(In)secure passwords – Part 2: Results of a password quality audit

by Sandro Affentranger

This is the second article on passwords. Recommendations for strong passwords have hardly changed over the years. Only recently it has become clear that the recommendations made so far have created certain patterns that can be exploited by attackers – this has led to a paradigm shift in password policies. This article presents the results of a Password Quality Audit carried out by Oneconsult at an international industrial company. [read the German article]

(In)secure passwords – Part 1: Paradigm shift in password policies

by Sandro Affentranger

This is the first instalment in a two-part series about passwords. Passwords have become indispensable these days. For a long time the recommendation was to make passwords as complex as possible – but lately this has changed: “Long instead of complex” is the new motto. This article introduces the topic and explains why passwords play such an important role. It discusses the risks associated with having passwords fall into the wrong hands, and identifies possible measures to assess and mitigate these risks. [read the German article]

OWASP IoT Top 10 – Part 1

by Jakob Kunzmann

This is the first of two articles presenting the OWASP Top 10 on the Internet of Things, a list of the top ten security risks in IoT, published by the Open Web Application Security Project (OWASP). In this article, the technical aspects of IoT risks are described and, if possible, prominent cases in which they have been exploited are highlighted. If applicable examples exist, the focus will be on malware or attacks for industrial IoT applications. [read the German article]

Pivoting Through a Web Application to the Internal Domain

by Severin Wischmann & Markus Schalch

Penetration testing projects are all about the defined scope and objective, i.e. which systems, entry points, personal or company sites may be attacked, and what specific scenarios should be tested for. These two properties are usually defined at the beginning of the project with the client, which requires a trade-off to be made between completeness and feasibility from a temporal point of view.

[more]

Malware analysis – Basics

by Severin Wischmann

This is the first installment in a multi-part series about malware and how to analyze it. The article discusses the basics of malware. In further articles of this series, different facets of the analysis will be examined in detail. [read the German article]

New version of OWASP Application Security Verification Standard (ASVS) available

by Alex Wettstein

The Open Web Application Security Projekt – better known as OWASP, is a manufacturer independent non-profit-Organization with the aim of making (web) applications more secure.

One of their flagship projects is the «Application Security Verification Standard», better known as ASVS. Version 4 of ASVS was released today. This article explains the ASVS and how it can support you as the person responsible for IT Security in your daily duties within your enterprise. [read the German article]

About domain administrators, single sign-on and malware

by Marco Wohler

The danger from domain administrator accounts is often underestimated. This article describes how attackers can compromise an entire domain. In general, authorizations are distributed too loosely and (partly existing) security mechanisms are not used. [read the German article]

PowerShell VI – Defense

by Frank Ully

This is the sixth and final instalment in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT staff can prevent them in the first place. This article describes which measures IT security managers can implement to protect their organizations against PowerShell attacks. [read the German article]

PowerShell V – Forensic analysis of PowerShell attacks

by Frank Ully

This is the fifth article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article introduces methods that incident responders and IT forensic analysts can use to investigate PowerShell attacks, including memory analysis. [read the German article]

PowerShell IV – Memory forensics

by Frank Ully

This is the fourth article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article provides a general introduction to memory forensics, a relatively new method of investigation for incident responders and IT forensic experts against modern threats such as PowerShell attacks. [read the German article]

PowerShell III – Script collections for post-exploitation

by Frank Ully

This is the third article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article introduces publicly available script collections with offensive PowerShell scripts for post-exploitation. [read the German article]

PowerShell II – Malicious use of PowerShell

by Frank Ully

This is the second article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article looks at the features that make PowerShell so popular as an attack tool. [read the German article]

PowerShell I – Introduction

by Frank Ully

This article is the first in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. Advanced attackers are regularly using scripts written in PowerShell as part of their attack toolchain. This is because Windows PowerShell, Microsoft’s task automation and configuration management framework, as well as the script language of the same name are now tightly integrated into modern Windows installations. [read the German article]

A short history of Remote Access Trojans (RATs)

by Frank Ully

First, the article introduces the basics of malware and especially remote access trojans (RATs).
Then the history of publicly available RATs is traced by describing some outstanding representatives. The article concludes with an outlook on current developments in publicly available RATs. [read the German article]

Secure passwords for local administrators

In the course of their audit engagements Oneconsult penetration testers are increasingly finding identical passwords used for local administrative users on backend systems and even more often on workstations. Although these passwords are stored as a NTLM hash, an attacker still has ample opportunities to misuse this situation for lateral movement inside a company’s IT infrastructure. This article covers attacks and mitigation opportunities. [read the German article]

BadUSB – Gain access in less than 15 seconds

by Immanuel Willi

Many IT security trade media and blogs focus on popular attack vectors such as phishing or the “OWASP Top 10”. Physical attacks that require direct access to a device are given less attention. Accordingly, many users think they are secure when the notebook hard disk is encrypted and the Windows desktop is locked. But they are wrong! [read the German article]

Cyber Security Incident Response – So bewältigen Sie das Unerwartete

by Damian Gruber & Adrian Schoch

Cyber security incidents may have a significant business impact, especially for unprepared organizations. Read in this article in German how to effectively handle such incidents by a proven process and countermeasures and learn from Oneconsult’s real-life incident response & IT forensics cases. [more]

Falsch gesetzte User-Berechtigungen: Hacker’s Paradise

by Marco Wohler

There are different strategies and means to protect a server or client against attacks from inside or outside. This article in German deals with file and folder rights, since these are often neglected. [more]

Trau schau wem – (Un)Sicherheit von signierter Software unter Windows

by Jan Alsenz & Rafael Scheel

This article in German demonstrates how a design security flaw discovered by Oneconsult can be abused in the Microsoft UAC mechanism to allow any scripts and programs to fake a supposedly genuine Microsoft signature.
[more]

HTTP Referer Header: How web browsers compromise private URLs

by Fabian Gonzalez

The HTTP Referer header was defined to determine the origin of a user’s request on the server side. As such, today’s web browsers use this header to communicate the last visited resource when requesting a new one. Since it is often written to a server’s access log, the header may be evaluated or used for other purposes. This may result in security issues. The author describes the problem and provides simple solutions. The article is available in German. [more]

page 1 of 2