When attempting to gain a foothold into a Windows Domain, an attacker will often attempt one or two likely passwords against every user in the Active Directory, a so-called horizontal password guessing attack. A small number of failed logons per user will usually not trigger a user account lockout policy and can be very effective. This post will provide an example solution to detecting such attacks in near real time, using only native Windows tools. Continue reading
(If you excuse the pun), everyone has a different view on Extended Stored Procedures:
This post will hopefully give a better understanding of what Extended Stored Procedures are, how to identify them and how to restrict public access to them. Also this post will look at identifying permissions upon tables, views and functions to ensure it is not possible for users to directly modify data. Continue reading
Today I was looking at how plugins could safely be incorporated into a J2EE application server. The plugins in this instance are executed server side, rather than on the client and are, in the main, provided by 3rd parties (digital advertising agencies etc). The aim was to limit the scope in which they operate. The implementation I looked at is pretty much the first instance where I’ve seen these techniques used, so I thought it was worth sharing. Continue reading
As part of Portcullis’s ongoing commitment to filling the ever expanding lack of computing skills within the workplace, we have in the last year and a half been working together with Universities from across the country to provide a bridge between younger generations who may not be aware of even the existence of Penetration Testing or would like to see what happens in the average week of a pentester. Continue reading
We were recently asked to assess a risk adverse environment in which there was (I don’t know the collective noun) a “chunk” of Cisco kit, comprising both switches and ASA firewalls. We needed to make sure it was being accessed in a secure manner. Continue reading
We are pleased to announce that two of our security consultants, Graham Sutherland and Tim Brown, will be presenting at the upcoming BSides London security conference on the 29th of April.
BSides London is an annual community-driven security conference which, this year, will be taking place at the Kensington and Chelsea Town Hall in London.
Graham’s talk coincides with the disclosure of a set of vulnerabilities in the administration features of the Citrix NetScaler appliance, which will be discussed in the talk. Continue reading
This document discusses a number of attack vectors for SSL and TLS, offering real world examples where it can. Continue reading
As previously mentioned in SSL: Light at the end of the tunnel, today is the day that our SSL recommendations officially change. From today onwards the Team recommend only TLS versions 1.1 and 1.2. Up until now the Team have accepted the need for SSLv3 and TLSv1 for compatibility reasons, however the time has come to cut the cord. The loss of compatibility should only affect legacy systems. If these systems cannot be updated to support the newer protocols, then weak SSL is likely to be the least of your security concerns! Continue reading
SQL Server has a number of components that allow clients to connect and communicate with it. Microsoft introduced the term, “Surface Area Reduction” as a security measure that involves stopping or disabling unused components. Like the name suggests, it reduces the number of ways that an attacker could try to interrogate the SQL Server. Continue reading