Inlägg

Security Software & Tools Tips – December 2019

In this monthly post, we try to make you aware of five different security-related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Azure Arc
* CloudGuard Dome9
* Flan Scan
* Lynis
* Wapiti

Azure Arc

Information from the Azure Arc website:

Azure Arc extends management & security to any infrastructure.

Website:

https://azure.microsoft.com/en-us/services/azure-arc/

CloudGuard Dome9

Information from the CloudGuard Dome9 website:

The Dome9 Arc agentless SaaS platform delivers full visibility and control of security and compliance in AWS, Azure and Google Cloud environments. Minimize your attack surface and protect against vulnerabilities, identify theft and data loss.

Website:

https://dome9.com/

Flan Scan

Information from the Flan Scan website:

Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network.

Website:

https://github.com/cloudflare/flan

Lynis

Information from the Lynis website:

Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing.

Website:

https://cisofy.com/lynis/

Wapiti

Information from the Wapiti website:

Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects…

Website:

https://sourceforge.net/projects/wapiti/

Image by MasterTux from Pixabay

Security Software & Tools Tips – November 2019

In this monthly post, we try to make you aware of five different security-related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Kismet
* MAGNET RAM Capture
* RedLock
* SQLMap
* Wazuh

Kismet

Information from the block-doh website:

Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework.

Website:

https://kismetwireless.org/

MAGNET RAM Capture

Information from the MAGNET RAM Capture website:

MAGNET RAM Capture is a free imaging tool designed to capture the physical memory of a suspect’s computer, allowing investigators to recover and analyze valuable artifacts that are often only found in memory.

Website:

https://www.magnetforensics.com/resources/magnet-ram-capture/

RedLock

Information from the RedLock website:

RedLock Enables Cloud Threat Defense: Threat defense in the cloud requires a new AI-driven approach that correlates disparate security data sets including network traffic, user activities, risky configurations and threat intelligence, to provide a unified view of risks across fragmented cloud environments.

Website:

https://redlock.io/

SQLMap

Information from the SQLMap website:

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.

Website:

https://github.com/sqlmapproject/sqlmap

Wazuh

Information from the Wazuh website:

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Website:

https://wazuh.com/

Image by StockSnap from Pixabay

Security Software & Tools Tips – January 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.

This month we have chosen for the following:
* Elastic Stack
* Security Onion
* Wireshark
* Cuckoo
* BeEF

Elastic Stack

Information from the Elastic Stack website:

Threats don’t follow templates. Neither should you. The Elastic Stack gives you the edge you need to keep pace with the attack vectors of today and tomorrow.

Website:

https://www.elastic.co/

Security Onion

Information from the Security Onion website:

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!.

Website:

https://securityonion.net/

Wireshark

Information from the Wireshark website:

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

Website:

https://www.wireshark.org/

Cuckoo

Information from the Cuckoo website:

Cuckoo Sandbox is the leading open source automated malware analysis system. What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

Website:

https://cuckoosandbox.org/

BeEF

Information from the BeEF website:

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Website:

https://beefproject.com/

Photo by Markus Spiske on Unsplash

Security Software & Tools Tips – October 2018

In this monthly post we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.

This month we have chosen the following:
* Hiawatha
* Shodan
* GRR
* Cloudfail
* AbuseIO

Hiawatha


Hiawatha is a cool lightweight webserver that has a very easy syntax to configure it.
The maker of Hiawatha has written the webserver with security in mind, so it provides out of the box support for stopping SQL injections, XSS and CSRF attacks and exploit attempts.
We think Hiawatha is a great secure alternative for Apache or Nginx.

From the Hiawatha website:

Hiawatha is an open source webserver with a focus on security. I started Hiawatha in January 2002. Before that time, I had used several webservers, but I didn’t like them. They had illogical, almost cryptic configuration syntax and none of them gave me a good feeling about their security and robustness. So, I decided it was time to write my own webserver. I never thought that my webserver would become what it is today, but I enjoyed working on it and liked to have my own open source project. In the years that followed, Hiawatha became a fully functional webserver.

Website:

https://www.hiawatha-webserver.org/

Shodan


Shodan is a website where you can scan internet connected devices for open services. This is a great tool to find out if your
organization has any services exposed to the internet that might be a security risk.

From wiki:

Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.

Website:

https://www.shodan.io/

GRR


GRR (Rapid Response) framework is a server client software that allows you to do live forensics on remote servers.

From their website:

GRR Rapid Response is an incident response framework focused on remote live forensics.
The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely.

Website:

https://github.com/google/grr

Cloudfail

From their website:

CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.

* Misconfigured DNS scan using DNSDumpster.
* Scan the Crimeflare database.
* Bruteforce scan over 2500 subdomains.

Website:

https://github.com/m0rtem/CloudFail

AbuseIO


This piece of software gives you a web interface that imports most important feeds such as shadowserver and spamcop, you can then see this information in a easy and relevant way.
This is a great tool to automate and improve the abuse handling process.

From their website:

It is a toolkit anyone can use to receive, process, correlate abuse reports and send notifications with specific information regarding the abuse case(s) on your network. AbuseIO’s purpose is to consolidate efforts by various companies and individuals to automate and improve the abuse handling process.

Website:

https://abuse.io/download/

Photo by Liam Tucker on Unsplash