Secuobs.com : 2013-04-16 14:21:11 - CNIS mag - 17 ans à peine et un procès du siècle pour un gamin Australien coupable d avoir été séduit par la dialectique simpliste et vengeresse des Anonymous 17 ans à peine et 25 ans maximum de peine d emprisonnement encourue nous apprend le Reg Ce Rebel without a cause des temps modernes n a pourtant que très
↧
Anon, des heurts et des lampistes
↧
IAM et BYOID petits cauchemars entre admins
Secuobs.com : 2013-04-16 14:21:11 - CNIS mag - Parmi les multiples aspects du marché de l IAM mis en relief par l étude Computer Associates voir article Etude CA IAM, 30 ans de tergiversations , il en est un qui risque de faire passer quelques nuits blanches aux administrateurs et RSSI le BYOID, ou Bring your own ID , venez avec
↧
↧
Etude CA IAM, 30 ans de tergiversations
Secuobs.com : 2013-04-16 14:21:11 - CNIS mag - Début mars, Computer Associates rendait public une enquête réalisée par Quocirca, enquête intitulée Digital Identities and the open business document gratuit mais inscription nécessaire , une analyse du marché de l IAM, ou Identity Access Management Pourquoi maintenant, alors que des années durant, la bataille des annuaires et des SSO a fait rage sans franchement
↧
How Hackers Fool Your Employees
Secuobs.com : 2013-04-16 14:25:49 - LinuxSecurity.com Latest News - LinuxSecuritycom Attackers are taking aim at the weakest point in your network human beings Do you know how to protect your data
↧
Hacker celeb 'Mudge' joins Google after DARPA
Secuobs.com : 2013-04-16 14:25:49 - LinuxSecurity.com Latest News - LinuxSecuritycom Peiter Mudge Zatko, who was hired three years ago to be a project manager at the US Department of Defense's research and development division known as the Defense Advanced Research Projects Agency, has announced via Twitter that he's returning to the private sector with Google
↧
↧
Tech Thoughts Daily Net News April 16, 2013
Secuobs.com : 2013-04-16 14:36:44 - Bill Mullins' Weblog Tech Thoughts - Boston Marathon explosions online resource guide Organizations are setting up sites useful for tracking down friends and family, donating blood, or finding out the latest news after the Boston Marathon tragedy Free cloud storage for life CNET has Continue reading
↧
The Risks Associated with Third-Party Software Components
Secuobs.com : 2013-04-16 15:03:04 - Acunetix Web Application Security Blog - I was recently contacted by a colleague in an information security leadership position who was concerned about his developers using some third-party plug-ins for an enterprise application they were rolling out His developers wanted to install these third-party components in The post The Risks Associated with Third-Party Software Components appeared first on Acunetix
↧
Scada en France une sécurité de temps de crise
Secuobs.com : 2013-04-16 15:05:12 - CNIS mag - Thomas Houdy, du Cert Lexsi, publie un billet très synthétique sur la sécurité industrielle et ses méthodes Article raisonné et raisonnable traitant de deux réalités la vulnérabilité endémique des systèmes de contrôle de processus particulièrement depuis leur windowisation intensive et l augmentation des fameuses APT, opération d espionnage industriel systématique visant toute infrastructure possédant
↧
Using Posh-SecMod PowerShell Module to Automate Nessus Part 2
Secuobs.com : 2013-04-16 15:05:39 - Blog - Working with Policies --------------------- Policies in Nessus is where we define what a scan is going to do from What plugins to run What types of plugin should run and which should not Concurrency Port Scanning Settings Credentials and many many many more This is why when I started looking at using PowerShell for automation I came to the conclusion that creating polices and editing them is much better in a GUI than in a shell But still I included some basic functions for working with policies Lets start by listing what policies are in the server PS Show-NessusPolicy -Index 0 PolicyID PolicyName PolicyOwner Visibility -------- ---------- ----------- ---------- -4 Internal Network Scan Tenable Policy Distributio shared -3 Web App Tests Tenable Policy Distributio shared -2 Prepare for PCI-DSS audits Tenable Policy Distributio shared -1 External Network Scan Tenable Policy Distributio shared 8 Exploit Available Only carlos private 7 Moderate Scan carlos private 6 All Plugins with Full Scan carlos private We can make copies of existing Policies PS Copy-NessusPolicy -Index 0 -PolicyID 8 PolicyID PolicyName PolicyOwner Visibility -------- ---------- ----------- ---------- 9 Copy of Exploit Available carlos private We can also remove exiting policies PS Remove-NessusPolicy -Index 0 -PolicyID 9 True You can also download the XML for a policy as a XML Net Object, you can download the XML in to file quite easily using the methods offered by Net PS C Show-NessusPolicy -Index 0 -PolicyID 1 PolicyID PolicyName PolicyOwner Visibil -------- ---------- ----------- ------- 1 Mobile Devices Audit carlos private PS C MobilePolicy Get-NessusPolicyXML -Index 0 -PolicyID 1 PS C MobilePolicySave env HOMEPATH Desktop mobilepolicyxml You can also manipulate the object and query quite easyly in powershe the Policy XML to get more detailed information about a given policy PS C MobilePolicy Get-NessusPolicyXML -Index 0 -PolicyID 1 PS C MobilePolicyNessusClientData_v2policypolicyContentsFamilySelectionFamilyItem FamilyName Status ---------- ------ MacOS X Local Security Checks disabled DNS disabled Gain a shell remotely disabled Solaris Local Security Checks disabled Port scanners disabled Web Servers disabled SMTP problems disabled Service detection disabled CGI abuses XSS disabled Mandriva Local Security Checks disabled Databases disabled Debian Local Security Checks disabled Denial of Service disabled Default Unix Accounts disabled Settings disabled HP-UX Local Security Checks disabled Backdoors disabled VMware ESX Local Security Checks disabled SCADA disabled General disabled Red Hat Local Security Checks disabled FreeBSD Local Security Checks disabled CGI abuses disabled Windows User management disabled Netware disabled Peer-To-Peer File Sharing disabled Slackware Local Security Checks disabled SNMP disabled Fedora Local Security Checks disabled Gentoo Local Security Checks disabled Ubuntu Local Security Checks disabled Misc disabled FTP disabled Firewalls disabled Windows Microsoft Bulletins disabled Junos Local Security Checks disabled Mobile Devices enabled Windows disabled Policy Compliance disabled SuSE Local Security Checks disabled RPC disabled CentOS Local Security Checks disabled CISCO disabled Scientific Linux Local Security Checks disabled AIX Local Security Checks disabled I do promise in the future a bit more manipulation of policies, command line in this case will not be as flexible as the GUI but it should help for some simple tasks I m looking at the simpler JSON API added in the HTML5 interface for this, it will limit the functions to only version 5x but then again we are all using the latest version, right Winking smile Working with Scan Templates --------------------------- Scan templates are the most used method for storing specific configuration for scan that already have a policy configured and a set of targets selected The scan Templates can also be scheduled to run at specific intervals I have written some functions for creating and launching scan templates Before creating a Scan Template we first need to know the IDs of the existing policies since that ID is used in the creation since we may have several policies with the same name but with different settings In this next example I want to create a template for scanning my home development network where I host all my virtual machines PS Show-NessusPolicy -Index 0 PolicyID PolicyName PolicyOwner Visibility -------- ---------- ----------- ---------- -4 Internal Network Scan Tenable Policy Distributio shared -3 Web App Tests Tenable Policy Distributio shared -2 Prepare for PCI-DSS audits Tenable Policy Distributio shared -1 External Network Scan Tenable Policy Distributio shared 8 Exploit Available Only carlos private 7 Moderate Scan carlos private 6 All Plugins with Full Scan carlos private PS New-NessusScanTemplate 0 -TemplateName Dev Lab Full Scan -PolicyID 6 -Targets 192168101-192168102 TemplateID template-b9d6c48e-516a-fe81-4294-458df6acfd45a74d7adc86d4815b PolicyID 6 PolicyName Name Dev Lab Full Scan Owner carlos Targets 192168101-19216810254 As you can see the creation of the template is quite simple The targets can be either individual hosts and or ranges separated by commas with no spaces between them or a PowerShell collection that can be passes also Lets take a look at the scan templates we have on the server PS Show-NessusScanTemplate -Index 0 TemplateID template-b9d6c48e-516a-fe81-4294-458df6acfd45a74d7adc86d4815b PolicyID 6 PolicyName All Plugins with Full Scan Name Dev Lab Full Scan Owner carlos Targets 192168101-19216810254 Each scan template has a unique Template ID we use this ID when we work with the template Lets update the existing template targets, I want to have it cover the same range bust skip some hosts I do not want scanned, I can do this using other functions provided by Posh-SecMod for working with IPs PS excludelist 1921681020,1921681080,19216810200,19216810201 PS ips New-IPRange -CIDR 192168100 24 PS targets ips IPAddressToString -notin excludelist pourcents IPAddressToString PS Update-NessusScanTemplate -Index 0 -TemplateID template-b9d6c48e-516a-fe81-4294-458df6acfd45a74d7adc86d4815b -Targets targets TemplateID template-b9d6c48e-516a-fe81-4294-458df6acfd45a74d7adc86d4815b PolicyID 6 PolicyName Name Dev Lab Full Scan Owner carlos Targets 192168101 192168102 192168103 192168104 192168105 192168106 192168107 192168108 192168109 1921681010 1921681011 1921681012 1921681013 1921681014 1921681015 1921681016 1921681017 1921681018 1921681019 1921681020 1921681021 1921681022 1921681023 1921681024 1921681025 1921681026 1921681027 1921681028 1921681029 1921681030 1921681031 1921681032 1921681033 1921681034 1921681035 1921681036 1921681037 1921681038 1921681039 1921681040 1921681041 1921681042 1921681043 1921681044 1921681045 1921681046 1921681047 1921681048 1921681049 1921681050 1921681051 1921681052 1921681053 1921681054 1921681055 1921681056 1921681057 1921681058 1921681059 1921681060 1921681061 1921681062 1921681063 1921681064 1921681065 1921681066 1921681067 1921681068 1921681069 1921681070 1921681071 1921681072 1921681073 1921681074 1921681075 1921681076 1921681077 1921681078 1921681079 1921681080 1921681081 1921681082 1921681083 1921681084 1921681085 1921681086 1921681087 1921681088 1921681089 1921681090 1921681091 1921681092 1921681093 1921681094 1921681095 1921681096 1921681097 1921681098 1921681099 19216810100 19216810101 19216810102 19216810103 19216810104 19216810105 19216810106 19216810107 19216810108 19216810109 19216810110 19216810111 19216810112 19216810113 19216810114 19216810115 19216810116 19216810117 19216810118 19216810119 19216810120 19216810121 19216810122 19216810123 19216810124 19216810125 19216810126 19216810127 19216810128 19216810129 19216810130 19216810131 19216810132 19216810133 19216810134 19216810135 19216810136 19216810137 19216810138 19216810139 19216810140 19216810141 19216810142 19216810143 19216810144 19216810145 19216810146 19216810147 19216810148 19216810149 19216810150 19216810151 19216810152 19216810153 19216810154 19216810155 19216810156 19216810157 19216810158 19216810159 19216810160 19216810161 19216810162 19216810163 19216810164 19216810165 19216810166 19216810167 19216810168 19216810169 19216810170 19216810171 19216810172 19216810173 19216810174 19216810175 19216810176 19216810177 19216810178 19216810179 19216810180 19216810181 19216810182 19216810183 19216810184 19216810185 19216810186 19216810187 19216810188 19216810189 19216810190 19216810191 19216810192 19216810193 19216810194 19216810195 19216810196 19216810197 19216810198 19216810199 19216810200 19216810201 19216810202 19216810203 19216810204 19216810205 19216810206 19216810207 19216810208 19216810209 19216810210 19216810211 19216810212 19216810213 19216810214 19216810215 19216810216 19216810217 19216810218 19216810219 19216810220 19216810221 19216810222 19216810223 19216810224 19216810225 19216810226 19216810227 19216810228 19216810229 19216810230 19216810231 19216810232 19216810233 19216810234 19216810235 19216810236 19216810237 19216810238 19216810239 19216810240 19216810241 19216810242 19216810243 19216810244 19216810245 19216810246 19216810247 19216810248 19216810249 19216810250 19216810251 19216810252 19216810253 19216810254 Launching and Managing Scans ---------------------------- There are 2 ways to launch scans Launch a Scan using an existing policy Launch a Scan using a Scan Template Lets first launch a scan using a policy and giving it a list of targets PS Invoke-NessusScan -Index 0 -PolicyID 7 -Name Lab Scan 1 -Targets 192168101-19216810100 ScanID 0c0a28e2-824a-3606-4bd2-965d0da1c62272dde8c29f1faa6d ScanName Lab Scan 1 Owner carlos Status running Date 4 14 2013 2 21 02 AM Now lets look at invoking the scan using a pre-configured template PS Invoke-NessusScanTemplate -Index 0 -TemplateID template-b9d6c48e-516a-fe81-4294-458df6acfd45a74d7adc86d4815b ScanID a3fb5b8c-60db-1dda-fac7-ee46c0d0a638ea8ce79ab209483c ScanName Dev Lab Full Scan Owner carlos Status running Date 4 14 2013 2 21 50 AM As it can be seen for repeated scans the template is the way to go since it is already named, a policy is already set and a target list is already present For quick scans of single devices or hosts the launching of scans using policies is better We can take a look at the scans with the Show-NessusScans function PS Show-NessusScans 0 ScanID a3fb5b8c-60db-1dda-fac7-ee46c0d0a638ea8ce79ab209483c ScanName Dev Lab Full Scan Owner carlos Status running Date 4 14 2013 2 21 50 AM ScanID 0c0a28e2-824a-3606-4bd2-965d0da1c62272dde8c29f1faa6d ScanName Lab Scan 1 Owner carlos Status running Date 4 14 2013 2 21 02 AM As you will be able to see each scan has a unique ScanID, this is what we will use as the way to identify scans so we can manipulate them Lets look at suspending a scan with Suspend-NessusScan PS Suspend-NessusScan -Index 0 -ScanID 0c0a28e2-824a-3606-4bd2-965d0da1c62272dde8c29f1faa6d ScanID 0c0a28e2-824a-3606-4bd2-965d0da1c62272dde8c29f1faa6d ScanName Lab Scan 1 Owner carlos Status pausing Date 4 14 2013 2 21 02 AM We can resume the scan with Resume-NessusScan PS Resume-NessusScan -Index 0 -ScanID 0c0a28e2-824a-3606-4bd2-965d0da1c62272dde8c29f1faa6d ScanID 0c0a28e2-824a-3606-4bd2-965d0da1c62272dde8c29f1faa6d ScanName Lab Scan 1 Owner carlos Status resuming Date 4 14 2013 2 21 02 AM We can also stop the scan Stop-NessusScan PS Stop-NessusScan -Index 0 -ScanID 0c0a28e2-824a-3606-4bd2-965d0da1c62272dde8c29f1faa6d ScanID 0c0a28e2-824a-3606-4bd2-965d0da1c62272dde8c29f1faa6d ScanName Lab Scan 1 Owner carlos Status stopping Date 4 14 2013 2 21 02 AM One thing to keep in mind even if you stop the scan that what it has found to that point will still be saved as report
↧
↧
Et le BAFTA revient à un datacentre britannique
Secuobs.com : 2013-04-16 15:08:09 - Global Security Mag Online - Pour les experts réunis à Nice pour la conférence Datacentres 2013, la forte croissance des contenus numériques amènera les datacentres à jouer le premier rôle auprès des professionnels du cinéma et de la télévision La croissance exponentielle des contenus numériques produits pour la télévision et le cinéma fait que la question de l'archivage et du stockage devient un réel problème pour l'industrie des médias Le nombre d'heures filmées est si élevé que la problématique de l'archivage et du stockage se - Marchés
↧
Belgium Update on Personal Data Security Breaches
Secuobs.com : 2013-04-16 15:25:22 - Office of Inadequate Security - Patrick Van Eecke writes Following several recent widely publicized data breaches in Belgium, the Privacy Commission issued
↧
New Products 4 13 2013 video
Secuobs.com : 2013-04-16 15:48:35 - adafruit industries blog - New Products 4 13 2013 video Alkaline 9V Battery 0 02 Micro HDMI to HDMI Cable 2 meter 0 47 Modela Ninja Pibow Enclosure for Raspberry Pi Model A Computer 1 55 PiBow VESA Mounting Layer Plate 3 30 mbed Application Board 4 13
↧
Ask an Engineer 4 13 2013 video
Secuobs.com : 2013-04-16 15:48:35 - adafruit industries blog - Ask an Engineer 4 13 2013 video Every Saturday night at 10pm ET join us for our weekly live video chatroom Visit http adafruitcom ask for more info You can ask anything about electronics, kits at Adafruit or just stop in to meet other makers who are building cool things At the end of the chat we give away a
↧
↧
Frustrate, Disrupt, Evade
Secuobs.com : 2013-04-16 16:04:21 - CounterMeasures Security Privacy Trust - Much of the focus on Advanced Persistent Threat and targeted attack prevention methodology can be related to the Lockheed Martin Cyber Kill Chain, which is itself based on the conventional US military targeting doctrine find, fix, track, target, engage, assess F2T2EA methodology The Cyber Kill Chain comprises seven phases Reconnaissance, Weaponization, Delivery, Exploitation, Installation,
↧
Hope 9 - Lightning Friday
Secuobs.com : 2013-04-16 16:11:56 - SecurityTube.Net - A dozen talks over two days, each around five minutes in length These were presented after the Friday and Saturday keynote addresses IMAGE
↧
Measuresoft ScadaPro exploit
Secuobs.com : 2013-04-16 16:11:56 - SecurityTube.Net - ScadaPro is Real Time Data Acquisition software for Microsoft Windows Optimised to use the powerful real time, multi-tasking features of Windows, ScadaPro provides integrated data acquisition, monitoring, data logging, mimic development and report generation It is designed as mission critical software running on a mission critical operating system IMAGE
↧
Hardware and Software Keyloggers
Secuobs.com : 2013-04-16 16:11:56 - SecurityTube.Net - In this video Dan Honkanen talking about Keyloggers He will explain hardware and software keylogger Why we are using Keloggers and how to use keylogger If your machine is infected with keyloggers so you can learn how to detect that keylogger IMAGE
↧
↧
90pourcents of game hacks and cracks contain malware
Secuobs.com : 2013-04-16 16:14:06 - Help Net Security News - Computer and online gaming is big business for companies creating the games, but a considerable drain on the finances of gamers, so it should not come as a surprise that many of the latter decide agai
↧
Most enterprises encounter problems with open source software
Secuobs.com : 2013-04-16 16:14:06 - Help Net Security News - Univa's 2013 Free and Open Source Software report finds that Free and Open Source Software FOSS is prominent within businesses today with 76pourcents using it internally However, 75pourcents of those users experie
↧
First anti-malware product for UEFI
Secuobs.com : 2013-04-16 16:14:06 - Help Net Security News - Kaspersky Lab released Kaspersky Anti-Virus for UEFI KUEFI an anti-malware solution which can protect the user s PC before the operating system even starts loading UEFI, or Unified Extensible
↧