Sooty the Security Operations Centre Client

Photo by Dmitry Ratushny on Unsplash I spotted an article on the SANS InfoSec Handlers Diary Blog where the author described a tool for Security Operations Engineers named Sooty: TheresAFewConors/Sooty It’s a command line tool predominantly seeking to put the day to day tasks of analysing attacks and enterprise defence at the fingertips of the analyst. As a tool it is very task oriented, when you run it you are presented with a list of options: ...

October 23, 2020 · 2 min · Richard Slater

Privacy vs. the Government, Trickbot disrupted, and more (2020: Week 42)

Photo by Sergiu Nista on Unsplash National Security vs. Privacy: Round 3 (Monday) T he battle between national security and privacy continues as the “Five Eyes”, plus India and Japan, reach out to technology firms pleading for ways to protect public safety. In the face of end-to-end encryption and other technologies nation states increasingly hitting brick walls when criminals use these services putting public safety at risk. This is an ongoing debate, and personally I tend to sit on the side of privacy and the personal protections it affords; however I think everyone recognises the need for public safety to some degree — I doubt this will get resolved any time soon. ...

October 17, 2020 · 3 min · Richard Slater

Managing and Mitigating CVE-2020–16898 (Bad Neighbour/Ping of Death)

Blue Screen of Death from Wikipedia Many IT administrators, DevOps, TechOps and SecOps in the UK woke up this morning, to a particularly nasty looking Patch Tuesday. Top of the chat is CVE-2020–16898 which has been dubbed Bad Neighbour by McAfee and Ping of Death by Sophos. Reality Check It’s worth realising that this particular CVE has no known exploits, however best case scenario a threat actor could craft a ICMPv6 packet to exploit the RDNSS component of the IPv6 stack built in tcp.sys; the net result a threat actor could cause a Blue Screen of Death (BSOD). There is a worst case scenario of course in that a threat actor could craft a packet that didn’t cause a BSOD, but did allow the actor to execute code against the target system, known as Remote Code Execution (RCE). In reality the worst case scenario is unlikely to happen anytime soon, or even ever as it requires a failure of many lines of defence. ...

October 14, 2020 · 4 min · Richard Slater