Cyber threats landscape and defense workshop

Posted by:

The Cyber threats landscape and defense workshop was held April 14th at ISIS “C. Facchinetti” Institute.
The two-hours workshop was intended to illustrate and explain the evolution of cyber threats in the last years and the current scenario.

About 50 participants attend the event and follow the topics explained: from the first virus created in 1971 (Creeper was the first self-replicating program created by Bob Thomas targeting TENEX Operating Systems, but many people believe that Brain was the first virus coded in 1986) until the modern APT (Advanced Persisten Threats) attacks, supported by interactive sessions, a live demo and a great movie produced by TrendMicro (you can watch the entire movie in HD on YouTube).

Today we can all be victims of cyber criminals but we can be a little bit safer if we pay attention to our digital behaviors and we know the threats coming from technologies we are using every day. Security awareness and user behaviors represent one of the most effective defense against cyber crime, probably more than the most advanced security technology. We must protect our data starting from the Layer 8 in a top down approach :)

All the slides displayed during the workshop are now available on SlideShare and accessible directly below.

Feel free to contact me if you have any questions, suggestions or requests.

 

0

Heartbleed Testing and Detecting

Posted by:

A critical vulnerability has been identified in OpenSSL versions 1.0.1 – 1.0.1f (CVE-2014-0160) and it is well explained on HeartBleed website. Exploiting the HeartBleed vulnerability. Basically, an attacker can exploit this vulerability to access memory data up to 64Kb and perform many attacks:

  • Read SSL private keys (and use it to decrypt past, present and future encrypted traffic)
  • Retrieve clear text username and passwords
  • Access source code

There are many resources available online to better understand how the bug works and how to fix it (upgrading to OpenSSL version 1.0.1g or newer) as explained on OpenSSL website.

  • Upgrade to OpenSSL 1.0.1g
  • Regenerate your private keys and consider it as compromised
  • Replace SSL certificates
  • If possible upgrade to Perfect Forward Secrecy (PFS)

How can I test if my systems are vulnerable ?

Continue Reading →

1

Unable to install VMware products

Posted by:

I spent last two months understanding why I was unable to install VMware products on my Windows 7 Professional x64 Workstation: double click on the installer, accept UAC warning….and nothing happens!! No errors, no events in Event Viewer, no process in the task manager…nothing ! I don’t remember how many hours I spent googling for a solution…

One month ago I reinstalled the workstation due some other issues and I was happy to install VMware Workstation, VMware Player and VSphere Client again…but all the products failed to install AGAIN !! I was really frustrated :(

Yesterday I was speaking with an high-skilled IT guy so I asked him about this issue and his answer was “I never had this issue before….really strange!” and we both start again to deep investigate the issue.

We found an useful article on VMware Community forum about similar issue installing VMware Player (https://communities.vmware.com/thread/408832): user Andrè describe the process “fixcamera.exe” as VMware Setup killer: I checked the Task Manager and I have it running on my system ! I killed the process and start the setup again: IT WORKS ! Finally I solved this issue !!!

Continue Reading →

0

In-depth malware analysis of mmpifmxnth..vbs

Posted by:

Last week I was asked to check a Windows 7 x64 laptop due an extremely poor performances, so as first step I run a complete scan with AntiMalwareBytes free and Avira Antivirus. This two great free software made a great works cleaning more than 170 infected objects!! After the reboot another scan has been started just to be sure that everything was fine and the results confirmed the clean status.
Two days ago the same laptop starts to create strange links on every USB stick plugged so I start a manual analysis of the behavior (unfortunately my Cuckoo Sandbox is building up and not ready yet): using a clean just formatted pen-drive I copied a test folder on the USB and after few seconds that folder was hidden and replaced by a link with the same folder name addressing the following command:
C:\Windows\system32\cmd.exe /c start mmpifmxnth..vbs&start explorer <folder_name>&exit
Continue Reading →

0

SANS Holiday Challenge 2013 Report

Posted by:

The SANS Holiday Challenge is an high-skilled Ethical Hacking technical exercise sponsored by SANS Cybercon and organized by Counterhack team.
The 2013 edition is the tenth annual installment and the biggest and best ever organized by Ed Skoudis, Josh Wright, & Tom Hessman.

During Christmas Holidays me and Giacomo started to work to the Challenge reading the history and downloading the PCAP file provided by CounterHack team (You can find details and PCAP file on SANS Pen Testing web site). We spent several hours and nightly funny moments investigating the file, producing a detailed analysis of attacks and creating a report that we submit to CounterHack team for validation. We would like also to thank you Mr. GaraNews helped us with Bro and Snort analysis of the PCAP file during my stay in Germany!! :)

Today a blog post on SANS Pen Testing Web Site announce winners and “honorable mentions” of the Holiday Challenge 2013: our report has been referred to as “honorable mention” for the following reasons:

“Andrew and Giacomo had an excellent technical write-up with beautiful formatting, and even went the step further to ask “why” for each of the attacks (correctly citing that Mr. Potter wants to encourage the rapid growth of dental disease in Bedford Falls through manipulating drinking water fluoride levels). The team-of-two even went so far as to evaluate datestamp information in the “Firmware Update” phishing attack, identifying the 5-hour window between the upload of the ab-qfe.exe executable and the retrieval by Don Sawyer.”

Continue Reading →

0

FGscanner is available for Download

Posted by:

Hi All!
I finally completed FGscanner  :)
FGscanner is a perl script useful for finding directories that are not indexed, hidden pages, development or test folders on a webserver. The script works in dictionary attack mode using two files (fg_dirs and fg_pages) and can be redirect via proxy or tor network if there is a tor daemon running on your system.

The project is hosted on GitHub and you can download it here.

This is the initial release and any comment, contribution or suggestion is more than welcome ! :)

 

0

VareseNews published part three of my article about Computer Security

Posted by:

My article about Home Computer Security Part 3 has been published by VareseNews (an Italian online newspaper) under it’s “Ventuno” blog.
Take a look on http://www3.varesenews.it/blog/ventuno/2013/06/25/il-nostro-computer-e-veramente-protetto-terza-parte/
The original article is in Italian language, but you can read it in English clicking here.

0

Quadcopter with onboard camera: first flight.

Posted by:

I’m playing with an a UAV project based on quadcopter airframe: in order to better understand flight dynamics (and also learn to pilot!) I’m testing different settings in different wind conditions. Yesterday I modified my mini quadcopter canopy to mount the micro camera.

Today my V-949 drone with 808 #3 keychain camera made the maiden flight :) About 30 minutes flight with the camera turned on required 3 Lipo batteries (600mA).

0

VareseNews published part two of my article about Computer Security

Posted by:

My article about Home Computer Security Part 2 has been published by VareseNews (an Italian online newspaper) under it’s “Ventuno” blog.
Take a look on http://www3.varesenews.it/blog/ventuno/2013/05/28/il-nostro-computer-e-veramente-protetto-seconda-parte
The original article is in Italian language, but you can read it in English clicking here.

0
Page 1 of 5 12345