Information Security

Organizations nowadays use a plethora of solutions like IdM, Access Managers, SSO, Firewalls, Intrusion Detection Systems and Intrusion Prevention Systems. These solutions generate a flood of information in the form of alerts and log messages with disparate context and in no standardized format and it is this very information that needs to be analysed if one is to detect sophisticated modern day cyber threats. Ensuring conformance to compliance regulations brings an additional overhead into the picture. This is exactly the pain point that the SIEM class of solutions emerged to address. An SIEM aggregates and correlates all the security information being generated across these systems and thus provides capabilities to gain complete visibility into a network. But not all security incidents can be detected by rule based correlation. SIEM solutions are also limited in their ability to identify and initiate appropriate responses to remediate threats, and until the emergence of a

Metasploit Metasploit is an open source platform for doing vulnerability investigation and development. It handles building shell code and delivery code. The user selects the payload and then selects the exploit to use. How to use Metasploit Discovery: The Metasploit GUI is a powerful tool that visually displays all the exploits currently available. In order to launch an exploit a user must find out what products are running on a target system. Once the target has been detected, the user can locate an exploit. Attack: Once the target exploit has been found double clicking it will open an exploit window or right click and click ‘execute’. Once the exploit has started, the GUI for all of them will appear similar. You will select your target and launch the payload for the attack. Report: Metasploit has a reporting engine with many standard reports like PDF, CSV, and HTML. Once the attack is complete, you can review the reports generated by the engine. Limitation

There is a flaw on the new Surface Pro 3 (shipped with windows 10), once you re-image it to windows 8, it locks out the TPM and prevents bitlocker from coming on. Fix: 1)       Clear the TPM and unencrypt the drive first, then re-image.                                            or       2)   (Post-imaging) Run the below command using PowerShell (run as admin) one at a time.             $tpm=get-wmiobject -class Win32_Tpm -namespace root\cimv2\security\microsofttpm $tpm.DisableAutoProvisioning() $tpm.SetPhysicalPresenceRequest(22) After reboot, you can now enable Bitlocker.

In last few years, we saw an innumerable rise in ransomware threats ranging from  Cryptowall  to  Locky  ransomware discovered last week. Now, another genre of ransomware had been branched out from the family of  CTB-Locker Ransomware  with an update to infect "Websites", according to Lawrence Abrams of  BleepingComputer . The newly transformed ransomware dubbed " CTB-Locker for Websites " exclusively hijacks the websites by locking out its data, which would only be decrypted after making a payment of 0.4 BTC. This seems to be the very first time when any ransomware has actually defaced a website in an attempt to convince its administrator to comply with the ransom demand. However, the infected website admins can unlock any 2 files by the random generator for free as a proof of decryption key works. Here's How CTB-Locker for Websites Ransomware Works Lawrence explained that CTB-Locker ransomware replaces the index page ( the origina

A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer (SSLv2). Dubbed  DROWN , the highly critical security hole in OpenSSL was disclosed today as a low-cost attack that could decrypt your sensitive, secure HTTPS communications, including passwords and credit card details… ...and that too in a matter of hours or in some cases almost immediately, a team of 15 security researchers from various universities and the infosec community warned Tuesday. What is DROWN Attack? How it Abuses SSLv2 to attack TLS? DROWN  stands for "Decrypting RSA with Obsolete and Weakened eNcryption." DROWN is a cross-protocol attack that uses weaknesses in the SSLv2 implementation against transport layer security (TLS), and that can " decrypt passively collected TLS sessions from up-to-date clie