Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label PenTesting. Show all posts

The Importance of Whitelisting Scanner IPs in Cybersecurity Assessments


In the realm of cybersecurity, ensuring the safety and integrity of a network is a multifaceted endeavor. One crucial aspect of this process is the regular assessment of potential vulnerabilities within the system. As a cybersecurity professional, our work revolves around identifying these vulnerabilities through automated scans and red team exercises, meticulously recording them in a Bugtrack Excel sheet, and collaborating with human analysts to prioritize and address the most critical issues. However, a recurring challenge in this process is the reluctance of some customers to whitelist the IP addresses of our scanning tools.

The Role of Whitelisting in Accurate Assessments

Whitelisting the scanner IP is essential for obtaining accurate and comprehensive results during security assessments. When the IP address of the scanning tool is whitelisted, it allows the scanner to perform a thorough evaluation of the network without being hindered by security measures such as firewalls or intrusion detection systems. This unrestricted access enables the scanner to identify all potential vulnerabilities, providing a realistic picture of the network's security posture.

The Reluctance to Whitelist

Despite the clear benefits, many customers are hesitant to whitelist the IP addresses of cybersecurity vendors. The primary reason for this reluctance is the perception that it could expose the network to potential threats. Customers fear that by allowing unrestricted access to the scanner, they are inadvertently creating a backdoor that could be exploited by malicious actors.

Moreover, there is a prevalent falsity in this approach. By not whitelisting the scanner IP, the results of the security assessments are often incomplete or misleading. The scanners may miss critical vulnerabilities that are hidden behind security measures, resulting in a report that underestimates the actual risks. Consequently, the management and auditors, relying on these reports, task the IT team with addressing only the identified issues, leaving the undetected vulnerabilities unaddressed.

The Illusion of Security

This approach creates an illusion of security. The customer, management, and auditors may feel satisfied with the apparent low number of vulnerabilities, believing that their network is secure. However, this false sense of security can be detrimental. Hackers are relentless and innovative, constantly seeking new ways to infiltrate networks. They are not deterred by the same security measures that hinder our scanners. By not whitelisting the scanner IP, customers are effectively blinding themselves to potential threats that hackers could exploit.

The Hacker's Advantage

Hackers employ manual methods and conduct long-term reconnaissance to find vulnerabilities within a network. They utilize a combination of sophisticated techniques and persistent efforts to bypass security measures. The tools and strategies that block scanner IPs are not effective against a determined hacker's methods. Hackers can slowly and methodically map out the network, identify weaknesses, and exfiltrate data without triggering the same alarms that automated scanners might. This means that even if a scanner is blocked, a hacker can still find and exploit vulnerabilities, leading to potentially catastrophic breaches.

The Need for Continuous and Accurate Scanning

Security scanners need to perform regular assessments—daily or weekly—to keep up with the evolving threat landscape. For these scans to be effective, the scanner IP must be whitelisted to ensure consistent and accurate results. This repetitive scanning is crucial for maintaining a robust security posture, as it allows for the timely identification and remediation of new vulnerabilities.

The Conference Conundrum

Adding to this challenging landscape is the current trend in cybersecurity conferences. Instead of inviting actual security researchers, security engineers, or architects who write defensive software, many conferences are being hosted by OEM vendors or Consulting organizations. These vendors often showcase the users of their security products rather than the experts who develop and understand the intricate details of cybersecurity defense mechanisms. This practice can lead to a superficial understanding of security products and their effectiveness, as the focus shifts from in-depth technical knowledge to user experiences and testimonials.

Conclusion

In conclusion, the reluctance to whitelist scanner IPs stems from a misunderstanding of the importance of comprehensive and accurate security assessments. While it may seem counterintuitive, whitelisting these IP addresses is a necessary step in identifying and addressing all potential vulnerabilities within a network. 

By embracing this practice, customers can move beyond the illusion of security and take proactive measures to protect their networks from the ever-evolving threats posed by cybercriminals. The ultimate goal is to ensure that both the customer and their management are genuinely secure, rather than merely appearing to be so. Security measures that block scanner IPs won't thwart a dedicated hacker who uses manual methods and long-term reconnaissance. Thus, comprehensive vulnerability assessments are essential to safeguarding against real-world threats. Additionally, there needs to be a shift in how cybersecurity conferences are organized, prioritizing the inclusion of true security experts to enhance the industry's collective knowledge and capabilities.

--

Suriya Prakash and Sabari Selvan

CySecurity Corp 

Break The Security - Hands on Ethical Hacking and Cyber Security Training for Corporate


Cyber Security & Privacy Foundation is proud to announce the Corporate training in Chennai. The attendees will be trained by four security researchers on various cyber security topics.

The training starts with introduction to information security field and various classes of hackers. It will be hands on training, we will demonstrate the usage of various security tools and will help the attendees to use it.

The course covers various tookits including TamperData, Hackbar, Maltego, FOCA , Live HTTP Headers plugin and more.

We also give training on advanced tools for vulnerability assessment and penetration testing which includes Metasploit, Nmap, Nessus, sqlmap, and more.

Attendees are requested to bring their own laptops installed with isolated network like VMware/Virtual box to gain hands on exposure.

Venue:

Computer Society Of India Head Quarters,
Educational Directorate- Taramani,
Chennai
Chennai, Tamil Nadu

Price:

The Corporate Training tickets would cost Rs. 2000/- per person.

Lunch and Tea/Snacks will be provided at the venue.

Registration Link:

http://www.meraevents.com/event/break-the-security-training–ethical-hacking-hands-on-for-corporate

For more details , visit : http://cwhh.cysecurity.org/?page_id=81

Download BackBox Linux 3.01 -PenTesting Distro


The BackBox Team annnounced the updated release of BackBox Linux, the version 3.01. This release include features such as Linux Kernel 3.2 and Xfce 4.8.

BackBox is an Ubuntu based Linux distribution penetration test and security assessment oriented providing a network and informatic systems analysis toolkit. BackBox desktop environment includes a minimal yet complete set of tools required for ethical hacking and security testing.



What's new
  • New and updated hacking tools (ex. backfuzz, beef, bluediving, cvechecker, htexploit, metasploit, set, sqlmap, websploit, weevely, wpscan, zaproxy, etc.)
  • System improvements
  • Upstream components
  • Bug corrections
  • Performance boost
  • Improved auditing menu
  • Improved Wi-Fi dirvers (compat-wireless aircrack patched)

The ISO images (32bit & 64bit) can be downloaded from the following location:
http://www.backbox.org/downloads

Ubnhd2 PenTesting OS : Change your Android mobile as Hacking Device


Ubnhd2 is a security and pentest focused ubuntu/debian system that runs natively on the HTC HD2 phone. To boot this you need the Magldr on your phone and the first FAT partition should be named "SD". The Ubnhd2 is in beta version.

The Ubnhd2 is in beta .  For now, these options work:
- Booting via Magldr
- Landscape Display orientation
- usb host
- Haret booting
- Touchscreen
- Wifi with encryption
- 3G network connection, sim-pin needs to be disabled !
- Audio/audio player
- Audio Outputs (Loudspeaker, Phonespeaker or Headphones)
- The Hardware Controls (Display Brightness, LEDs etc)
- x11VNC Server(not the fastest one due to workarounds, but still usable)
- PwnPi & Backtrack Tools(not all but most atm)
- dpms
- The common ubuntu stuff


What doesnt work:
- Monitor Mode for bc5329
- Phone Feature(no calls no sms/mms sPhone stills needs to be loaded or 3g network wouldnt work.)
- Bluetooth(kernel side looking ok, but the rest is incomplete)
- Battery Stats (no percentage, no recharging)
- Video Player (Without Audio it looks delicious with Xine, even in
fullscreen, but due to the Audio problem mentioned before it has desynchronized and laggy sound)
- Hardware keys, (Kernel side ok but the xorg.conf and xinput settings are not correct)
- Second Mouse Button

The Project needs:
- Kernel Developers (urgent)
- People who are familiar with implementing the msm/qsd x.org driver
- People who are able to crosscompile for arm's
- Developers that have good tools or scripts to embed
- Pentesters who want to contribute some toolchains and methods
- Designers / Webdesigners
- Translators
- People who are able to fix s.th.


If you want to enter the project, you can contact the developer via XDA-developers forum.

How to install Ubnhd2?:
Rename the first FAT Partition of the SD card to "SD" or many things wont work !  (this should be done externally and not in the phone because ubuntu sets the mount points on boot time !)

You need the Magldr on your HD2

Extract all files from the downloaded archive "linux.zip" to the directory "linux" on your sd card

Set the right "Android from SD" folder in Magldr (SD/linux), select "Boot AD from SD"

The package "connman" should be deinstalled because its consuming too much cpu and doesn't work well together with wicd, the wifi autoconnect after boot was also affected by this.

Password for both accounts is still "ubuntu"

Be careful what you install, it has Debian and Ubuntu repos. In some cases the "Force Version" Option helps

To get the Wifi working you need the drivers from here:
http://www.mediafire.com/?6l365qz2jvc5hqh

- extract the two files (fw_bcm4329.bin & bcm4329.ko)
- move them to the root folder of your SD-Card
- boot up ubnhd2
- go to gnome-menu -> Stuff -> System -> bcd-res-upd
- take option 7 (Import ... from SD)
- takes a second
- Press the wifi-signal in the dock
- answer the dialog with ok
- after the vibration signal from the wifi script the networks can be
configured by clicking the icon in the menubar (wicd app)

Download 0.0.3.17 beta:
https://sourceforge.net/projects/ubnhd2/