Apr 02 2024

Cloud Active Defense: Open-source cloud protection

Category: Cloud computing,Open Networkdisc7 @ 9:39 am

Cloud Active Defense is an open-source solution that integrates decoys into cloud infrastructure. It creates a dilemma for attackers: risk attacking and being detected immediately, or avoid the traps and reduce their effectiveness. Anyone, including small companies, can use it at no cost and start receiving high-signal alerts.

Where honeypots are good at detecting lateral movement once the initial application has been compromised, Cloud Active Defense brings the deception directly into that initial application.

“We do this by injecting decoys into HTTP responses. These decoys are invisible to regular users and very tempting to attackers. This creates a situation where attackers must constantly guess: is that a trap or an exploitation path? This guessing slows down the attack operation and can lead attackers to ignore valid attack vectors as they suspect them to be traps. Furthermore, since the application’s replies cannot be 100% trusted anymore, find-tuning your exploit payload becomes painful,” Cédric Hébert, CISO – Innovation at SAP and developer of Cloud Active Defense, told Help Net Security.

Future plans and download

“In the short term, we plan to make it easy to ingest the generated alerts to a SIEM system for faster response. We also plan to release code to make it simple to deploy on a Kubernetes cluster, where each application can be configured independently. In the mid-term, we want to work on proposing response strategies: surely, banning the IP address can be an option, but what we envision is, upon detection, to give the possibility to route the active session to a clone of the application where no more harm can be done,” Hebert concluded.

Cloud Active Defense is available for free on GitHub.

Must read:

Deep Dive: Exploring the Real-world Value of Open Source Intelligence

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Cloud Active Defense, Open source


Jan 19 2024

OSINVGPT – A Tool For Open-Source Investigations

Category: Security Toolsdisc7 @ 12:12 pm

OSINVGPT is an AI-based system that helps security analysts with open-source investigations and tool selection. While this tool was developed by “Very Simple Research.”

This tool can assist security analysts in gathering relevant information, sources, and tools for their investigations. It even helps researchers produce reports and summaries of their results. 

OSINVGPT is available on ChatGPT and is useful for security researchers as it saves both time and effort.

https://twitter.com/cyb_detective/status/1747654961201119559

Key Aspects

Here below, we have mentioned all the key aspects that OSINVGPT can do:-

  • Data Analysis
  • Interpretation
  • Guidance on Methodology
  • Case Studies
  • Examples
  • Document Analysis
  • Fact-Checking
  • Verification
  • Recommendations Based on External Sources
  • Ethical Considerations

OSINVGPT’s data analysis and interpretation involve examining information from diverse open sources to form readable narratives and address specific queries. At the same time, guidance is offered on conducting transparent and accurate open-source investigations. 

Detailed insights and suggestions are provided using real-world examples within the knowledge base. Appropriate data is analyzed and extracted from the uploaded documents for open-source investigations. 

To ensure investigation accuracy, assistance is given in fact-checking using open-source data. Recommendations based on external sources are provided for queries beyond the direct knowledge base, with a focus on ethical considerations in open-source investigations for responsible conduct.

Moreover, if you want, you can access the OSINVGPT tool from here for open-source investigation.

Related articles on Security Tools

Open Source Intelligence Methods and Tools: A Practical Guide to Online Intelligence

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Open source, OSINVGPT


Jul 21 2023

12 open-source penetration testing tools you might not know about

Category: Hacking,Pen Test,Security Toolsdisc7 @ 12:19 pm

Red Siege has developed and made available many open-source tools to help with your penetration testing work.

The company plans to continue to support the tools listed below, whether in the form of bug fixes or new features. Give them a try, they’re all available on GitHub for free.

“I find joy in writing code, turning it into a logic puzzle to create powerful software tools. The satisfaction of seeing my creations in action, like EyeWitness, brings a sense of pride and saves valuable time. Motivated by the possibility of filling a software gap, I open source my creations, hoping they’ll benefit others as they did for me,” Chris Truncer, Senior Security Consultant & Director of Training, Red Siege, told Help Net Security.

AutoFunkt

AutoFunkt is a Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles.

C2concealer

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

DigDug

Dig Dug works by appending words from a dictionary to an executable. This dictionary is appended repeatedly until the final desired size of the executable is reached. Some AV & EDR engines may measure entropy to determine if an executable is trustworthy for execution. Other vendors inspect executables for signs of null byte padding.

dumpCake

dumpCake will dump password authentication attempts to the SSH daemon. Every SSHD child process will get attached to and at the completetion of the process, the attempted passwords and connection logs will be dumped to the script.

EyeWitness

EyeWitness takes screenshots of websites, collects server header info, and identifies default credentials if possible. Saves a lot of time triaging web sites on large tests. This tool is very commonly used by penetration testers looking to sift through a long list of websites.

EDD – Enumerate Domain Data

Enumerate Domain Data is designed to be similar to PowerView but in .NET. PowerView is essentially the ultimate domain enumeration tool. This tool was largely put together by viewing implementations of different functionality across a wide range of existing projects and combining them into EDD.

GPPDeception

This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers. Blue teams can use this file as a honeyfile. By monitoring for access to the file, Blue Teams can detect pen testers or malicious actors scanning for GPP files containing usernames and cpasswords for lateral movment.

Just-Metadata

Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset. It is used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen.

ProxmarkWrapper

ProxmarkWrapper is a wrapper around the Proxmark3 client that will send a text alert (and/or email if warranted) if a RFID card is captured.

Wappybird

Wappybird is a ultithreaded Wappalyzer CLI tool to find web technologies, with optional CSV output. You can also provide a directory and all scraped data will be saved with a subfolder per host.

WMImplant

WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. WMImplant requires local administrator permissions on the targeted machine.

WMIOps

WMIOps is a powershell script that uses WMI to perform a variety of actions on hosts, local or remote, within a Windows environment. It’s designed primarily for use on penetration tests or red team engagements.

Security Controls Evaluation, Testing, and Assessment Handbook

InfoSec books | InfoSec tools | InfoSec services

Tags: Open source, Penetration Testing tools


Nov 23 2022

5 free resources from the Cybersecurity and Infrastructure Security Agency (CISA)

Category: Security ToolsDISC @ 10:55 am

The Cybersecurity and Infrastructure Security Agency (CISA) is an agency of the United States Department of Homeland Security. CISA is in charge of enhancing cybersecurity and infrastructure protection at all levels of government, coordinating cybersecurity initiatives with American U.S. states, and enhancing defenses against cyberattacks.

To assist businesses in enhancing their security capabilities, CISA offers free cybersecurity products and services.

Cyber Hygiene Vulnerability Scanning

You can register for this service by emailing vulnerability@cisa.dhs.gov. Scanning will start within 3 days, and you’ll begin receiving reports within two weeks. Once initiated, this service is mostly automated and requires little direct interaction.

cisa cybersecurity

Cybersecurity Evaluation Tool (CSET)

This tool provides organizations with a structured and repeatable approach to assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems.

CSET

Checklist for implementing cybersecurity measures

This document outlines four goals for your organization:

  • Reducing the likelihood of a damaging cyber incident
  • Detecting malicious activity quickly
  • Responding effectively to confirmed incidents
  • Maximizing resilience.
cisa cybersecurity

Known Exploited Vulnerabilities (KEV) Catalog

The KEV Catalog enables you to identify known software security flaws. You can search for software used by your organization and, if it’s found, update it to the most recent version in accordance with the vendor’s instructions.

cisa cybersecurity

Malcolm network traffic analysis tool suite

Malcolm is comprised of several widely used open source tools, making it an attractive alternative to security solutions requiring paid licenses.

The tool accepts network traffic data in the form of full packet capture (PCAP) files and Zeek logs. Visibility into network communications is provided through two interfaces: OpenSearch Dashboards, a data visualization plugin with dozens of prebuilt dashboards providing an at-a-glance overview of network protocols; and Arkime, a tool for finding and identifying the network sessions comprising suspected security incidents. All communications with Malcolm, both from the user interface and from remote log forwarders, are secured with industry standard encryption protocols.

Malcolm operates as a cluster of Docker containers, isolated sandboxes which each serve a dedicated function of the system.

Malcolm

CISA free resources

Open Source Intelligence Methods and Tools: A Practical Guide to Online Intelligence

Tags: CISA, CISO, Cybersecurity and Infrastructure Security Agency (CISA), How-to, Open source, Open source intelligence


Sep 06 2022

5 Vulnerability Scanner Tools that are Open Source and Free to Download

Category: Security vulnerabilitiesDISC @ 11:38 am

A list of free open source vulnerability scanners which developers and penetration testers can use to scan systems for vulnerabilities and potential malware.

A vulnerability assessment is an in-depth analysis of a network’s hardware, software, and other components to locate and fix potential security holes. Once identified, the software prioritizes security holes by how quickly they must be patched or mitigated. In most cases, the vulnerability scanning tool will also include guidance on how to fix or lessen the impact of any vulnerabilities it finds.

The results from vulnerability scanners can be used as a guide by security teams as they evaluate the safety of their network and take preventative measures.

Devs can use the following open-source vulnerability assessment tools to test their vulnerabilities for free.

Aqua Trivy

For developers to make informed decisions about which components to use in their applications and containers, open-source tools like Aqua Trivy can help them identify vulnerabilities and understand the associated risks. Trivy’s array of vulnerability scanners allows it to detect vulnerabilities in a wide variety of systems.

Static analysis of vulnerabilities in application containers is the focus of the Clair open-source project (currently including OCI and Docker).


Clients can index their container images via the Clair API and compare them to a database of known security flaws.

Tsunami

Tsunami is a flexible, plugin-based network security scanner designed to detect and scan critical vulnerabilities accurately.


Tsunami is scalable, runs quickly, and scans quietly.

Vaf

Vaf is a platform-independent web fuzzer that can quickly thread through requests, fuzz HTTP headers, and even act as a proxy.

Zed Attack Proxy ZAP

Under the OWASP banner, Zed Attack Proxy (ZAP) is developed and maintained as a free, open-source penetration testing tool and can be used as an effective vulnerability scanner.


ZAP is highly adaptable and extensible; it can even be deployed on a Raspberry Pi and is optimized for testing websites and deployed as a vulnerability scanner.

Tags: Open source, Vulnerability Scanner Tools


Aug 13 2021

Google open-sourced Allstar tool to secure GitHub repositories

Category: App Security,File Security,Security ToolsDISC @ 10:02 am

Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations.

Google has open-sourced the Allstar tool that can be used to secure GitHub projects by enforcing a set of security policies to prevent misconfiguration.

“Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to be able to continuously monitor and detect any GitHub setting or repository file contents that may be risky or do not follow security best practices.” reads the project description. “If Allstar finds a repository to be out of compliance, it will take an action such as create an issue or restore security settings.”

Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information

Tags: Open source


Dec 04 2020

Open source vulnerabilities go undetected for over four years

Category: Security vulnerabilitiesDISC @ 6:01 pm

GitHub has analyzed over 45,000 active directories and found that open source vulnerabilities often go undetected for more than four years.

Source: Open source vulnerabilities go undetected for over four years – Help Net Security



The State of Open Source Security Vulnerabilities
httpv://www.youtube.com/watch?v=cphgicw6dZI



Resources for Searching and Analyzing Online Information


Advanced Sciences and Technologies for Security Applications




Tags: Open source, Open source intelligence, Open source security


Mar 22 2016

Top 10 Open Source Web Testing Tools

Category: HackingDISC @ 12:59 pm

Top10

by Arif Majeed

Web Testing tools are used to find/identify bugs or errors in a website before it was launched officially for the public on the web. You can find many such tools on the web now a days some are also free.  Here is the list of the finest web testing tools available in the Open source market right now. These tools will not only help you identify the bugs/errors in your website before you launch it publicly but also save your time of finding the suitable Open source web testing tool.

 

The Grinder

The grinder is a Java load testing framework that makes it easy for you to run  disorganized testing with the help of many load injecting machines.
You can easily find this tools on web. The key features of this tool is Generic approach ( enables you to test anything that has a JAVA API) , Flexible scripting (Test scripts are written in the powerful Jython and Clojurelanguages) , Disrupted framework (allows you to control and monitor multiple load  injectors) and HTTP support (auto management of cookies and client connections).

Multi-Mechanize

This is an open source framework for performance and load-testing. Multi-Mechanize runs concurrent Python scripts to generate load (synthetic transactions) against a remote site or service. This Open-Source tool will help you to create programmatically test scripts to simulate virtual user activity. Afterwards it will generate HTTP requests to intelligently navigate a web site.

Capybara

If you want to simplify process of integration testing Capybara is the best solution for you. This open source tools helps to simulate how a actual user would get across with a web application. It is agnostic about the driver running your tests and comes with Rack::Test and Selenium support built in. WebKit is supported through an external gem.

JMeter

JMeter is an open source software which is specifically designed for testing functional behavior and measure performance. It is used to test performance on both static and dynamic resources such as ( PHP, Java, Files, Perl scripts, Data Bases and Queries, FTP Servers and others). It can be used to simulate a heavy load on a server, group of servers, network or object to test its strength or to analyze overall performance under different load types.

Selenium

Selenium is a suite which includes Selenium WebDrivers, Selenium IDE, Selenium Grid, Selenium Remote control which helps to test the web application. Selenium supports some of the largest web browsers like FireFox, IE,Safari,Opera,Chrome which allows you to record, edit, and debug tests. It is also the core technology in countless other browser automation tools, APIs and frameworks.

PYLOT

 This is a free open source tool for testing performance and scalability of web services. It runs HTTP load tests, which are useful for capacity planning, benchmarking, analysis, and system tuning. This tool is designed for the developers, performance engineers and testers. For the full utilization of this open source tool the developer or the performance tester should have  a good idea about HTTP, XML, and performance testing. Some features of Pylton are HTTP and HTTPS (SSL) support, execution or monitoring console, automatic cookie handling, response verification with regular expressions, cross-platform, real-time stats and more.

Webrat

Webrat is another open source tool which enables the developer to quickly write expressive and robust acceptance tests for a Ruby web application. It also supports frameworks like Merb, Rails and Sinatra. Webrat also supports the most popular test frameworks such as: Cucumber, RSpec, Test::Unit and Shoulda.

OpenSTA

Open System Testing Architecture (OpenSTA) is an open source tool which helps to perform scripted HTTP and HTTPS heavy load tests with performance measurements from Win32 platforms. The OpenSTA tools are designed for performance testing consultants or other technically proficient individuals. Results and statistics are collected during test runs by a variety of automatic and user controlled mechanisms. These can include scripted timers, SNMP data, Windows Performance Monitor stats and HTTP results & timings. The tools is free of cost because it is licensed under GPL (General Public License).

Webload

The WebLOAD Open Source Load Generation Engine is an open source project sponsored by RadView Software. This project is intended for ISVs, SIs and software developers who need to integrate a professional load generation engine into their applications.

 

EH TOOLS 

 






Tags: Open source, web hacking


May 24 2011

Learn to secure Web sites built on open source CMSs

Category: App Security,Information SecurityDISC @ 9:26 pm

CMS Security Handbook: The Comprehensive Guide for WordPress, Joomla, Drupal, and Plone

Open Source Software certainly does have the potential to be more secure than its closed source counterpart. But make no mistake, simply being open source is no guarantee of security.

Learn how to secure Web sites built on open source CMSs (Content Management Systems)

Web sites built on Joomla!, WordPress, Drupal, or Plone face some unique security threats. If you’re responsible for one of them, this comprehensive security guide, the first of its kind, offers detailed guidance to help you prevent attacks, develop secure CMS-site operations, and restore your site if an attack does occur. You’ll learn a strong, foundational approach to CMS operations and security from an expert in the field.

• More and more Web sites are being built on open source CMSs, making them a popular target, thus making you vulnerable to new forms of attack
• This is the first comprehensive guide focused on securing the most common CMS platforms: Joomla!, WordPress, Drupal, and Plone
• Provides the tools for integrating the Web site into business operations, building a security protocol, and developing a disaster recovery plan
• Covers hosting, installation security issues, hardening servers against attack, establishing a contingency plan, patching processes, log review, hack recovery, wireless considerations, and infosec policy
CMS Security Handbook is an essential reference for anyone responsible for a Web site built on an open source CMS.




Tags: CMS, Drupal, Joomla, Open source, Plone, web security, WordPress


Jun 04 2009

Virtualization and compliance

Category: Cloud computing,VirtualizationDISC @ 1:04 am

Virtualization madness
Image by lodev via Flickr

The core technology utilized in the cloud computing is virtualization. Some organization may not want to jump into cloud computing because of inherent risks can take a shot at virtualization in their data centers. Virtualization can be utilized to reduce hardware cost and utility cost. Organization that might have 100 servers can consolidate into 10, where each physical machine will support 10 virtual systems will not only reduce the size of data center, but also hardware cost, and huge utility bill savings.

Virtualization was being utilized to increase efficiency and cost saving, which is now turning into centralized management initiative for many organizations. In centralized management patches, viruses and spam filter and new policies can be pushed to end points from central management console. Policies can be utilized to impose lock out period, USB filtering and initiate backup routines, where policies can take effect immediately or next time when user check in with the server.

The way virtualization works is OS sits on an open source hypervisor which provides 100% hardware abstractions where drivers become irrelevant. With OS image backed up at management console, which allows virtualization technology a seamless failover and high availability for desktop and servers.

As I mentioned earlier, virtualization allows enforcing of policies on end points (desktops). As we know compliance drive security agenda. If these policies are granular enough which can be map to existing regulations and standards (SOX, PCI and HIPAA) then virtualization solution can be utilized to implement compliance controls to endpoints. It is quite alright if the mapping is not 100% that is where the compensating controls come into play. The compliance to these various regulations and standards is not a onetime process. As a matter of fact standard and regulation change over time due to different threats and requirements. True security requires nonstop assessment, remediation’s and policy changes as needed.

Reblog this post [with Zemanta]




Tags: Cloud computing, Data center, Health Insurance Portability and Accountability Act, hipaa, Hypervisor, Open source, PCI, Security, sox, Virtualization