The arrival of WEB 2.0 brought dynamic content through the use of technologies such as Java, Flash and PHP.
Consequently it also widen the attack surface. Websites became prettier, more interactive, easier to update and also easier to attack!
The need for further functionality was, as it is often the case, at the cost of security.
The four diagrams below illustrates the differences between a WEB 1.0 and a WEB 2.0 architecture as well as highlighting the increased attack surface.
In a typical WEB 1.0 architecture, besides the physical, human and network security considerations, protecting the data is dependant of the Operating System and the application security layers. Typically, the application security layer is restricted to the Web Server (i.e.: Apache) if no other services/applications are exposed to the Internet.
Diagram 1 - WEB 1.0 Typical Ar... >>[READ MORE]
Website update
#109 - Posted on
12 August 2015 - Author: SM - Category: Misc
We have completed our latest website refresh and you may have to reload the various pages to see the new version.
This update brings more information about the different services we offer and how we position ourselves. It also provides better infographics which should make navigating through the site easier to the eye.
We are planning another minor update to our blog section in the coming weeks which will improve your RSS experience.
...
>>[READ MORE]
SELKS 2.0 vs. Security Onion
#108 - Posted on
04 August 2015 - Author: SM - Category: IDS, Security
I have recently been testing SELKS v2.0 which is an open source Network Security Monitor (NSM) based on an
ELK framework: Elasticsearch (search and analytics engine) Logstash (log normalisation) Kibana (visualisation).
The NSM core engine is provided by the first "S" which stands for Suricata (Network IDS) and the last "S" which stands for Scirius (Management GUI for Suricata).
SELKS is provided as a live Linux distribution based on Debian 8 (Jessie) which is also installable.
SELKS V2.0 is a great improvement from SELKS V1.0, so much so that I now consider it a serious contender to Security Onion (SO) at...
>>[READ MORE]
BlackHat Mobile Security Summit - London 2015
#107 - Posted on
28 June 2015 - Author: SM - Category: Conferences, Security
In June 2015 I attended the Blackhat Mobile Security Summit in London, a 2 days event filled with talks from various researchers and security professionals, there was a 3rd day in the form of a workshop for anyone attending the Interop London hosting event
Blackhat is historically a USA based event with its main conference taking place in Las Vegas every year, lately they started to host similar (but smaller) conferences around the world such as in Singapore and Amsterdam (which I blogged about last year here).
This London edition was definitely on the "smaller" side and this actually had a few advantages:
You could attend all the sessions as none were run in parallel
It was easier to mingle among fellow participants and speakers
There was less "walking"! :)
The quali...
>>[READ MORE]
Hackfu2015 Challenge 7 - Solution
#106 - Posted on
12 May 2015 - Author: SM - Category: Challenges, Security
This is part of my write up from the Hackfu 2015 Security Challenge.
The third and last challenge I solved was surprisingly very easy, but there might have been more to it...
The instructions given were:
An ELF Binary file: shipbinary
"Your mission is to analyse the executable binary and find a way to get it to run to its completion so that it ends up spitting out the access code for the ship's central server."
Below is how I solved that challenge:
We first run the following command to see all the printable/ASCII strings from the binary.
> strings shipbinary
Below is an extract of the most interesting result from the above command.
Enter Decryption Code:
burnthelandandboilthesea
Code Accepted.
Establishing Connection to Planet Abaddon...
out.txt
123.123.123.1 -c 1 | tail -1| awk '{print $4}' | cut -d '/' -f 2
...
>>[READ MORE]