Author Archives: Brent Huston

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

Got MS DNS Servers? Get the Patch ASAP!

Posted on by
8

If you run DNS on Microsoft Windows, pay careful attention to the MS-15-127 patch.

Microsoft rates this patch as critical for most Windows platforms running DNS services.

Remote exploits are possible, including remote code execution. Attackers exploiting this issue could obtain Local System context and privileges.

We are currently aware that reverse engineering of the patch has begun by researchers and exploit development is under way in the underground pertaining to this issue. A working exploit is likely to be made available soon, if it is not already in play, as you read this. 

Old School Google Hacking Still Works…

Posted on by
3

Did some old school Google hacking last night.

“Filetype:xls & terms” still finds too much bad stuff.

Check for it lately for your organization?

Try other file types too. (doc/ppt/pdf/rtf, etc.)

Information leakage happens today, as it always has. Keeping an eye on it should be a part of your security program.

Ashley Madison Blackmail Campaigns Prowling Again

Posted on by
1

If you were involved in the Ashley Madison service, or know someone who was, it might be time to discuss the continuing issues of ongoing blackmail campaigns stemming from the breach. This article appeared this week in SC Magazine, reporting on just such a campaign, that has been potentially identified.

Please be aware that this is happening, and can represent a significant threat, especially for organizations associated with critical infrastructure, IP protection and/or government agencies. 

If you, or someone you know, is being harassed or targeted by black mailers, here are some resources:

General council advice.

Contacting the FBI.

WikiHow Advice from the public.

Stay safe out there!

Podcast Episode 9 Available

Posted on by
1

Check out Episode 9 of the State of Security Podcast, just released!

This episode runs around an hour and features a very personal interview with me in the hot seat and the mic under control of @AdamJLuck. We cover topics like security history, my career, what I think is on the horizon, what my greatest successes and failures have been. He even digs into what I do every day to keep going. Let me know what you think, and as always, thanks for listening!

Next CMHSecLunch is Monday, November 9th

Posted on by
5

Just a heads up that the next CMHSecLunch is scheduled for Monday, November 9th at Tuttle Mall food court.

As always, the games begin at 11:30am and continue to around 1pm. Admission is FREE and everyone is welcome. Bring a friend!

Come by, hang out, have some food and great conversation. Talk about the threats and issues your team is facing and hear what others in the community have to say on the topic. It’s like hallway conversations at security conferences, without the travel, con-flu and noise.

Check it out and see you there! 

HoneyPoint Security Server Allows Easy, Scalable Deception & Detection

Posted on by
3

Want to easily build out a scalable, customizable, easily managed, distributed honey pot sensor array? You can do it in less than a couple of hours with our HoneyPoint Security Server platform.

This enterprise ready, mature & dependable solution has been in use around the world since 2006. For more than a decade, customers have been leveraging it to deceive, detect and respond to attackers in and around their networks. With “fake” implementations at the system, application, user and document levels, it is one the most capable tool sets on the market. Running across multiple operating systems (Linux/Windows/OS X), and scattered throughout network and cloud environments, it provides incredible visibility not available anywhere else.

The centralized Console is designed for safe, effective, efficient and easy management of the data provided by the sensors. The Console also features simple integration with ticketing systems, SEIM and other data analytics/management tools.

If you’d like to take it for a spin in our cloud environment, or check out our localized, basic Personal Edition, give us a call, or drop us a line via info (at) microsolved (dot) com. Thanks for reading! 

Clients Finding New Ways to Leverage MSI Testing Labs

Posted on by
2

Just a reminder that MSI testing labs are seeing a LOT more usage lately. If you haven’t heard about some of the work we do in the labs, check it out here.

One of the ways that new clients are leveraging the labs is to have us mock up changes to their environments or new applications in HoneyPoint and publish them out to the web. We then monitor those fake implementations and measure the ways that attackers, malware and Internet background radiation interacts with them.

The clients use these insights to identify areas to focus on in their security testing, risk management and monitoring. A few clients have even done A/B testing using this approach, looking for the differences in risk and threat exposures via different options for deployment or development.

Let us know if you would like to discuss such an approach. The labs are a quickly growing and very powerful part of the many services and capabilities that we offer our clients around the world! 

MachineTruth As a Validation of Segmentation/Enclaving

Posted on by
1

If you haven’t heard about our MachineTruth™ offering yet, check it out here. It is a fantastic way for organizations to perform offline asset discovery, network mapping and architecture reviews. We also are using it heavily in our work with ICS/SCADA organizations to segment/enclave their networks.

Recently, one of our clients approached us with some ideas about using MachineTruth to PROVE that they had segmented their network. They wanted to reduce the impacts of several pieces of compliance regulation (CIP/PCI/etc.) and be able to prove that they had successfully implemented segmentation to their auditors.

The project is moving forward and we have discussed this use case with several other organizations to date. If you would like to talk with us about it, and learn more about MachineTruth and our new bleeding edge capabilities, give us a call at 614-351-1237 or drop us a line via info <at> microsolved <dot> com.  

CMHSecLunch is Monday Oct 12

Posted on by
1

Remember: ‪#‎CMHSecLunch‬ is tomorrow. 11:30, Polaris.

Come out and hang with some of your friends. This free form event is open to the public and often includes hacking stuff, lock picking, deep technical discussions, projects, etc.

Check it out at the link below & bring a friend!  

http://cmhseclunch.eventbrite.com

 

3 Things You Should Be Reading About

Posted on by
3

Just a quick post today to point to 3 things infosec pros should be watching from the last few days. While there will be a lot of news coming out of Derbycon, keep your eyes on these issues too:

1. Chinese PLA Hacking Unit with a SE Asia Focus Emerges – This is an excellent article about a new focused hacking unit that has emerged from shared threat intelligence. 

2. Free Tool to Hunt Down SYNful Knock – If you aren’t aware of the issues in Cisco Routers, check out the SYNful Knock details here. This has already been widely observed in the wild.

3. Microsoft Revokes Leaked D-Link Certs – This is what happens when certificates get leaked into the public. Very dangerous situation, since it could allow signing of malicious code/firmware, etc.

Happy reading!