General InfoSec discussion

Discussion in 'Business & Enterprise Computing' started by Gunna, Nov 18, 2019.

  1. wazza

    wazza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,771
    Location:
    NSW
    randomman likes this.
  2. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    15,592
    Location:
    Canberra
    what's next

    Print Nightmare 3, Tokyo Fax ?
     
    yoink, millsy and 3Toed like this.
  3. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    10,276
    Location:
    Briz Vegas
    Nightmare with Print Services 2 : Freddie's Revenge on paper wasting management who like to print emails.
     
  4. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,616
    Location:
    Brisbane
  5. wintermute000

    wintermute000 Member

    Joined:
    Jan 23, 2011
    Messages:
    2,564
    Family
     
  6. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,473
    Location:
    Brisbane
  7. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,616
    Location:
    Brisbane
  8. randomman

    randomman Member

    Joined:
    Oct 21, 2007
    Messages:
    5,173
    Location:
    Vancouver, BC
    If one was considering a jump from SCCM/Endpoint administrator to Infosec Engineer what would be the best certificate to get to start? CISSP? Is the official self-paced training the best?

    I've already done one Wild West Hackin Fest course and just about to do another:
    Getting Started in Security with BHIS and MITRE ATT&CK - done
    SOC Core Skills - TBD
     
    Last edited: Jul 29, 2021
  9. tobes

    tobes Member

    Joined:
    Dec 23, 2001
    Messages:
    4,165
    Location:
    Melbourne
    I did CISSP and CCSP over the last ~8 months. I didn't use any official training but I did read the Official Study Guide and All in One Guides and do all the associated practice questions that come with them. I also used the official practice test apps. Head over to r/CISSP and read the pinned info there are A lot of great links, also find the Certification Station Discord both of these have a wealth of links to free material and also recommendations for paid courses. If you have access to LinkedIn learning Mike Chappeles course is good as well.
     
    randomman likes this.
  10. wazza

    wazza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,771
    Location:
    NSW
    I wish, really need someone to release a vuln that causes the fuser to overheat and catch fire on any laser printers so that people get scared of printers...then we may have a chance.
     
  11. wazza

    wazza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,771
    Location:
    NSW
    2Print2Nightmare patched yesterday, Print Nightmare 3 Tokyo fax released today. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958. MS list it as a RCE but so far it appears to be only exploitable locally.
    Viable workaround for PN3 is to allow packaged point and print drivers to be installed from approved servers only.
    https://www.bleepingcomputer.com/ne...s-another-windows-print-spooler-zero-day-bug/
     
    GumbyNoTalent likes this.
  12. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,659
    I feel like this is something that happened 3 or 4 years ago, and everyone has the Point and Print approved servers GPO now...
    Is this something different to that?
     
  13. wazza

    wazza Member

    Joined:
    Jun 28, 2001
    Messages:
    3,771
    Location:
    NSW
    Not sure on a specific exploit for it, but it's likely long been a part of your typical Windows hardening guides - but I'd say that you could get 100 different Windows "experts" to set up a new domain for you and be lucky if any of them do any hardening on it, unless specifically requested. Part of the issue will be a lack of knowledge, but I'm sure a big part as well is the race to the bottom - if company A quotes on a basic domain setup and company B quotes on a hardened setup, it will take B longer to do and thus cost more so people are likely to go with A (who has convinced them that hardening is not required, because they're just a small company in Australia, why would a hacker target you?).

    2 more recent vulnerabilities of note:
    Dead simple LPE attack on Windows by plugging in a Razer mouse (or android phone/omg cable emulating a razer mouse) - Windows auto launches the installer as SYSTEM to install drivers without requiring an admin password, but their installer also loads a control application and a folder selection window lets you spawn a powershell window with the same rights.
    Vuln is a combination of MS allowing device manufacturers to do this, and razer doing it - researchers say there may be up to 2500 devices that haven't been tested yet that may have a similar vuln, so the only real fix will need to be done by MS - but Razer are also working on a fix for their part in the vuln.
    https://twitter.com/j0nh4t/status/1429049506021138437

    Azure Cosmos DBs with Jupyter Notebook enabled (which was auto-enabled for a short period of time by MS) may have leaked their primary keys, which unless changed will allow an attacker to have full access to your database *even after MS have now disabled the Jupyter Notebook feature*. MS have also only notified people who were vulnerable during a 1 week time period but the researchers say that the vulnerability existed for a lot longer than that, and recommend all users rotate their primary keys.
    https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases
     
    wulfy23 and Dunska like this.
  14. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,616
    Location:
    Brisbane
    Unfortunately even now basic hardening is not considered a baseline activity, and most service providers do what they're asked to do, not what they should do.
     
  15. randomman

    randomman Member

    Joined:
    Oct 21, 2007
    Messages:
    5,173
    Location:
    Vancouver, BC
    I know this isn't technically Business & Enterprise but not sure if any of you would browse the other areas.

    I want to setup a reverse proxy. Proxmox (type 1 hypervisor) has a guest OpenMediaVault which also has Docker installed with media center stuff with web interfaces. There's a lot of "how to setup reverse proxy in Docker 101" guides out there but are any of them security conscious? Do I have to do extra hardening (ACLs or firewall?) on my Traefik or Nginx container if it's in the same stack as the other containers I'm trying to put behind the proxy? Should I be concerned about virtualization vulnerabilities that could open up my guest and host to the internet?
     
  16. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    15,592
    Location:
    Canberra
    traefik is all you need.

    you can use it to add a layer of authentication to anything/everything behind it (globally, and/or service by service).

    I've got mine adding a mandatory client certificate check on top of the regular SSL.

    you should be running your containers in separate networks. e.g.

    run a front-end network, this has traefik and your containers with web UI's in it.
    if a container also runs another container for a database, run that database container on a separate network. (no need for traefik to have any access to it) - another layer.

    yes there's of course potential security issues with containers - there's also plenty of hardening guides for docker too. biggest/easiest thing to fix is user abstraction, by default the container and host UID/GID maps over lap so there's potential for breakout, if someone manages to exploit the app in the container, if the user maps are redefined, gaining UID 0 in the container, will be instead an unprivileged UID on the host.

    as said, lots of guides out there.
     
  17. randomman

    randomman Member

    Joined:
    Oct 21, 2007
    Messages:
    5,173
    Location:
    Vancouver, BC
    All of them have webUIs so no need for separate network. I've created a separate regular user on the container host and specified the UIDs for the containers, no root access, only read/write to shared folders hosted by OMV.
     
  18. Dunska

    Dunska Member

    Joined:
    Sep 22, 2002
    Messages:
    868
    Location:
    Brisbane
    NSanity likes this.
  19. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,473
    Location:
    Brisbane
    sammy_b0i and Dunska like this.
  20. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    15,592
    Location:
    Canberra
    but how else am I meant to work from home.
     

Share This Page

Advertisement: