Cryptography Introduction Cheatsheet – part 2 – Authentication

Posted on in security
   Leave a reply

This is the second part in a list of cheatsheets based on the book Network Security: Private Communications in a Public World (2nd Edition).

This post is about authentication. The first part, Cryptography Introduction Cheatsheet – part 1, was about cryptography.

Authentication is the process of reliably identifying the identity of someone.

Password based authentication happens via a secret quantity. The biggest drawback is eavesdropping. Guessing the password can happen online or offline. OfflineRead more.

Cryptography Introduction Cheatsheet – part 1 – Cryptography

Posted on in security
   2 Replies

This post (and the follow ups to this post) are based on a study book, Network Security: Private Communications in a Public World (2nd Edition) from Prentice Hall, that I started reading end of the summer of 2014.

I wanted to write some cheatsheets to make it easier to look up the information at a later stage. You can find the book in the Amazon bookstore.

Alice, Fred and Trudy are the participants inRead more.

Analyzing MX records for .be domains

Posted on in geek, internet, open source, security
   1 Reply

In a previous post I did an analysis of HTTP headers returned by Belgian websites. The list of websites was based on an old Alexa datafile and more or less reflected the most ‘popular’ Belgian websites. I now trimmed these domains to their top domain only (so www.site.be and alpha.site.be became site.be) and decided to check what type of MX records are defined for the different domains.

MX records are DNS records that specify aRead more.

Analyze HTTP headers (part 2)

Posted on in geek, internet, open source, security
   Leave a reply

This is the second part in the analysis of the content of HTTP headers returned from Belgian websites. The first part describes what HTTP headers are and analyses the results of the network requests.

Disclosing HTTP headers is not going to make your site more vulnerable nor is not disclosing them going to make your site more secure. But by leaking version information you basically give away your level of patch management, making it easierRead more.

Analyze HTTP headers (part 1)

Posted on in geek, internet, open source, security
   4 Replies

This analysis on HTTP headers is separated into two different blog posts :

describing what HTTP headers are and analyzing the results of the network requests analyzing the content of HTTP headers

The separation in two parts follows the logical sequence of events that I had to do to complete the investigation. First I had to map the network and interpret these results and then dive deeper in the returned HTTP header results.

Note thatRead more.

Query Arbor Peakflow API for connections

Posted on in internet, security
   2 Replies

Recently I had to verify traffic in a netflow collector for connections to a list of interesting networks (networks suspected to serve malicious content or C&Cs). The netflow collector that was used was an Arbor Peakflow solution.

In Arbor you can browse the raw flows via Explore -> Forensics. This feature allows you to look for specific traffic based on a FCAP filter.

Read more.

Use privoxy and Tor for increased anonymity

Posted on in geek, internet, linux, open source
   1 Reply

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location (from https://www.torproject.org/).

There are Tor Bundles that you can install but you can also chain Tor through a proxy.

I’ll use an Ubuntu 1214 vmware machine to proxy my traffic.Read more.

What to do if your website gets hacked or defaced

Posted on in internet, security
   1 Reply

Websites get attacked daily. Sometimes the attacker succeeds in accessing the website. This is often told as “we got hacked” but in most cases a “our website got defaced is more accurate.

This post describes what you have to do if you control your website (a custom build website or a CMS website build with Drupal, Joomla, WordPress, …) via FTP and you do not have a shell account on your server.

In most casesRead more.

Elasticsearch dynamic scripting vulnerability exploit

Posted on in internet, linux, security
   Leave a reply

Update 20140716

“This could allow an attacker to execute OS commands.”. That is the notice on the security page of Elasticsearch.

A vulnerability that allows execution of system commands should always raise concern.

Some people running a public Elasticsearch instance reported cases where attackers were able to upload scripts. It turned out that when Elasticsearch was available on the Internet (port tcp/9200) and had dynamic scripting enabled then users could execute arbitrary scripts.Read more.

Install DionaeaFR web frontend to Dionaea honeypot on Ubuntu

Posted on in geek, linux, open source, security
   13 Replies

Dionaea is a low-interaction honeypot. It is one of the honeypots that can be deployed through the Modern Honey Network. Next to the MHN dashboard I also wanted some specific data on the Dionaea honeypot. That is where DionaeaFR kicks in.

The installation is described in detail on the github page and on http://bruteforce.gr/visualizing-dionaeas-results-with-dionaeafr.html.

I had to add some extra packages and settings on a Ubuntu 12.04.4 LTS system. Below is the fullRead more.