Informazioni personali

Cerca nel blog

Translate

Visualizzazione post con etichetta Windows. Mostra tutti i post
Visualizzazione post con etichetta Windows. Mostra tutti i post

martedì 21 ottobre 2014

Is Sandboxing technology the answer?

Most of the security solutions in the market those days leverage sandboxing technologies to deal with Advanced Persistent Threats,  “0”days vulnerability, target attack and so on.

It would be interesting to analyze the good and the limits of this kind of technologies to be able to better choose our security solutions.

What is a Sandbox?

sandboxing means to create a “virtual”, “fake” image that can be targeted by malware attackers o unknown security problems.

Monitoring the change that happen to this decoy it is possible to understand if something strange is going on. The idea basically is that since the fake machine should perform just a serie of deterministic actions anything that goes out of the baseline is something that require further investigation.

So configuration changes to files or registry, unwanted external communications, different memory load everything can be used to understand if something is going weird.

The hardest part in creating a sandboxing system is that the target should look like a normal environment, while it has to be deeply monitored, far beyond the usual monitoring needs.

another hard point for sandboxing technology is that the decoy should be as close as possible to the used systems you want to protect, otherwise you could not be able to look at what is happening in the real environment.

Last, but not least, we should remember that some of malware and attack that are outside come against sandboxing technology using stealth or anti sandbox technology. While the first try to hide and be undetectable, the second try to understand if the target is a real or fake one, and in the second case stop any execution in order to not be detected.

Sandboxing techniques are effective and a powerful tools when dealing with security but should be implemented carefully.

we should take in account some considerations:

1) the less standard is your environment the less effective is the sandboxing approach. This is related not only to operating systems in the several version, patch level and so on, but also to all the software running on the platform.

If we think, as an example, to a microsoft environment we should be able to duplicate all the existing configuration: Windows version, service pack, Office version and patches, browsers and so on.

Now this seems easy but if we do not have a strict control we could be in need to create a great number of sandbox units in order to fit the various configuration. And I’m not considering hardware drivers….

2) a sandbox can be exploited

The sandbox itself can be exploited. Usually we are dealing with some sort of virtual image that is monitored by its drivers, this means that the sandbox itself is not immune to attacks. Target attacks or APT can have all the interests to leverage eventual vulnerability of the sandbox systems in order to be successful.

3) an evolving environment needs an evolving sandbox systems

as for the other security technologies the sandboxing is useless if not insert in a series of process that deal with the security, a process that has to take into account the evolution of the systems and user behaviours as well as of the external environment in terms of threats and technologies.

So are sandboxing technologies worth the effort? The answer is simply yes but in a clear security context. As for reputation technologies, sandboxing could not be, alone, the answer but sure is a powerful tool if used correctly. Beside marketing effort that sometimes present those technologies as the holy grall of security we should be aware that are just tools to be wisely used .

 

Is Sandboxing technology the answer?

Most of the security solutions in the market those days leverage sandboxing technologies to deal with Advanced Persistent Threats,  “0”days vulnerability, target attack and so on.

It would be interesting to analyze the good and the limits of this kind of technologies to be able to better choose our security solutions.

What is a Sandbox?

sandboxing means to create a “virtual”, “fake” image that can be targeted by malware attackers o unknown security problems.

Monitoring the change that happen to this decoy it is possible to understand if something strange is going on. The idea basically is that since the fake machine should perform just a serie of deterministic actions anything that goes out of the baseline is something that require further investigation.

So configuration changes to files or registry, unwanted external communications, different memory load everything can be used to understand if something is going weird.

The hardest part in creating a sandboxing system is that the target should look like a normal environment, while it has to be deeply monitored, far beyond the usual monitoring needs.

another hard point for sandboxing technology is that the decoy should be as close as possible to the used systems you want to protect, otherwise you could not be able to look at what is happening in the real environment.

Last, but not least, we should remember that some of malware and attack that are outside come against sandboxing technology using stealth or anti sandbox technology. While the first try to hide and be undetectable, the second try to understand if the target is a real or fake one, and in the second case stop any execution in order to not be detected.

Sandboxing techniques are effective and a powerful tools when dealing with security but should be implemented carefully.

we should take in account some considerations:

1) the less standard is your environment the less effective is the sandboxing approach. This is related not only to operating systems in the several version, patch level and so on, but also to all the software running on the platform.

If we think, as an example, to a microsoft environment we should be able to duplicate all the existing configuration: Windows version, service pack, Office version and patches, browsers and so on.

Now this seems easy but if we do not have a strict control we could be in need to create a great number of sandbox units in order to fit the various configuration. And I’m not considering hardware drivers….

2) a sandbox can be exploited

The sandbox itself can be exploited. Usually we are dealing with some sort of virtual image that is monitored by its drivers, this means that the sandbox itself is not immune to attacks. Target attacks or APT can have all the interests to leverage eventual vulnerability of the sandbox systems in order to be successful.

3) an evolving environment needs an evolving sandbox systems

as for the other security technologies the sandboxing is useless if not insert in a series of process that deal with the security, a process that has to take into account the evolution of the systems and user behaviours as well as of the external environment in terms of threats and technologies.

So are sandboxing technologies worth the effort? The answer is simply yes but in a clear security context. As for reputation technologies, sandboxing could not be, alone, the answer but sure is a powerful tool if used correctly. Beside marketing effort that sometimes present those technologies as the holy grall of security we should be aware that are just tools to be wisely used .

 

mercoledì 5 giugno 2013

Nmap Guide Revisited – Hakin9 Tutorials | Magazine | Hackers about hacking techniques in our IT Security Magazine

Nmap Guide Revisited – Hakin9 Tutorials | Magazine | Hackers about hacking techniques in our IT Security Magazine

The Right Tool
NMAP Kung-Fu
By Aamir Lakhani, DCUCD, DCUCI, CCNP, CCDP, Microsoft Certified Systems EngineerIBM Cloud Computing Architect, CISSP, HP Open View Professional
Nmap is a popular tool for network reconnaissance It usually one of the first tools a network penetration tester will use to determine the type of system they are targeting, what ports are open on the target system, and what services may be running on the system. Nmap stands for “network mapper” and is used to scan hosts and services on a network. Nmap has advanced features that can detect different applications running on systems as well as services and OS fingerprinting features.
Map and Network
By Andrew Brooker, CISSP, CRISC Director of Operations Assurity River Group
Network Mapper is a network scanner that is used to discover network hosts and their services. The initial driver forGordon Lyon was to create a utility that could “map the network”, hence nmap. Back in 1997, namp was a Linux only utility, but today is a cross-platform, lightweight network security scanner. Not only can you use nmap on your favorite OS, but you have the option between CLI or GUI.
Introduction to Nmap
By Daniel Renaud, CEO of DJJ Consultants and a Linux specialist since 1994
Nmap (Network Mapper) is a security scanner used to discover information about hosts on a network. To accomplish this, Nmap will send crafted packets to the host and then use the response to get information about it. NMAP can be used to determine the operating system of host, the names and versions of the services, estimated up time, type of device, and presence of a firewall. You are probably thinking that there’s a lot of other scanner that can do that and you’re probably right but Nmap can do it in a different way.
The Bread and Butter of IT Security
By Andrey Mosktvitin, IT Security Professional, Microsoft
Today we are going to talk about bread and butter of every IT security, networking and system professional – Nmap nework scanner.
Initially Nmap was a Linux command-line tool created by Gordon “Fyodor” Lyon in 1997. Nowadays it is a great set of tools with extensible framework, providing opportunity to integrate it with external scripts. There is also a beautiful GUI called ZeNmap and editions for Windows, Mac OS X, most of UNIX OS available. You can get information about all features and a distributive at official www.Nmap.org website.
NMAP Scanning: How a Simple Tool STILL Makes Dramatic Impact
By Nathan Swaim, President, ANRC
In a growing world of network analysis tools to choose from there are a few that remain just as beneficial today as they were when it first came out. NMAP definitely has held its reputation as being a go-to tool when network analyst and security researchers need it. It’s well known that if you don’t at a minimum scan your network defense posture using NMAP at least once after major production changes you are taking an unnecessary gamble and risk by not doing so. While the NMAP tool hasn’t significantly changed in its development lifecycle the emphasis on using it certainly has. In this article we’ll dive into the basics of doing an NMAP scan and explain some of the ways this incredible tool is able to do what it does.
NMAP: A “HACKER TOOL” FOR SECURITY PROFESSIONALS
By Justin Hutchens, CISSP, CEH , ECSA, CHFI
The notion of the “ethical hacker” has always been an ironic one. The developing trends of ethical hacking and offensive security have transformed the information security industry into one of the most self-perpetuating industries in the world. The software and tools that are used to secure vulnerable information assets are the same tools that can be used to exploit them. But perhaps it’s the other way around. Perhaps the tools that were created for the sole purpose of exploiting information assets are now being used to safeguard them. I suppose this is a debate that could go on forever and is really just another instance of “what came first…the chicken or the egg?”
The Swiss Army Knife
Discover What Is Inside The Hard Shell
By Andrew Jones, VMTraining, GSEC, GCIH, CVE5, VMTraining Certified Trainer
Nmap was one of the basic tools we would start students on. It’s open source, so free, and reasonably easy to get using right away for basic network scans. I say nmap is relatively easy to get using, but take that with a grain a salt. As you can see in the screen capture below, by running nmap –help, we are presented with a wealth of option flags for our use.
Nmap – The Tool of Almost Endless Capabilities
By Evan Francen, President, FRSecure LLC & Information Security Evangelist CISSP, CISM, CCSK
Before we start out and dig in, you need to know that Nmap can be a very powerful tool in the hands of someone who knows how to use it AND has an intimate knowledge of how TCP/IP works. If you don’t know some of the TCP/IP basics like IP addressing, routing, ports, and the structure of a TCP packet, it would be good idea to brush up on these skills first. As you unlock your knowledge of TCP/IP, you’ll embrace the beauty of Nmap that much more.
NMAP – Hollywood’s Hacking Tool of Choice
By Jake Wylezek, Solutions/Systems Engineer at Hewlett-Packard
NMAP is a network scanner but not a security measure. The main aim of this software is to perform host and services discovery and network recognisance. The initial release written by Gordon Lyon also known as Fyodor Vaskovich (if you watch Defcon talks) was back in September of 1997. Fyodor keeps the NMAP project rolling which today gives us version 6.25 thanks to an active user community. If you are reading this article thinking that you don’t know what NMAP is and you have never seen it before there is a great possibility that you already have seen it and there is even greater possibility that people such as your parents have seen it too. The reason behind it being NMAP featured in many movie hits over the years including Matrix Reloaded, Dredd, Bourne Ultimatum (my personal favourite), Die Hard 4 and several more.
Nmap – The Swiss Army Knife of Network Discovery
By James Tan, BSc Psychology, ISO 27001, CISSP, CCSK, CISA, eCPPT, PMP
Nmap is a popular free and open source port scanner if you have not heard of it. It is mentioned frequently in Hakin9 and other online articles, and also featured as the hacker’s choice of tool in several movies. You can use Nmap to scan entire network with a simple line of command or just an individual host. To the casual observer, Nmap is just a network port scanner. However it is a powerful toolkit comprising of many useful utilities (commands and GUI).
Practical NMAP Scanning
By Joshua Cornutt, CompTIA A+ Certified Professional IT Technician
Network Mapper (Nmap) allows for the discovery of live computers/hosts on a network as well as detects running services and supported communication protocols. It’s one of the most essential tools for any systems/network administrator, IT security professional and/or hacker. This instructional will guide you through using Nmap to effectively scan a subnet for live hosts, determine the status of firewall ports, iterate through running services and identify vulnerabilities.
Advanced Approach
Nmap – The Multitool of Network Discovery
By Branden Paul, Network Administrator, Banking Company
Nmap (Network Mapper) is a free-ware utility for Network scanning and security auditing. It was designed for large networks, but works on single hosts as well. It runs on all major Operating Systems and in addition to the classic command-line Nmap executable, it also includes an advanced GUI and results viewer (Zenmap). Now that you have some background information, let’s jump right in!
Using NMAP for Outbound Traffic Analysis
By Sergio Castro, Managing Director, Qualys Latin America
You wouldn´t let your kids talk with strangers in the street, right? But if you are not analyzing the servers your users are connecting to, that´s exactly what you are doing. We all have our firewalls configured to prevent pretty much all inbound traffic (with a few exceptions), and we know what outbound traffic to allow: http, https, ssh, smtp, pop, etc. And you know that when a hacker manages to land a trojan or install a backdoor in your network, the command and control outbound traffic will be via http or https most of the time. Also, if one of your users falls for a phishing scam, his/her outbound traffic will obviously would be http. You should be doing outbound traffic analysis, but you can.
Refining Your Nmap Scan Strategy
By Tony Lee, Principal security consultant at FireEye
The answer we hear most often is option a. While this may work for small networks, it does not scale for larger networks or more thorough assessments. The astute reader will notice that options a, b, and c, operate identically. Option a provides the network range in CIDR notation and since -sS is the default scan type when no options are supplied–option b is identical to option a. Examining option c, reveals that it is the same as options a and b, except that the target is supplied using a network range instead of CIDR notation. The problem with options a, b, and c is that they will not thoroughly scan the remote class c network as they will only scan the top 1000 TCP ports. Option d is close to what we are looking for since it scans all of the TCP ports; however, it lacks efficiency since we will be scanning all ports on all hosts, including dead IP space.
MCSA
Peter Harmsen
A lot of tutorials deal with nmap scanning and OS fingerprinting especially from the attackers pointof view.I would like to enlighten a quick and dirty aproach to get an portscan detectorup and running to add to your defense in depth.In this tutorial we will install the portscan attack detector deamon.Or psad for short. PSAD is capable of automatically add iptables rules in order toblock all traffic to and from one or more portscanning ip-addresses.There are not that many hands-on websites dealing with psad for a specific linux distro.And the ones who exist miss some essential details to get things working.So i thought ,why not write a quick recepy that quickly gives you both
In Depth Guide To Digital Forensics
Forensic Nmap
By Antonio Ierano, Former Cisco European Security Evangelist & Senior Consultant
Writing an article about Digital Forensic is always a challenge, and the reason are multiple: the complexity of the argument, the level of technology involved, the forensic approach itself.
There are a lot of tools and areas where digital forensic can be applied, and thousands of tools that can be used. But a challenge is always a good thing because let us focus and make think clearer so when I’ve been proposed to write an article on Nmap and forensic I accepted.

martedì 25 settembre 2012

Windows 8 product Key

Image via CrunchBase

Ok guys I0’m back on track and start writeing again.

 

I just started to play with windows 8 and i have some impressions, but first of all i wanna give you a simple advise: write your product key somewhere before installing it, because changing product key on windows 8 can be frustrating.

We do not have a direct link to a change Key tool, not help would be of some use, since the instructions does not lead you anywhere.

 

The best thing to do is quick search internet, but again there are more articles than solutions. Well the good news is that it can be solved Sorriso

 

so what do you have to do?

Open the command prompt with administrative privileges

write this simle command (a vbs script)

 

Microsoft Windows [Versione 6.2.9200] (c) 2012 Microsoft Corporation. Tutti i diritti riservati.

C:Windowssystem32>slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX C:Windowssystem32>

there are some similar indications on the web but I found most do not remind you to use administrative provoleges

Rremember even if you are your pc admin on windows 8 you do not run application with administrative provileges by default so you have to explicitally declare it

And some does not indicate the /ipk parameter, well it is not a problem the help comes out to support you

Windows 8 product Key

Image via CrunchBase

Ok guys I0’m back on track and start writeing again.

 

I just started to play with windows 8 and i have some impressions, but first of all i wanna give you a simple advise: write your product key somewhere before installing it, because changing product key on windows 8 can be frustrating.

We do not have a direct link to a change Key tool, not help would be of some use, since the instructions does not lead you anywhere.

 

The best thing to do is quick search internet, but again there are more articles than solutions. Well the good news is that it can be solved Sorriso

 

so what do you have to do?

Open the command prompt with administrative privileges

write this simle command (a vbs script)

 

Microsoft Windows [Versione 6.2.9200] (c) 2012 Microsoft Corporation. Tutti i diritti riservati.

C:Windowssystem32>slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX C:Windowssystem32>

there are some similar indications on the web but I found most do not remind you to use administrative provoleges

Rremember even if you are your pc admin on windows 8 you do not run application with administrative provileges by default so you have to explicitally declare it

And some does not indicate the /ipk parameter, well it is not a problem the help comes out to support you