Software

Lessons From LastPass Breach

Password management firm LastPass admited to being PWNED by hackers.  If you are a customer, your data was potentially breached and so us “Paranoid Androids” will be spending a significant amount of the holidays changing passwords and double checking our MFA settings.  The bad guys apparently got away with a massive stash of customer data, including password vault data that could be compromised by brute-forcing or guessing master passwords.  So much for the “Zero Knowledge” strategy, or is this it working? Is this as bad as it could get in terms of password manager security? I guess the only thing that could compromise your passwords quicker would be an attacker literally looking over your shoulder (known as shoulder surfing) while you type your username and password in. But, well now, let’s look on the bright side, as long as you have diligently respected the power of keyspace and dutifully used…

Read more

What Is A Virtual Private Network (VPN)?

What is a VPN? A VPN, or Virtual Private Network, is a type of technology that allows a user to securely access a private network and share data remotely through public networks. VPNs use encryption and other security measures to protect the data being transmitted over the network and prevent unauthorized access to the private network. This allows individuals to securely access their organization’s network, access sensitive information.  Also, VPNs are used by internet user’s to browse the internet anonymously.  This is possible because the commercial VPNs will allow a user to change their source IP address which confounds website’s ability to track them. Additionally, companies can use VPNs to securely connect their internal networks with the networks of their partners or clients, allowing them to securely share data and other resources. This can improve collaboration and communication within and between organizations. What are the different types of VPNs? There…

Read more

Nessus is an enterprise vulnerability scanner that can perform external and internal credentialed scans and can support a continuous vulnerability management program.  Nessus favors ease of use as compared to granular control over scanning which allows quick and efficient scanning configuration.  Nessus comes with many pre-configured scans for PCI-DSS, compliance OVAL, and SCAP scanning, and many scans for novel threats such as Solarigate, CISA threat advisories, Log4Shell, Ransomware attacks, and more. Watch the video below to get the full scoop on how Nessus can support enterprise vulnerability management.    

Read more

What is Snyk and how does it contribute to DevSecOps?

What is Snyk?  It’s classified as an SCA (software composition analysis) security tool meaning it scans your source code for use of known vulnerabilities in functions, libraries, packages, and can also scan entire docker images, cloud servers, and IaC (Infrastructure as Code) deployments for vulnerabilities.  Watch the video below for a summary and demo on how Snyk’s can contribute to your DevSecOps program.

Read more

OpenSSF is a new initiative aimed at improving the security of open source software (OSS). Founded by a group of major tech companies, including Google, Microsoft, and Red Hat, OpenSSF is intended to provide a collaborative framework for organizations to work together on security best practices, guidelines, and tools for OSS. The goal of OpenSSF is to make it easier for organizations to adopt OSS without sacrificing security. What is Software Supply Chain Risk? Software supply chain risks refer to the potential vulnerabilities and security threats that can arise in the process of creating, distributing, and maintaining software. These risks can come from a variety of sources, including the use of insecure or unverified third-party components, inadequate testing and verification processes, and the lack of secure communication and collaboration among teams. One of the biggest risks associated with the software supply chain is the potential for malicious code to be…

Read more

In part 1 of PHP Malware series, we learned what a web-shell is and learned some basic ways that an attacker can build web-shell in PHP. In part two we took a look at how web-shells can be hidden using base 64 encoding and AES encryption techniques. In part three we’re gonna look at other crafty ways that an attacker could obfuscate PHP web shell or other malware such as a stealer which would exfiltrate sensitive data as it’s processed by a website. Cyber criminals want to avoid malware being found, and when it is found, they want it to be difficult for a researcher to discover what the malware is doing. An an attack technique is novel, attackers don’t want defensive security researchers to be able to use the technique information to build defensive strategy or make the information public. In order to demonstrate the skill’s of reverse engineering…

Read more

PHP Malware – Hiding A Payload

In part 1 of this series on PHP malware, we learned what a web shell is and looked at some basic examples. Basic web-shells are not too difficult to find since there are only so many commands that can be used to execute a string as a shell command. However, most attackers would not include a basic web shell such as the ones discussed in the first video. They know it would be much too easy to find and dwell time would be short. Instead the attacker will encode or encrypt the malware so it is more difficult to find.  Also, there is an important difference between encrypting and encoding. Before we look at some more advanced ways to hide malware, let’s understand the difference between these two terms. What is Encoding? Encoding refers to the process of converting data from one form to another. Encoding does not normally imply…

Read more

In this this series of articles and videos, I will explore some PHP malware code that has been publicly published. All the samples discussed are derived from a GitHub repository maintained by marcocesarato. The advice from Ripple Software Consulting is to always maintain solid web-server security through hardened configuration and monitoring, and vulnerability scanning both internal and external surfaces with a tool such as CISOfy’s Lynis or Greenbone’s GVM. For an example of solid LAMP stack server security you can visit the RSRC’s VPS Deploy WordPress GitHub repository which is a tool for automatically deploying a WordPress website on a hardened Linux VPS Server. If you don’t want to secure your own WordPress installation, you can hire a trained security consultant such as Ripple Software, or you can use another 3rd party managed hosting provider. PHP is a scripting language which means its source code is usually in human readable…

Read more