Information Security News
One of my favorite Python modules isImpacketby the guys at Core Labs. Among other things it allows me to create Python scripts that can speak to Windows computers over SMB. I can use it to map network drives, kill processes on a remote machine and much more. During an incident having the ability to reach out to allthe machines in your environment to list or kill processes is very useful. Python andImpacketmake this very easy. Check it out.
After installing Impacketall of the awesome modules are available for use in your Python scripts. In addition to the modules,Impacket also includes several sample programs. Awesome tools like psexec.py gives you functionalitylike Microsofts PSEXECplus pass-the-hash in an easily automatedformat. Have you ever wished you could run wmic commands from linux? Let use wmiexec.py to run a command on a remote windows machine from Linux. You just provide the tools with a username, password, Target IP address and a wmic command to run on the target machine. For example, this is how" />
WMIC from my linux server is awesome, but the best part is thatthis is Python!. So instead of running wmiexec.py I can import it as a module and use in a python script. Ill start out in the same directory as wmiexec and launch python. Then import wmiexec and create a variable to hold a WMIEXEC object. In this case Ill create a variable called wmiobjthat points to a WMIEXEC object. The first argument is the command I want to run. In this case I run a WMIC command that willthat finds the path of the executable for every copy of a process with cmd somewhere in the process name. The only other arguments are the username, password and share=ADMIN$." />
In this case one of the command prompts is running from a users temporary directory. That merits some additional investigation! With those 3 simple lines of Python code we were able to automate the query to a single host. Because it is Python we can easily use a for loop torun this on every workstation on our network, capture those result and compare them. Find the host with processes that arent running on any of the the otherhosts! Find the host with unique unusual network connections! Then, if the conditions are right, automate something to isolate it.
Interested in learning more? Come check out SEC573 Python for Penetration Testers. You will learn Pythonstarting from ground zero and learn how to automate all the things. Join me at CyberGuardian on March 2 or in Orlando on April 11.
Check out the courses here:
twitter:@MarkBaggett(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
by Sean Gallagher
Details of malware that may have been associated with the attack on Sony Pictures were disseminated in an FBI “Flash” earlier this week. A copy of the memorandum obtained by Ars Technica details “a destructive malware used by unknown computer network exploitation (CNE) operators” that can destroy all the data on Windows computers it infects and spread itself over network file shares to attack Windows servers.
Meanwhile, Re/code reports that Sony is ready to announce that the company has attributed the attack on its network to North Korea, according to sources at the company. Given the details of the malware and its similarity to an attack on South Korean companies last year, a tie to North Korea seems possible, though the people taking credit for the attack claim it was motivated by Sony Pictures’ alleged discrimination in the layoffs and firings of employees during a corporate reorganization started earlier this year.
The malware used in the attack, which has been described by a Sony spokesperson as “very sophisticated,” is almost certainly the same as that identified in the FBI memo. That malware uses Microsoft Windows’ own management and network file sharing features to propagate, shut down network services, and reboot computers—and files named for key Windows components to do most of the dirty work of communicating with its masters and wreaking havoc on the systems it infects.
Posted by InfoSec News on Dec 03http://www.nextgov.com/cybersecurity/2014/12/inspector-security-holes-found-irs-obamacare-system/100286/
Posted by InfoSec News on Dec 03http://www.computerworld.com/article/2854434/whitelisting-project-helps-industrial-control-systems-owners-find-suspicious-files.html
Posted by InfoSec News on Dec 03http://www.csoonline.com/article/2854672/business-continuity/the-breach-at-sony-pictures-is-no-longer-just-an-it-issue.html
Posted by InfoSec News on Dec 03http://www.wired.com/2014/12/top-ten-card-breaches/
Help Net Security
Training kids to become infosec superheroes
Help Net Security
This is what motivated three cybersecurity professionals to create The Cynja, a new comic series teaching infosec concepts in a way that kids can grasp, and why they've launched The Cynja Field Instruction Manual, an activity book for “trainee ...