The Number 1 reason is: “We do not do an adequate job of patching and paying attention to security!” Again and again we can find reports and stories of entities not doing basic tasks: Above image is from Protiviti report Why are the basics not being done? Because a concerted effort to manage IT … Read more
First of all what is a rootkit? A collection of software that runs and tries to hide from the computer user and administrator while also allowing the attacker access to the computer. It does this by connecting as ‘root’ to the Operating System kernel. In Linux ‘root’ is the administrator. If you can masquerade as … Read more
Another Thotcon presentation was very good, unique and moves the industry forward. Julian Cohen presented This idea: “Understanding Your Adversaries” In his talk: “Adversary-Based Threat Analysis” He explained that in the traditional Threat modeling Process the following 6 items happen. Identify Assets Create Architecture Overview Decompose an Application Identity the Threats Document the Threats Rate … Read more
Is your Windows10 version obsolete already? there are many versions of Windows10 and it depends on when it was released, example – the first one version 1507 released July 2015 has a end of service date of May 9, 2017. The problem is every software manufacturer Can’t or doesn’t keep releasing vulnerability updates forever. The … Read more
I needed to run OpenVAS (OpenVAS stands for Open Vulnerability Assessment System) the Linux based vulnerability management software on a virtual machine, which means it does not have its own monitor that one sits at to see this screen: OpenVAS is made by Greenbone, “which develops OpenVAS as part of their commercial vulnerability management product … Read more
