Hacking Time Management For Penetration Assessments

#WarStoryWednesday: so many hosts, so little time

Michael Born

September 07, 2016 - Posted by Michael Born to Security Insight

Time Management

Every now and then, while performing a penetration assessment, we’ll get a large set of hosts considered in scope. This is often a nice change of pace from the compliance-based penetration assessment where the scope is smaller and more focused on the Cardholder Data Environment (CDE). With the larger scope, we can come a bit closer to simulating an actual attacker from the perspective of the internal network. I say closer because as security consultants we are still limited by time, often only having a week to perform an assessment. If the scope is big enough, we will typically send two or more consultants. This blog will detail just one of those assessments and will hopefully give insight into effective time management for large scopes that offer more than one method of compromise.

Background

Let me set up the scenario a bit. My co-worker Adam Steffes and I were tasked with performing an assessment with... read more >

Hacked Hardware: The Manufacturing Supply Chain

Brandon Louder

September 01, 2016 - Posted by Brandon Louder to Security Insight

Blog

A while ago someone referred me to this post on reddit labeled, “The boss has malware, again….” It is an entertaining story from a help desk employee at a large corporation who discovered that an e-cigarette belonging to one of their executives had malware hardcoded into the charger. When the charger was plugged into a systems USB port, it would phone home to a server to download malware on the unsuspecting users system. Stories such as this are more common than you may think. In the past, many consumer devices have been discovered to contain embedded malware directly from the manufacturer. There have been many historical incidents of infected digital picture frames, MP3 players and other devices having been unwittingly sold and distributed by big box stores and small retailers alike. Most recently, a large quantity of... read more >

Incident Response Tools

You are only as good as your toolset!

David Biser

August 31, 2016 - Posted by David Biser to Security Insight

In my last blog I asked the question, “Have you ever tried to chop down a tree with a fork?” and told you about an incident response process that was made difficult by the lack of adequate tools. This is a common problem in the field of incident response and security as a whole, and shouldn’t exist. Unfortunately, however, many system administrators, network administrators and help desk personnel assume they can handle an incident, when in reality it is far more complex than they are aware.

A basic introduction to incident response is beyond the scope of this blog, but I do want to introduce the reader to the “Order of Volatility.” This is a common methodology that is taught across the security spectrum. It provides the responder with the ability to gather evidence from the more volatile to the less. This is extremely important when responding to breaches or malware infections. So, let us review the... read more >

Developing a Strong Application Security Program: Part 1

Michael Born

August 18, 2016 - Posted by Michael Born to Security Insight

InfoSec Employees

As a Security Consultant for NTT Security (US), Inc. Professional Security Services, I have the privilege of witnessing many application security programs. I see programs that work great, are healthy, and handle risk management very well. Then there are programs that have either missed the mark completely, or are healthy but have some maturing to do.

In this blog I’ll be focusing on organizations or development teams that use a more traditional “waterfall” style approach to application development. I’ll attempt to identify traits of a healthy application security program in order to provide ideas for programs that could use some maturing. If your organization uses a more modern “agile,” “iterative,” or “kanban” style of development we will address those specific challenges in Part 2 of the series.

I’m sure many of us have heard that successful... read more >

Packet of Interest

Building a PCAP Record Extractor Using Python

Ramece Cave

August 11, 2016 - Posted by Ramece Cave to Security Insight

About three years ago I wrote an article about building your own packet analyzer in Python. Today we are going to continue down a very similar but different path, this time building a tool that provides another service.

Occasionally, I find myself needing to extract an entire packet from a packet capture (PCAP). The reasoning varies between testing a custom decoder or parser I have written, or including the data in a report, or sometimes just wanting to visualize or structure the data in another way. Packet extraction can be done using Tshark extracting field by field, then reassembling the individual components. The process can be tedious, and probably has a higher error and frustration rate. So whatever can we do; who or what will save the day? Dun dun dun, Python sweeps in over the horizon, wind blowing in its hair, Michael Bolton theme song blasting in the background, swoops to the rescue (dramatic pause), fade to... read more >

Incident Response Preparation

Preventing Incident Response Frustration #WarStoryWednesday

David Biser

August 03, 2016 - Posted by David Biser to Security Insight

Threat Intel

Ever try to chop down a tree with a fork? Any type of skilled labor requires the use of proper tools, and incident response is no different. In my experience as an incident responder, many organizations often lack both the proper incident response tools and staff trained to use those tools. In this war story, we take a look at what that can mean for rapid response and remediation.

Incident Response War Story

In a recent incident response engagement, a victim of a data breach contacted us regarding the loss of credit card data. This company had received a notification from a Federal law enforcement agency, which, during an investigation, had observed the organization’s IP addresses in relation to stolen credit card data. Further investigations showed that the stolen credit card data had been taken from the organization’s network. The notification had little for the organization to go on, which is typical in this type of situation. Yet,... read more >

NTT Group Unifies the NTT Security Businesses to Form NTT Security Corporation

Mike Hrabik

August 01, 2016 - Posted by Mike Hrabik to Security News

NTT Security

I am extremely excited to let you know that NTT Group has unified the NTT security businesses to form NTT Security Corporation, a specialized security company to deliver Managed Security Services (MSS) and security expertise through the NTT operating companies worldwide. NTT Security will combine Solutionary with NTT Coms Security and the managed security services platforms of both Dimension Data and NTT Communications, all of which will be integrated with the security platform of NTT Group’s R&D arm, NTT Innovation Institute. As a result of the merger, the Solutionary company name will change after August 1 to NTT Security (US) Inc. This name change will allow us to present ourselves as a fully-fledged subsidiary of the NTT Group.

The rationale for this merger is quite simple: together we have an improved ability to deliver what our clients and the security industry have long been asking for – an integrated approach to cutting-edge security solutions... read more >

<< Newer Entries | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS