New OpenSource .Net Security Tool Released

July 08, 2022 by Marc Handelman in Security Research, Security Tooling, .NET Foibles, Microsoft Cruft, D-Day June 6th 1944

Security news (received yesterday) engaged my inbuilt disdain for nearly all-things things Microsoft Corporation (NASDAQ: MSFT); post-disdain, and once I resumed a steady-state view of the world, I investigated further, and discovered OpenSource bits stored in a GITHUB repository owned & managed by Mandiant. The repository under scrutiny is mnemonically monikered - 'route-sisxty-sink'.

Folks, in a nutshell - the project has it's way with questionable .NET assemblies (aren't all .NET assemblies questionable?), or, in the words of the creators of this superb, expert-level ballet betwixt security & anti-cruft tooling 'Route Sixty-Sink, an open-source tool that enables defenders and security researchers alike to quickly identify vulnerabilities in any .NET assembly using automated source-to-sink analysis'.

Enjoy!

DEF CON 29 Adversary Village - Jonas Knudsen's 'Tool Demo: ImproHound Identify AD Tiering Violations' →

November 01, 2021 by Marc Handelman in DEF CON, DEF CON 29, Adversary Village, Education, Security, Cybersecurity Education, Infosec Education, Security Education, Application Security, Information Security, Security Tooling

Our thanks to DEFCON for publishing their outstanding DEFCON 29 Adversary Village videos on the Conferences’ YouTube channel.

DEF CON 29 Aerospace Village - Leeloo Granger's 'Evaluating Wireless Attacks On Real World Avionics' →

October 28, 2021 by Marc Handelman in DEF CON, DEF CON 29, Education, Security, Aerospace Village, Aerospace Conferences, Cybersecurity Education, Security Tooling, Security Education, Application Security, Network Security

Our thanks to DEFCON for publishing their outstanding DEFCON 29 Aerospace Village videos on the organizations’ YouTube channel.

DEF CON 29 Aerospace Village - Nicholas Childs' 'Don’t Fear The BUS, It Won’t Run You Over' →

October 24, 2021 by Marc Handelman in DEF CON, DEF CON 29, Aerospace Village, Aerospace Conferences, Education, Security, Cybersecurity Education, Infosec Education, Aerospace Security, Security Education, Information Security, Industrial Security, Hardware Security, Security Tooling

Our thanks to DEFCON for publishing their outstanding DEFCON 29 Aerospace Village videos on the organizations’ YouTube channel.

DEF CON 29 Aerospace Village - Pearce Barry's 'Collecting CANs: A Bridge Less Travelled' →

October 23, 2021 by Marc Handelman in DEF CON, DEF CON 29, Aerospace Village, Aerospace Conferences, Education, Security, Cybersecurity Education, Infosec Education, Aerospace Security, Security Education, Privacy Education, Application Security, Information Security, Industrial Security, Hardware Security, Metasploit, Security Tooling

Our thanks to DEFCON for publishing their outstanding DEFCON 29 Aerospace Village videos on the organizations’ YouTube channel.

DEF CON 29 Main Stage - Paz Hameiri's 'TEMPEST Radio Station' →

August 17, 2021 by Marc Handelman in DEF CON, DEF CON 29, Security Conferences, Conferences, Security Education, Privacy Education, Infosec Education, Education, Information Security, Cyber Security, Application Security, Big Data Security, Security Tooling

Our thanks to DEFCON for publishing their outstanding DEFCON Conference Main Stage Videos on the groups' YouTube channel.

DEF CON 29 Main Stage - Rotem Bar's 'Abusing SAST Tools When Scanners Do More Than Just Scanning' →

August 14, 2021 by Marc Handelman in DEF CON, DEF CON 29, Security Conferences, Conferences, Security Education, Privacy Education, Infosec Education, Education, Information Security, Cyber Security, Application Security, Security Tooling

Our thanks to DEFCON for publishing their outstanding DEFCON Conference Main Stage Videos on the groups' YouTube channel.

SANS DFIR, Richard Davis' 'Introduction To Arsenal Image Mounter' →

October 04, 2019 by Marc Handelman in SANS DFIR, Information Security, Security Tooling

Thanks to SANS for publishing the SANS DFIR

superlative DFIR videos on their SANS DFIR YouTube Channel

Security BSides London 2019, Nina Fasel's 'My First Program: A Pentesting Tool' →

August 23, 2019 by Marc Handelman in BSides London 2019, Conferences, Education, Information Security, Security Engineering, Security Tooling, Security Applications, Pentesting Tooling

Many thanks to Security BSides London for publishing their outstanding conference videos on YouTube.

Originally Seen On Algorithmia, via Prooffreaderswhimsy! — Originally Seen On **Algorithmia**, via **Prooffreaderswhimsy**!

Anti-Exfil: The Is-Self, Not-Self Solution?

November 28, 2018 by Marc Handelman in Security Inventions, Security Prophylaxis, Security Tooling, Security Vendors, Security Controls, Security Canary, Security Bloviation

via Karen Hao, writing at MIT's Technology Review magazine, reports on a relatively new-and-novel security product monikered Darktrace.

Here's the quote from the organization's co-CEO Nicole Eagan, describing her company's product:

"It’s very much like the human body’s own immune system," says the company’s co-CEO Nicole Eagan. "As complex as it is, it has this innate sense of what’s self and not self. And when it finds something that doesn’t belong—that’s not self—it has an extremely precise and rapid response." - via a report from Karen Hao, writing at MIT's Technology Review

The description of this product is a nearly perfect example of Security Bloviation - and certainly ranks in the top 5% of bombast relating to a company's solution to a difficult problem.

Predicated on my understanding of this product, that is, the functionality deployed (in the effort to foil exfiltration of sensitive (and otherwise) bits), is all about 'algorithmic-based unsupervised-learning', rather than misplaced New Age conceptual witticism attaching some amorphous cognitive "innate" behavior to an agglomeration of bits.

In reality, the product probably works as advertised, regardless of the questionable description proffered by the 'co-CEO'. For me - and many of my Information Security meatspace colleagues, the question is, how long will the product work (until it-too is gamed by our miscreant adversaries) and with what definable level of efficiency?

Image Credit: William Warby on Flickr /  CC 2.0 — Image Credit: **William Warby** **on Flickr** / **CC 2.0**

Black Hat Arsenal USA 2018 — Litany of Tools →

August 06, 2018 by Marc Handelman in Conferences, Blackhat, Security Tooling

This year's Black Hat 2018 Arsenal List has been announced by @ToolsWatch, with the full list hereabouts. Enjoy, I know I will! H/T

"Congratulations for everyone who got accepted for the #BHUSA18 Arsenal. The choice was very difficult. Promise we will give priority for those rejected in the next session in London."— via @ToolsWatch

BlueHat IL 2018, Vincent Le Toux & Benjamin Delpy's 'What Can Make Your Million Dollar SIEM Go Blind' →

February 04, 2018 by Marc Handelman in Network Security, Cybersecurity, SEIM, Security Tooling, Detection, BlueHat IL, Conferences

via Firewall Consultants!

2018 Cymmetria MazeRunner Community Edition Announced →

February 02, 2018 by Marc Handelman in Security Testing, Security Tooling, Information Security, Network Security, Deception

Gadi Evron has announced the latest edition of Cymmetria MazeRunner Community Edition. I'm particularly interested in the Python Enhanced Responder.py/Pass-the-Hash deception capabilities. Enjoy!

Dr. Chuvakin's Prescription: 'On Negative Pressure ...'

January 25, 2018 by Marc Handelman in Brilliant, Security Tooling, Security Testing, Security Strategy, Information Security, Cybersecurity

via Anton Chuvakin, Ph.D., Research VP and Distinguished Analyst at Gartner, speaks security truth to power. Pay attention folks - your organization's security and continued existence could very well depend on the action you take in your environments, based what he has to say.

Adam Pumphrey's 'A Bro Primer' →

January 11, 2018 by Marc Handelman in Security Tooling, Security Research, Security Operations, Information Security, Education

BSides Nashville 2017, Tara Wink's and Jason Smith's 'Infosec Tools of the Trade - Getting Your Hands Dirty' →

May 03, 2017 by Marc Handelman in All is Information, Education, Information Security, Security Tooling, Security BSides, Security Conferences

Kali, The Distro of Cloud GPUs →

April 28, 2017 by Marc Handelman in All is Information, Information Security, Network Security, Penetration Testing, Security Testing, Security Tooling, KALI

News - via El Reg writer Simon Sharwood, of new capabilities within Kali Linux distro (version 2017.1). The standout addition: The leveraging of cloud-based GPU infrastructure to crack pasword objects. Outstanding.

Suspicious Package →

November 10, 2015 by Marc Handelman in All is Information, Information Security, Security Tooling

Now nearly eight years old, MAC Freeware Suspicious Package, the tightly focused security tool for Apple Inc's (NasdaqGS: AAPL) OS X hit another milestone this year (in February) now at version 2.0.1.

Crafted by Mothers Ruin, Suspicious Package takes a deep view into installer packages (in the Finder). The bits utilize Quick Look to display the contents of the package, popping up a preview in the Quick Look window. A superb, single purpose security tool for your toolkit.

"Shouldn't I be suspicious of the Suspicious Package package? Yes, we're aware of the ... irony of distributing Suspicious Package as a package, but it's very awkward to distribute it any other way. If you want an alternative, though, there are instructions here. The Suspicious Package package is signed with an Apple-issued “Developer ID” certificate, and so will be recognized as valid by the Gatekeeper feature of OS X. The signer, as displayed by Suspicious Package itself, will be “Randy Saldinger,” which is the real name of the person who writes in the first person plural for Mothers Ruin Software." - via the Mothers Ruin Suspicious Package FAQ

NirSoft's AV List o' Shame

October 28, 2015 by Marc Handelman in All is Information, Antivirus, Information Security, Security Tooling

Nir Sofer's List of Shame, The Anti-Virus Edition. FYI: We happily make use of Nir's tools and recommend them highly. Enjoy

McRee's Visualizing Network Data With Network Data

September 17, 2015 by Marc Handelman in All is Information, Information Security, Network Security, Security Research, Security Tooling, Visualization

Russ McRee's well-wrought piece published on his highly respected HolisticInfosec site, within his toolsmith column (both on his site and formerly in the ISSA Magazine) provides a tour-de-force primer on utilizing the R Development Environment. R in this case, is bent to Russ's will to accurately depict (of course) network data (in this case generated by (and in Russ's words) - "network traffic packet capture specific to malware called Win32/Sirefef or ZeroAccess that uses stealth to hide its presence on victim systems". Today's Must Read.