Cisco Blogs


Cisco Blog > Security

Post-Exploitation Techniques from Black Hat 2011

In many exploit scenarios, an attacker finds a target and, if possible, establishes remote control over the system through known or unknown exploits. Whether the attacker uses a buffer overflow, insecure configuration, phishing for credentials, or cookie-stealing, the goal is clear: get a remote shell and gain complete control. Then what?

It is this post-exploitation environment that has interested me at this year’s Black Hat 2011. Several talks and trainings discuss post-exploitation techniques, and I’d like to share them in the interest of research – and defense.

Read More »

Tags: , , , ,

Cisco 2Q11 Global Threat Report

Data breaches dominated security news during the first half of 2011 and companies across all industry sectors were equally impacted. Many of these breaches resulted from advanced persistent threats; others resulted from SQL injection and other brute force intrusions. In all cases, customer data and corporate intellectual property were at risk.

In the Cisco 2Q11 Global Threat Report, Cisco CSIRT Manager Gavin Reid discusses the unique challenges of APTs and network intrusions. Gavin offers real world practical advice from a frontline perspective, offering valuable pointers for tweaking and using the tools you probably already have in place.

Read More »

Tags: , ,

Extracting EXE Drop Malware

In the last few years there has been a major shift in the vulnerability landscape from a focus on attacking network-based server applications to attacking client applications using malicious file formats. Due to this shift there has been a variety of new techniques developed by attackers for more reliable control post-exploitation.

One of the techniques that is commonly used by attackers is the EXE drop. Basically this technique revolves around placing an executable file within the data format in which the vulnerability takes place. Post exploitation, the payload searches for the file descriptor that is associated with the data file, copies the EXE file from it to disk, and executes the EXE file in a new process. Some examples of data formats that are commonly used in an EXE drop exploit are Office documents, Shockwave Flash Files, and image files. The EXE drop technique is useful for several reasons; one reason is because it makes coding the payload easier. The executable can be crafted quickly and compiled for a specific target. Also, by copying an executable file to disk (persistent storage) it’s fairly easy to maintain residency by adding an entry to the autorun registry keys for example.

Read More »

Tags: , ,

Cloud Architecture Considerations and The Open Group

Last week I presented and participated at the The Open Group Forum in Austin, TX. It was a great event, with insights into Enterprise Architecture, Business Architecture and Emerging Architectures. There were several breakout tracks in the Forum, including, the most popular -- Cloud Architectures Track. The sessions ranged from connecting architecture frameworks (TOGAF) to Cloud Architectures, to Cloud Architectures development. My session was on “Architecture & Considerations for IaaS Clouds”.  This session was more focused on technology aspects of the Cloud Architecture. Also, it could be applied to either an enterprise private cloud or a service provider cloud settings. Just to level set everyone in the audience, I started out with a taxonomy and reference architecture (RA) review. I utilized both NIST’s published and a simplified version of Cisco Cloud RA. The Cisco RA review was the case in point for this session, where Infrastructure, Service orchestration, Delivery/Management and consumer layers were discussed.

Read More »

Tags: , , , , , , , ,

Cyber Safety: Are Online Meetings Secure?

This week, CNN Money is running a series of articles on Cybercrime and the Cybercrime Economy. They offer a series of interesting tips and strategies to protect your business. As I was reading the articles, it reminded me that we are often asked about the safety of WebEx meetings.

WebEx meetings operate with Cisco Security.

This is a very important part of the WebEx solution. With so many “free” web conferencing solutions available today, it’s easy to fall into a commodity mentality when choosing an online solution. But the reality is, free doesn’t always mean secure.

If you are using video conferencing, chances are you are doing business and sharing information that you would not want someone else to hear (unless that was your intention). This is also true for vendors, contractors and consultants who typically have a legal obligation Read More »

Tags: , , , ,