2 min
Analysis of the Ticketmaster Breach
This blog was previously published on blog.tcell.io.
Although there have been a number of breaches in the past few weeks, the story
around the breach at Ticketmaster
[https://www.darkreading.com/attacks-breaches/ticketmaster-breach-part-of-massive-payment-card-hacking-campaign/d/d-id/1332266]
is more interesting than most. It combines sophisticated web design, reusable
components, the security model of the web browser, and even a dash of payment
regulations.
The breach itself is interesting b
5 min
CIS Controls
CIS Critical Security Control 18: Breaking Down the Control Chaos of Application Software Security
Application software security (Critical Control 18) may seem overwhelming, but when upheld, it can make your SDLC wishes and SecOps dreams come true.
2 min
Beyond RASP Security
The bad news: 100 percent of web applications are vulnerable. It’s not a typo:
100 percent of web applications contain at least one vulnerability — on average,
apps have 11 potential weak points.
So, it’s no surprise that organizations are leveraging tools that empower
applications to take defensive action without the need for direct IT
involvement. Known as RASP (runtime application self-protection)
[https://www.rapid7.com/fundamentals/runtime-application-self-protection/] — and
hence the a
2 min
Incident Detection
MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis
Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic
13 min
Your Black Hat 2018 Survival Guide
Our security team knows a thing or two about conquering a conference – making
the most out of the day and night. So the team got together to share their
personal recommendations on things to do and things to know in this handy Black
Hat 2018 Survival Guide.
We’ve got you covered on all things Black Hat.
* Getting Around – Monorail, shuttle services, and hotels
* Where to Party – The full list of official and unofficial parties
* Recoup and Recover – There are a ton of spots to escape the c
2 min
InsightIDR
How to detect SMBv1 scanning and SMBv1 established connections
How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.
3 min
What the Heck is Drive-By Cryptomining?
It sounds like a cross between a slightly terrifying violent gang activity and a
silly metaphor for drugery.Actually, that’s about right.
Let’s start with the cryptomining part. For the uninitiated, Cryptomining
[https://www.rapid7.com/blog/post/2018/02/13/coinhive-making-other-peoples-web-browsers-mine-cryptocurrency/]
is the process of doing computing work to earn cryptocurrency.
The basis of cryptocurrency is a shared cryptographic ledger. You need a lot of
computing power to process the
3 min
Detection and Response
How to Detect Devices on Your Network Running Telnet Services
Because Telnet is an unencrypted protocol it is important that you monitor your network for any devices running telnet services. Learn more.
2 min
Should Security Teams Use CSP Nonces to Better Comply with PCI?
This week, tCell sponsored BSidesSF [https://bsidessf.org/]. Many things I’ve
heard about the conference proved to be true, and the technical depth of
conversations I had at our table was definitely enough to keep me on my toes.
One of the most interesting conversations was with a company that wanted to talk
about Content Security Policies (CSP). They had come to the conclusion that new
revisions of the PCI security standards [https://www.pcisecuritystandards.org/]
would require that they imple
4 min
InsightIDR
How to detect weak SSL/TLS encryption on your network
In this blog, we break down how to detect SSL/TLS encryption on your network.
2 min
InsightIDR
How to detect new server ports in use on your network
In this blog, we discuss how to detect new server ports in use on your network.
2 min
Stateful WAF AKA the Bronze Age
The first post in this series kicked off our history series on the development
of web application firewalls
[/stateless-web-application-firewall-aka-the-stone-age], with a discussion of
what the earliest technology was capable of. Early WAFs were based on pattern
recognition. That made them fast, but it also made it easy for attackers to
sidestep the rigid patterns that were the building blocks of the first-gen WAF.
If the problem is that stone age WAFs have stateless rules, then the obvious
4 min
Coinhive: Making Other People’s Web Browsers Mine Cryptocurrency
Over the weekend, we had a discussion at tCell about cryptocurrency, because
there was a rash of stories
[https://scotthelme.co.uk/protect-site-from-cryptojacking-csp-sri/] about
cryptocurrency mining being done through malicious JavaScript. (Scott Helme of
securityheaders.io [https://securityheaders.io/]noted that the Information
Commissioner’s Office, the UK’s data privacy regulator, was among the many web
sites affected [https://twitter.com/Scott_Helme/status/962684239975272450].)
According
4 min
XSS Bug Reports Made Easy
When attackers compromise a website with XSS
[/2017/08/why-is-cross-site-scripting-so-hard], it is important to understand
what actually happened leading up to the exploit, as well as information on how
the exploit was performed, and have clear information on how to remediate.
The importance of this was recently illustrated to me in working with one of our
customers on an alert triggered by an XSS [/2017/08/prevent-xss-attacks] exploit
on the customer’s web application. This blog is an accoun
3 min
InsightIDR
How To Detect Unauthorized DNS Servers On Your Network
DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network