What happens when you loose your red team tools

#^fireeye/red_team_tool_countermeasures

FireEye Red Team Tool Countermeasures
These rules are provided freely to the community without warranty.

In this GitHub repository you will find rules in multiple languages:
* Snort
* Yara
* ClamAV
* HXIOC

Oh Jenkins

#^Jenkins Security Advisory 2020-11-04

This advisory announces vulnerabilities in the following Jenkins deliverables:
* Active Directory Plugin
...

Login allowed with hardcoded password by Active Directory Plugin
Login allowed with empty password by Active Directory Plugin
Authentication cache in Active Directory Plugin allows logging in with any password
Missing permission check in Active Directory Plugin allows accessing domain health check page
CSRF vulnerability in Active Directory Plugin

#^DockerSlim - Lean and mean Docker containers. Smaller, faster, more secure and frictionless!

Optimize Your Docker Containers.

Don't change anything in your Docker container image and minify it by up to 30x making it secure too! Optimizing images isn't the only thing it can do though. It can also help you understand and author better container images.

Keep doing what you are doing. No need to change anything. Use the base image you want. Use the package manager you want. Don't worry about hand optimizing your Dockerfile. You shouldn't have to throw away your tools and your workflow to have small container images.

Don't worry about manually creating Seccomp and AppArmor security profiles. You shouldn't have to become an expert in Linux syscalls, Seccomp and AppArmor to have secure containers. Even if you do know enough about it wasting time reverse engineering your application behavior can be time-consuming.

docker-slim will optimize and secure your containers by understanding your application and what it needs using various analysis techniques. It will throw away what you don't need, reducing the attack surface of your container. What if you need some of those extra things to debug your container? You can use dedicated debugging side-car containers for that (more details below).

#^Schleppende Digitalisierung - Schulen brauchen IT-Mitarbeiter | Deutschlandfunk

Schul-IT ist eine komplexe Aufgabe. Derzeit übernehmen diese oft Lehrkräfte nebenher - ein Grund, warum der digitale Unterricht nicht vom Fleck kommt. Gebraucht werden Mitarbeiter, die sich Vollzeit um die IT kümmern. Denkbar sind auch IT-Abteilungen, die für mehrere Schulen zuständig sind.

We used a local KMS for M$ Windows Enterprise volume activation. Unfortunately we do not fulfil the required activation thresholds anymore, so we had to switch to MAK activation.

I discovered VAMT from the Windows ADK tools. That is a really handy tool. Overview over your keys and easy mass key changes and activation for all your computers.

#^Use the Volume Activation Management Tool (Windows 10) - Windows Deployment

The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to track and monitor several types of product keys.

Well... like most of the time with Micro$oft it sounds nice and good, until you start using it and reach disillusion.

Bah ist das heute ekelhaft wenn man wieder aus dem Serverraum kommt.

There was an interesting talk at Bonn Security Nights last evening.

It is not available (yet?) but the topics have been amongst others:
#^The Web Infrastructure Model (WIM) | Institute of Information Security  | University of Stuttgart

The most comprehensive, expressive and precise model of the web infrastructure to date.

#^New OAuth Security Recommendations - danielfett.de

The OAuth Security BCP contains a number of new and updated recommendations on the usage of OAuth 2.0. I recommend reading the whole document to understand the threats and attacks that lead to these guidelines. As a quick reference, the following table shows an overview of the most important new recommendations:
This list is based on version -12 of the draft and will be updated in the future.

Ziemlich interessantes Angebot. Leider nur B2B und nicht für mein privates Hosting-Dilemma.

#^Kubernetes - Managed Container Plattform | NETWAYS Web Services

Maßgeschneiderte Container Plattform basierend auf Kubernetes. Bei Bedarf administriert durch MyEngineer. Bezahlung nach Nutzung und in wenigen Minuten bereit.

#K8s

After a recent php:7.3-apache Docker image rebuild we were not able to connect to the M$SQL server anymore from our PHP application inside the docker container. Seems to be related with the Debian 9 (Stretch) --> Debian 10 (Buster) update of the official PHP base image.

The error message with the new container was:
[Microsoft][ODBC Driver 17 for SQL Server]TCP Provider: Error code 0x2746
[Microsoft][ODBC Driver 17 for SQL Server]Client unable to establish connection
Too lazy to find a proper solution right now, but a quick fix is to add following code to our Dockerfile:
RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /etc/ssl/openssl.cnf
Another lessons learned is to use the right base image tag e.g.: php:7.3-apache-stretch

#^Lightmeter

Getting mail reliably and quickly in the inbox of recipients is hard. Lightmeter shows where the bottlenecks are so you don't waste time.

Funny project. If you look at the code #^https://gitlab.com/lightmeter it is just R

Recently saw in a certificate under Subject Alternative Name a spiffe:// URI.

#^SPIFFE – Secure Production Identity Framework for Everyone

Secure Production Identity Framework for Everyone Inspired by the production infrastructure of Google and others, SPIFFE is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous environments.

What is SPIFFE?
SPIFFE, the Secure Production Identity Framework For Everyone, provides a secure identity, in the form of a specially crafted X.509 certificate, to every workload in a modern production environment. SPIFFE removes the need for application-level authentication and complex network-level ACL configuration.

#CNCF

After spending a lot of time with talks and articles about cattle and throw away clusters this video is a pleasant counterpart.

#^Here's What Happens When an 18 Year Old Buys a Mainframe
by SHARE Association on YouTube

#^glpi-project/android-inventory-agent

GLPI Android Inventory Agent allows your company to maintain control of all mobile devices, whilst providing comprehensive protection and enhanced security for sensitive corporate data, via a centralized management console.

Tempting...

#^Running Jenkins Files inside GitLab CI

Learn how to lift and shift your Jenkins jobs over to GitLab CI while you migrate.

First, I want to set some ground rules for this. For starters, this process is not meant for long term use. There are many downsides to this - Such as it only runs in one GitLab Stage and isn’t asyncronous. However this process can be used to run your Jenkins builds in GitLab CI, While you’re migrating your Jenkinsfile to GitLab CI Syntax. Make no mistake - This doesn’t solve your migration woes, But it does allow you to run your Jenkinsfile inside GitLab for the time being. It’s a stop-gap measure.

nice!!!

#^The Log File Navigator

Many logging tools, like Splunk, provide great features but are optimized for large-scale deployments.  They require installing and configuring servers before they can be effectively used.  There is still a need for a robust log file analyzer for the terminal.
Just point lnav to a directory and it will take care of the rest.  File formats are automatically detected and compressed files are unpacked on the fly.
Log files are a wealth of information, lnav can help highlight the parts that are important and filter out the noise.

Sehr inspirierender Vortrag von Hagen Bauer zum Thema #DSGVO und Monitoring bei der #OSMC.

#^OSMC 2019 | Die DSGVO als Chance nutzen – Monitoring der Informationssicherheit by Hagen Bauer
by NETWAYS on YouTube

#GDPR

Interesting talk from #OSMC about micro-perimeter, least privileges, zero trust architectures, etc.

#^OSMC 2019 | Zero Trusted Networks – why Perimeter Security is dead by Jochen Kressin
by NETWAYS on YouTube

Very interesting talk about Checks and Metrics by Michael Medin at #OSMC

#^OSMC 2019 | Buzzword Bingo with NSClient++ by Michael Medin
by NETWAYS on YouTube

As a modern online service, the Microsoft Teams client auto-updates every two weeks. Because Teams is governed by the Modern Lifecycle Policy, it is expected that users remain on the most up to date version of the desktop client. This ensures that users have the latest capabilities, performance enhancements, security, and service reliability.

Users on Teams desktop clients that are more than three months old will encounter a blocking page giving the options to update now, reach out to their IT admin, or continue to Teams on the web.

The behaviour how this software installs automatically on every computer with M$ Office365 feels a lot like malware. It installs the Micro$oft Teams desktop client on the regular office update. In addition it installs a program that will reinstall the Micro$oft Teams Desktop client on next reboot if just the client was uninstalled.

Who will ever want to install the Micro$oft Teams client for Linux that will be released next month.

#^Microsoft rät Kunden mit Windows Server 2008 zum schnellen Umstieg auf Azure-Cloud | News Center Microsoft

Support-Ende für Windows Server 2008 und Windows Server 2008 R2 am 14. Januar 2020: Ohne Migration riskieren Unternehmen Sicherheitsprobleme und Compliance-Verstöße
Am 14. Januar 2020 endet der erweiterte Support für Windows Server 2008 und Windows Server 2008 R2. Doch es gibt noch immer Unternehmen, die keine konkreten Pläne für die Migration auf ein neues Betriebssystem haben. Damit ab dem Stichtag keine Sicherheitslücken oder Verstöße gegen Compliance-Vorschriften zu riskieren sind, rät Microsoft zu einem Umzug der Server auf Azure. Die Migration in die Cloud gibt den Unternehmen mehr Zeit, um neue Lösungen für ihre Software-Anwendungen zu finden, die noch die Nutzung der alten Server erfordern.

in veralteten Server-Umgebungen die Einhaltung der EU-Datenschutzgrundverordnung (EU-DSGVO) nur schwer garantiert werden

Systeme vom Internet zu trennen ist keine Lösung

Microsoft empfiehlt Migration zu Azure