Author Archive

Useful post regarding Office 365 security hardening

by on Feb.27, 2020, under Posts

It’s 2020. We are now progressing more and more toward the cloud and will have to take into consideration security concerns that relate to the cloud. 2 large players in the cloud for productivity suites include Google and Microsoft.

Since Microsoft still dominates the market when it comes to workstation operating systems and office suites, Office 365 is being adopted pretty quickly. I really recommend that you to take a look at this post if you currently have Office 365:

Introducing the Microsoft Office 365 Email Security Checklist

It has some good pointers that will help you lock your Office 365 tenant down. Of course there is Microsoft Secure Score, but it seems as if it’s in its infancy. It is buggy and not reliable. This is not to say it won’t help you harden your tenant, but I wouldn’t let it necessarily be the golden rule.

One must also keep in mind that to make Office 365 ‘more secure’ according to Microsoft, you need to essentially pay for it. Standard subscriptions won’t get you certain features. ( Please see: https://products.office.com/en-us/exchange/advance-threat-protection#office-ProductsCompare-785zwzq )

#Update 3/3/20:

Infragard presentation on Office 365 Security:

https://drive.google.com/open?id=1_n9RocH3-J0cwfj4l3RyzFCC-Qfd1g4Q

12C2049B0AB7E7F2134A2ECD3D37F402  – MD5

9664CBF3C74B27770E962E8BB96C7A8816BBAFDE – SHA-1

(VirusTotal: https://www.virustotal.com/gui/file/5509d67471b8d66cdfb90e147d8a31f5df8362f0a32d47f95fca0cab51e40376/detection )

#Update 3/6/20:

Pictures of Office 365 Secure Score Suggestions (one could extrapolate some of these suggestions and apply to other cloud services):

https://drive.google.com/open?id=1R1UVKtf9d8jwbrfC0IKgjOZIcTZt_Shy

550FB7C99E35AF8F7DB1DAD168410012 – MD5

56A43F1DCE1B9BC16AD1AD853CD3918E23AE60BD – SHA-1
(VirusTotal: https://www.virustotal.com/gui/file/9bd4515270eaf0941ff037368fd1badd38b9dd1dde4dbb925bf00256f5f372b1/detection )
Leave a Comment :, , , , , , , , , , , , , more...

Deepfake Technology

by on Jan.27, 2020, under Videos

Deepfake technology can be used for malicious purposes. One notable example is when malicious actors used deepfake voice technology to swindle a CEO out of $243,000.

Leave a Comment :, , , , , , , more...

kubernetes.io web terminal root shell

by on Jan.01, 2020, under Posts

Recently, I’ve been reading up on containers and kubernetes. I have just discovered this. It just seems like it could be easily abused:

No authentication necessary. You simply click on Launch Terminal and you’ll get a root shell with full internet access.

https://kubernetes.io/docs/tutorials/hello-minikube/

(This is a frame from https://www.katacoda.com/ )

Leave a Comment :, , , , , , , , more...

abuseipdb.com – ip list

by on Nov.04, 2019, under Blacklists, Posts

Here is a list of known ‘malicious’ IPs from abuseipdb.com. It is updated daily. It’s in a list/plaintext format that should be easy to integrate.

http://zitstif.com/badips.txt

http://zitstif.no-ip.org/badips.txt

Sha256sum:

http://zitstif.com/badipsHash.txt

http://zitstif.no-ip.org/badipsHash.txt

#Update 11/10/2019

Here are a list of offending IPs that have targeted my honeypot I have setup. This will be updated daily as well:

http://zitstif.com/badIpsHoney.txt

http://zitstif.no-ip.org/badIpsHoney.txt

Sha256sum:

http://zitstif.com/badIpsHoneyHash.txt

http://zitstif.no-ip.org/badIpsHoneyHash.txt

#Update 11/13/2019

Here’s another list of IPs that have offended the WAF I use:

http://zitstif.com/WAFips.txt

http://zitstif.no-ip.org/WAFips.txt

Sha256sum:

http://zitstif.com/WAFipsHash.txt

http://zitstif.no-ip.org/WAFipsHash.txt

#Update 11/20/2019

Here’s a great post that has a bunch of lists that can be used:

https://docs.danami.com/juggernaut/user-guide/ip-block-lists

#Update 11/26/2019

Another great resource:

http://www.covert.io/threat-intelligence/

#Update 11/30/2019

Here’s another list of IPs from abuse.ch:

http://zitstif.com/abuseChlist.txt

http://zitstif.no-ip.org/abuseChlist.txt

Sha256sum:

http://zitstif.com/abuseCHhash.txt

http://zitstif.no-ip.org/abuseCHhash.txt

#Update 12/2/2019

Black Hat Direcory – Wall of shame list:

http://zitstif.com/BlackHatDirlist.txt

http://zitstif.no-ip.org/BlackHatDirlist.txt

Sha256sum:

http://zitstif.com/BlackHatDirhash.txt

http://zitstif.no-ip.org/BlackHatDirhash.txt

Leave a Comment :, , , , , , , , more...

Some quick and easy tools for working with segmented networks/VLANs

by on Oct.24, 2019, under Posts

Network segmentation can be a great tool for security and compliance. VLANing is a great means of achieving this. However, if you have to work on systems that are cut off from one another via this method, VLANs can become a pain. Here are some tools/websites that I use for working around VLANs to get my job done:

  • Portable storage devices, i.e. external hard drives/flash drives – very handy for when you have physical access
  • RMM tools, i.e. screenconnect, teamviewer, gotoassist, logmein, meshcentral, etc.
  • cl1p.net – The internet clipboard
  • Seashells – pipe standard output to this website and get a random link
  • Firefox Send  – You can upload up to 1GB without needing an account
  • Google Drive – May seem silly but when you’re working in a very well locked down networks that do a lot of content filtering, google usually isn’t blocked
  • A public facing personal SSH server
  • An instant messenger where you can message yourself, like Slack 

I hope this quick post helps some others. Feel free to leave comments below.

#Update 3/26/20: Other useful sites include (securely transferring sensitive information):

 

Leave a Comment :, , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!