Cyberis Blog
Reassuringly clear thinking.
- Research
The True Impact Of A Cyber Breach On Share Price
With media coverage of security breaches becoming more commonplace, the business world is beginning to realise that it is less a matter of ‘if’ there is a breach and more a matter of ‘when’. Whilst there is often extensive coverage of the cost to the affected company of a data breach, rarely is the impact on the company’s value examined. We looked at four recent data breaches and examined the impact on share prices for the companies involved, both short and medium term, to see if the value of the company is indeed affected.
- Detect and respond
Internal Indicators Of Compromise: Understanding Your Data
The threat landscape is constantly evolving. The skillsets and techniques used by adversaries constantly evolve in terms of sophistication and efficacy. There's an arms race going on, and offensive capabilities tend to be outstripping defensive controls. Some ubiquitous threat actors, such as those criminal gangs running ransomware operations, may not care too much about what data you have within your network. Most organisations are targeted by a range of threat actors, however, and some may be highly driven to gain access to your assets.
- Detect and respond
The Online Extortion Trend
Over the last 12 months, ransomware has rapidly become one of the most prevalent information security threats to a vast number of organisations of any size, as well as the individual consumer. It is a highly lucrative opportunity for criminals and is claiming a growing list of victims. Indeed, at Cyberis, we have experienced a significant upward trend in incident response services and requests for our advice due to ransomware events.
- Penetration testing
- Tools and techniques
Obtaining NTDS.Dit Using In-Built Windows Commands
Using the same underlying technique (Volume Shadow Service), there is an in-built command (Windows 2008 and later) that does a backup of the crucial NTDS.dit file, and the SYSTEM file (containing the key required to extract the password hashes), without the need to use VB Script, third-party tools or injecting into running processes.
- Research
Vulnerabilities That Just Won't Die - Compression Bombs
Recently Cyberis has reviewed a number of next-generation firewalls and content inspection devices - a subset of the test cases we formed related to compression bombs - specifically delivered over HTTP. The research prompted us to take another look at how modern browsers handle such content given that the vulnerability (or perhaps more accurately, ‘common weakness’ - http://cwe.mitre.org/data/definitions/409.html) has been reported and well known for over ten years. The results surprised us - in short, the majority of web browsers are still vulnerable to compression bombs leading to various denial-of-service conditions, including in some cases, full exhaustion of all available disk space with no user input.
- Tools and techniques
Egresser - Tool To Enumerate Outbound Firewall Rules
Egresser is a tool to enumerate outbound firewall rules, designed for penetration testers to assess whether egress filtering is adequate from within a corporate network. Probing each TCP port in turn, the Egresser server will respond with the client’s source IP address and port, allowing the client to determine whether or not the outbound port is permitted (both on IPv4 and IPv6) and to assess whether NAT traversal is likely to be taking place.
- Penetration testing
- Tools and techniques
Testing .NET MVC For JSON Request XSS - POST2JSON Burp Extension
During a recent application penetration test on behalf of a client, one of the security vulnerabilities discovered was a stored cross-site scripting vector, delivered via a JSON request to a MVC3 controller. The malicious data (in this case a simple script tag proof-of-concept) was written to the database and subsequently echoed back to the user when viewing a number of pages within the application. This is how we wrote Burp plugin to bypass the XSS safety nets in the .NET framework...
- Research
- Tools and techniques
Shared Dictionary Compression Over HTTP (SDCH) - Bypassing Your Filtering Devices
Following Cyberis’ recent articles on bypassing perimeter filtering devices (e.g. proxies, IDS and next-generation firewalls) by manipulating HTTP response headers, we’ve taken a closer look at some more obscure Content-Encoding mechanisms. This article discusses Shared Dictionary Compression over HTTP (SDCH), and the implications for perimeter security controls designed to protect your network from unwanted content.
Improve your security
Our experienced team will identify and address your most critical information security concerns.