The year is 2017, the year of BSD on the desktop…at least for me it is. Now as anyone who reads this site regularly will know, I’m pretty good with these com-puter thingies. However – plot twist, I’ve never ran BSD before. I use Mac OS X on a MacBook I have definitely voided the warranty on and for my personal computing and I use Linux, Fedora Security Lab, for the day job. So I’m not afraid of a command line, but at this stage I don’t even know what kind of command line I’ll get with BSD!
I occasionally see the terms Vulnerability Assessment and Penetration Test used interchangeably, or worse, phrases such as “Automated Penetration Test” – something that really pains me, as there are very distinct types of assessment. In this article I’d like to show the distinctions between the different types of assessment. Setting aside any argument of specific terminology, I aim to explain the different approaches that can be taken and the aims of each – regardless of what you choose to call them. I aim to assist companies engage with their security assessment providers to ensure that the service they’re getting is what they are expecting and so that they are aware of the alternatives.
“Which SSL ciphers should I disable?”
A client recently gave me a list of their supported ciphers and asked me which SSL ciphers they should disable – effectively looking for the most secure SSL ciphers they can use. Instead of the fast answer of “disable the insecure ones”, I thought I’d try and write up something useful.
So here’s a handy reference guide I’m working on. This has been time consuming to develop and no doubt will be added to over time. This isn’t intended to be read from start-to-finish, but is more of a handy SSL/TLS issue cheat-sheet.
On a recent penetration test I made heavy use of Sec-1 Ltd’s tool sharecheck in a way to gain Domain Administrator privileges that had previously been missed. Effectively there was a lot of ground work in horizontal propagation which I automated through Meterpreter and Sharecheck.
I’ve mentioned Sharecheck before on my Internal Penetration Testing post, but I don’t believe I’ve ever ran through the features of this tool which I make use of on almost every test. Effectively this tool allows you to do four main things: