View profile

Weekly Reading's from Anant - Week 1 Feb

Revue
 
 

Infrequent IT(sec) commentary from Anant

February 10 · Issue #2 · View online

This newsletter contains my musings around Information technology and mostly information security topics.
Weekly Newsletter #2: Weekly roundup
Last week i wrote an extensive coverage of sudo bug “Baron Samedit” however this week i will try a different style and will try to cover various stuff I encountered in last 1 week rather then going for a deep dive into one subject.
This week has been a mix bag of things for me some infosec, some non infosec. I will try to cover bits and pieces from all of them here.
At the start of the week we welcomed the news that objective-see tools are now all opensource.
objective-see (Objective-See) · GitHub
github.comShare
objective-see has 24 repositories available. Follow their code on GitHub.
When it comes to OSX, objective-see is one of the must have source of software for privacy enhancement and to increase your own visibility of system. If you are on OSX systems I would definitely recommend having a look at the toolset.
Friends over at RedhuntLabs have been neck deep in researching the Internet and periodically give everyone a glimpse of research that they do. This time around it was the second wave of project Resonance
Wave 2 - Analysis Of Internet Wide Web Servers - RedHunt Labs
redhuntlabs.comShare
The topic of internet scanning or mass scanning in general has been a fascinating topic for me. instead of having a laser focus you spread your wings in a larger span and you are bound to catch a lot more than you hoped for. The same applies with this “Project Resonance”.
From the dataset and results presented my observations are:
  1. Older Webserver in use is not that big a surprise.
  2. PHP version 5 which is now EOL (End of Life) and should be purged is still in larger use is a worry point. would have loved a co-relation on how much of it was on windows vs linux. Linux usage of php5 would also indicate almost EOL or already EOL'ed OS.
  3. Header title “RouterOS router configuration page” or “GPON Home Gateway” or “NETSurveillance WEB” making their way in top 50 headers posts a grim picture of state of security and a space where something should definitely be done.
Project Resonance.
Project Resonance.
Tools of Trade
Last week i have spend a lot of time dealing with Semgrep
Semgrep
semgrep by return2corp is a sementic greping tool which is a new way of grepping through your codebase but in a language aware manner. The. tool is under active development and have recently added support for PHP. which is what was my primary focus this week. The support is in alpha phase so be cautious with it. They are starting to build a ruleset for PHP but dont have high hopes as of now. Rulesets in my opinion are as good as what the community builds. The power of semgrep is not in running public ruleset but rather in fine tuning it as per your own organisation or project’s coding standards and getting the most out of it. I will probably be writing a more in-depth article around semgrep with regards to php in sometime once I have had enough of play with it till then few references to look for
  1. https://notsosecure.com/semgrep-a-practical-introduction/
  2. https://ajinabraham.com/blog/detecting-zero-days-in-software-supply-chain-with-static-and-dynamic-analysis
More Reading....
There are couple of articles that are in my to read list. Noting them here:
  1. https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/
  2. https://blog.thecybersecuritytutor.com/spoofing-and-attacking-with-skype/
  3. https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
  4. https://grimminck.medium.com/running-a-fake-power-plant-on-the-internet-for-a-month-4a624f685aaa
  5. https://www.horizon3.ai/disclosures/librenms-second-order-sqli
Troubleshooting
The week started with myself struggling with BigSur upgrade rendering my laptop useless for nearly a full day. Laptop booted fine on recovery and safe mode but not in standard mode. Internet seem to be filled with these issues. Few observations i had:
  1. Macbook Display resizing is graphics card heavy and as such causes sluggishness on display. Stick to recommended size if you want less load on system.
  2. NVRAM or SMC Reset are good first bet. However most of the time the issue is not solved by them now a days.
  3. With Big Sur kexts are not loaded normally rather kernel has them included
Answer to my problems came in form of a obscure comment
https://developer.apple.com/forums/thread/649886
With this We have reached the end of this week’s newsletter. Please do subscribe if you like the newsletter and do send in your thoughts if you like this style or you prefer concrete single topic newsletters.
Till next news letter, Have a good time.
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
Bhopal, India