Cyberis Blog
Reassuringly clear thinking.
- Penetration testing
Changing Approaches To Penetration Testing
As a security consultancy, Cyberis undertakes penetration testing for organisations of all sizes, and in many verticals. This testing is often a function of regulatory or compliance requirements, and for some customers' operational teams is viewed as a necessary evil. Given time and resource pressures, and the prioritisation of business functions for internal ops teams, devops teams and other support staff, it can prove difficult for security teams to encourage engagement, and traction, for fixing identified vulnerabilities in existing systems and drive progress in internal security programs. This leads inevitably to stagnation and increased risk over time due to system obsolescence and poor standards.
- Penetration testing
- Research
Bluetooth: The Spy In The Meeting Room
Bluetooth technology permeates the modern world. From smart phones to wireless speakers, fitness trackers to WiFi mesh hardware, Bluetooth has become the de facto standard for short-range wireless communications. The chances are that you have Bluetooth enabled devices near you as you read this, and, if you're regularly involved in conference calls, you've probably often used a Bluetooth enabled speaker or VoIP phone.
- Research
Let’s Talk Quantum Cryptography
Quantum computers are on the horizon and the ramifications the technology is expected to produce across a multitude of industries is game changing. They can certainly be described as a disruptive technology when taken in the context of current cryptography and will force a radical change in how secure communication is implemented. A prime reason for this is due to the significant advances they promise to provide in the factoring of large numbers. This is a technique central to the security of several algorithms, such as RSA, in which prime factors of large numbers are utilised in encryption precisely because of the traditional difficulty in computing such numbers. Consequently, the security afforded by RSA alongside other similarly implemented algorithms will be heavily impacted, if not entirely broken. We’re left with a void within the field of classical cryptography that its quantum equivalent attempts to fill.
- Detect and respond
BlueKeep: Perimeter Assessments Remain As Important As Ever
The basic security principle of keeping the attack surface as small as possible is still as important as ever, however you define your perimeter. Keeping an eye on the attack surface of the network perimeter, is not an obsolete activity, it is as important today as it was twenty years ago.
- Penetration testing
When Low Risk Vulnerabilities Attack
When undertaking penetration testing against Internet facing systems, we often see information exposure vulnerabilities. These expose information regarding the systems under test that can, in isolation, be considered low risk as they are not directly exploitable to obtain access to systems or sensitive data.
- Detect and respond
- Research
Microsoft Exchange Client Access Server Information Disclosure
If you manage Microsoft Exchange and OWA in your environment and you are undergoing an external penetration test or Cyber Essentials assessment, you will often be faced with the Client Access Server Information Disclosure vulnerability identified by Nessus (https://www.tenable.com/plugins/nessus/77026) or other vulnerability scanners. Until recently, this vulnerability went unaddressed by Microsoft for versions of IIS after 6.0 and before 10.0. The majority of advice provided by online resources suggests applying the latest patches, but as patches don't exist for version 7.0 to 8.5, this isn't an option.
- Penetration testing
- Tools and techniques
User Enumeration - Timing Discrepancies
I find myself writing this blog today as there are only a few references on the internet to user enumeration attacks via timing discrepancies, despite almost every site I've tested in my career being vulnerable to the weakness. The issue is fairly obvious from the title; an application log-in response takes differing amount of times depending on whether or not the user is valid. But why?
- Red teaming
- Tools and techniques
Attacking Big Business
Reputational filtering typically blocks websites known to be malicious, performs antivirus scanning of all traffic, and crucially for us in respect to performing a simulated attack, warns end-users when visiting "non-categorised" sites. Any URLs and domains used as part of an attack now require user interaction in a web browser. This effectively rules out using newly stood up infrastructure both at the delivery and exfiltration stages of an attack, as these activities are performed without the victim's knowledge. The only options left to the attacker would be to "build" reputation over time, or alternatively, cheat the system.
Improve your security
Our experienced team will identify and address your most critical information security concerns.