Tuesday, April 17, 2018

OpenVAS Virtual Appliance / GreenBone Installation

OpenVAS Framework
The GSM Community Edition is a derivate of the GSM ONE and allows a quick and easy option on Windows, Linux or Mac to give the solution a trial. No particular know-how is needed.
In contrast to the commercial solution the Community Feed instead of the Greenbone Security Feed is used. Also some management functions like for TLS certificates are not included. Feed updates happen on a regular basis, but the system itself can not be updated. The commercial version can be updated seamless and also includes access to the Greenbone Support.
The Community Edition as well as the GSM ONE are designed for use with a laptop. The full feature set for a vulnerability management process (schedules, alarms, sensors) are only available with the bigger GSM models (see here for an overview) and can be obtained from Greenbone as an evaluation unit.

1. OpenVAS / GreenBone Installation Video




Saturday, April 14, 2018

Metasploit Installation on Windows 7 and 10

The Metasploit Framework (MSF) is far more than just a collection of exploits. It’s an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel. I consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins, the Metasploit Framework provides a truly impressive work environment.

1. Installation on Windows 7
Youtube Video:



Kali Virtual Appliance Installation and Usage

Kali Linux is the world’s most powerful and popular penetration testing platform, used by security professionals in a wide range of specializations, including penetration testing, forensics, reverse engineering, and vulnerability assessment. It is the culmination of years of refinement and the result of a continuous evolution of the platform, from WHoppiX to WHAX, to BackTrack, and now to a complete penetration testing framework leveraging many features of Debian GNU/Linux and the vibrant open source community worldwide.

Kali Linux has not been built to be a simple collection of tools, but rather a flexible framework that professional penetration testers, security enthusiasts, students, and amateurs can customize to fit their specific needs.
1. Installation Kali Virtual Appliance


Tuesday, April 3, 2018

Free DNS Server 1.1.1.1 and 1.0.0.1 (from CloudFlare) - Fastest and Easiest to Remember

Google free DNS server 8.8.8.8 and 8.8.4.4 has been used by me for many years, since it is decent fast and also easy to remember. But now Cloudflare just announced their DNS server 1.1.1.1 and 1.0.0.1 on April 1st 2018.

Here is their comparison diagram with other free public DNS server providers.



Not only fastest, Cloudflare pledged that it will not write your ip to the disk and not keep your tracking data long, it will purge all logs within 24 hours. How cool is this privacy focus feature? Definitely, I will give it more try later if there is any need to use a public DNS server.


Saturday, March 17, 2018

Gartner Magic Quadrant for Security Awareness Computer-Based Training (2017,2016,2015,2014)

IT research and advisory firm Gartner, Inc. has evaluated different vendors in the Magic Quadrant for Security Awareness Computer-Based Training (CBT). Gartner’s evaluation criteria includes market understanding, marketing strategy, sales strategy, product strategy and offering, business model, vertical/industry and geographic strategy, and innovation.

What is security awareness computer-based training?
End-user-focused security education and training is a rapidly growing market. Demand is fueled by the needs of security and risk management leaders to help influence the security behaviors of people. People impact security outcomes much more than any technology, policy or process. Interactive computer-based training (CBT) is a central component of a comprehensive security education and behavior management program. It is a mechanism for the delivery of a learning experience through computing devices, such as laptop computers, tablets, smartphones and Internet of Things (IoT) devices. The focus and structure of the content delivered by CBT vary, as do the duration of individual CBT modules and the type of computing endpoints supported. The market for CBT for security awareness is characterized by vendor portfolios that include ready-to-use, interactive software modules. These modules are available as internet-based services or on-premises deployments.


2017

Thursday, February 22, 2018

Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 2. Configuration

Continue with previous post "Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 1. Installation"


Steps: 
After the installation of the Sophos Enterprise Console you had logged off.
Now you logged in and the Console starts automatically.
This Windows will appear:


image001


Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 1. Installation

This post is a detail documentation how to install Sophos Enterprise Console 5.1 in your networks.


Pre-Requirements:
  1. copy the Sophos Enterprise Console to the Server (ProdInstall\Sophos\Sophos Console\sec_5.1.exe)
  2. check if you are able to connect to the infrastructure server like this: http://IP Server:8085
  3. A webpage like this should be shown to you:



Tuesday, February 20, 2018

OWASP Top 10 (2010, 2013, 2017)

The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security. 
The OWASP Top 10 Web Application Security Risks was created  in 2010, 2013 and  2017 to provide guidance to developers and security professionals on the most critical vulnerabilities that are commonly found in web applications, which are also easy to exploit. These 10 application risks are dangerous because they may allow attackers to plant malware, steal data, or completely take over your computers or web servers.
Meeting OWASP Compliance Standards usually is the First Step Toward Secure Code.