By Chris Crowley
"What is a DDD report?" you're wondering. That's my pet name for a Daily DNS Delta.
You see, human beings are creatures of habit. Some have excellent habits, some have gross habits, some actually wear habits, but whatever works for you, we all are creatures of habit. We can use this feature of humanity to identify behavior to investigate within our network.
Short story is that most people go to the exact same websites every day. Every single day of their lives, they go to the exact same sites...so a request to a new site is essentially an anomaly, worthy of investigation. If a user goes to a really weird website in some strange location, as a security person, I'd like to know so I can follow up. I really like daily reports that are actionable.
So, how do you know what sites users are going to? DNS query logs are a fantastic source of this information. I've created ascript will help you to generate DDDs for your network. The script
By Joshua Wright
In the last installment of this article
, we looked at the IsItDown
application, and how it is designed not to run in the Android Emulator, and to include a super-annoying banner ad. We showed how the Apktool
utility can be used to decompile an Android APK file, and how we can evaluate and modify the produced Smali code to manipulate the application's functionality.
In this final installment, we'll re-build the IsItDown application with our Smali file changes, then
By Joshua Wright
As a security professional, I'm called on to evaluate the security of Android applications on a regular basis. This evaluation process usually takes on one of two forms:
- Evaluate app security from an end-user perspective
- Evaluate app security from a publisher perspective
While there is a lot of overlap between the two processes, the difference effectively boils down to this: whose risk perspective does my customer care about the most?
When an app publisher wants me to evaluate the security of their Android app, I need to determine if the app employs sufficient controls to protect the required app functionality and publisher brand. Often, this
By Joshua Wright
When the Counter Hack team started building the SEC562: CyberCity Hands-on Kinetic Cyber Range class, I knew I wanted to develop a mission that involved the Industrial Control protocol Modbus/TCP and traffic lights. Because CyberCity is 1:87 scale, I needed to build my own traffic light controller using Modbus/TCP with model-sized traffic lights, and connect them to a Modbus/TCP powered controller.
Part of our goals in writing the SEC562 course is to
By Mark Baggett
Hello Security Pros!
Many of you have noticed that SANS has included a challenge in this year's brochure for the Orlando conference. We had 79 people submit correct answers to the puzzle. From those names, we chose one name as the grand prize winner and that grand prize winner will receive four months of NetWars Continuous!
Without further ado, here are the results...
The winner of the challenge is...Paolo Balzarini. Congratulations Paolo! And congratulations to all who were able to come up with the answers as well as a big thank you to everyone who participated.
Solution write up:
The puzzle is solved in three parts. There are many ways you could solve different portions of ...