Showing posts with label Shared Notes. Show all posts
Showing posts with label Shared Notes. Show all posts

Friday 22 January 2021

Keep your Mac awake (disable lid and idle sleep) (how to)

A lot of people were using a convenient little application called InsomniaX to disable temporarily the sleep feature on MacOS that is activated due to inactivity after a few minutes or when you close your laptop's lid (screen). 

However, a security vulnerability was identified in the software and after that point in time it is considered a legacy software as it is no longer actively being developed. 

There are alternatives depending on what you want to do. The easiest way to keep the mac from going to sleep is to use a terminal window with the built-in command: caffeinate

However, this does not help when you change focus from that particular terminal window or need to temporarily close your laptop's lid without going into sleep mode. 

Friday 15 January 2021

EXPO 2020 Dubai - Connecting Minds, Creating the Future

EXPO 2020 Dubai (www.expo2020dubai.com) is a MEGA-event that was built from the ground up! 


Expo 2020 (Arabic: إكسبو 2020‎) is a World Expo to be hosted by Dubai in the United Arab Emirates. 

Expo 2020 was scheduled to open its doors in Oct/2020, but due to the pandemic it was postponed to 2021 (will be running for 6 months, from 1 October 2021 to 31 March 2022) while keeping its original brand name as "EXPO 2020 Dubai".

(See the wikipedia page for more information)
.

If you are already resident in the UAE you can seize a unique opportunity to volunteer for EXPO 2020. The Expo 2020 Volunteers Programme, like most of the world’s mega events, is at the heart of the first World Expo that will take place in MEASA (Middle East, Africa and South Asia) region.

Follow Expo 2020 on Twitter (@EXPO2020Dubai) to get the latest update and stay abreast of what is happening #PavilionsPremier #ExpoPavilionsPremiere #Expo2020 #Dubai #UAE

Thursday 27 August 2020

UAE IA Standards: Measuring Cyber Security Maturity

The UAE has become an emerging technology hub in a fast-evolving interconnected digital world while cyber-threats at a global scale are becoming far more complex, and increasingly inevitable.

The UAE has significant resources and is continuously raising the bar when it comes to innovation. At the same time, smart technologies, automation and technological advances make the region a particularly attractive target to threat actors. Effective cybersecurity strategies are moving from a standalone defensive approach to mandatory security programs representing the competitive advantage among whole organisations.

The UAE's federal body released the UAE Information Assurance (UAE IA) Standards on 25th June 2014, as part of the Cyber Security Framework, to manage the country's cyberspace.

Since the release of the UAE IA standard, the UAE and the globe, has seen a nearly exponential growth of cybersecurity landscape. The lates statistics from various sources depict an exponential growth of the cyber landscape while at the same time, offer trustworthy and actionable recommendations for thought-leaders and decision-makers.

Tuesday 19 May 2020

youtube-dl (how to) - best guide to get you started

####################################################################
###        youtube-dl - the best guide to get you started        ###
###                                                              ###

>> Installing
[Note]: Before you start; 
If you have upgraded to Catalina (on never have installed xcode and gcc before), then you will need to:
install Xcode (from Apple's App Store), then run the command: xcode-select --install 
then install gccand then install youtube-dl

[TIP]: You must run brew update first. Then you can either use the brew upgrade to update all packages, or, run brew upgrade youtube-dl to update only youtube-dl

//To install youtube-dl [1] under MacOS use:
brew install youtube-dl

//Once it is installed, update the application:
sudo youtube-dl -U

Friday 1 May 2020

Re-encode screen recordings to work in iMovie

There was a case where I did some screen recordings but iMovie refused to see the video files .mp4 format. Video captures can be very useful as proof-of-concept and/or evidence of actions performed, for example during a security assessment, such as penetration testing sessions. 

In my case, it was showing only a "green screen" instead of what it was actually captured during the screen recording. Bear in mind that VLC could play the video file without any issues, but when loaded in iMovie, the same video file was failing to show properly.

If you have ffmpeg installed on your MacOS, you can very easily fix this problem, by re-encoding e.g. from an .mp4 file to a .mov file. 

Keep in mind, simply changing the "container" from an .mp4 video to .avi/.mov in most cases won't fix your problem. Hence, doing something like the following, as many others advice online, it will simply not work for you:
- ffmpeg -i Video.mp4 -c copy Video.mp4
- ffmpeg -i Video.mp4 -acodec copy -vcodec copy -f mov Video.mov


Re-encoding however, will fix your problem and ensure that iMovie can see the video as they were captured:

ffmpeg -i ScreenRec.mp4 -c:v libx264 -preset fast -profile:v baseline outRec.mov 

Of course, if you want to keep the same format, you can do:

ffmpeg -i ScreenRec.mp4 -c:v libx264 -preset fast -profile:v baseline outRec.mp4


Sunday 5 April 2020

Ping an IP range from the command line interface (CLI)

If you ever wanted to do host discovery while no specific network scanning tools were available (e.g. nmap), or you wanted to avoid creating a script file (e.g. due to having no write permissions)? Here are a couple of useful commands depending on the OS of your choice:

Windows OS:
for /L %i IN (1,1,254) DO ping -n 1 -w 1 192.168.1.%i| FIND /i "Reply" >> IPs.txt

Note: command prompt has a limitation when asked to return the exact string using regex and returns the whole line. Here is an example of replacing find with findstr in order to use a regular expression (regex). 
findstr /r "[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"

The regular expression can still be useful in cases such as:
ipconfig | findstr /r "[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"


Linux OS:
for i in {1..254}; do (ping -c 1 -i 1 192.168.1.$i >/dev/null && echo "192.168.1.$i" &); done

Note: The above command will only list the discovered IP address, without any additional text.

Tip/Trick: Did you know you can use apr to achieve the same results but much faster. This seems to be reliable under Linux. The following command will list the discovered host on your network, including any additional information per IP (including the IPv6 address).
for ip in $(seq 1 254); do arp -n 192.168.1.$ip | grep on; done

The following command however, will list only the IP addresses without any additional text (also avoiding to specify the IP range twice)
for ip in $(seq 1 254); do arp -n 192.168.1.$ip | grep on | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' ; done

Saturday 28 March 2020

Command line (CLI) check and monitor COVID-19 statistics

Use the following command to quickly check for COVID-19 (corona virus) statistics from the console (CLI), for the countries you want to monitor.


Command line:
clear && curl -s https://corona-stats.online/?minimal=true | grep "Rank\|(DE)\|(IT)\|(ES)\|(GR)\|(US)\|(AE)\|(GB)\|(CH)\|(AT)\|(NL)"


Modify the command as needed with any valid ISO 3166-1 Alpha-2 Country Codes. 

Thanks goes to @ekrysis for collecting the data sources and providing the means to query the information. See more at GitHub: https://github.com/sagarkarira/coronavirus-tracker-cli 

Some examples:
# Get data from worldometers api i.e source 2
curl https://corona-stats.online

Friday 5 July 2019

Mac OS - Show the full path in the Finder title bar

A very useful feature that you might want to enable on Mac OS is to always have the full path of the working directory displayed in the Finder title bar. 




















> Using the command line, run the following command to activate it:
defaults write com.apple.finder _FXShowPosixPathInTitle -bool true; killall Finder

> To deactivate the feature run the command:
defaults write com.apple.finder _FXShowPosixPathInTitle -bool false; killall Finder

NOTE: The above commands will terminate all of your open Finder windows. If you do not wish to have your Finder windows closed, you can run the commands without the
"; killall Finder" part. In that case, only new windows will have the full path until you close and reopen the ones that do not have it. 


How to "cheat" from reopening all of your Finder windows:
  • Option A) On your Finder icon in your Dock, hold the ⌥ (alt/option) key and Right-Click, then Click Relaunch.
  • Option B) Bring in-focus a Finder window. Hold the key Shift on the keyboard and click the  menu. The option Force Quit Finder will be available.  
Tip: You can Show/Hide the Path Bar at the bottom of the Finder windows at anytime from the menu. Bring in-focus a Finder window and to to View > Show Path Bar. This is useful if you need to instantly navigate up several folders. 

Bonus: Show/Hide the hidden files in Finder. 
  1. Open the folder where you want to display the hidden files in Finder.
  2. Hold down the keys Command, Shift and Period: cmd + shift + .
  3. The hidden files and folders on your Mac will then appear partially transparent.

Saturday 10 November 2018

Basic HTML Meta Tags

I have been maintaining my own list of preferable meta tags and the content I usually include based on my practical experience and experimentation of what works best. Overtime, in this post I will be sharing some of the tags and how I am using them. 

In the meantime, I came across this post on GitHub, which I found very comprehensive and wanted to share it with you.

Sunday 27 May 2018

Cyber Europe 2018 by ENISA (EU Agency for Network and Information Security)

The EU Agency for Network and Information Security (ENISA) manages the programme of pan-European exercises known as Cyber Europe #CE2018. 

The Cyber Europe exercises are simulations of large-scale cybersecurity incidents that escalate to become Cyber crises. 

I am part of ENISA's approved NIS Experts*, where I have both designed and reviewed different Cyber incidents/exercises for the pan-European Cyber Europe exercise, I wanted to share with you the opportunity to get to know more about this very important bi-annual European initiative. This year is the 5th pan European Cyber crisis exercise.

The scenario
  • Cyber Europe 2018 planners developed a scenario revolving around Aviation which can include, Civil Aviation Authorities, Air Navigation Service Providers (ANSPs), Airport Companies, Air Carriers, with potential impacts in other sector.
  • The scenario will contain real life inspired technical incidents to analyse, from forensic and malware analysis, open source intelligence, and of course non-technical incidents.
  • The incidents will build up into a crisis at all levels: local, organization, national, European. Business continuity plans and Crisis management procedures will be put at test
The exercise is organised for IT security, business continuity and crisis management teams coming from EU and EFTA Member States only.


More: https://www.enisa.europa.eu/topics/cyber-exercises/cyber-europe-programme 

*NOTE: The CEI List of Experts is a tool used solely for the purposes of assessing and identifying suitable external experts for a potential future contractual working relationship with ENISA. It is emphasised that inclusion in the list does NOT mean that you are considered to be an official representative of ENISA or in any way entitled to represent the Agency.

Saturday 21 April 2018

'The next tech leap in our evolution'

As a "thought-provoking" moment this morning, let me share with you the following as food-for-thought...
Think for a second about the moment the next leap in our technological evolution is made. This will most probably be defined by using properly well-defined Artificial Intelligence #AI capabilities, Machine Learning #ML (most likely Deep Learning #DL, for classifying and profiling attacks/attackers, possibly minimizing the risk of being trained the wrong way), successfully adapting Chaos Engineering #ChaosEngineering on Software Defined Networks #SDN (which will have the ability to be redefined seamlessly in Real-Time by the #AI, performing any number of complicated micro-segmentations), capable of running "as a Service" in the #Cloud (hosting a whole virtual network/computer infrastructure, where the end-points are simply tabs opened on "web" browsers).

Read more at: 

#AI #ML #DL #ChaosEngineering #SDN #Cloud #Quantum #QuantumComputing #Internet #IInternet

Sunday 4 March 2018

Security BSides London 2018 - Logo competition

This year I decided to submit a design for the Security BSides London annual logo competition. The theme for this year's event is:
"BreachDay Clock: 2mins to midnight"

Due to this year's theme, I decided to make a design that illustrates a binary clock. The binary clock is set to 23:58:00, hence, the "2 minutes to midnight". The time instead of being represented in decimal, it is represented in hexadecimal, hence the 17:3A:00. The number 1528273800 represents the epoch Date & Time of the human readable format of the Date & Time for this year's Security BSides London 2018

GMT: Wednesday, June 6, 2018 8:30:00 AM


You can find all submissions here and make sure you vote your favorite one! 

Wednesday 13 December 2017

Will "GDPR Extortion" become the new "trend" in cybercrime?

Even though this is not an "official" term that is being used (well, at least not yet), it does describe the concern I am trying to explain to people at different occasions. I often discuss GDPR from the security perspective, and the conversations most of the time end up focusing at the implications of the regulation and the "next day"

This is when I end up trying to describe the potential scenario of "GDPR Extortion", as I always like to see things through different lenses when it comes to forward-thinking in Information Security and CyberSecurity. 
By saying "GDPR Extortion" I tend to mean something similar to "DDoS Extortion", and it is easier to give an example to people in order to explain this type of potentially evolving threat. 

Thursday 21 September 2017

RIPE NCC - RIPE ATLAS

I recently saw Vesna Manojlovic’s  (@Ms_Multicolor) talk at BalCCon (@BalCC0n) about the RIPE Atlas device and I wanted to find out more about the project. I felt a need to play around with the device, see how it works, run a few security tests, and of course, be part of the online community that has access to the data in real-time.

Getting started with the RIPE Atlas probe (@RIPE_Atlas) was more or less straightforward. 

The RIPE NCC (@RIPE_NCC) is building the largest Internet measurement network ever made. 

For those who are not familiar, the RIPE NCC assigns and allocates Internet number resources across Europe, the Middle East and parts of Central Asia. The RIPE Atlas employs a global network of probes that measure Internet connectivity and reachability, providing an unprecedented understanding of the state of the Internet in real time. You can explore the RIPE Atlas measurements, maps and tools, once you register for an account. 

Starting with the probe I had to visit the URL http://probev3.ripe.net which redirected me to https://atlas.ripe.net/docs/probe-v3/. On that page, one can find further information about the device, and what one should do if they find one connected to a network, and of course what to do if one has found a lost device. 

Saturday 2 September 2017

Security BSides Amsterdam 2017

My passion for contributing to the information security community as much as possible, led me into getting myself involved with the formation of another information security conference. After a number of discussions, I decided to help out with putting together a Security BSides conference in the Netherlands. More specifically, the first ever Security BSides Amsterdam 2017 (www.bsidesams.nl) took place on Friday, 1/Sep/2017 in the heart of Amsterdam, at Zalen Pakhuis de Zwijger B.V. (dezwijger.nl)
We tried to engage the Dutch information security community as much as possible as this was  our first attempt to make this conference a reality. We were very pleased to have so many speakers submitting a talk to the conference, and the support of OWASP and especially OWASP Netherlands


On our account on peerlyst you will find a list of all the talks of the day, along with their respective YouTube video. 

You can also find all of the videos on our YouTube channel, all combined in one playlist here




Monday 26 June 2017

Security BSides Athens 2017


This was the second Security BSides Athens in Greece this year, which allowed us to move to a slightly bigger venue. We tried to put together a better event since last year and further improve the quality of the conference.

Security BSides Athens 2017 (www.bsidesath.gr) took place at "The Athinais Cultural Center" - ATHINAIS




Wednesday 19 April 2017

OWASP Top 10 (2017 Release Candidate) - Thoughts


I understand the importance of highlighting the Underprotected APIs (A10), and I do agree with the importance of it. However, to my eyes this is another stage during a security assessment, while the penetration tester is engaging into testing for different types of Injections (A1)
I believe Injections (A1) should include the Underprotected APIs.
(especially based on the example attack scenarios given in the PDF page 17 for the Top 10 RC)


From what I have seen on several real-world projects, Unvalidated Redirects and Forwards, is a very common security issue (when you manage to identify where it is hiding) but it is not highlighted in security reports (and penetration testing reports) that often. Thus, it seems and fills like, it is not that popular as a finding. 

One of the main reasons this particular security issue is not mentioned that often, is because businesses (the business perspective) see this highlighted risk as a "two-step attack", so, instead of addressing it, they simply "accept the risk".

From what I have seen in different real-life projects, dropping "A10 – Unvalidated Redirects and Forwards" will be mistakenly perceived (misunderstood) as an "insignificant" security issue, while, it can be used to spawn a number of attacks. 

If an attacker manages to redirect/forward a user to a fraudulent website (that looks exactly like the legitimate one), then it is game-over for that user. How many of you remember the issues with the Unicode URLs back in the day? In one case, two companies lost a significant amount of money because of a fraudster, due to this "insignificant" issue.

Just to mention a couple very recent examples: 
punicode https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/
or the unvalidated redirect on linkedin, which allowed to download malware from linkedin redirects (even though they were hashing the urls).
https://gfragkos.blogspot.co.uk/2015/06/linkedin-security-issue-unvalidated.html


So, in my humble opinion, A1 should be Injections that include calls to Underprotected APIs: 
A1 - Injections, including Underprotected APIs

and keep:
A10 - Unvalidated Redirects and Forwards. 

This blog post is intended to be perceived as food-for-thought.

Tuesday 28 March 2017

Xcode update is stuck at waiting

This is something that happens often and I wanted to make sure you are going to fix this the right away, without causing any problems to your system and save you some time. 

This was written for Xcode 8.3 (but it has worked for previous versions as well) and it is confirmed that it works on:
OS X 10.10 YosemiteOS X 10.11 El Capitan, and macOS 10.12 Sierra.

I am assuming that you are at your Updates screen and Xcode is stuck at "waiting". Click on Xcode (the actual name/caption of the pending update) and the relevant page of Xcode on App Store will show (see below)
When you click the Update button (beneath the application icon on App Store), a little progress bar appears beneath it, and it usually tells you "less than a minute" (but it is stuck there forever). 

Don't navigate away from this screen on App Store, because we want this little progress bar to be our indicator on what is happening. 

  • Open a new Finder window and click Applications (top left hand side). 
  • Scroll down to the Xcode application and drag the application to Trash.
  • You will be asked to confirm your password before moving Xcode to Trash.
  • Once you enter your password, there will be a prompt asking you if you want to cancel the update or delete the app. Choose delete. 
  • You will notice that immediately after clicking delete, xcode starts downloading the updated version, and you can see/confirm that at the progress bar (as discussed earlier on) and it will tell you how long it will take (it can take an hour, depending on your Internet connection).
  • (optional) If you want to save some space on your disk, go to Trash, right-click on xcode, and delete it completely from the system. It will ask you again to confirm your password. 

Don't forget to plug-in your computer, as the whole process takes a while, and the computer might go to sleep and suspend the download and/or the installation. 

Thursday 16 March 2017

IBAN Country List

IBAN (International Bank Account Number) that originates from a member or joining country of the EU or the EEA. FYI: Switzerland and other countries that have adopted the use of IBAN. 

A couple things about the IBAN

Instructions for Screen or Braille Reader users

  • This IBAN Checker validates the format of an IBAN which you can either type or paste into the input boxes.
  • The results of validation are normally shown on the screen. To receive the IBAN Checker results in a dialogue box that your screen reader should be able to interact with, check the first checkbox that you come across in the form. The prompt for this box reads 'Screen reader users please check this box to receive the results of the IBAN Checker as a dialogue box'.
  • Two sets of input text boxes are provided for you to enter your IBAN for checking.
    • The first set of nine input text boxes allow you to type in the IBAN four characters at a time.
      • You will need to tab from one text box to the next.
      • Each text box will only allow a maximum of four characters.
      • The IBANs have a specific format, and some possible formatting errors are detected as you are keying characters into these text boxes.
      • These errors are notified to you in dialog boxes with an OK button which you must action before you carry on.
      • When you action these dialogue boxes you should be aware that incorrect input is not cleared out of the input text boxes.
    • After the multiple input boxes there is a single longer input box into which you can type the complete IBAN. Or alternatively you can paste the IBAN into this box if you have received it electronically - ie in an email.
    • Typing into any of the multiple input text boxes will clear out any characters you may have typed or pasted into the longer input text box.
    • Similarly typing or pasting into the longer text box will clear out any characters you may have typed into the multiple input text boxes.
  • Two buttons are provided on the form.
    • The first button triggers the checking of the IBAN you have entered.
    • The second button clears out all the input text boxes.
- Each IBAN has a predefined length (depending the country it belongs to).
- Each IBAN has a country prefix.
- The IBAN should not contain spaces when processed electronically (or the word 'IBAN').

In case someone needs this information, I will just leave that list below :)


Monday 26 December 2016

TP-LINK Modem / Router (ADSL2+) Security and Vulnerabilities

I really hope this blog post starts a small trend when it comes to the security of home-based routers. I started searching online for home routers (SOHO) and wanted to compare them based on how secure they are, up to a reasonable price for a household. I have seen all these different makes that have been found in the recent years to contain hard-coded credentials and other known backdoors, and I wanted to investigate this a bit further. 

It is very hard to find security related information about routers before deciding which one to buy. Also, it is really annoying to see that manufacturer only care and promote the features and functionality of a router, and do not consider security at all.

From where I stand, when a company sells a router, should be in their best interest that router to have no security vulnerabilities. Otherwise, it is like having a company that wants to sell bulletproof vests that doesn't stop bullets, other than those fired from Airsoft BB guns.

I do understand that most people might choose a router based on its cost, colour, shape and if it is shiny. However, from my experience, these people just want to get online and want to simply replace the really bad modem/router their ISP provided for "free". Most of the time the real reason behind that decision is because when more than two devices are connected to those "free" devices, the Internet experience becomes annoying, to say the least. For such use, it is not hard to find a replacement for these "free" routers at a very reasonable price, and 90% of the time, it is totally worth it.