How much does it take to ping the whole Internet?

(Check the result of this experiment in the second part of this post: The result of pinging all the Internet IP addresses)... Leer Más

Aurora vulnerability or how to exploit knowledge of physical processes

Trying to raise awareness of cybersecurity issues among my fellow process & control engineers is a challenging task. We’ve talked about it before, making it clear how the lack of the basic notions on ICT environments and procedures turn the risks and mechanisms of attack almost inconceivable for these engineers. I mean ‘inconceivable’ sensu stricto: not something with a very low assigned probability, but something you cannot even think about because you lack the cultural background and experience to do so.... Leer Más

VLAN Management Policy Server

Usually, when we have to do network segmentation using VLANs, we create the necessary networks either manually or automatically using protocols like Cisco VTP (VLAN Trunking Protocol). After that, we assign each one of the network devices to the different VLANs defined. This means that if I move tomorrow and change my laptop of network connection point, I will have to change the new network connection point so it belongs to the original VLAN I had.... Leer Más

New MFTParser plugin in the alpha version of Volatility

Last week, playing with a forensics challenge left by Jack Crook (@jackcr) in the GCIH LinkedIn group, I upgraded Volatility to version 2.3_alpha. In this challenge, the author had included the RAM dump and the disk timeline of each one of the affected computers, and a capture file of the network traffic. However, reviewing the novelties included in this Alpha version I saw a couple of them quite interesting: mbrparser and mftparser.... Leer Más

Introduction to PCI DSS: Payment Card Industry Data Security Standard

A month ago took place in Madrid a new edition of the seminar “Recent developments in Payment Systems“. A seminar organized by “Athena Interactive”, where were discussed some of the most important aspects of payment systems currently in operation.

One of the issues that was raised more comments was the complexity to obtain the lists of companies audited by the organization PCI DSS, and this saw interesting enough to write an entry about the function of this organization and its most relevant characteristics.

According to his own website, “PCI Security Standards Council is an open global forum established in 2006“, whose mission is to increase the security of the card industry payment, protect the user and reduce credit card fraud .

[Read more…]

Cybersecurity. The European Parliament is worried.

Anyone who carefully reads the report A7-0167/2012 of 05.16.2012 on the protection of critical information infrastructure of the European Commission will notice that the authors of the report, members of the Committee on Industry, Research and Energy, are very worried. We can also analyze the opinion of the Committee on Civil Liberties, Justice and Home Affairs of the EU with this report and see —you don’t need to read between the lines— that not only those with direct relation with the issue are concerned, but also commissions that aren’t apparently directly affected by issues related to cyber security of critical infrastructures.... Leer Más

Buster Sandbox Analyzer

(Today we have an interesting collaboration of Pedro Lopez, who describes Buster Sandbox Analyzer tool for those who do not already know it and invites anyone interested to collaborate with its development)

Buster Sandbox Analyzer is a tool designed to analyze the suspicious behavior of applications, ie those actions carried out typically by malware. Some examples of typical actions performed by malware are making a copy of itself elsewhere on the hard drive, modifying registry keys or adding files in the Windows installation directory among others.

However, when identifying an action as “dangerous”, the question is that some of the actions considered as suspicious are also usually performed by legitimate applications. It is thus very important to consider the overall context of the analyzed application: is it reasonable that the application we tested perform these actions?

[Read more…]

Memories of an Incident Handler: “email Man in the Middle”

Some time ago I had the chance to manage a fraud security incident using a technique based on the classic Man in the Middle, but the rare thing is that the attack was not carried in the network or transport layers but in the application layer, more specifically by email. The case was as follows …... Leer Más

Industrial Control Technologies Cybersecurity. Time to wake up.

Sometimes one has to make an effort to balance opposing feelings. This is the case since I work in cybersecurity issues. I have devoted much of my career to work on public infrastructures design and construction, mainly water treatment plants. As an engineer I was in charge of industrial processes and associated control systems design: physical processes, electrical system wiring diagrams (power and control), network architectures and control components, etc. In short, the process and associated SCADA systems. I‘d like to think I did a good job.... Leer Más

Cybersecurity policy for digital homes

It sounds like something belonging to companies and executives, but no, not this time. This time we talk about the computer systems or technology that is growing in many of our homes. We are making some progress. Spain and European countries in general have a very high level of ICT penetration whilst many of latin countries, such as Colombia, Mexico, Chile or Perú among others, are advancing a lot.... Leer Más