When looking for methods of execution in controlled environments, software components are an essential area of review. With the implementation of controls such as AppLocker, running arbitrary executables becomes more difficult. In most environments we test, AppLocker is now a common configuration implementation which serves to reduce the attack surface by defining the permitted locations an executable is allowed to run from.
Some industries have already migrated to a cloud centric view for daily operations, and this provides freedom for both the employer and the employees. Companies can now tap into global markets as geography no longer serves as a barrier and as mentioned in previous articles, ZeroTrust models continue to define how these remote identities are connected into the environment. From an employee perspective, this provides a greater breadth of opportunities that may not have been available a few years ago.
The adoption of cloud platforms and solutions has rapidly accelerated in the last year. Some of this adoption is naturally a result of the global pandemic pushing organisations to find ways to continue to operate and support the needs of the work force and customers. Cloud environment management and setup can be very different from traditional internal/external based infrastructure deployment and therefore careful planning and design consideration is key to building scalable, resilient, secure cloud environments.
In the last quantum cryptography blog post we looked at the popular BB84 protocol and discussed how it is, at least theoretically, a secure protocol.
This time we’ll see how, when put into practice, physical implementations of the protocol can introduce vulnerabilities that we can exploit to undermine the entire key exchange!
When testing these types of systems, vulnerabilities can be broken down into two broad classes:
Shadow IT increases your business' security risks and is invisible to you. It might not be covered on your asset lists, because your asset management lists are incomplete. It might have no assigned owner, either because it doesn't fit neatly into any business unit, or isn't related to any current operational priorities but hasn't been fully decommissioned yet. It might have been installed outside of usual processes, either without authorisation or because usual processes were overridden.
Encryption implementation issues are, in my experience, some of the most commonly reported findings during penetration tests. Whilst they may not always be quite as scary as seeing "SQL Injection" or "Stored Cross-Site Scripting" in a report, their ubiquity merits some discussion.
We broadly find the most often encountered issues fall under three categories:
- Outdated Encryption Protocol Support
- Certificate Issues
- Weak Cipher Suites
How are these three categories linked and what do they do to keep my data safe?
On 12 February 2021, Cyberis identified a weakness in the domain transfer processes of Gandi which allowed any Nominet registry domain (including .co.uk and org.uk domains) registered with Gandi to be transferred out of the owner’s control and into the control of an arbitrary AWS Route 53 account, without any authorisation being provided by the owner of the domain. Exploitation of this weakness did not result in the registrant details being modified in the Nominet registry, but once an adversary has taken control of a domain they are likely to be able to satisfy the checks in place that wo
In 2004, a ragtag fugitive fleet of CISOs created an international group working to define and promote the concept of de-perimeterisation, known as the Jericho Forum. Ten years on, after many valuable contributions to the security industry, it was declared a success and was finally sunsetted in October 2013. In the summer that followed, the UK Cyber Essentials scheme was launched – the Government-backed scheme designed to help organisations protect themselves against common online threats.
Since its inception, the Windows operating system has been a recognizable force within the IT industry and grew increasingly common throughout the 90's and 2000's. Features of the operating system have grown over the last 20 years in response to the changing needs within the industry and shifts in attitudes towards system management, user experience and scale.
Adversary simulation, simulated targeted attack, red teaming… Whatever you want to call it, a technical exercise that assesses your defences by simulating the tactics, techniques and procedures of a real attacker is of great value – especially when you want to understand how well your incident response plans hold out against attack.
Simulating the whole attack chain for most adversaries means that we are not just targeting technology – we are also targeting processes and people.