Month: February 2018

red team tools or bas, it’s still about validating your controls

Posted on by michael

I was catching up on some blogs and came across a thought-sparking post from Augusto Barros titled “From my Gartner Blog – It’s Not (Only) That The Basics Are Hard…” In this post, he talks about how basic controls fail, for example keeping accurate inventory when someone forgets to follow the process. In other words, how do you make sure you’re still doing the basics accurately?

I don’t necessarily get what is new with BAS (Breach and Attack Simulation tools) or whether this signifies the coming of age of internal red teams or a new way to market these tools, but making sure basic controls are in place is part of the purpose of things that, I can see from a particular point of view, attacker types of tools play into.

In the case of inventory control, this is where you have network discovery and internal recon (vuln scans, NSM…) or tripwires (NAC, ISE…) catch things that miss the inventory process. You find them and treat them as rogue until proven otherwise. In the process, you also care about certain zones more than others. An isolated server deployed in an internal segment is one thing, but a server in the DMZ with a few ports exposed to the Internet is another. In the latter case, another potential detection point is external footprint scanning, something that is very important to know, as this is where attacker eyeballs will also be looking.

Maybe this fits more into internal threat hunting or having an internal security team that at least thinks and designs controls and internal intelligence with a thought towards how an attacker would see things.

the internet is not so effortlessly making us smarter anymore

Posted on by michael

(I’ve had this incomplete through brewing for several weeks now, but never really put it down in writing. I finally have. I didn’t like the presentation, but have posted it below anyway since I didn’t want to spend any more real time on it. So it is half-baked, but here for my own posterity.)

I’m just over 40 years old. I grew up both without and with the Internet. During the early years, I felt like so much information was available to us that had never been exposed before. Rather than relying on libraries or television shows or word of mouth to find something out about whatever arbitrary topic one had, the information could be self-served via Google. Life was wonderful! I feel like we’re collectively getting smarter!

Fast forward to around 2015-2016, and I feel like a tipping point may have been reached. So many people are online now, and social media has allowed so many people to highly efficiently pipe in with their own take on things (even if it’s just a mass of Likes or upvotes), that we now have a problem where I don’t feel like we’re collectively getting smarter quite so effortlessly anymore. It actually takes effort to make sure you’re not learning falsehoods or buying into someone’s bullshit.

There are two factors to this: 1) The dumb ones are on social media now, and 2) so many of us are on social media in general.

Anyone and everyone can post a comment or make a social media post that states something as fact. For instance, someone posts an image on Imgur that is inspiring or funny for some reason, and a highly-voted comment purports that this person did XYZ and was from ABC. But if you dig into it, you find the real story on Snopes or some other resource that paints an entirely different picture. The first comment? They may or may not have realized they were promoting false facts. And due to tone and group think, someone probably walked away from that comment telling someone else the same false fact. Even just walking away with a false reality to the original image is bad. That’s a problem, especially if you have more people who believe a falsity than who know the truth.

This is how rumors and conspiracy theories spread. And it’s ok when those echo chambers don’t impact people not looking for it, but social media has allowed these bits of “dumbed down” information to spread to those not even looking for it. This is how good news sites that practice some form of democratized content eventually become overrun with funny things that don’t matter at all to life.

It’s also becoming useful to someone or other to influence popular opinions and facts, which anyone should have been able to predict someday, especially anyone whose grown up with the Internet’s start. Plant some seeds and watch the flames grow on their own!

Are we still getting smarter? Yes, but it’s not so effortless anymore; it takes work to verify stories and opinions, and work through pages upon pages of a thread to get up to speed.