Fixvirus Security Show Jan2

tonyz January 2, 2015 security news 0 Comments

On News of Day I discuss http://www.darkreading.com/operations/5-pitfalls-to-avoid-when-running-your-soc-/a/d-id/1318218

Specifically:

“Our goal is to protect our critical assets, quickly know when they have been compromised and respond with immediate action to contain and eradicate the threat. If anyone believes they are going to create the perfect secure environment, let me save you some pain in discovery: It does not exist. However, if you can narrow your attack surface area through smart security operations that fully integrate the right people, the right processes, and good technology, then you drive up the skill required by an attacker to the point where most threat actors will give up and go after easier, softer targets.”

In Tip of Day I discuss how Netcat can help you do some “banner grabbing”

Which will help you view applications as they send information in the first review

from the Netcat Power Tools pdf Chapter 4: http://dl.acm.org/citation.cfm?id=2155689

The Web server will take this request, locate the file requested, and send it back to
the client. When given a file of “/”, Linux and UNIX servers will return index.html,
while Windows Internet Information Server (IIS) will find and return default.htm.

I recommend to obfuscate your web and other applications banners:

“For many different reasons, usually security-related, many Web sites do not wish to
show the version software that they’re running. They can alter this information by
editing their Web server configuration to use a new ServerTokens value, or by using
third-party software.”

You can actually test your webserver to see what it responds with:

For protocols like HTTP that require user interaction, it is still possible to
automate the process. All you need to do is pipe the echo of your input to
Netcat. Simple enough, no? The trick that catches many people is how to
transmit that extra carriage return after the command. This can easily be
done with the following Linux command:
echo –e “GET / HTTP/1.0\n” | nc <host> <port>
In the example above, echo uses the \n string to signify a new line.

Let me know if you need help with this.

Leave a Reply

You must be logged in to post a comment.

Thousands WordPress Sites Hacked April 10, 2024
BleepingComputer has the story WordPress sites have been hacked and then when you visit the site the following image comes and asks you to click a button which then leads you to enter information so the hacker can steal your crypto money. If you click on these buttons and then connect to your crypto wallets […]
My AI Chatbot Got Hacked Now What? March 14, 2024
Horizon3 has a post discussing Nextchat open source chatbot… https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to/ Here is an interesting sentence: “From our research, the most widely deployed standalone Gen AI chatbot is NextChat, a.k.a ChatGPT-Next-Web. This is a GitHub project with 63K+ stars and 52K+ forks. The Shodan query title:NextChat,"ChatGPT Next Web" pulls up 7500+ exposed instances, mostly in China […]

Thousands WordPress Sites Hacked April 10, 2024
BleepingComputer has the story WordPress sites have been hacked and then when you visit the site the following image comes and asks you to click a button which then leads you to enter information so the hacker can steal your crypto money. If you click on these buttons and then connect to your crypto wallets […]
My AI Chatbot Got Hacked Now What? March 14, 2024
Horizon3 has a post discussing Nextchat open source chatbot… https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to/ Here is an interesting sentence: “From our research, the most widely deployed standalone Gen AI chatbot is NextChat, a.k.a ChatGPT-Next-Web. This is a GitHub project with 63K+ stars and 52K+ forks. The Shodan query title:NextChat,"ChatGPT Next Web" pulls up 7500+ exposed instances, mostly in China […]

Thousands WordPress Sites Hacked April 10, 2024
BleepingComputer has the story WordPress sites have been hacked and then when you visit the site the following image comes and asks you to click a button which then leads you to enter information so the hacker can steal your crypto money. If you click on these buttons and then connect to your crypto wallets […]
My AI Chatbot Got Hacked Now What? March 14, 2024
Horizon3 has a post discussing Nextchat open source chatbot… https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to/ Here is an interesting sentence: “From our research, the most widely deployed standalone Gen AI chatbot is NextChat, a.k.a ChatGPT-Next-Web. This is a GitHub project with 63K+ stars and 52K+ forks. The Shodan query title:NextChat,"ChatGPT Next Web" pulls up 7500+ exposed instances, mostly in China […]

Thousands WordPress Sites Hacked April 10, 2024
BleepingComputer has the story WordPress sites have been hacked and then when you visit the site the following image comes and asks you to click a button which then leads you to enter information so the hacker can steal your crypto money. If you click on these buttons and then connect to your crypto wallets […]
My AI Chatbot Got Hacked Now What? March 14, 2024
Horizon3 has a post discussing Nextchat open source chatbot… https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to/ Here is an interesting sentence: “From our research, the most widely deployed standalone Gen AI chatbot is NextChat, a.k.a ChatGPT-Next-Web. This is a GitHub project with 63K+ stars and 52K+ forks. The Shodan query title:NextChat,"ChatGPT Next Web" pulls up 7500+ exposed instances, mostly in China […]