Showing items from public exposure

Integrity Checking - an Integral Part of Cyber Security

During the last twenty years there has been endless talks and discussions regarding the importance of Transport Layer Security (TLS) and the potential threats emerging from failing to implement TLS correctly. Even with all the talk, the real life examples of impactful man-in-the-middle (MitM) exploitation are rare. This post aims to shed some light on one of these cases. A Prelude to a 0-Day It was a dark and stormy night normal workday for us working in an internal red team. A large part of our job is to map potential attack surfaces, and while large companies often have a huge external attack surface there’s still a lot of other things going on under the surface as well. One of these things are the employee devices and the installed enterprise software on them, typically provisioned by the company. Looking through the devices that are used daily by thousands of our colleagues we saw what we expected; reputable EDR solutions, inventory management software and so on.

Continue Reading

Further Examination into External Attack Surface

Reducing Attack Surface Decreases Security Risk In my previous write-up I explained why tracking digital assets is important, and listed some methods to get started with it. I trust that once you read it, you immediately set off to gather a list of your IP and domain assets. Since then, Tuomas Haarala has further elaborated on discovery methods from a systems administrator perspective in a write-up of his own. Armed with these tools, we can now venture further into the realm of attack surface reduction. This write-up will concentrate on the process of moving from cataloguing assets to having an idea on the attack surface involved. As laid out in my previous post, the steps in this process are: Research the attack surface, i.e. open services, related to these assets. Determine whether there is something that needs fixing within these services. This write-up will focus on the first step, and the second will be covered in a follow-up.

Continue Reading

Management Interfaces - Attack Surface Hidden in Plain Sight

A management interface, who is it for? Modern web-based management interfaces help with the economy of scale. If you are a software vendor making a solution, supporting it is easier with clearly defined UI options rather than debugging obscure configuration file parameters. If you are an end-user, a management interface is there to make life easier for you as well. Having a management interface helps you: deploy the solution make complex changes to it generate management level reporting for the key KPI. These features often become tender items and a vendor will find itself in a position where developing a management interface web UI is a must have instead of a nice to have. Too often features are implemented in software through a tick box comparison, since the rationale is that we must have them since our competitor has them. It doesn’t really matter, whether the features actually serve the customer and their business function or not.

Continue Reading