Monthly Archives: February 2019

DorkMe – Google Dorks Tool Search For Vulnrabilities

DorkMe – Google Dorks Tool Google Dorks Tool DorkMe is a tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection vulnerabilities. Dependencies   pip install -r requirements.txt It is highly recommended to add more dorks for an effective search, keep reading to see how Usage ... Read moreDorkMe – Google Dorks Tool Search For Vulnrabilities

The post DorkMe – Google Dorks Tool Search For Vulnrabilities appeared first on HackingVision.

wpa2own – Use hashcat to crack WPA2 PSK (Pre-Shared Key) passwords!

Crack WPA, Crack WPA2, Crack WPA3 Credits: philcryer – https://github.com/philcryer/ wpa2own – Use hashcat to crack WPA2 PSK (Pre-Shared Key) passwords! Crack WPA The goal of this project is to automate the process of capturing packets on a WPA2 protected wireless network, and crack their PSK (pre-shared keys). We know that WPA3 is coming, but ... Read morewpa2own – Use hashcat to crack WPA2 PSK (Pre-Shared Key) passwords!

The post wpa2own – Use hashcat to crack WPA2 PSK (Pre-Shared Key) passwords! appeared first on HackingVision.

The 11 biggest issues IT faces today

Each year we talk with tech leaders about the biggest problems they’ll face in the near future, and we’re starting to see some subtle and not-so-subtle shifts from the worries of 2018.

Data overload, a major concern 12 months ago, has evolved as new data-hungry tools and AI help make sense of data and drive business decisions. This year CIOs say they’re more concerned with how to protect that data, as organizations grapple with new privacy regulations.

As the economy continues to improve, CIOs are less hampered in 2019 by tightening budgets. And worries about moving to the cloud are less of an issue, since many companies have already made the jump. Executives put more emphasis now on securing their cloud-based assets across multiple cloud environments.  

To read this article in full, please click here

Forcing the Adversary to Pursue Insider Theft

Jack Crook pointed me toward a story by Christopher Burgess about intellectual property theft by "Hongjin Tan, a 35 year old Chinese national and U.S. legal permanent resident... [who] was arrested on December 20 and charged with theft of trade secrets. Tan is alleged to have stolen the trade secrets from his employer, a U.S. petroleum company," according to the criminal complaint filed by the US DoJ.

Tan's former employer and the FBI allege that Tan "downloaded restricted files to a personal thumb drive." I could not tell from the complaint if Tan downloaded the files at work or at home, but the thumb drive ended up at Tan's home. His employer asked Tan to bring it to their office, which Tan did. However, he had deleted all the files from the drive. Tan's employer recovered the files using commercially available forensic software.

This incident, by definition, involves an "insider threat." Tan was an employee who appears to have copied information that was outside the scope of his work responsibilities, resigned from his employer, and was planning to return to China to work for a competitor, having delivered his former employer's intellectual property.

When I started GE-CIRT in 2008 (officially "initial operating capability" on 1 January 2009), one of the strategies we pursued involved insider threats. I've written about insiders on this blog before but I couldn't find a description of the strategy we implemented via GE-CIRT.

We sought to make digital intrusions more expensive than physical intrusions.

In other words, we wanted to make it easier for the adversary to accomplish his mission using insiders. We wanted to make it more difficult for the adversary to accomplish his mission using our network.

In a cynical sense, this makes security someone else's problem. Suddenly the physical security team is dealing with the worst of the worst!

This is a win for everyone, however. Consider the many advantages the physical security team has over the digital security team.

The physical security team can work with human resources during the hiring process. HR can run background checks and identify suspicious job applicants prior to granting employment and access.

Employees are far more exposed than remote intruders. Employees, even under cover, expose their appearance, likely residence, and personalities to the company and its workers.

Employees can be subject to far more intensive monitoring than remote intruders. Employee endpoints can be instrumented. Employee workspaces are instrumented via access cards, cameras at entry and exit points, and other measures.

Employers can cooperate with law enforcement to investigate and prosecute employees. They can control and deter theft and other activities.

In brief, insider theft, like all "close access" activities, is incredibly risky for the adversary. It is a win for everyone when the adversary must resort to using insiders to accomplish their mission. Digital and physical security must cooperate to leverage these advantages, while collaborating with human resources, legal, information technology, and business lines to wring the maximum results from this advantage.

Get TotalAV Essential AntiVirus for $19.99 (80% off)

The term “computer virus” calls to mind imagery of pathogenic creepy-crawlies bringing down a device’s operating system, their flagella wriggling as they multiply into hordes that infiltrate its chips and wires. And while it’s true that our computers can be infected with literal biological bacteria like staphylococci, per Science Illustrated, the threat of malicious codes and programs intent on corrupting data and files looms far larger: According to a recent study from the University of Maryland’s Clark School of Engineering, attacks on computers with internet access is virtually ceaseless, with an incident occurring every 39 seconds on average, affecting a third of Americans every year.

To read this article in full, please click here