Category: Cybersecurity
-
Implementing Quarantine Pattern for Container Images
One important step in securing the supply chain for containers is preventing the use of “bad” images. I intentionally use the word “bad” here. For one enterprise, “bad” may mean “vulnerable”; for another, it may mean containing software with an unapproved license; for a third, it may be an image with a questionable signature; possibilities…
-
Addressing the Current Challenges of Patching Container Vulnerabilities
While working on a process of improving the container secure supply chain, I often need to go over the current challenges of patching container vulnerabilities. With the introduction of Automatic VM Patching, having those conversations are even more challenging because there is always the question: “Why can’t we patch containers the same way we patch…
-
Signatures, Key Management, and Trust in Software Supply Chains – Part 2: Exploiting Signatures
In Part 1 of the series Signatures, Key Management, and Trust in Software Supply Chains, I wrote about the basic concepts of identities, signatures, and attestation. In this one, I will expand on the house buying scenario, that I hinted about in Part 1, and will describe a few ways to exploit it in the…
-
Signatures, Key Management, and Trust in Software Supply Chains – Part 1: Identities, Signatures and Attestation
For the past few months, I’ve been working on a project for a secure software supply chain, and one topic that seems to always start passionate discussions is the software signatures. The President’s Executive Order on Improving the Nation’s Cybersecurity (EO) is a pivotal point for the industry. One of the requirements is for vendors…
-
Why Multi-Factor Authentication (2FA/MFA) Usage Numbers Will Not Improve Any Time Soon?
If you have missed the news lately, cybersecurity is one of the most discussed topics nowadays. From supply chain exploits to data leaks to business email compromise (BEC) there is no break – especially during the pandemic. Many (if not all) start with an account compromise. And if you ask any cybersecurity expert, they will…
-
Learn More About Your Home Network with Elastic SIEM – Part 2: Collect Firewall Logs
In my previous post, Learn More About Your Home Network with Elastic SIEM – Part 1: Setting Up Elastic SIEM, I explained how you could set up Elastic SIEM on a Raspberry Pi[ad]. The next thing you would want to do is to collect the logs from your firewall and analyze them. Before I jump…
-
Learn More About Your Home Network with Elastic SIEM – Part 1: Setting Up Elastic SIEM
Last night I had some free time to play with my network, and I ran tcpdump out of curiosity. For a while, I’ve been interested to analyze what traffic is going through my home network, and the result of my test pushed me to get to work. I have a bunch of Raspberry Pi devices…
-
Implementing Cybersecurity Research Sandbox Environment in the Cloud
For a while, I’ve been planning to build a cybersecurity research environment in the cloud that I can use to experiment with and research malicious cyber activities. Well, yesterday I received the following message on my cell phone: Hello mate, your FEDEX package with tracking code GB-6412-GH83 is waiting for you to set delivery preferences:…
-
3 Simple Ways to Collect Social Engineering Data for Free
In my last post, I demonstrated how easy it is to create fake accounts on the major social networks. Now, let’s take a look at what can we do with those fake social network accounts. Also, let’s not forget that my goals here are to penetrate specific individual’s home network (in this case my own…
-
How to Prepare for Cyber Reconnaissance?
In my previous post, How Can I Successfully Hack My Home Network? I set the stage for my “Hacking my Home” activities. A possible scenario here is that I am given the task to penetrate a high-profile target’s (i.e., myself 😀) home network and collect as much information to use for malicious purposes. Before I…