Scripted Inputs and Splunk
October 19, 2017, Josh Porto, Senior Consultant, Cyber Engineering, Coalfire
Splunk is an extremely versatile tool when dealing with data:
- Monitor files? Check!
- Listen in on an open port? Check!
- Monitor the file system? Performance monitor? HTTP Event Collector?
- Check, check aaaaand check!
But what if the data you want to ingest does not have a method listed above? Say, something like a database or a security tool’s API? Scripted inputs are the solution! Splunk can even employ a variety of scripts to include (but not limited to) PowerShell, shell scripts, and Python. Besides working around data sources, which do not use log files and cannot send via TCP or UDP, the advantages abound and include:
Top 10 Things CSPs Need to Know about FedRAMP Authorization on Amazon Web Services
October 18, 2017, Jennifer Tonisson, Partner Marketing Manager, Technology & Cloud, Coalfire
Coalfire conducted a webinar, FedRAMP on AWS: What you need to know. The discussion covered what cloud service providers need to know when pursuing FedRAMP authorization leveraging AWS U.S East/West or GovCloud. Below you’ll find the Top 10 things that cloud service providers should know.
An Analysis of PCI DSS Requirement 188.8.131.52 and the Compliance Expectations
October 13, 2017, Jason Pieters, Product Director, PCI, Coalfire
For some organizations, understanding, navigating, and complying with the Payment Card Industry (PCI) Data Security Standard (DSS), especially after the release of the latest version (v3.2) released in April 2016, has become confusing and/or challenging because of the inclusion of phased-in applicability of requirements. The most common questions that Coalfire receives from clients are regarding requirement 184.108.40.206
Blockchain: Are You Ready?
October 06, 2017, Mitch Ross, Senior Consultant, Cyber Engineering, Coalfire
By now, most of us have heard of Bitcoin. Few of us really know the specifics about what that is. Fewer still have a workable (or even cursory) knowledge of the underlying technology that makes Bitcoin possible.
How I discovered CVE-2017-13707
October 05, 2017, Michael Allen, Senior Consultant, Coalfire Labs
New Vulnerability Found Using Techniques Taught at Black Hat USA
One of the topics I teach in Coalfire's Adaptive Penetration Testing course, given most recently at Black Hat 2017, is manual privilege escalation on Linux- and Unix-based systems. I also talk about how common it is to gain an initial foothold in an environment by leveraging default or easily guessable login credentials. During a recent red team engagement, I leveraged both of these techniques – not only to fully compromise the organization's Active Directory environment, but also to discover and exploit a previously unknown vulnerability in the Replibit Linux distribution installed on a server on their network.