Posts

Security Software & Tools Tips – February 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.

This month we have chosen for the following:
* IBM QRadar
* Snyk
* Haven
* HashiCorp Vault
* Nikto

IBM QRadar

Information from the IBM Qradar website:

QRadar Community Edition is a free version of QRadar that is based off of our core enterprise SIEM. Users, students, security professionals, and app developers are encouraged to download QRadar Community Edition to learn and become familiar with QRadar.

Website:

https://developer.ibm.com/qradar/ce/

Snyk

Information from the Snyk website:

A developer-first solution that automates finding & fixing vulnerabilities in your dependencies.

Website:

https://snyk.io/

Haven

Information from the Haven website:

Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy. It is an Android application that leverages on-device sensors to provide monitoring and protection of physical spaces. Haven turns any Android phone into a motion, sound, vibration and light detector, watching for unexpected guests and unwanted intruders. We designed Haven for investigative journalists, human rights defenders, and people at risk of forced disappearance to create a new kind of herd immunity. By combining the array of sensors found in any smartphone, with the world’s most secure communications technologies, like Signal and Tor, Haven prevents the worst kind of people from silencing citizens without getting caught in the act.

Website:

https://guardianproject.github.io/haven/

HashiCorp Vault

Information from the HasiCorp Vault website:

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

Website:

https://www.vaultproject.io/

Nikto

Information from the Nikto website:

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Website:

https://cirt.net/Nikto2

Photo by MILKOVÍ on Unsplash

Security Software & Tools Tips – January 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.

This month we have chosen for the following:
* Elastic Stack
* Security Onion
* Wireshark
* Cuckoo
* BeEF

Elastic Stack

Information from the Elastic Stack website:

Threats don’t follow templates. Neither should you. The Elastic Stack gives you the edge you need to keep pace with the attack vectors of today and tomorrow.

Website:

https://www.elastic.co/

Security Onion

Information from the Security Onion website:

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!.

Website:

https://securityonion.net/

Wireshark

Information from the Wireshark website:

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

Website:

https://www.wireshark.org/

Cuckoo

Information from the Cuckoo website:

Cuckoo Sandbox is the leading open source automated malware analysis system. What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

Website:

https://cuckoosandbox.org/

BeEF

Information from the BeEF website:

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Website:

https://beefproject.com/

Photo by Markus Spiske on Unsplash

Security Software & Tools Tips – December 2018

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaothroducts.

This month we have choosen for the following:
* ModSecurity
* Snort
* OSSIM
* Nmap
* Osquery

ModSecurity


ModSecurity is a WAF module that can be used for various webservers such as Nginx, Apache and IIS.

Information from the ModSecurity website:

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

Website:

https://www.modsecurity.org/

Snort

Information from the Snort website:

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Website:

https://www.snort.org/

OSSIM

Information from the OSSIM website:

AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization, and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

Website:

https://www.alienvault.com/products/ossim

Nmap

Information from the Nmap website:

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Website:

https://nmap.org/

Osquery

Information from the Osquery website:

osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

Website:

https://osquery.io/

Photo by Collin Armstrong on Unsplash

Security Software & Tools Tips – November 2018

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.

This month we have choosen for the following:
* Naxsi
* OSSEC
* Forseti Security
* Security Monkey
* OWASP Zed Attack Proxy

Naxi


Naxsi is a module that you can compile with nginx and it then provides “Anti XSS & SQL Injection” capabilities for nginx.

Information from the Naxsi GitHub page:

NAXSI means Nginx Anti XSS & SQL Injection.

Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For example, <, | or drop are not supposed to be part of a URI.

Website:

https://github.com/nbs-system/naxsi

OSSEC


This tools is a free open source host-based intrustion dectection system (HIDS) and it is easy to install, cool thing is that they are compliant with PCI-DSS

Information from the OSSEC website:

OSSEC watches it all, actively monitoring all aspects of system activity with file integrity monitoring, log monitoring, rootcheck, and process monitoring.

When attacks happen OSSEC lets you know through alert logs and email alerts sent to you and your IT staff so you can take quick actions. OSSEC also exports alerts to any SIEM system via Syslog so you can get real-time analytics and insights into your system security events.

Website:

https://www.ossec.net

Forseti Security


This are basically a bunch of tools that will help you improve the security of your GCP.

Information from the Forseti Security website:

A community-driven collection of open source tools to improve the security of your Google Cloud Platform environments.

Website:

https://forsetisecurity.org/

Security Monkey


This is a monitoring tool created by Netflix it checks your configuration, and or for policy changes then it can provide you with alerts.
It currently works both on AWS and on GCP.

Information from the Security Monkey GitHub page:

Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. Support is available for OpenStack public and private clouds. Security Monkey can also watch and monitor your GitHub organizations, teams, and repositories.

It provides a single UI to browse and search through all of your accounts, regions, and cloud services. The monkey remembers previous states and can show you exactly what changed, and when.

Security Monkey can be extended with custom account types, custom watchers, custom auditors, and custom alerters.

Website:

https://github.com/Netflix/security_monkey

OWASP Zed Attack Proxy (ZAP)

Information from the OWASP Zed Attack Proxy website:

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

Website:

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Photo by arvin febry on Unsplash

Security Software & Tools Tips – October 2018

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.

This month we have chosen the following:
* Hiawatha
* Shodan
* GRR
* Cloudfail
* AbuseIO

Hiawatha


Hiawatha is a cool lightweight webserver that has a very easy syntax to configure it.
The maker of Hiawatha has written the webserver with security in mind, so it provides out of the box support for stopping SQL injections, XSS and CSRF attacks and exploit attempts.
We think Hiawatha is a great secure alternative for Apache or Nginx.

From the Hiawatha website:

Hiawatha is an open source webserver with a focus on security. I started Hiawatha in January 2002. Before that time, I had used several webservers, but I didn’t like them. They had illogical, almost cryptic configuration syntax and none of them gave me a good feeling about their security and robustness. So, I decided it was time to write my own webserver. I never thought that my webserver would become what it is today, but I enjoyed working on it and liked to have my own open source project. In the years that followed, Hiawatha became a fully functional webserver.

Website:

https://www.hiawatha-webserver.org/

Shodan


Shodan is a website where you can scan internet connected devices for open services. This is a great tool to find out if your
organization has any services exposed to the internet that might be a security risk.

From wiki:

Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.

Website:

https://www.shodan.io/

GRR


GRR (Rapid Response) framework is a server client software that allows you to do live forensics on remote servers.

From their website:

GRR Rapid Response is an incident response framework focused on remote live forensics.
The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely.

Website:

https://github.com/google/grr

Cloudfail

From their website:

CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.

* Misconfigured DNS scan using DNSDumpster.
* Scan the Crimeflare database.
* Bruteforce scan over 2500 subdomains.

Website:

https://github.com/m0rtem/CloudFail

AbuseIO


This piece of software gives you a web interface that imports most important feeds such as shadowserver and spamcop, you can then see this information in a easy and relevant way.
This is a great tool to automate and improve the abuse handling process.

From their website:

It is a toolkit anyone can use to receive, process, correlate abuse reports and send notifications with specific information regarding the abuse case(s) on your network. AbuseIO’s purpose is to consolidate efforts by various companies and individuals to automate and improve the abuse handling process.

Website:

https://abuse.io/download/

Photo by Liam Tucker on Unsplash