Assess Your Risks and Resources: A Holistic Examination

The inception of a robust incident recovery and remediation plan starts with a comprehensive assessment of risks and resources. Beyond merely identifying threats such as ransomware, phishing, or denial-of-service attacks, delve into the depths of your current security posture. Evaluate the efficacy of detection and response tools, existing policies, procedures, and the skill set of your cybersecurity staff. This multifaceted evaluation becomes the guiding compass, enabling organizations to prioritize actions judiciously and allocate resources efficiently.

Define Your Objectives and Metrics: A Strategic Vision

The journey to a resilient incident recovery and remediation plan requires a well-defined vision. This involves establishing clear objectives and metrics to measure success. Go beyond generic goals and embrace the SMART approach (Specific, Measurable, Achievable, Relevant, Time-bound). By setting Key Performance Indicators (KPIs), organizations can quantifiably track progress, ensuring a strategic alignment of efforts and outcomes.

Develop Your Plan and Strategy: Blueprinting Resilience

As the plan takes shape, attention shifts to the development phase. This involves outlining the intricate details of roles and responsibilities, communication channels, escalation and reporting procedures, and meticulous documentation methods. What emerges is a blueprint that defines the specific actions to be taken in response to varied incidents. From isolating affected systems to restoring backups and patching vulnerabilities, each step is a strategic move in the larger chessboard of incident recovery.

Test and Update Your Plan and Strategy: The Crucible of Resilience

A resilient incident recovery plan is one that has weathered the crucible of testing. Regular simulations and exercises become the testing grounds, revealing the plan’s readiness and resilience. This is not just a formality but a critical step to identify weaknesses and gaps. The post-test phase becomes equally crucial, demanding a meticulous review and update of the plan. Insights from real incidents and best practices feed into this iterative process, enhancing efficiency and adaptability.

Train and Educate Your Team and Stakeholders: Empowering the Frontlines

The success of an incident recovery and remediation plan rests on the shoulders of the team executing it. Hence, the focus shifts to training and education. It’s not just about imparting skills; it’s about instilling a sense of awareness and commitment. Team members need to internalize policies and procedures. Simultaneously, stakeholders – customers, partners, regulators – become integral parts of this educational journey, understanding the plan’s benefits and the expectations surrounding incident recovery and remediation efforts.

Evaluate and Optimize Costs and Benefits: Strategic Investment

In the ever-evolving landscape of cybersecurity, a cost-effective incident recovery and remediation plan is not just an expense; it’s a strategic investment. Organizations must meticulously evaluate the return on investment (ROI), considering both tangible and intangible benefits. Beyond the immediate costs, the plan’s impact on reputation, trust, and loyalty comes into play. Legal and regulatory risks also undergo scrutiny. This step becomes an opportunity to optimize costs and benefits, exploring avenues such as automation, outsourcing, and leveraging cloud services.

Conclusion: Forging a Resilient Future

In conclusion, the creation of a cost-effective incident recovery and remediation plan is not a one-time endeavor but an ongoing commitment to organizational resilience. Each step is a strategic move, contributing to the overarching goal of fortifying the organization against cyber threats. As the cybersecurity landscape evolves, so must the incident recovery plan – a living document that adapts, learns, and grows stronger with each challenge.

The post Crafting an Effective Incident Recovery and Remediation Plan: A Strategic Blueprint appeared first on Scan For Security.

This begs the question: What if Let’s Encrypt’s servers temporarily stop working? I don’t want to think about the possible causes of failure. But it is advisable to provide a fallback. That is the same convenient automated free certification center.

Fortunately, there are fallbacks. At least two. The same free automated CAs (Certificate Authorities) modeled on Let’s Encrypt.

ACME Protocol

All communications with Let’s Encrypt take place using the ACME (Automated Certificate Management Environment) protocol. It is an open protocol for automating interactions with CAs. There is nothing specific to Let’s Encrypt, it is supported by several other CAs.

Now is the moment when more and more CAs are starting to work through ACME. This means that almost all of our tools, scripts, and processes for obtaining certificates from Let’s Encrypt will work fine with other CAs that support ACME.

To rebuild to another CA, you just need to change the API address in the configured scripts from https://acme-v02.api.letsencrypt.org/directory (Let’s Encrypt) to https://api.buypass.com/acme/directory (BuyPass , see below about it) or some other.

We need a CA that meets two criteria:

• supports ACME,
• issues free SSL/TLS certificates.

These criteria are met by a Norwegian CA called BuyPass.

The free service is called BuyPass Go SSL: automatic issuance and renewal of certificates + ACME support. What you need.

The whitepaper explains how to set up obtaining and renewing a certificate using Certbot, an official client from the Electronic Frontier Foundation to work with Let’s Encrypt or any other CA that supports the ACME protocol.

Registration at the CA and obtaining a certificate in BuyPass is elementary, as in the case of Let’s Encrypt, there is no difference here.

Registration with your email address for notifications (‘YOUR_EMAIL’) and agree to the terms of use (–agree-tos):

root@acme:~# certbot register -m 'YOUR_EMAIL' --agree-tos --server 'https://api.buypass.com/acme/directory' 

Obtaining a certificate:

root@acme:~# certbot certonly --webroot -w /var/www/example.com/public_html/ -d example.com -d www.example.com --server 'https://api.buypass.com/acme/directory' 

Subsequently, other Certbot commands are used as needed to revoke a certificate (revoke), renew expired certificates (renew), and delete a certificate (delete).

It is recommended to put the renewal command in cron and run it automatically to check expired certificates just in case. For example, like this:

#Cron-job scheduled under root to run every 12th hour at a specified minute (eg. 23, change this to your preference) 23 */12 * * * /opt/certbot/certbot-auto renew -n -q >> /var/log/certbot-auto-renewal.log 

BuyPass has some limits on ACME. The main limit is the number of certificates for a registered domain (20 per week). This refers to the part of the domain that is purchased from the domain name registrar.

That is, this is the limit for all subdomains in total. Another limit is 5 duplicates per week. This is the limit of certificates for each specific subdomain. There are limits on validation errors – 5 per account, per host, and per hour.

Limit of requests to endpoints new-reg, new-authz, and new-cert: 20 per second. / Directory request limit: 40 per second.

A maximum number of pending authorizations: 300.

Instead of Certbot, you can use another acme.sh client, which is also initially configured for Let’s Encrypt, but easily directed to another CA with ACME support.

./acme.sh --issue --dns dns_cf -d example.com --server "https://api.buypass.com/acme/directory" 

ZeroSSL

Another CA that issues free 90-day certificates under the ACME protocol is the Austrian ZeroSSL.

The aforementioned acme.sh program has ZeroSSL support, so it is very easy to register:

acme.sh --register-account -m foo@bar.com --server zerossl 

Next, one command to generate a certificate:

acme.sh --issue --dns dns_cf -d example.com --server zerossl 

There are no limits on API calls. There are other advantages: this CA provides free certificates not only for 90 days but also for 1 year, there are a web dashboard and technical support.

By the way, ZeroSSL generates certificates even through a web interface, step by step with domain verification by email. But, of course, this method is not suitable for automation.

Other ACME servers

It will also be useful to add to your favorites or write down a list of all known ACME servers somewhere. There are still a few of them, but the number is constantly growing.

So that if something happens, you can always quickly solve the problem with a trusted certificate.

Conclusion

Let’s Encrypt is an outstanding organization doing a great job. But it’s dangerous to put all your eggs in one basket. The more the CA works under the ACME protocol and distributes free certificates in automatic mode, the more diverse and reliable the ecosystem as a whole.

Let’s Encrypt may experience downtime, or it may temporarily suspend its activity – and then Buypass and ZeroSSL will come to hedge.

Having these fallbacks ultimately increases the credibility of Let’s Encrypt itself because it’s no longer a single point of failure. And changing the CA for ACME is a matter of a few seconds.

The post Alternatives for Let’s Encrypt – Free Automatic CAs appeared first on Scan For Security.

Sometimes protocols become popular despite their technical shortcomings, simply because of aggressive promotion by a large company.

It happens, and vice versa, the protocol of independent developers solves such an urgent problem for some part of the users that it is quickly gaining popularity on its own. This happened with OpenVPN or WireGuard.

Some protocols are losing popularity. Some never become widely known, sometimes deservedly, sometimes not. In this article, we will talk about several of these protocols.

PPTP

PPTP (Point to Point Tunneling Protocol) has been in the background quite rightly. I would like to believe that young readers have not come across him anymore, but ten years ago he was a textbook example of an undeservedly popular protocol.

Its popularity was ensured by the monopoly of its developer – Microsoft Corporation. From the mid-nineties to the late 2000s, the vast majority of client devices were Windows computers. Obviously, the presence of a built-in client in Windows automatically made the protocol at least common.

Microsoft wouldn’t be itself if it didn’t take advantage of this to maintain and strengthen its monopoly position. PPTP used standard PPP and GRE for data transfer, but a non-standard, proprietary set of protocols was used for authentication and encryption: MPPE (Microsoft Point-to-Point Encryption) and MS-CHAP.

Because of this, free implementations of both the client and the PPTP server were at one time as sore subject as GIF and MP3. Then the patents expired, poptop for Linux and MPD for FreeBSD became popular alternatives to proprietary products.

However, warnings about the security issues of homemade cryptography were not groundless. The strengths of MMPE and MS-CHAP have been declining several times, and in 2012 the protocol was finally discredited: researchers proved that the strength of MS-CHAP-v2 is no better than DES.

After that, it became impossible to perceive PPTP as a secure protocol, and it quickly lost its last remnants of popularity.

Should you use PPTP?
Obviously strongly discouraged.

SSTP

SSTP (Secure Socket Tunneling Protocol) is Microsoft’s second attempt to create its own VPN protocol. This time they did not invent their own cryptographic algorithms but used standard SSL / TLS. They also no longer interfere with the creation of free implementations.

SSTP is PPP over HTTPS. The obvious advantage is that it perfectly passes through NAT and theoretically even through a proxy. The advantage is far from unique, OpenVPN was able to work on top of TCP / 443 long before that.

OpenVPN, however, does not just use UDP by default, not TCP. Tunnels over TCP have serious performance problems – they can be tens of times slower on the same hardware.

Windows obviously has a built-in client – starting with Windows Vista. For Linux, there are client implementations and plugins for NetworkManager. There are also third-party clients for macOS such as EasySSTP. For mobile devices, you will also have to search and install third-party applications.

If you need to deploy an SSTP server, accel-pppd and SoftEther support it from free projects.

Should you use SSTP?
Unless if forced by corporate policy.

SOFTETHER

SoftEther is a multi-protocol VPN server similar to MPD or accel-ppp. It supports L2TP / IPsec, PPTP, SSTP, OpenVPN and the non-standard SoftEther protocol of the same name. This is a fairly young project, its first version was released in 2014.

SoftEther protocol is Ethernet over HTTPS. Since standard SSL is responsible for encryption and authentication, security is not a big issue.

The authors claim performance is ten times higher than OpenVPN. It’s hard to believe, but I have no opportunity to verify their statements. The client is only for Linux and Windows, so other platforms will have to use different protocols.

Should you use SoftEther?
If the authors’ performance claims are correct, it might be worth it.

OPENCONNECT

The term SSL VPN without context is a common term but completely meaningless. “Supports SSL VPN” can mean both SSTP and OpenVPN and many incompatible proprietary protocols.

Almost every vendor has its own protocol. For example, Cisco AnyConnect, Juniper Pulse Connect, Palo Alto GlobalProtect.

If an organization has the widespread use of a client for such a protocol, it can be very difficult to change the equipment of a VPN concentrator – which is what vendors are trying to achieve.

The free OpenConnect project provides server and client implementations for the Cisco, Juniper, and Palo Alto protocols. The OpenConnect client runs on Windows and a variety of UNIX-like systems: not only Linux and macOS but also BSD systems and even Solaris.

OCServ can save an organization a lot of money because proprietary implementations often license these protocols per user.

Should you use OpenConnect?
If your organization has implemented one of these protocols and is now itself not happy – absolutely. Since none of these protocols are protected by patents (and there is nothing much to patent in them), the only real risk to the project’s existence is the lawsuits over trademarks.

There are no registered trademarks in the name of the project, so the risk is low. In addition, the project has existed since 2009, and until now none of the vendors have sued the authors.

VARIATIONS ON THE IPSEC TOPIC

It would seem that IPsec is the most standardized protocol of all, and all network equipment vendors support it. But with a standardized protocol, you can’t lure users into the vendor lock-in trap, so proprietary variations of IPsec are regularly invented.

Sometimes they solve a very real problem that is difficult to solve with pure IPsec.

For example, Cisco GETVPN (Group Encrypted Transport) simplifies the deployment of a secure network for MPLS users, since MPLS itself does not provide any protection against traffic interception.

In other cases, as with EZVPN, vendors try to bribe users with the relative ease of configuration compared to “normal” IPsec.

Should you use proprietary IPsec variations?
If the prospect of forever remaining tied to one supplier does not scare you … In the case of EZVPN, for example, some devices support only the server, and some only support the client, so the choice may also be limited to a specific model.

TINC

Most VPN protocols are point-to-point or star-based. Mesh networks are still quite an exotic scenario. Nevertheless, protocols for these purposes exist and are being developed.

The TINC project has been in development since 1998. This means it is older than OpenVPN, which released its first version in 2001. It supports Windows and all UNIX-like operating systems but does not have a version for mobile operating systems.

The main feature is the automatic creation of a mesh network. Even if there are many nodes in the network, traffic between them will be transmitted directly, rather than through a central server.

This could make TINC a working alternative to Dynamic Multi-Point VPN and the mentioned GETVPN for corporate networks. Well, or it could if network equipment vendors and popular free network operating systems supported it.

Should you use TINC?
At least it will be interesting to experiment for sure.

Conclusion

There are a lot of VPN protocols in the world. Even if you prefer to use only the most popular, it is useful to know about others – the choice will be more informed.

The post Exploring alternative VPN protocols appeared first on Scan For Security.

According to Krebs, the attacks began in mid-November this year. The first to report the problem was employees of the liquid.com cryptocurrency exchange.

Then a similar problem was discovered at NiceHash. The company’s domain settings at GoDaddy were changed, causing traffic and email to be temporarily redirected to a different location. NiceHash was forced to freeze all client funds for about 24 hours until the domain settings were reverted to their original settings.

Krebs writes NiceHash’s mail service has been redirected to privateemail.com, an email platform operated by another major registrar, Namecheap Inc. Using Farsight Security, a service that displays changes to domain name records, Krebs figured out that several other cryptocurrency platforms could have fallen victim to the same criminal group.

Thus, similar attacks seem to have suffered: Bibox.com, Celsius. network, and Wirex. app. None of these companies reported any incidents.

The NiceHash founder wrote that unauthorized changes were made from the GoDaddy internet address, and the attackers tried to use the gained access to incoming NiceHash emails to reset passwords on various third-party services, including Slack and Github.

However, the company said in a statement that the hackers did not gain access to any important service and did not steal any information.

However, the company said in a statement that the hackers did not gain access to any important service and did not steal any information.

At the same time, it was not possible to quickly contact GoDaddy, because it was then that a serious failure occurred in the registrar’s work, due to which e-mail and phones did not answer.

Unfortunately, GoDaddy representatives have already confirmed that several of their employees did indeed fall victim to social engineering. The exact number of compromised employees was not disclosed. GoDaddy said a security audit revealed unauthorized changes to some of the company’s customer accounts.

The post Cryptocurrency-Related Domain Names Hijacked by Phishing GoDaddy’s Registrar Employees appeared first on Scan For Security.

SOC 2 compliance is a crucial framework for technology and cloud computing companies. SOC 2 is a compliance framework for data privacy and security developed by the American Institute of CPAs (AICPA).

Its goal is to make sure that systems are set up so they assure security, availability, processing integrity, confidentiality, and privacy of customer data. SOC 2 is both a technical audit and a requirement that comprehensive information security policies and procedures be written and followed.

An example would be that our service is available when needed and that personal information passing through it is maintained confidential at all times.

Many of the security aspects SOC 2 addresses involves external interactions that could affect internal or customer data security. The AICPA developed SOC 2 as a way to encourage the implementation and oversight of proper security procedures.

Similar to other security guidelines, SOC 2 outlines a basic structure for security measures, but then allows companies to customize those basic measures to their needs.

Organizations that provide tech services and systems to third parties should be familiar with SOC 2. Service organizations are usually required to pass a SOC 2 audit in order to partner with or provide services to other companies. The framework is designed to ensure that relevant organizations, such as Cloud computing providers and software-as-a-service companies, process information securely.

Penetration testing is primarily used to test control effectiveness in SOC 2 Type II audits and required to pass the compliance checks.

Why is SOC 2 compliance important?

The most obvious answer is that SOC 2 compliance demonstrates that your organization maintains a high level of information security.

The rigorous compliance requirements, which are put to the test in an on-site audit, ensure that sensitive information is being handled responsibly. Organizations that implement the necessary controls are therefore less likely to suffer data breaches or violate users’ privacy.

This protects the organization from the negative effects of breaches, such as regulatory action and reputational damage, and gives them a competitive advantage.

SOC 2-compliant organizations can use this fact to prove to customers that they’re committed to information security, which in turn will create new business opportunities.

How are SOC 1 and SOC 2 different?

Depending on the service or system you provide, third parties might ask whether you’re SOC 1 or SOC 2 compliant. 

You might think that SOC 2 is an updated version of SOC 1, but they are actually two different frameworks. You might be required to complete one SOC audit or both. 

SOC 1 is less common and applies when you host financial information that could affect third parties’ financial reporting. 

SOC 2 applies to all other types of sensitive information related to the third party. If you don’t host financial data, this is the only compliance audit you should complete. 

By contrast, if you only host financial information, you don’t need to complete SOC 2. 

Organizations that host both types of data will need to complete both compliance audits.

What is a SOC 2 audit?

A SOC 2 audit provides an in-depth assessment of an organization’s: 

• Security; 
• Availability; 
• Processing integrity; 
• Confidentiality; and/or 
• Privacy controls. 

SOC is broken down in many ways. There is SOC 1, 2, and 3 – which all contain slightly different requirements – but even within SOC 2, which we’re focusing on here, there are two types of certification.

Type 1 involves passing the SOC 2 audit and proving that your policies, procedures, and technologies adhere to the framework’s requirements at that time.

Type 2 involves ongoing compliance with SOC 2 and a thorough audit process that tests the real-world application of your policies, processes, and technologies.

Type 1 or Type 2?

SOC 2 has 2 different types like SOC1. Type 1 reports cover the description of systems and suitability of design of controls (Known as criteria in SOC terminology) whereas type 2 reports have everything in type 1 reports
and the effectiveness of the controls over a period of time. Type 2 SOC 2 reports are considered more useful since the auditor verifies that the controls work in an appropriate manner over a period of time.

What does a SOC 2 audit report contain?

The audit report is more than just a list of findings and a checklist of compliance requirements. SOC 2 allows plenty of room for interpretation, because every organisation will have its own requirements based on the way it operates. 

As such, the audit report should provide: 

• An opinion letter,
• Management assertion,
• A detailed description of the system or service,
• Details of the selected trust services categories,
• Tests of controls and the results of testing.

What does SOC 2 certification cover?

To achieve SOC 2 certification, organisations must implement controls on:

System monitoring

Organisations must always monitor their information systems, keeping track of who is accessing sensitive information and what changes they are making to it.

This process should include the adoption of access controls, which ensure that only approved users can open sensitive information. A sophisticated access control management system will contain layers of controls that ensure employees can only view information that’s relevant to their job.

This not only reduces the risk posed by malicious insiders but also mitigates the damage should a cyber criminal gain unauthorised access to an account. As such, access controls provide an extra level of security in the event that employees choose weak passwords or expose their credentials in a phishing scam.

Data breach alerts

No matter how sophisticated your cyber security defences are, you will suffer a data breach sooner or later, because there are simply too many attackers and too many vulnerabilities.

When a security event occurs, you need a system that will alert you of the threat. This doesn’t just refer to unauthorised access, but also to suspicious file transfers or changes to sensitive data.

These are particularly important to look out for when it comes to threats such as spear phishing, where an attacker poses as a senior employee or third party and requests that a lower-level employee sends them a certain file.

The organisation in question hasn’t technically been breached – the attack is nothing more than an email from an illegitimate address – but when the employee complies with the request, a serious incident has occurred.

Audit procedures

Organisations must adopt a rigorous audit procedure to ensure they keep detailed records of the way personal information and other sensitive data is used.

It’s only by doing this that you can trace the source of a data breach and determine the full extent of the damage.

Forensics

The final aspect of SOC 2 compliance concerns the way you respond to threats. This covers the steps you take to identify the full extent of the breach, understand how the incident occurred and prevent further damage.

Having such forensics systems in place gives you the assurance that incidents will be handled promptly, ensuring that a bad situation doesn’t get any worse.

What does SOC 2 require?

First and foremost, SOC 2 requires that you develop security policies and procedures. These need to be written out and followed, and auditors can and will ask to review them.

The policies and procedures should encompass: security, availability, processing integrity, confidentiality, and privacy of data stored in the cloud.

What must I monitor for SOC 2?

Meeting SOC 2 compliance means establishing a process and practices that guarantee oversight across your organization. Specifically, you want to be monitoring for any unusual, unauthorized, or suspicious activity. Often this takes place at the level of system configuration and user access.

You need to be able to monitor for both known malicious activity (like a common phishing scheme or obviously inappropriate access) and unknown malicious activity (like a zero-day threat or a new type of misuse).

To find these “unknowns,” you must establish a baseline of normal activity in your cloud environment, because this will make it clear when abnormal activity takes place. The best way to do this is with a continuous security monitoring service.

What kind of alerts must I set up?

To ensure that you are meeting SOC 2 requirements, you must receive alerts whenever unauthorized access to customer data occurs. If you do not receive these alerts in time, you may not be able to respond and take corrective action in a timely fashion.

To combat false alarms and increase the signal to noise ratio, you need a system that only sounds the alarm when activity strays outside of what is normal for your environment.

SOC 2 in particular requires that you set up alerts for:

• Exposure or modification of data, controls, configurations
• File transfer activities
• Privileged filesystem, account, or login access

Make sure your organization is clear on what constitutes a threat indicator for your environment and risk profile, and then fine-tune your alerts so you know when something significant happens and you can move quickly to preserve the integrity of your data.

Is AWS SOC 2 compliant?

If you’re running in AWS, as the majority of cloud-based organizations are, then you’re probably wondering whether AWS meets SOC 2 compliance. The short answer is Yes. If you’d like to review it yourself (trust, but verify), customers can access the AWS SOC 2 report here.

Is Microsoft Azure SOC 2 compliant?

Similar to AWS, Microsoft Azure passes compliance checks as well and based on their reports which they provide frequently, they can guarantee sufficient security level to their clients as well as Amazon.

Conclusion

Like other types of compliance checks, SOC 2 must guarantee potential users and clients of services or companies a sufficient level of information security and protection from possible data leaks, in addition, guaranteeing the availability of the service and the integrity of information.

Companies that pass this type of checks are always in great demand for their services due to the guarantees provided that the risks are minimized.

The post What is SOC 2 compliance appeared first on Scan For Security.

Brute force attacks can also be used to discover hidden pages and content in a web application. This attack is basically “a hit and try” until you succeed. This attack sometimes takes longer, but its success rate is higher.

Basically, any directory brute-forcing attack is based on a couple of parameters:

1. Response code,
2. Response length.

To start brute-forcing we need to send a request. So in most cases, it will be a simple GET request, but to obtain responses much faster then we’ll need somehow to cut the body, and this way it will be useful to switch for HEAD request. If we don’t need a body it will reduce response size and time, so we can see results faster. Let’s see some interesting and useful tools which can help us to get information about sensitive directories and files on a remote machine.

Dir Buster

DirBuster is a multi-threaded java application designed to brute force directories and files names on web/application servers. DirBuster comes with a total of 9 different lists; this makes DirBuster extremely effective at finding those hidden files and directories.

How to run:

DirB

DirB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary-based attack against a web server and analyzing the response. DirB main purpose is to help in professional web application auditing.

The tool “Dirb” is in-built in Kali Linux, therefore, Open the terminal and type the following command to start a brute force directory attack.

How to run:

$ dirb http://192.168.1.1/dvwa 

WFuzz

Wfuzz is a tool designed for brute-forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), brute-force GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP, etc), brute force Forms parameters (User/Password), Fuzzing, etc.

How to use:

$ wfuzz -c -W /usr/share/wfuzz/wordlist/dir/common.txt --hc 400,404,403 http://192.168.1.1/dvwa/FUZZ

Metasploit: HTTP Directory Scanner

This module identifies the existence of interesting directories in a given directory path.

> use auxiliary/scanner/http/dir_scanner   
msf auxiliary(dir_scanner) > set dictionary /usr/share/wordlists/dirb/common.txt
msf auxiliary(dir_scanner) > set rhosts 192.168.1.5
msf auxiliary(dir_scanner) > set path /dvwa
msf auxiliary(dir_scanner) >exploit 

Dirsearch

Dirsearch is a simple command line tool designed to brute force directories and files in websites. This tool is available at GitHub you can download it from here and after installation in your Kali Linux type following to start dirsearch.

 ./dirsearch.py –u http://192.18.1.1/ -e php -f -x 400,403,404 

Conclusions

Based on this article, we can come to the conclusion that nowadays there are a lot of tools that can help in finding hidden directories and sensitive files.

Despite the fact that the process of searching for such security problems at first glance seems simple, it is not uncommon to find backup files, source files with logins and passwords, git files, and many other interesting things.

A noteworthy point is that most of the tools use the method of sending HEAD requests and with the help of this method the process is accelerated, since part of the body in the answer is completely excluded.

The post Directory bruteforce and sensitive files discovery appeared first on Scan For Security.

According to the company, unknown hackers have already launched about 7,500,000 attacks on more than 1,500,000 sites in an effort to find potentially vulnerable resources. These attacks are reported to originate from 18,000 different IP addresses.

While vulnerabilities in themes using the Epsilon Framework can lead to a complete takeover of a site, and exploit chaining results in Remote Arbitrary Code Execution (RCE), the current attacks are just probing the ground.

Many WordPress themes using the Epsilon Framework are vulnerable to these attacks. The researchers provide the following list of themes and versions:

Below you can see the list of vulnerable WordPress themes:

Shapely (1.2.7);
NewsMag (2.4.1);
Activello (1.4.0);
Illdy (2.1.4);
Allegiant (1.2.2);
Newspaper X (1.3.1);
Pixova Lite (2.0.5);
Brilliance (1.2.7);
MedZone Lite (1.2.4);
Regina Lite (2.0.4);
Transcend (1.1.8);
Affluent (1.1.0);
Bonkers (1.0.4);
Antreas (1.0.2);
NatureMag Lite (1.0.5).

Owners and administrators of sites running vulnerable versions of the listed themes are advised to immediately update them to a fixed version, if available. If there is no patch, you should switch to a different theme as soon as possible.

The post Unknowns attack WordPress sites using the Epsilon Framework appeared first on Scan For Security.

This makes Python one of the most sought-after languages among employers and is used by almost all the leading IT companies in the world.

SkillShare

• For beginners
• A great introduction to the language
• Very informative

There are several Python courses for beginners at Skillshare, but the most comprehensive one is Programming in Python for Beginners. It is designed for those who are still a complete zero in programming. A tutor will help you set up a Python development environment on Windows, and then tell you about the basic language constructs and when to use them.

The course includes over 70 lessons, which will take 11 hours in total. They cover arithmetic, logical and comparison operators, as well as the use of lists, collections, tuples, dictionaries, there is useful material on functions – it analyzes common mistakes and how to avoid them.

There are more advanced topics like evaluating code performance. Every few lessons, exercises are given to consolidating theoretical knowledge in practice. The tutor actively communicates with the students, answers questions, and gives feedback on assignments. Start at SkillShare

Udemy

• For continuing
• Suitable for programmers
• More than 250 videos
• Application development

Udemy also offers a large selection of very smart courses. For those who already speak the language a little, The Python Mega Course: Build 10 Real World Applications is perfect.

This is a course on developing 10 mobile, desktop, and web applications in Python that are really applicable in practice – from applications for recognizing moving objects through a webcam and working with databases to a dashboard for data visualization.

The course contains 33 sections, which include more than 250 videos. The first 8 sections are devoted to the basics of Python, 4 more – more advanced topics, and then the material begins directly on creating 10 applications.

Before some of them, one or two sections are set aside for consideration of the important components of the subsequent appendix. Exercises and small tests are attached to the video lessons, you can also ask the lecturer questions. The Visual Studio Code editor is used.

On Udemy, you can pay for a course once and get lifetime access to it. The authors are constantly updating the content, so when buying a subscription, all updates will be available to the user for free.

Udemy has a great player: you can not only change the speed of videos but also bookmark them. The player also shows places that are often bookmarked by other students. You can include subtitles (more than 10 languages), there are auto-scrolling scripts for video lessons, and a mobile application through which you can download lectures. Start with Udemy.

LinkedIn Learning

• For busy
• Quick
• Good explanations
• Introduction to programming

There are a lot of professional development courses on this site, one of them is Advance your career with Python. It is aimed at those who are limited in time and want to quickly learn the basics of Python.

For work, its distribution kit Anaconda and Jupyter Notebook are used. The author dwells on all the key components of the language, the lessons are held at a comfortable pace and are well illustrated.

Another plus of the course is that unlike many introductory “express courses”, in each lesson, the lecturer first explains the construction and how it is used, and only then proceeds to write the code. The course ends with a short introduction to object-oriented programming.

In the player, you can turn on subtitles and watch video tutorial scripts. A LinkedIn Learning subscription costs $ 29.99 / month or $ 19.99 / month. If you buy for a year, the first month is free. Begin with LinkedIn.

Coursera

• For students studying computer science
• To improve your Python skills
• Studying computer science
• Scripts and subtitles

Coursera is another well-known online platform. There is a good Principles of Computing course (in two parts) to further develop your Python programming skills from Rice University.

The course is part of a set of 7 courses Fundamentals of Computing Specialization to study the basics of computer computing. Lessons last several weeks, each with several video lectures, readings, practice exercises, homework assignments, and quizzes.

The program is led by three CS teachers who write TechRadar, which will help students improve their skills in Python and teach them to think like professionals in this field. The course gives the basics of the principles of computing processes, programming, mathematical principles that you need to know and apply to solve complex problems, as well as write quality code.

A video player with subtitles and scripts is at the disposal of users. While watching lectures, you can make notes, and you can also download them in mp4 format along with scripts and subtitles.

Courses can be taken free of charge, those wishing to receive a certificate will need a subscription, prices for which range from $ 39 to $ 89 per month. Go to Coursera and try.

Conclusion

Now, at the time of the massive introduction of online learning, the active development of courses on different platforms, and the popularization of programming, it is becoming more relevant to spend less time on trips to educational institutions and using auxiliary online platforms for self-study.

In addition, the number of courses for beginners is growing every day, and, accordingly, the entry threshold is decreasing. So, choose an appropriate training platform and take your time to become a professional python developer.

The post Top online courses to improve Python skills appeared first on Scan For Security.

A fresh problem has received the identifier CVE-2020-12720 and so far almost nothing is known about it. It is reported that while the bug is still being analyzed by experts, and it is critical.

According to the National Vulnerability Database, the vulnerability is related to access control management and affects vBulletin versions up to 5.5.6pl1, 5.6.0 to 5.6.0pl1 and 5.6.1 to 5.6.1pl1. Thus, everyone who uses vBulletin 5 Connect “under” version 5.5.2 needs to upgrade as quickly as possible. The fact is that, according to the researchers, the attackers will quickly fix the patch and start exploiting the bug.

It is known that the vulnerability was discovered by Ambulics specialist Charles Foul. He plans to unveil the details of the bug at the SSTIC conference, which will be held next month.

Vulnerability fixed in vBulletin 5.6.1 Patch Level 1, 5.6.0 Patch Level 1, as well as 5.5.6 Patch Level 1.

The post VBulletin fixed a dangerous vulnerability appeared first on Scan For Security.

With the growing popularity of broadband Internet, the speed of downloading and downloading files, torrents also rapidly began to gain momentum. On the other hand, torrents are often associated with piracy and illegal content. Internet service providers and copyright owners are trying to track IP addresses and hold torrent users accountable for illegal content distribution.

If you want to use sites with torrents (or trackers), but worry about your safety, this article is for you.

Are torrents legal?

Torrents are built on file sharing technology and in many cases can be used legally. For example, to distribute and download open source applications that can take from a few megabytes to several gigabytes. Storing installation files can be too expensive, and in order to save on file storage services, open source developers can use torrents to distribute their products. Accordingly, if you download open source software, then in this case torrents are completely legal.

However, most torrented content is pirated. In many countries, distributing such content is illegal because it infringes copyrights. Thus, P2P technology itself does not violate any laws, but downloading illegal content from the tracker violates.

One of the reasons copyright owners succeed in suing tracker users lies in how BitTorrent works. Downloading files from torrents occurs in small portions from other users called siders. Already downloaded parts of the file are immediately available for download by other network participants. That is, technically you download and at the same time make available already downloaded.

Copyright owners are not particularly concerned about the users who download the content, but they care about the users who allow them to download files from their computer. When using trackers, you become the hoster of the downloaded files and, as a result, fall into the pencil of the legitimate owners of this content.

It is not difficult for an Internet service provider and copyright holder to find users of trackers, as certain ports and protocols are used in this technology, and traffic can be easily detected with the help of appropriate signs.

To make downloading content easier and faster, torrent users make it possible to download from their IP address. If you do not hide your IP address and use a normal Internet connection, your ISP can see which files you download and share.

If the provider discovers that you are using torrents and your IP address to access copyrighted content, you can inform the copyright owner or contact you directly. As a result, you may be fined or even file a lawsuit.

Not only your provider can see your activity. Organizations themselves or copyright fighters acting on behalf of companies can also connect to trackers to monitor activity. In addition, anyone who knows your IP address can use the IKnowWhatYouDownload website to view the files that you have downloaded and distributed from your IP address.

The following are tips on how to use torrents reliably and safely.

How to use torrents legally

The first piece of advice you should learn is to download only legal content in order to be safe. For example, it’s quite risky to download movies recently released on Blu-ray or DVD.

If you do not want problems with the law, use only legal torrents. There are many different legal contents. For example, films produced by small studios, outdated content, and open source applications are often available for free.

Below are some good sites where you can find legal torrents:

• Public domain torrents
• Internet archive
• Vuze studioHD
• Use a torrent client with privacy features

Use a torrent client with privacy features

In addition to uTorrent, there are other torrent clients with specific options and functions. Some clients are focused on ensuring privacy and security and can encrypt your torrents and mask traffic.

On the other hand, these functions may not be enough, and additional protection measures are needed.

Use proxies

To increase the level of anonymity, you can configure a proxy server through which all traffic related to torrents will subsequently be redirected using the tunnel.

In this case, your real IP address will be replaced by another. In addition, you should check that your IP address is securely hidden.

For example, using the What’sMyIP service to make sure that there is no leakage of the real IP address during torrent downloads.

Use VPN

Today it is believed that VPN (Virtual Private Network; Virtual Private Network) is the most reliable tool for the safe use of torrents. VPN disguises the connection to torrent sites and hides your real IP address.

In addition, all traffic coming from your computer and sent through the secondary server is encrypted. Thus, the provider will not be able to find out which sites you visit and what content you download.

Please note that not every VPN is good for torrents. For example, some services of this kind do not really care about your security and save all the information, including your real IP address.

Some free VPNs do not encrypt P2P traffic and, in fact, are useless from a security point of view. Before choosing, read user reviews and choose only a reliable service that has proved itself to be the best when using torrents.

Use trackers in good standing

Legal issues are not the only issues you may encounter while using torrents. For example, inside the contents downloaded from torrents, it may turn out to be malicious, and after the download is completed and the installation file is launched, a virus will appear on your computer.

To minimize these risks, it is better to use trackers with a good reputation. In addition, before downloading, it will be useful to familiarize yourself with the comments on the description of the torrent, where active users and administrators often inform about any problems regarding certain files and recommend ways to resolve these problems.

The post How to use torrents safely and legally appeared first on Scan For Security.