DISC InfoSec blogOpen source intelligence Archives

Nov 23 2022

5 free resources from the Cybersecurity and Infrastructure Security Agency (CISA)

Category: Security Tools — DISC @ 10:55 am

5 free resources from the Cybersecurity and Infrastructure Security Agency (CISA)

The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the United States Department of Homeland Security. CISA is in charge of enhancing cybersecurity and infrastructure protection at all levels of government, coordinating cybersecurity initiatives with American U.S. states, and enhancing defenses against cyberattacks.

To assist businesses in enhancing their security capabilities, CISA offers free cybersecurity products and services.

Cyber Hygiene Vulnerability Scanning

You can register for this service by emailing vulnerability@cisa.dhs.gov. Scanning will start within 3 days, and you’ll begin receiving reports within two weeks. Once initiated, this service is mostly automated and requires little direct interaction.

Cybersecurity Evaluation Tool (CSET)

This tool provides organizations with a structured and repeatable approach to assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems.

Checklist for implementing cybersecurity measures

This document outlines four goals for your organization:

Reducing the likelihood of a damaging cyber incident
Detecting malicious activity quickly
Responding effectively to confirmed incidents
Maximizing resilience.

Known Exploited Vulnerabilities (KEV) Catalog

The KEV Catalog enables you to identify known software security flaws. You can search for software used by your organization and, if it’s found, update it to the most recent version in accordance with the vendor’s instructions.

Malcolm network traffic analysis tool suite

Malcolm is comprised of several widely used open source tools, making it an attractive alternative to security solutions requiring paid licenses.

The tool accepts network traffic data in the form of full packet capture (PCAP) files and Zeek logs. Visibility into network communications is provided through two interfaces: OpenSearch Dashboards, a data visualization plugin with dozens of prebuilt dashboards providing an at-a-glance overview of network protocols; and Arkime, a tool for finding and identifying the network sessions comprising suspected security incidents. All communications with Malcolm, both from the user interface and from remote log forwarders, are secured with industry standard encryption protocols.

Malcolm operates as a cluster of Docker containers, isolated sandboxes which each serve a dedicated function of the system.

Open Source Intelligence Methods and Tools: A Practical Guide to Online Intelligence

Tags: CISA, CISO, Cybersecurity and Infrastructure Security Agency (CISA), How-to, Open source, Open source intelligence

Comments (0)

Aug 11 2022

New Open Source Tools Launched for Adversary Simulation

Category: Security Tools — DISC @ 8:37 am

The new open source tools are designed to help defense, identity and access management, and security operations center teams discover vulnerable network shares.

Network shares in Active Directory environments configured with excessive permissions pose serious risks to the enterprise in the form of data exposure, privilege escalation, and ransomware attacks. Two new open source adversary simulation tools PowerHuntShares and PowerHunt help enterprise defenders discover vulnerable network shares and manage the attack surface.

The tools will help defense, identity and access management (IAM), and security operations center (SOC) teams streamline share hunting and remediation of excessive SMB share permissions in Active Directory environments, NetSPI’s senior director Scott Sutherland wrote on the company blog. Sutherland developed these tools.

PowerHuntShares inventories, analyzes, and reports excessive privilege assigned to SMB shares on Active Directory domain joined computers. The PowerHuntShares tool addresses the risks of excessive share permissions in Active Directory environments that can lead to data exposure, privilege escalation, and ransomware attacks within enterprise environments.

“PowerHuntShares will inventory SMB share ACLs configured with ‘excessive privileges’ and highlight ‘high risk’ ACLs [access control lists],” Sutherland wrote.

PowerHunt, a modular threat hunting framework, identifies signs of compromise based on artifacts from common MITRE ATT&CK techniques and detects anomalies and outliers specific to the target environment. The tool automates the collection of artifacts at scale using PowerShell remoting and perform initial analysis.

Network shares configured with excessive permissions can be exploited in several ways. For example, ransomware can use excessive read permissions on shares to access sensitive data. Since passwords are commonly stored in cleartext, excessive read permissions can lead to remote attacks against databases and other servers if these passwords are uncovered. Excessive write access allows attackers to add, remove, modify, and encrypt files, such as writing a web shell or tampering with executable files to include a persistent backdoor.

“We can leverage Active Directory to help create an inventory of systems and shares,” Sutherland wrote. “Shares configured with excessive permissions can lead to remote code execution (RCE) in a variety of ways, remediation efforts can be expedited through simple data grouping techniques, and malicious share scanning can be detected with a few common event IDs and a little correlation (always easier said than done).”

Source: New Open Source Tools Launched for Adversary Simulation

The Tao of Open Source Intelligence

Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques

Tags: Adversary Simulation, Hunting Cyber Criminals:, Open source intelligence, open source tools

Comments (0)

Dec 04 2020