HackDig : Dig high-quality web security articles for hackers

Auditing Cloud Administrator Behavior as a Matter of Data Breach Preparedness

New technologies often present interesting challenges for security teams, with cloud services such as AWS, Azure and GCP providing particularly novel cases in comparison to “classic” on-premise systems. As cloud services race to add new features that drive new customer interest and increase retention of existing clients, there is a very real risk of exposing
Publish At:2020-04-09 02:33 | Read:684 | Comments:0 | Tags:Cloud attack vector auditing system administrators

Where 2 worlds collide: Bringing Mimikatz et al to UNIX

Presentation on Active Directory integration solutions for UNIX (as given at Black Hat Europe 2018). Over the past fifteen years there’s been an uptick in “interesting” UNIX infrastructures being integrated into customers’ existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heter
Publish At:2019-09-19 17:35 | Read:973 | Comments:0 | Tags:Presentations analysis auditing Black Hat Europe blue team c

An offensive introduction to Active Directory on UNIX

By way of an introduction to our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises’ Active Directory forests. Background to Active Directory i
Publish At:2019-09-19 17:35 | Read:1127 | Comments:0 | Tags:Blog analysis auditing Black Hat Europe blue team conference

Use Infrastructure as Code they said. Easier to audit they said… (part 1)

Whilst there are some great examples of how to assess infrastructure as code dynamically with things like the Center for Internet Security‘s Docker benchmark and CoreOS‘s Clair, these kinda run a little too late in the pipeline for my liking. If we want to treat infrastructure as code then surely we ought to be performing code reviews and if we&#
Publish At:2019-09-19 17:35 | Read:1027 | Comments:0 | Tags:Blog auditing devops devsecops infradev orchestration seceng

UNIX and Linux setUID advice and guidance

It is a topic that often comes up on client engagements, usually when running structured build reviews of Linux “gold builds”, but occasionally when trying to explain in detail how we used a Linux system to pivot internally. SetUID and setGID files are inevitably a risk, potentially allowing attackers to elevate privileges to root from a basic us
Publish At:2017-10-27 17:20 | Read:7506 | Comments:0 | Tags:Blog AIX analysis auditing blueteam FreeBSD Linux root Solar

Hindering Lateral Movement

Lateral Movement is a method used by attackers (or malware) against a network Domain. After an initial device is compromised (typically, a user’s workstation), the attacker extracts passwords from memory, or obtains encrypted password hashes from the system for cracking or direct use (i.e. Pass the Hash). The attacker then attempts to login to other sy
Publish At:2017-10-27 17:20 | Read:4988 | Comments:0 | Tags:Blog auditing blueteam redteam training Windows

padmin to root: Roles on AIX

Following a recent post from a consultant at IBM discussing how how privileged access should be performed on VIOS, I figured it was time to share some of our research in this arena. Those of you that are regular readers will know that I love root. For those of you that are new, welcome aboard. Let’s start by defining what VIOS is. VIOS is a subsystem t
Publish At:2015-10-03 05:00 | Read:4226 | Comments:0 | Tags:Blog AIX analysis auditing exploit root UNIX

Oracle security chief to customers: Stop checking our code for vulnerabilities

Oracle's chief security officer is tired of customers performing their own security tests on Oracle software, and she's not going to take it anymore. That was the message of a post she made to her corporate blog on August 10—a post that has since been taken down.Perhaps thinking that all the security researchers in the world were busy recovering from Bla
Publish At:2015-08-11 19:40 | Read:3551 | Comments:0 | Tags:Risk Assessment Technology Lab auditing oracle software lice

Weaknesses in Air Traffic Control Systems are a serious issue for FAA

A GAO report to FAA reveals that the systems adopted in the Aviation industry are still affected by weaknesses that could be exploited by hackers. A report published by Government Accounting Office (GAO) in January urges the Federal Aviation Administration (FAA) to adopt a formal process to “Address Weaknesses in Air Tra
Publish At:2015-03-04 17:30 | Read:4428 | Comments:0 | Tags:Breaking News Security auditing cyber security cyber threats

Your Data Security Strategy Starts with Deploying a Least Privilege Model (part 1 of 2)

Posted January 12, 2015   Scott LangBefore we start, let’s agree on three fundamental principles of protecting data:1. Data is the most valuable asset your organization has (besides the folks who work for you anyway)2. Data is like water – it will find the path of least resistance out of its current location3. Based on its value and portabilit
Publish At:2015-01-13 06:25 | Read:3403 | Comments:0 | Tags:Privileged Account Management Auditing least privilege Ponem

Announce

Share high-quality web security related articles with you:)

Tools