Get started with the CrowdSec WAF: https://doc.crowdsec.net/docs/next/appsec/intro
Virtual Patching WAF collection: https://app.crowdsec.net/hub/author/crowdsecurity/collections/appsec-virtual-patching [3/3]
Mini Blue Team Diaries story:
There was a break-in over the weekend at one of our US offices. We occupied one floor of a shared office building, and two crooks managed to get in by going to an open floor above ours and breaking a lock on the fire escape.
Rather brilliantly, a building security guard was doing rounds and actually caught the pair stuffing iPads from conference rooms into a rucksack. However, when challenged they claimed to be employees and were left alone.
Anyway they ended up with about a half dozen iPads from Zoom rooms. Annoying but not the end of the world.
Those iPads were clearly sold on, as they were connected to an MDM server and started to pop up in locations all over the city over the course of the next week.
One of them was especially interesting. Because it was connected to our MDM Apple ID, it was syncing files to iCloud. This included photos. We noticed a lot of selfies of one particular dude show up. The dude looked a lot like one of the guys who we’d seen in our office on our security cameras. Yup.
We of course passed on all the information, including the location of the selfie generating iPad, to law enforcement.
I wish there was a more interesting ending - but they never followed up on the lead, of course. So the iPads lived on, slowly filling up with various photos and memories from the crook and the people they’d been sold on to.
Read more, slightly less mini stories, at infosecdiaries.com
New Open-Source Tool Spotlight 
Velociraptor is an advanced DFIR (Digital Forensics and Incident Response) tool. It focuses on endpoint monitoring, hunting, and data collection using flexible artifact-based queries. Its scripting language, VQL, allows custom queries tailored for specific investigations. #DigitalForensics #CyberSecurity
Project link on #GitHub 
https://github.com/Velocidex/velociraptor
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— 
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 
For hobbyist Cobalt Strike Beacon collectors, note that the recently announced 4.11 update introduces a number of changes to frustrate Beacon configuration extraction, namely through the new `transform-obfuscate` field.
When set, this field can apply multiple layers of encoding, encryption and compression (with some recent Beacons observed with a 32 byte XOR key, configurable upto 2048 bytes!).
While still reasonably trivial to decode manually, standard automated workflows (say, through the SentinelOne parser) will now fail, not least because of changes to the well-known field markers.
Beacons with these characteristics have thus far been observed with watermarks indicative of licensed instances, though I imagine it is only a matter of time before the 4.11 capabilities become accessible to all manner of miscreants.
A sample configuration, via a staged Beacon on 104.42.26[.]200 is attached, including the three distinct XOR keys used to decode it.
https://www.cobaltstrike.com/blog/cobalt-strike-411-shh-beacon-is-sleeping
Back on my boring post grind to document my learning.
New #Blog post going through a #TryHackMe challenge. This time detecting two different attack types with snort!
https://ligniform.blog/posts/snort-live-attacks/
New Open-Source Tool Spotlight
Mimikatz is a well-known open-source tool for extracting credentials from Windows systems. It can retrieve plaintext passwords, hash credentials, and even Kerberos tickets from memory. Used by both researchers and attackers, it highlights the importance of secure credential management in Active Directory environments. #CyberSecurity #WindowsSecurity
Project link on #GitHub https://github.com/gentilkiwi/mimikatz
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
Look at your emails for big news! Raise the anchor and set sail, Northsec is straight ahead! 
Sign up to the newsletter: nsec.io
Of course, there are other ways to configure sensitive values but I don't think it's necessarily obvious or front of mind when updating config and I honestly can't see (as someone who configures multiple services on Akamai regularly) why this feature is needed.
Unsure if it can be disabled or auth'd but I don't see any way to do that.
There are some docs which cover it a little bit: https://techdocs.akamai.com/download-delivery/docs/test-your-dd-property#4-install-an-extension.
Just though it might not be common knowledge.
2/2
#Akamai #InfoSec #ReadTeam #BlueTeam
Akamai has what I personally think is a seriously risky mechanism for debugging HTTP requests/responses. You can send an HTTP request header of `pragma: akamai-x-get-extracted-values` for a URL served via Akamai & it'll return `x-akamai-session-info` response headers which include user-defined config variables - that's where the main risk is IMO. People may well not realise this feature exists & use the vars for sensitive info e.g. backend auth keys.
1/2
#Akamai #InfoSec #ReadTeam #BlueTeam
Last week, I finally finished my writeup of a vulnerability based on a misuse of #Cryptography that we found a while back in a penetration test. It's my favorite vulnerability so far, as it relies on abusing basic properties of unauthenticated encryption and shows, in a real-world scenario, how such seemingly theoretical issues can compromise an entire system. In the end, it's a teachable moment about both cryptography and secure software architecture.
I had the draft lying around for more than a year, but reading the articles by @soatok finally reminded me that I should really wrap this up and post it. So, here it is: https://blog.maass.xyz/encryption-isnt-enough-compromising-a-payment-processor-using-math
Decided to take a jab here to hunt down a job as well, so here it goes. I am a recent graduate (major in computer security) looking for an entry-level (intern/junior) position to get some industry experience and training under my belt.
I am looking for either:
I am based in Sri Lanka and the offer has to be in Sri Lanka or a remote one. But, I am open for any interesting offers and discussion. You can know more about me here: https://comradelab.win/about/
Thanks for the read and have a nice day :)
#FediHire #fedijobs #getfedihired #devops #blueteam #cyber
