Categories
Security

First try, Nuclei Vulnerability Scanning

Fast and customizable vulnerability scanner based on a simple YAML-based DSL.

I took my first steps with Nuclei. The plan was to verify if my Atlassian Confluence instance was vulnerable both before and after patching. Also, on June 7, 2024, a new PHP vulnerability emerged, and I wanted to use Nuclei to review the security posture of some PHP installations I manage.

Categories
Security

Using a YubiKey for enhanced security

I used to have a YubiKey, but it never fully caught on with me. Now, finally, I want to start using a YubiKey to reduce the risk of phishing attacks and strengthen my overall personal IT security.

A hardware security token never goes alone; always add two. One is for use, and the second is for backup.

Categories
Security

Request parameter _sm_by ZScaler

During a DDoS attack, I found a large amount of a HTTP request parameter “_sm_byp=” in my logs. However, this parameter is not native to my app.

_sm_byp=

Modified example:
https://www.example.com:443/manifest.json?_sm_byp=iVVt9H5dRMP8Lb3F
https://www.example.com:443/test.html?_sm_byp=iVVc8ZT1kQFvX6Nr
Categories
Security

MyIP.is: Tool for IP Address Insights

MyIP.is, a handy online tool designed to instantly provide users with their public IP address and additional related information.

One of the cool features of this website is that they are actively involved in managing larger pages, collecting and analyzing IP data, and then compiling a list of malicious players on the web, which is available for free download.

Categories
Security

SANS Internet Storm Center – API

Even as a long-time listener of the daily newscast from SANS Storm Center, I never knew they offer a free API with useful information. The downside is that the API is rather slow, but still useful for IP intelligence.

Categories
Azure Security

Azure Front Door configuring  SSL/TLS cipher 

After a recent penetration test on an Azure website, I received a report stating that I need to disable CBC ciphers in my TLS configuration. I was able to reproduce the issue.

https://www.ssllabs.com/ssltest/analyze.html (2024-04-25)

However, I found that on Azure Front Door Standard and Azure Front Door Premium, it’s not possible to configure the cipher order or the selection of ciphers. All of this is fully managed by Microsoft.

Categories
Security

Exploring CVE with CVEMap Command Line Tool

CVEMap is a user-friendly, open-source command-line interface (CLI) tool engineered for seamless exploration of Common Vulnerabilities and Exposures (CVEs). Its purpose is to provide a smooth and intuitive platform for delving into vulnerability databases. However, the tool relies on a free cloud service.

Categories
News Security

NoName057(16) DDoS January 2024

Before the World Economic Forum in January 2024 in Davos Switzerland, Chinese Premier Li Qiang arrived in Switzerland on Sunday and was officially received with military honors. On the same day, Ukrainian President Volodymyr Zelensky visited the Swiss Parliament Building in Bern. The World Economic Forum began in Davos on Monday. By Wednesday January 17th 2024, the first public reports appeared regarding DDoS attacks against websites in Switzerland, attributing them to the group NoName057(16).

Categories
News Security

Stay on top of Cyber Security Alerts

It’s important to stay on top of new discoveries and vulnerabilities, following up on products. Knowing is the first step, evaluation and taking action is the second step.

Cyber Security Alerts

Vendors

Another crucial step is to sign up for security advisories with all your key vendors to significantly reduce the response time to newly released security advisories from the supplier.

For example like:

  • Atlassian
    • If you are using Atlassian products, especially Data Center or perhaps an outdated server version, I recommend signing up for the Atlassian Security Advisory mailing list. They have recently started sending monthly updates and sometimes even more with crucial information regarding patching and vulnerabilities. In my opinion, it is an absolute must to follow. (2024-01-18)

Categories
News Security

Terrapin Attack, SSH protocol vulnerability

I had to evaluate the risk of a potential Terrapin attack.

  • CVE-2023-48795: General Protocol Flaw
  • CVE-2023-46445: Rogue Extension Negotiation Attack in AsyncSSH
  • CVE-2023-46446: Rogue Session Attack in AsyncSSH

The Terrapin attack can target connections secured with ChaCha20-Poly1305 or CBC-mode ciphers with Encrypt-then-MAC. There is a theoretical vulnerability in CTR-mode ciphers combined with Encrypt-then-MAC, but it is not currently exploitable in real-world scenarios.

The attack requires an active Man-in-the-Middle.

OpenSSH and other vendors have implemented a strict key exchange countermeasure, but for it to be effective, both client and server must support it. Connecting a vulnerable client to a patched server, or vice versa, still results in a vulnerable connection.