Posted on

Fixing Common AD Security Issues With BloodHound FOSS

Active Directory (AD) is Microsoft’s identity and access management software that controls which users have access to the systems and resources on a network. It’s a popular target for attackers because getting control of AD allows them to deploy malware, steal sensitive information or do other nasty things in a way that’s very difficult for defenders to detect or block. 

Making AD more secure involves fixing security flaws within the environment that allow attackers to get in - but first defenders need to identify what those flaws are. AD’s built-in tooling makes it very difficult to see which users have privileges to which systems and objects. So many security issues, even very dangerous ones, simply go unnoticed. 

Posted on

Finding time for security when scaling

Imagine a world where we gave our developers the ability to to find and fix security vulnerabilities before their code is merged. This week on Dev Interrupted I brought in Liran Tal, a security expert from Snyk.io, to talk about how our community can begin evolving traditional security workflows into a more modern way of working.

Finding time for security when scaling your development team can be a challenge. That’s why we have to start giving our developers the ability to find and fix security vulnerabilities before their code is merged. We have to talk about what a good security culture looks like, and how we track and prioritize our efforts.

Posted on

Can Your Software Development Processes Withstand a Software Supply Chain Attack?

Enterprise software development has graduated from the “waterfall” framework of development and operations - and has become less linear, more complex and, in several ways, more difficult to secure. While contemporary software supply chain practices allow developers to manage that complexity and deliver software efficiently at scale, unaddressed gaps and vulnerabilities within the process continue to be exploited by threat actors.

That’s why security measures within every step of software development and supply chain must take top priority as attacks continue to be directed to the application layer — and often succeed in penetrating the network and executing malicious instructions.

Posted on

How to Properly Leverage Elasticsearch and User Behavior Analytics for API Security

Kibana and the rest of the ELK stack (Elasticsearch, Kibana, Logstash) is great for parsing and visualizing API logs for a variety of use cases. As an open-source project, it’s free to get started (you need to still factor in any compute and storage cost which is not cheap for analytics). One use case for Kibana that’s grown recently is providing analysis and forensics for API security, a growing concern for engineering leaders and CISO’s as companies expose more and more APIs to their customers, partners, and leveraged by Single Page Apps and mobile apps. This can be done by instrumenting applications to log all API traffic to Elasticsearch. However, a naive implementation would only store raw API logs and calls, which is not sufficient for API security use cases.

Why API logging is a naive approach to API security

Raw API logs only contain the information pertaining to execute a single action. Usually the HTTP headers, IP address, request body, and other information is logged for later analysis. Monitoring can be added by purchasing a license for Elasticsearch X-Pack. The issue is that security incidents cannot always be detected by looking at API calls in isolation. Instead, hackers are able to perform elaborate behavioral flows that exercise your API in an unintended way.

Posted on

Navigating Through Logs for Information Disclosure Requests

In a world of compliance and disclosure requests, the ability to investigate raw log files whilst shutting out the noise can not only be a time-saving maneuverer in your process but also reduce the risk of mistakes. The ability to analyse large volumes of log files, be it on the cloud, or hidden away in on-prem archives, will make a great difference on how your tech team operates.

Using higher education as an example. Every year, new students join a University and for IT teams, this means new logs. But it also means new devices on the networks, in Europe, this includes Eduroam, a 3rd party network point where logs may not be as easily accessible. On average, a student will bring in a mobile phone & laptop. But in this ever-growing IoT world, students are expected to bring more smart devices as well as devices such as tablets. This increases a student’s footprint on any SIEM solution.

Posted on

Decision Diffie-Hellman DDH and CDH

There are a couple of variations on the Diffie-Hellman problem in cryptography: the computation problem (CDH) and the decision problem (DDH). This post will explain both and give an example of how the former is hard and the latter easy.

The Diffie-Hellman Problems

The Diffie-Hellman problems are formulated for an Abelian group. The main group we have in mind is the multiplicative group of non-zero integers modulo a large prime p. But we start out more generally because Diffie-Hellman problems are harder over some groups than others, as we will see below.