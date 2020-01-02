Security Leftovers
RedCommander: Open source tool for red teaming exercises
The RedCommander tool solves a major challenge for red teams around the installation and operationalization of infrastructure by combining automation scripts and other tools into a deployable package.
RedCommander is a series of Ansible Playbooks that automate the tedious tasks required to stand up covert command and control channels during a red team exercise. This open source tool is intended to be a stepping stone for more advanced configurations during red team assessments.
Once an operator spins up several servers and configures redirectors, they can leverage RedCommander to modify and monitor their command and control servers for blue team investigations by way of RedELK. The result provides the operator with a full-spectrum overview of a Red Team exercise while simultaneously centralizing logs for Indicators of Compromise (IOC) analysis.
Cloudflare Bot Management, MITM Boxes and TLS 1.3
This is just a "warn your brothers" post for those who use Cloudflare Bot Management, and have customers which use MITM boxes to break up TLS 1.3 connections.
Be aware that right now some heuristic rules in the Cloudflare Bot Management score TLS 1.3 requests made by some MITM boxes with 1 - which equals "we're 99.99% sure that this is none human browser traffic". While technically correct - the TLS connection hitting the Cloudflare Edge node is not established by a browser - that does not help your customer if you block those requests. If you do something like blocking requests with a BM score of 1 at the Cloudflare Edge, you might want to reconsider that at the moment and sent a captcha challenge instead. While that is not a lot nicer, and still pisses people off, you might find a balance there between protecting yourself and still having some customers.
Crylogger Finds Alarming Crypto Vulnerabilities in Android Apps
Researchers at Columbia University have released Crylogger, an open source analysis tool for identifying cryptographic vulnerabilities in Android apps.
According to the recent paper, titled “Crylogger: Detecting Crypto Misuses Dynamically,” the researchers analyzed “1780 popular Android apps downloaded from the Google Play Store to show that Crylogger can detect crypto misuses on thousands of apps dynamically and automatically.”
Security updates for Tuesday
Security updates have been issued by Debian (imagemagick, lemonldap-ng, and zeromq3), Fedora (ark, cryptsetup, gnutls, kernel, kernel-headers, and kernel-tools), openSUSE (firefox, kernel, and thunderbird), Red Hat (cloud-init, go-toolset:rhel8, libcroco, librepo, php:7.3, postgresql:10, and thunderbird), SUSE (firefox and go1.14), and Ubuntu (linux, linux-aws, linux-aws-5.3, linux-aws-5.4, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-azure-5.4, linux-gcp, linux-gcp-4.15, linux-gcp-5.4, linux-gke-4.15, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-hwe-5.4, linux-kvm, linux-oem, linux-oem-osp1, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-raspi2, linux-raspi2-5.3, linux-snapdragon and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).
