimes it is easier and more effective to use social engineering (on any form: phone call, especially crafted email, etc) to get that first step in. People are usually willing to help and unless they are trained they are easily manipulated. You can call them and...
“On a day-to-day basis, security is mostly about paying attention.”
“Most people will assume everything is secure until provided strong evidence to...”
“Security is nigh near impossible. It’s extremely difficult to stop a determined...”
“As a general rule of thumb, about two-thirds of security “standards” or...”
– See I am certified, you are secure
“Bad guys attack, and good guys react” is not a viable security strategy.”
“An adversary is most vulnerable to detection and disruption just prior to an...”
– So true…
“Security Theater” will usually be confused with Real Security; even when it is...”
“The farther up the chain of command a (non-security) manager can be found, the...”
“Low-tech attacks work (even against high-tech devices and systems).”
“The more sophisticated the technology the more vulnerable it is to primitive...”
Terrorist Threats to Commercial Aviation: A... →
Given the breadth and complexity of threats to commercial aviation, those who criticize the TSA and other aviation security regulatory agencies for reactive policies and overly narrow focus appear to have substantial grounding. Three particularly serious charges can be levied against the TSA: it overemphasizes defending against specific attack vectors (such as hijackings or passenger-borne...
Internal assessments
Red team assessments and digital penetration tests not always involve trying to penetrate an organization’s network or premises from the outside; sometimes you are tasked with checking what an insider or an adversary that physically got in can see from within your networks.
I’ve talked about this a bit in the hole in the wall and chasing the ghost in the machine but I just want to...