Friday, April 17, 2015

Nmap script for MS15-034

Microsoft has announced a critical vulnerability (M15-034) in multiple windows platform. The vulnerability is assigned CVE number 2015-1635. It can be exploited remotely via a special HTTP request resulting in a server hang or code execution.
Download Nmap NSE script for MS15-034.

Thursday, April 16, 2015

Verizon 2015 DBIR

Verizon has published its annual report on data breach investigation called DBIR. Covering thousands of security incidents and real data breaches from different industries, it has become a valuable reference for security professionals.

Thursday, August 28, 2014


Sysmon is a new tool from the Sysinternals collection. It aims at logging sensitive operations inside MS windows performed  by processes. This includes process creation details, network connections by a process and changing the creation date of a file. The latter is a common behavior of malwares (although may be the action of a legitimate processes).
After download, it could be installed by the following command:

Sysmon.exe -i -h sha256 -n

It becomes a system service which starts at boot time. After installation, you should use the windows Event Viewer and navigate to Applications and Services Logs/Microsoft/Windows/Sysmon/Operational to view its logs. 

Monday, March 3, 2014

The importance of log management

Deploying a SIEM when you have not proper log management in place, is certain to fail. I have heard this fact always, but I didn't realize it until I became involved in a SIEM evaluation project. The log management infrastructure and its processes is necessary for a successful SIEM deployment.

Sunday, March 2, 2014

SIEM evaluation

During recent months, my focus has been the evaluation of some Security Information and Event Management (SIEM) products. It is interesting and full of new experiences. I create a baseline feature list for the SIEM products, which is derived from multiple products and best practices.
The baseline is comprised of 5 susbsystems:
  • Log management and analysis
  • Event correlation
  • Management console/dashboards
  • Reaction 
  • Knowledge base
For each subsystems, a number of basic features are defined.
I am also preparing to perform the evaluations is a lab environment. As a result, I am setting up a testing environment with my team to provide different logs to the products.
I recommend the contents presented by Dr. Anton Chuvakin as a very useful reference.   

Thursday, May 23, 2013

Microsoft SQL Server security tips

SQL server secyrity is one of my favorite topics. I have seen lots of applications that use the Microsoft SQL server as the database, and suffer from basic security issues regarding the configurations of the database engine. Fortunately I found a series of security tips here at