Regulated Corporate Data Champions

We’re about to collide into the brick wall that is personal data privacy.

There are several things to work out, but what I find most interesting to think about is the potential solutions and how they form based on incentive structures.

I think it’s obvious that there’s going to be both a government and a corporate component, and here’s a potential way that could play out.

  1. The government says that anyone taking in data will have to secure their data using an approved Data Champion.
  2. A Data Champion is also a consumer product, and they market to consumers as being the best protectors of peoples’ privacy.
  3. Data Champions have to secure data at a given level, as determined by government regulation, but they can of course go beyond that.
  4. The key function that the Data Champion plays is that of ACTIVE ADVOCATE for every customer’s data. So they don’t just protect the data that they have, but they go around the entire internet cleaning, masking, removing, and otherwise improving the safety of that customer’s data everywhere.

The key component here is that they get paid to do this, by the customer, and by the government. So it aligns the business incentives towards privacy, rather than away from it.

And it’s not that it stops data exchange—which won’t work because the internet of things is powered by personal data—but rather that the data exchange will be highly cared for because there will be advocates involved on all sides.

So there will be corporate interests in ensuring that the exact right amount of data is sent, to the correct entity, with the correct protections.

And every consumer has the option of picking a Data Champion from an approved list provided by the government. Like eating at a restaurant that’s allowed to be open by the health department.

Government can’t do privacy by itself. It has to be a corporate solution.

And most corporations won’t protect data as part of their culture because 1), it’s hard, and 2) they worry they’ll make less money.

So this combined solution unifies those weaknesses into a strength, whereby all data is protected by a Corporate Data Champion, which is in turn regulated by the government.

Anyway, not fully fleshed out or anything. Just tossing around ideas for how to deal with this thing that’s coming.

Ideas welcome.


Become a direct supporter of my content for less than a latte a month ($50/year) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month, plus access to the member portal that includes all member content.

Source: DM
Regulated Corporate Data Champions

Employees Actively Seeking Ways to Bypass Corporate Security Protocols in 95 % of Enterprises

Employees Actively Seeking Ways to Bypass Corporate Security Protocols in 95 % of Enterprises

Nowadays cyber incidents activities such as data theft, insider threat, malware attack most are significant security risks and some it caused by the employees of the company both intentionally or unknowingly, also around 95% of threat and Activities with access to corporate endpoints, data, and applications. Many of the security testings among the most alarming discoveries […]

The post Employees Actively Seeking Ways to Bypass Corporate Security Protocols in 95 % of Enterprises appeared first on GBHackers On Security.

Source: GBHackers
Employees Actively Seeking Ways to Bypass Corporate Security Protocols in 95 % of Enterprises

Russian Google “Yandex” Hacked with Rare Type of Malware called Regin to Spy on Users Accounts

Regin

Russian Internet Giant Yandex hacked by Western intelligence agencies hackers with a rare type of malware called “Regin” to spy on Yandex users account. Yandex is a Russian search engine also specializing in Internet-related products and services including Commerce, transportation, navigation, mobile applications, and online advertising. Yandex is widely known as Russian Google. The attacker was conducted between […]

The post Russian Google “Yandex” Hacked with Rare Type of Malware called Regin to Spy on Users Accounts appeared first on GBHackers On Security.

Source: GBHackers
Russian Google “Yandex” Hacked with Rare Type of Malware called Regin to Spy on Users Accounts

NCSC Issued an Emergency Alert for Ryuk Ransomware that Actively Attacks on Global Organizations

NCSC Issued an Emergency Alert for Ryuk Ransomware that Actively Attacks on Global Organizations

National Cyber Security Centre (NCSC) from the UK issued an alert for Ryuk ransomware attack that is actively targeting global organization associated with Emotet and TrickBot malware. Researcher uncovered this ongoing Ryuk ransomware infection identified in the various organization network along with Emotet and TrickBot infection. Ryuk Ransomware initially uncovered in August 2018 since then […]

The post NCSC Issued an Emergency Alert for Ryuk Ransomware that Actively Attacks on Global Organizations appeared first on GBHackers On Security.

Source: GBHackers
NCSC Issued an Emergency Alert for Ryuk Ransomware that Actively Attacks on Global Organizations

amass — Automated Attack Surface Mapping

Whether you’re attacking or defending, you have the highest chance of success when you fully understand the target.

The pronunciation stress is on the second syllable.

amass (/əˈmas/) is a versatile cybersecurity tool for gathering information on the attack surface of targets in multiple dimensions, and this amass tutorial will take you through its most important and powerful features, including many examples.

Why amass?

For example, there are many port scanners, but nmap and masscan provide 99% of the value.

You might be asking, “Why amass and not one of the 113 other tools out there?” It’s a good question, and part of the answer is because yes—there really is a legion of tools out there that all do one or two things decently—and it’s refreshing to have this level of quality across so many features all in one place.

I’ve just become a contributor to the project as well (June 2019).

amass also prioritizes the use of many different sources of input, whereas many tools only have a few. So when a new technique comes out—such as certificate transparency—the developers are quick to include it. Here’s a short list of all the different things it looks at:

  • DNS: Basic enumeration, Brute forcing (upon request), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (upon request)
  • Scraping: Ask, Baidu, Bing, CommonCrawl, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo
  • Certificates: Active pulls (upon request), Censys, CertDB, CertSpotter, Crtsh, Entrust
    APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, DNSDB, HackerTarget, Mnemonic, NetworksDB, PassiveTotal, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal
  • Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback

@caffix, @fork_while_fork, and the rest of the team are phenomenal.

Finally, tools develop their own gravity once they get big enough, popular enough, and good enough. In the OSINT/Recon tools game, there exists a depressing graveyard of one-off and abandoned utilities, and it’s nice to see a project with some consistent developer attention.

Installation

Here are the best ways to install amass.

You’ll need to make sure your Go pathing is set up correctly so you can run it. You might need a chicken to kill.

Go

go get -u github.com/caffix/amass

amass enum –list

Docker

docker build -t amass https://github.com/OWASP/Amass.git

docker run -v ~/amass:/amass/

amass enum –list

Homebrew/macOS

brew tap caffix/amass

brew install amass

amass enum –list

The Modules

amass is somewhat unique in that all its functionality is broken into modules that it calls subcommands, which are intel, enum, viz, track, and db.

The primary amass research modules

There’s a full user guide that functions much like a man page, and you can use that as a full reference. But here we’ll cover the basic themes and show a few of my favorite options.

In short, intel is for finding information on the target, enum is for mapping the attack surface, viz is for showing results, and track is for showing results over time. db is for manipulating the database of results in various ways.

Intelligence

Consult the full user guide for more detail on each.

If you’re not doing adequate recon, you’re setting yourself up to be unpleasantly surprised in the future.

If you have a new target and are only using amass, the Intelligence subcommand is where you’ll start. It takes what you have and helps you expand your scope to additional root domains. Here are some of my favorite options under the intel subcommand.

  • intel: -addr (by IP range), -asn (by ASN), -cidr (show you domains on that range), -org (to find organizations with that text in them), and -whois (for reverse whois).

I’m using Uber because they are known to have an open bounty program that encourages this sort of public scrutiny.

Let’s look at organizations with “uber” in their name.

amass intel -org uber

A few of those should stand out (and not just because I highlighted them).

Results abridged for brevity.

18692, NEUBERGER - Neuberger Berman
19796, SHUBERT - Shubert Organization
42836, SCHUBERGPHILIS
45230, UBERGROUP-AS-NZ UberGroup Limited
52336, Autoridad Nacional para la Innovaci�n Gubernamental
54320, FLYP - Uberflip
56036, UBERGROUP-NIX-NZ UberGroup Limited
57098, IMEDIA-AS Pierre de Coubertin 3-5 office building
63086, UBER-PROD - Uber Technologies
63943, UBER-AS-AP UBER SINGAPORE TECHNOLOGY PTE. LTD
63948, UBER-AS-AP UBER SINGAPORE TECHNOLOGY PTE. LTD
132313, UB3RHOST-AS-AP Uber Technologies Limited
134135, UBER-AS-AP Uber Technologies
134981, UBERINC-AS-CN Uber Inc
135072, SUITCL-AS-AP Shanghai Uber Information Technology Co.
135190, UBERCORE-AS Ubercore Data Labs Private Limited
136114, IDNIC-UBER-AS-ID PT. Uber Indonesia Technology
267015, ESADINET - EMPRESA DE SERVICOS ADM. DE ITUBERA LTD

And here’s a lookup based on a CIDR range, where you can find all the domains hosted on that range.

amass intel -ip -cidr 104.154.0.0/15

Finding domains hosted on a CIDR range

Enumeration

The most basic example is just finding subdomains for a given domain. Here we use the -ip option to show the IPs for them as well.

amass enum -ip -d danielmiessler.com

I also love that amass output almost looks like a GUI, but can still be parsed via CLI.

With the IP option showing IPS for discovered domains

And here’s a run using the very cool -demo option, which does some quasi-masking of the output.

You might think I shouldn’t show my DNS like this, but I run WordPress so you can hack me with a wet piece of string anyway.

The enum module used with the demo option

Some of my favorite options in enum are:

  • enum: -d for basic subdomains, -brute brute-forcing additional subdomains, and -src because it lets you see what techniques were used to get the results.

Visualization

Visualization—as you might have guessed—allows you to see your results in interesting ways. And a big part of that is the use of D3, which is a JavaScript visualization framework.

amass viz -d3 domains.txt -o 443 /your/dir/

d3 output from amass against danielmiessler.com

My favorite options in viz are: -d3 for the D3 output, -maltego for creating Maltego compatible output, and -visjs for an alternative JS visualization that’s kind of nice.

amass in action

Real-world Examples

Ok, so that was a brief intro into the tool, and again—the user guide has tons more options for things you might expect, like reading from files, output configuration, doing exclusions, etc.

But now it’s time for what you probably came here for—which is a list of tactical examples based on common use cases.

Finding Company Properties

The substring bit is important. Too much text and you miss it, not enough and you get tons of false positives.

A common way to start is by searching for substrings of the company, to see what all subdivisions they might have around the world. And don’t forget to search for companies they’ve acquired or merged with as well.

amass intel -org uber

New Domains via CIDR

One way to find new domains is to look by CIDR range.

amass intel -ip -cidr 104.154.0.0/15

Finding domains hosted on a CIDR range

New Domains via ASN

Another way to find new domains is to look by ASN.

amass intel -asn 63086

Finding Subdomains

Once you have a good list of domains, you can start looking for subdomains using the enum subcommand.

amass enum -d -ip -src danielmiessler.com

With the IP option showing IPS for discovered domains

Summary

amass is a powerful tool that helps both attackers and defenders improve their game. It’s possible to find one-off tools that might do some of these functions better, but such tools often decay quickly into obsolescence.

It’s quite nice to have a solid, well-organized tool that can do most of what we need from a single place.

Watch out for more in this series on recon-related tooling, and in the meantime you can check out my other technical tutorials.

Stay curious!

Notes

  1. If you have any favorite functionality you’d like to include, reach out to me here.


Become a direct supporter of my content for less than a latte a month ($50/year) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month, plus access to the member portal that includes all member content.

Source: DM
amass — Automated Attack Surface Mapping

Pentesting Windows Using Microsoft Office DDE Exploit (MACROLESS)

DDE exploit

DDE exploit also was known as dynamic data exchange, it allows data to be transferred between applications without any interaction from the user. Hackers leveraged this method to execute malicious scripts to compromise. It was reported to Microsoft from Sensepost, Etienne Stalmans, and Saif El-Sherei but it was not patched since many applications are using […]

The post Pentesting Windows Using Microsoft Office DDE Exploit (MACROLESS) appeared first on GBHackers On Security.

Source: GBHackers
Pentesting Windows Using Microsoft Office DDE Exploit (MACROLESS)

10 Best Free SSL Checker For 2019, to Check for Certificate Installation and Vulnerabilities

SSL Checker

SSL Checker helps you in troubleshooting the common SSL issues and the SSL endpoint vulnerabilities. With the SSL checker, just you need to submit the domain name or IP address along with the port number to analyze the configuration and security of the website. These diagnostics tools help you in finding vulnerabilities in SSL Suites, […]

The post 10 Best Free SSL Checker For 2019, to Check for Certificate Installation and Vulnerabilities appeared first on GBHackers On Security.

Source: GBHackers
10 Best Free SSL Checker For 2019, to Check for Certificate Installation and Vulnerabilities

Friday Squid Blogging: Fantastic Video of a Juvenile Giant Squid

It’s amazing:

Then, about 20 hours into the recording from the Medusa’s fifth deployment, Dr. Robinson saw the sharp points of tentacles sneaking into the camera’s view. “My heart felt like exploding,” he said on Thursday, over a shaky phone connection from the ship’s bridge.

At first, the animal stayed on the edge of the screen, suggesting that a squid was stalking the LED bait, pacing alongside it.

And then, through the drifting marine snow, the entire creature emerged from the center of the dark screen: a long, undulating animal that suddenly opened into a mass of twisting arms and tentacles. Two reached out and made a grab for the lure.

For a long moment, the squid seemed to explore the strange non-jellyfish in puzzlement. And then it was gone, shooting back into the dark.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Source: Schneier
Friday Squid Blogging: Fantastic Video of a Juvenile Giant Squid