Whitehats CyberSecurity

A new Ransomware attack has been detected and is in progress. Few information is available right now ; the investigation is still in progress. This alert will be updated when further information will be available. Description *********** Several information report this ransomware as a variant of Petya and Misha (also known as GoldenEye). The actual main targets are in Ukraine and Russia. Only few sample have been recently detected in France. There are verified facts: - it uses EternalBlue as an attack vector (CVE-2017-0143 [3]) - spreading via SMB post-exploitation Post-exploitation, the ransomware perform the following actions:  * downloads the main binary at hxxp://185[.]165[.]29[.]78/~alex/svchost[.]exe  * clears the windows event log using Wevtutil (wevtutil cl Setup & wevtutil cl System & wevtutil cl Security & wevtutil cl Application & fsutil usn deletejournal /D %c:) - writes a message to the raw disk partition - reboot the syste

Hi All, Lets review this below mentioned security architecture, it is just broad level concept and requires each boxes to be explained, which we will explore in coming posts. Keep coming for more updates.

It's PCIDSS Time Now Well we all know, digital payments are now a craze across all streams, so PCIDSS becomes a mandatory clause towards achieving and maintaining cyber security. Here is a list of some ports which are listed as non filtered as per PCIDSS 1-tcpmux 3-compressnet 7-echo 9-discard 13-daytime 17-qotd 19-chargen 20-ftp-data 21-ftp 22-ssh 23-telnet 24-priv-mail 26-rsftp 33-dsp 37-time 42-nameserver 43-whois 49-tacaos 53-domain 70-gopher 79-finger 80-http 81-hosts2-ns 82-xfer 83-mit-ml-dev 84-ctf Keep coming back for more cyber security insights

Security testing with hackers view is very important to understand the security challenges. External PT/Security is important, but internal security testing is also important to check if the network gets compromised, then what can be maximum impact in system. Lets go straight to internal security testing checklist Gather Information and Footprinting exercise Do network assessments Scan for ports and services Find out dangerous services running Perform credential VA to find critical challenges Scan for malwares and trojans using specific plugin ids Identify password related challenges in VA Specially search scan results to find root credentials, admin credentials, blank passwords, passwords never expire, default passwords Find out where audit trails not enabled Specially target DB servers for password violations Try password cracking using any dictionary  or hybrid attacks and if allowed go for brute force attacks Do firewall analysis to check for ports allowed  Check