Random Tech/IT Thread

[zCommander]

12 hours ago, SoulSkin said:

 

Remembered this discussion, because we deal with it a lot still. I just found a quick way to get Windows 7 to get updates without having to wait hours upon hours for it to finally detect them. You have to set Windows Update to never check for updates, reboot, then install KB3020369. After that, install KB3172605. These are the links for the 64 bit installers: KB3020369 and KB3172605 . Reboot again after installing both (in order). Re-enable Automatic Updates and check for updates. Just did this and was able to get updates checked for and installing in about 10-15 minutes.

 

I now just use WSUS offline updater. (http://download.wsusoffline.net/). I set it to not verify the download so it downloads all of the updates quicker. Then run the client and choose my options and set it to auto recall and reboot and walk away.  

 

Edit: You can also use the free tool for Windows 8 and Windows 10 as well. 

Edited December 10, 2016 by zskins

[SloppyOneXXVI]

On 9/18/2016 at 11:56 AM, Renegade7 said:

Does anyone know someone who has the OCSP?  

 

Took the test and passed last week.  It was brutal, started at 9am and had enough to pass around 2am.  I took one break for about 2 hours, but pretty much powered through. If anyone ever starts working on the cert I'll be happy to help.  Finishing the class was one of the most rewarding feelings I've ever had, I highly recommend it.

[tshile]

Congrats dude, that's a lot of work. You should be proud.

 

[Renegade7]

On 12/16/2016 at 11:46 PM, SloppyOneXXVI said:

 

Took the test and passed last week.  It was brutal, started at 9am and had enough to pass around 2am.  I took one break for about 2 hours, but pretty much powered through. If anyone ever starts working on the cert I'll be happy to help.  Finishing the class was one of the most rewarding feelings I've ever had, I highly recommend it.

 

Congratulations : )

 

I do have a couple questions that I posed to an IT contact who takes a while to respond (we're all busy these days), do you want to take a crack at some of them?:

 

 

 

1.       I keep hearing about security onion, though I’ve had trouble keeping a virtual machine running with all the services running.  Are there any in specific that I should put more focus on, and what are some signatures I should understand via my own testing and replicating attacks?  What do I need to understand about security onion and how to use it?

 

2.       Does OSCP qualify me for a junior pentesting position, or should I still focus on getting myself in the door on cybersecurity, such as incident response or cyber positions for medical institutions?

 

3.       In pentesting (whether blackbox, grey, or whitebox), how common are buffer overflow attacks needed to be made from scratch such as I’m doing in my OSCP studies?  It’s something I find interesting, but need a better idea of the expectations there.

 

4.       The OSCP only really covers two vulnerability scanners, OpenVAS and Nessus.  What are some others you recommend I become familiar with?

 

5.       Is there a market for cybersecurity positions involving ICS and SCADA systems, such as industrial or power grid systems?  I’m very much concerned about the state of cybersecurity in our country’s infrastructure, and would be very disappointed if it’s not something I should consider realistic to pursue.  

 

6.       A lot of the scripts I’ve been making in my OSCP studies have been in python.  Is this a good first language to make time to learn, or should I put more of a focus in understanding how to make multiple languages do what I need them to do, like ruby and perl

 

7.       I follow SANS newsletters and HackingNews. What are some other newsletters you recommend for staying up to date on what’s going on in the field?

 

8.       This seem like a very open-ended question, but what are the boxes that I need to check to get my foot in the door concerning cybersecurity?  I’ve been doing sysadmin work (including managing webservers and setting up SSO via Shibboleth) for about 2 and half years now, and my concern is that I’ll always be outside looking in despite my passion to help in this field because of my lack of experience in specific aspects of the industry, even if I pass the OSCP.

[skinfan2k]

These updates for Windows 10 are driving me crazy.  they take forever and my dad's computer has been asking me to update nonstop.  I realized he had like 8-9 updates he needed to do.  what's a good virus scanner outside of defender?

[Renegade7]

5 minutes ago, skinfan2k said:

These updates for Windows 10 are driving me crazy.  they take forever and my dad's computer has been asking me to update nonstop.  I realized he had like 8-9 updates he needed to do.  what's a good virus scanner outside of defender?

Really been liking the free version of Avira for windows.  Used be a malwarebyes guy, but free version doesn't regularly scan the system like Avira does, which is important in case you don't remember to force a scan every once in a while.

[TheGoodBits]

@Renegade7 you might want to fiddle with OSSIM some. You get to take a look at various functions from a single box. NIDS (suricata), HIDS (ossec), Vuln Scanning (openvas), then the SIEM component as well. 

 

Gonna run into the same problem with the lack of vm space as you are with security onion though. 

 

You can find a lot of training webinars online, just don't enter in correct contact info until you are ready to buy something.  

 

 

[SloppyOneXXVI]

5 hours ago, Renegade7 said:

 

Congratulations : )

 

I do have a couple questions that I posed to an IT contact who takes a while to respond (we're all busy these days), do you want to take a crack at some of them?

 

Thanks!  I'll do my best to answer all your questions.  Feel free to ask follow on questions.  Also, I apologize if my answers are a bit blunt about certain topics, everyone has their opinions about certain things

 

1.  OSCP is really focused on offensive ability.  Security onion isn't going to do much for you besides learn Wireshark.  You don't have to worry about bypassing virus detection very often, and even then the OSCP coursework teaches you the techniques.  Did I mention you should make sure you know how to use Wireshark?

 

2.  Maybe, but I think most jobs still want some level of experience.  Being a sysadmin is a great start, but as you suggested I think incident response is a good second step before full blown pentesting.  You usually need to know someone, or create a presence for yourself (a blog giving tutorials or something of that sort) to get a job.  Such is life.

 

3.  You need to know how buffer overflows work for OSCP.  With that being said, you're not expected to find buffer overflow vulnerabilities without some indication a software is vulnerable to buffer overflows.  Usually you'll have something that you know is vulnerable, but maybe the public POC is for a different operating system or a slightly different software version, so you'll have to modify code, but not discover the buffer overflow on your own.  Still, probably good to brush up on x86 assembly language.  It is quite tough to learn.  Securitytube.net has a really good primer. http://www.securitytube.net/video/208  and videos on actually creating buffer overflow exploits http://www.securitytube.net/video/231

 

4.  OSCP doesn't allow for vulnerability scanners on the exam.  Don't use them.  The whole point of OSCP is to prove you can find vulnerabilities and exploit them manually.  You can barely even use metasploit on the exam.  They are a crutch used by people who don't understand exploits they're using.  I know that's kinda harsh, and I assume plenty of pentesting companies rely heavily on scanners, but I think they're a disservice to people who really want to understand how to break a computer.

 

5.  Yes, the ICS/SCADA market is getting bigger everyday.  It is amazing to me how poorly some of our country's most critical infrastructure is protected.  People are finally getting wise and starting to protect it better.  Learning how ICS/SCADA systems work would be a huge feather in your cap for any government job.  Have you ever seen the show CyberWar on Esquire?  They had a good episode on ICS/SCADA.  That show is fun to watch in general.

 

6.  Python is my language of choice.  I'm not a great programmer, but I can get by with a few other languages.  I went into the class not really knowing perl, ruby, or php, but ended up using all 3 a decent amount.  If you know the principles of one programming language you can learn the other languages easy enough.  Get REALLY good at python, learn how to do the basics, loops, math, sockets, methods, etc.  Most of the time you only need to know how to modify existing code, not write it from scratch.  So as long as you understand the principles you can modify almost any language with a little googling and stackoverflow.  If you want a good book with tutorials get Violent Python.  It has some good tutorials on how to write your own vulnerability scanner, do traffic analysis with python scripts, etc.  Finally, get to know sql.  I didn't know ANY before the class and I spent many nights googling sql queries.  It sucked.

 

7.  I don't follow too many blogs to be honest.  Reddit netsec usually has some interesting articles.  ArsTechnica has good security stuff from time to time.  Hacker News is okay, Krebs on Security sometimes has interesting articles.  I honestly find it is hard to find good articles because most are just fact of information, not much on how the hack actually happened.  Eg. The Russians hacked the DNC!  Okay great... but how did it happen?  What was the vulnerability?  How did they persist?  Those questions usually aren't answered in great detail because journalists don't know the answers.  

 

8.  Sysadmin is definitely a great start.  You need to know how a network is setup in order to break it.  Traffic analysis is key, being able to use Wireshark and look at packets going over the wire is necessary in offensive and defensive security.  Understanding how different protocols work (FTP, SMTP, HTTP(S), SSH, SMB, etc.) is important, and knowing what they SHOULD look like over the wire.  They all have vulnerabilities, so you need to know how they all work.  You really need to know how operating systems work as well.  This was my biggest challenge.  I was never a sysadmin so I didn't know how to setup a domain controller, DNS server, etc.  Understanding both Windows and Linux services are key.  Hacking into web applications is also really important, you should know how to do RFI/LFI, sql injection, and some level of XSS.  Finally, being able to do some level of malware analysis is always high desired, really just dynamic malware analysis.  Practical Malware Analysis is a great book with lots of tutorials, I highly recommend it.  

 

Lots of the stuff I just outlined will be taught to you in the OSCP coursework.  So you don't need to know all of it, but be aware of it.

 

Further advice:

 

If you want some practice maybe download metasploitable vm and attempt to break into it. There are lots of tutorials online.  Also vulnhub.net has lots of exploitable vms you can download.  People have put lots of tutorials online on how to break into them as well.  

 

If you want a really good outline of resources read this thread: http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale-2.html

The guy was overkill on what he did to setup his Kali VM, but he has lots of good resources in there to read.  It definitely helped me.

 

If you have any other questions let me know, I'll be happy to help.  Learning this stuff is a journey, and nobody will ever be an expert at everything.

[zCommander]

3 hours ago, skinfan2k said:

These updates for Windows 10 are driving me crazy.  they take forever and my dad's computer has been asking me to update nonstop.  I realized he had like 8-9 updates he needed to do.  what's a good virus scanner outside of defender?

 

I have been using Avast! on all my computers. Has stopped many hacking webpage redirects and any torrent that has malicious code inside the file. It is free and I just use a dummy email address to renew every year.

 

Go to www.download.com to get it. 

[SoulSkin]

Just a FYI, for those that don't know. For small businesses, Avast, provides free AV where you can mange endpoints, and do mostly what you can do with other business type AVs via a web interface at business.avast.com. Malwarebytes has also just come out with a new version (paid) that is supposedly a full solution to replacing traditional AV, with active protection from zero day exploits, ransomware, etc. 

 

I found a sample of a locky variant that I was messing around with on a test network. Windows Defender on Windows 10, surprisingly, stopped it every time until I disabled it. After that, I disabled Defender and the new MBAM stopped it. Then I uninstalled MBAM and disabled Defender. It immediately encrypted files on the local machine and started to propagate to other machines. Haven't had a chance to mess with it much since, but that was encouraging. We've had three companies call us for help with ransomware. None of them use any kind of spam filter. All of them got it from end users opening up incredibly obvious spam email attachments. It is a mess, and takes forever to clean up after. Getting files back is difficult, if not impossible.

Edited December 22, 2016 by SoulSkin

[Renegade7]

 

Happy Holidays.  I'm on-call next week : )

[skinfan2k]

does anyone here have Roku?  i heard you can stream your verizon tv on there without the need of a cable box? is that true?

[tshile]

On 12/22/2016 at 9:42 AM, SoulSkin said:

Just a FYI, for those that don't know. For small businesses, Avast, provides free AV where you can mange endpoints, and do mostly what you can do with other business type AVs via a web interface at business.avast.com. Malwarebytes has also just come out with a new version (paid) that is supposedly a full solution to replacing traditional AV, with active protection from zero day exploits, ransomware, etc. 

 

I found a sample of a locky variant that I was messing around with on a test network. Windows Defender on Windows 10, surprisingly, stopped it every time until I disabled it. After that, I disabled Defender and the new MBAM stopped it. Then I uninstalled MBAM and disabled Defender. It immediately encrypted files on the local machine and started to propagate to other machines. Haven't had a chance to mess with it much since, but that was encouraging. We've had three companies call us for help with ransomware. None of them use any kind of spam filter. All of them got it from end users opening up incredibly obvious spam email attachments. It is a mess, and takes forever to clean up after. Getting files back is difficult, if not impossible.

 

Some interesting articles have come out about new spam techniques kicking off the last week or two (hailstorm is what they're calling it) specifically to spread the latest banking trojan and the encryption malware.

 

Be careful running windows defender with another antivirus product. Windows defender will check files after they are accessed, and many other AV products (with their version of "real time protection" enabled) will do the same thing. Computers will get bogged down as the two AV products go behind each other and keep checking the same files.

 

most of the business grade AV's I've seen disabled windows defender as part of their install and setup.

[SoulSkin]

23 minutes ago, tshile said:

 

Some interesting articles have come out about new spam techniques kicking off the last week or two (hailstorm is what they're calling it) specifically to spread the latest banking trojan and the encryption malware.

 

Be careful running windows defender with another antivirus product. Windows defender will check files after they are accessed, and many other AV products (with their version of "real time protection" enabled) will do the same thing. Computers will get bogged down as the two AV products go behind each other and keep checking the same files.

 

most of the business grade AV's I've seen disabled windows defender as part of their install and setup.

 

Definitely seen that more than a few times. One of my favorite things is when I run into someone running two or three AVs at once, and wondering why their system is slow and locking up. AVG vs Avast vs Avira vs Defender. Epic battle nobody wins.

[tshile]

1 minute ago, SoulSkin said:

 

Definitely seen that more than a few times. One of my favorite things is when I run into someone running two or three AVs at once, and wondering why their system is slow and locking up. AVG vs Avast vs Avira vs Defender. Epic battle nobody wins.

On of the many remnants from the computer world from 10-15 years ago. You have to have multiple antivirus products because one can't get them all.

 

That and the idea that if you don't go to shady sites you don't need antivirus. or, if you have an apple product you don't need it.

 

You need to defrag your hard drive regularly. Or, even better, reinstall windows every 4-6 months.

 

People still think disabling the UAC is smart/right.

 

Lots of misconceptions that get out there and just never seem to die.

 

Another favorite is disabling IPV6. I laugh every time I see that suggestion when you're browsing server troubleshooting advice.

[skinfan2k]

2 hours ago, tshile said:

On of the many remnants from the computer world from 10-15 years ago. You have to have multiple antivirus products because one can't get them all.

 

That and the idea that if you don't go to shady sites you don't need antivirus. or, if you have an apple product you don't need it.

 

You need to defrag your hard drive regularly. Or, even better, reinstall windows every 4-6 months.

 

People still think disabling the UAC is smart/right.

 

Lots of misconceptions that get out there and just never seem to die.

 

Another favorite is disabling IPV6. I laugh every time I see that suggestion when you're browsing server troubleshooting advice.

what are your recommendations for a macbook?

[tshile]

14 minutes ago, skinfan2k said:

what are your recommendations for a macbook?

I don't hahave any because I've only used one, trend Micro. I like it, but I don't have anything to compare it to so I can't recommend it since it costs money and haven't used anything else

[zCommander]

1 hour ago, skinfan2k said:

what are your recommendations for a macbook?

 

Webroot, Avast, Kaspersky are all good. Macs are getting infected now too with annoying adware that says your computer is infected and how to clean and speed up. Mac are no longer safe unlike some think they are. 

[tshile]

47 minutes ago, zskins said:

 

Webroot, Avast, Kaspersky are all good. Macs are getting infected now too with annoying adware that says your computer is infected and how to clean and speed up. Mac are no longer safe unlike some think they are. 

they never really were. they just weren't targeted. now they are since they got a slight uptick in market share over the last 10 years.

 

same with android and iOS devices. i laugh when people start talking about rooting their devices and using 3rd party app stores. they think by virtue of knowing how to do that they are 'smart enough' to avoid having their phone get compromised. spend a week reading some security news sources and you'll see it's a really bad problem.

 

so bad most places have just opted for setting up a virtual 'container' on your device in-place of actual BYOD management. you have to use your own device? fine, but our **** is sitting in its own little environment on your device and your **** isn't touching it.

Edited December 28, 2016 by tshile

[tshile]

UK Encryption Backdoor Law Passed Via Investigatory Powers Act

 

We're next. If I had to bet, the incoming administration will push for this sort of power and will get it. Probably see something about authority to shut down the Internet as well.

 

[tshile]

On a different topic:

The router viruses/worms are lol hilarious

 

https://krebsonsecurity.com/2016/11/new-mirai-worm-knocks-900k-germans-offline/

 

They turn off the update feature to prevent cleanup by the isp 

Edited December 29, 2016 by tshile

[GoCommiesGo]

I'm curious what is all of the professionals opinion on the internet of things?

 

my brother who does is finishing his degree in cyber security hates it. We had a conversation over the holiday about home automation. 

[tshile]

17 minutes ago, GoSkinsGo said:

I'm curious what is all of the professionals opinion on the internet of things?

 

my brother who does is finishing his degree in cyber security hates it. We had a conversation over the holiday about home automation. 

 

the IoT is awesome. Technology makes life easier and you get more out of things.

 

Problem is people don't configure their stuff correctly. UPnP on, let every device open holes in your firewall, but never update your devices or pay attention to appropriate sources to learn if your device has a problem and now you're just waiting to become a victim.

 

Manufacturers also design stuff very poorly, and in general don't care. They want to sell the most units of something, they only care about security to the extent that it harms their brand. As such, they are super reactive and hardly proactive on anything.

 

The net result is that the latest DDoS attacks that have crippled critical portions of the internet's infrastructure have come from... wait for it... tablets. or phones. or CCTV cameras.

 

I'm waiting for the headline "50,000 'smart' Samsung refrigerators take down the internet for 36 hours" because, at this pace, it's just a matter of time; and not much time. Also, I'm willing to place bets it'll definitely be a Samsung product because they are just as sloppy as can be.

 

So... IoT... awesome idea, poorly executed, mostly because our leading companies are more interested in selling the most units of something than they are in doing things the "right" way.

 

The IoT is today's version of the 2000-2012 website problem. Everyone thinks it should be cheap, easy, and everyone needs one, the result is a bunch of insecure stuff written by poorly educated/trained/informed or just outright lazy and incompetent programmers that turns into a security nightmare for the rest of us because those poorly designed things are turned into weapons and pointed at the rest of us.

 

[Gamebreaker]

I can co-sign Samsung bring the death of the Internet one day. Lol. 

 

First time I got any word through the media, and not a security email, was about Samsung's Smart TVs allowing access to people's homes. And this was years ago. And in typical Samsung fashion, they blamed a third party company they were using to farm data from their customer's conversations (without informing their customers this was happening btw) and accepted no responsibility whatsoever. 

[Alaskins]

On 12/28/2016 at 10:26 AM, zskins said:

 

Webroot, Avast, Kaspersky are all good. Macs are getting infected now too with annoying adware that says your computer is infected and how to clean and speed up. Mac are no longer safe unlike some think they are. 

I second Avast.  Good basic protection.