Detection, Protection and Response – Single Platform – behaviour analytics, vulnerability scanning, threat intelligence, Siem, asset discovery, AntiVirus, Patching
PenTesting / Scanning Cached/Load Balanced Targets
As part of the PCI Certification process, external facing application that are in scope of the PCI environment require a PCI ASV scan. If these external facing applications are using load balancing and/or caching, please be aware of the following; (Examples of Load Balancers include; F5 LTM, AWS Elastic Load Balancer/ AWS CloudFront.)
Any load balancer using a full proxy architecture will establish a TCP connection to the virtual load balanced IP or VIP and the load balancer will proxy your scans and connection requests to a pool of backend applications servers. The rules on your load balancer determine which member of the pool gets that second connection. This means that you have no way of knowing which pool member you have scanned. The IP of the backend server will not be returned to the initial host, the one from which you established the initial TCP connection (to the VIP). To allow a PCI ASV scan, please add scanning origin to temporarily allow direct scans of your servers.
Please consider the following when determining the number of IP address required for EVS;
- There are no load balancers in front of any in-scope servers:
- External IP address / URL counted as individual IPs.
- All servers behind load balancers are identical and synchronized:
- The external facing VIP or load balanced URL/IP is counted as an individual IP (Allow scanning origin to temporarily allow direct scans of your servers.)
- Servers behind load balancers not identical and not synchronized:
- Need to scan each individual IP instead of the VIP. (Allow scanning origin to temporarily allow direct scans of all servers.)
- Pentesting Akamai – the_pentesters_guide_to_akamai
- Debuggers – gdb, WinDBG, OllyDBG
- Operating System Primer – https://www.slideshare.net/saumilshah/operating-systems-a-primer
- How functions work – https://www.slideshare.net/saumilshah/how-functions-work-7776073
- Introduction to Debuggers – https://www.slideshare.net/saumilshah/introduction-to-debuggers
- Return Oriented Programming – https://www.slideshare.net/saumilshah/dive-into-rop-a-quick-introduction-to-return-oriented-programming
- RawDisk – https://www.eldos.com/rawdisk/
Jeff Bezos’ (2016) yearly letter to shareholders
You can generate a key in Mac OS using the ssh-keygen command. You should run it in Terminal or iTerm and specify a type of encryption. You will also be asked for a file in which the key should be saved to and for a passphrase (password) for the key:
user@localhost: ssh–keygen –t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa): id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
This will create a private key written to ~/id_rsa and a public key written to ~/id_rsa.pub. The passphrase is used to protect your key. You will be asked for it when you load your key. You can load the key using the following command:
Paste the Client Key you created when prompted
ssh USER@HOST_NAME -pPORT
Your public key is saved to the
id_rsa.pub;file and is the key you upload to your Triton Compute Service account. You can save this key to the clipboard by running this:
pbcopy < ~/.ssh/id_rsa.pub rsync -e "ssh -p 18765" -aHz YOUR_SERVER_IP:/home/USERNAME/ /home/LOCAL_USER/BACKUP/ rsync -e "ssh -p18765 -i/Users/.../.ssh/id_rsa.pub" -arcvhz firstname.lastname@example.org:/home/user/ /Users/User/desktop/backup mysqldump -u db_user -p db_name > db_backup.sq
Uninstall Dell Kace Agent from Mac OSX
- Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
- Click , then enter an administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click in the Directory Utility window, then enter an administrator name and password.
- From the menu bar in Directory Utility:
- Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
- Or choose Edit > Disable Root User.
- Open Terminal Window
- Type su
- Type Password for root
- Change Director to /Library/Application Support/Dell/KACE/bin
- Then type ./AMPTool uninstall
Delete file user/Library/StartupItems/AMPAgentBootup.
sudo /Library/Application\ Support/Dell/KACE/bin/AMPTools uninstall
DoD Cloud Computing Security
Office 365 Anti-Spam and Anti-Malware Protection
- Anti-Spam and Anti-Malware Protection – https://technet.microsoft.com/en-us/library/anti-spam-and-anti-malware-protection-in-eop.aspx (old 2015)
- Exchange Online Advanced Threat Protection Service Description – https://technet.microsoft.com/en-us/library/exchange-online-advanced-threat-protection-service-description.aspx (more recent 2016)
- Office 365 Platform Service Description – https://technet.microsoft.com/en-us/library/office-365-platform-service-description.aspx (newest 2017)
- Exchange Online Protection – Advanced Threat Protection (ATP) cmdlets – https://technet.microsoft.com/EN-US/library/dn621038(v=exchg.160).aspx
Data Breach Infographics
- VERIS – http://vcdb.org/explore.html
- Data Breach – http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Cyber Security Research Reports
- Cisco 2017 – 2017-Annual-Cybersecurity-Report
- Verizon 2017 – rp_DBIR_2017_Report_en_xg
- Verizon Data Breach rp_DBIR_2016_Report_en_xg
- Deloitte Privacy Index – https://www2.deloitte.com/au/en/pages/risk/articles/deloitte-australian-privacy-index-2017.html?_lrsc=0cb1c85c-d3c0-4c10-a0e9-74653b66fca5&trk=elevate_li