A couple of days ago Cisco released a Security Advisory. No big deal so far, level was informational so I didn’t read it right away. Title is impressive: Cisco Best Practices to Harden Devices Against Cyber Attacks Targeting Network Infrastructure so i read it during a lunch break just to be aware of the contents. Management sessions to network devices provide the ability to view and collect information about a device and its operations.
Customer site, their security policy for WiFi is an SSID with a secret PSK: the IT manager type the password on my PC to allow me to access the network. Maybe he’s not aware of my keylogger or that the password con be easily retrieved in cleartext. Let’s see how. Windows 10: retrieve the WiFi PSK in cleartext Show a list of all WiFi profiles configured on the PC:
The Cyberspace a.k.a. the Internet is full of bad guys wanting to mess with our computers right? Of course everyone of us have a firewall configured with proper access and inspection rules, don’t ya? Spamhaus and Team Cymru can help providing list of known bad IPs and subnets that should be filtered in our networks. Spamhaus DROP list “DROP (Don’t Route Or Peer) and EDROP are advisory “drop all traffic” lists, consisting of netblocks that are “hijacked” or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers).
Tomahawk is a command line tool for testing network-based intrusion prevention systems (NIPS). The concept is simple, you can download virus,attacks,exploit pcaps from many sources and save them on the Tomahawk machine. To test an IPS you need tree network interfaces: one for management, one to send traffic and one to receive. If the attack sent on the interface is received on the other interface the IPS didn’t filtered it.