[ITA] HackInBo Spring Edition 2017

HackInBo
HackInBo

[ Qui potete trovare slides e video del mio intervento ]

Il 6 e 7 Maggio prossimi parteciperò come relatore ad HackInBo, un evento sulla Sicurezza Informatica totalmente gratuito che si svolge due volte l’anno a Bologna, ed organizzato in maniera del tutto volontaria dal buon Mario ed il suo staff.

HackInBo si differenzia in maniera netta dagli eventi organizzati qua e la dai vari vendor ed integratori di soluzioni di Sicurezza in quanto viene “dal basso”, è organizzato cioè da un gruppo di amici che lo fa per pura passione. Per dire: gli sponsor non possono parlare, saranno ovviamente (e giustamente) ringraziati ma l’unico vantaggio è il posto in prima fila. Continue reading “[ITA] HackInBo Spring Edition 2017”

Block Flash content on Squid proxy

No more flash
No more flash

One of the trending topic I discuss regularly with my company IT department is the need to block Flash content on our navigation proxies.

As a Security people I have no doubt about, Flash must be blocked. Period.

Because I manage some Squid proxy I made this simple and effective configuration in squid.conf  file. Continue reading “Block Flash content on Squid proxy”

Configure OTRS to process multiple Tickets in email Subject

Postfix email relay
Postfix email relay

OTRS Help Desk is an open source application (with Enterprise support) that has a lot of useful features: ITSM, Surveys, Time Accounting and System monitoring.

I use it on my company as a Service Desk for Security purposes (and more).
As you can read from our Success Story one of the feature we currently appreciate is the ability to track all the email exchanges into tickets simply putting ticket number in email Subject end CCing the proper configured email address. This allow us to interact with external parties without the need for other people to access our OTRS istance.  Continue reading “Configure OTRS to process multiple Tickets in email Subject”

SNORT rules Advanced Parser for pulledpork

Lone Hacker in Wharehouse by Brian Klug
Lone Hacker in Wharehouse by Brian Klug

Security Onion is an Ubuntu based distribution created to handle a lot of Security task.

One of the security tool installed is SNORT, the best open source Intrusion Detection System (IDS). Security Onion use Pulledpork to get IDS rules and process them.

I wrote a perl script to make advanced modification to the downloaded SNORT rules. This script can handle rule transformation based on regular expression and multiple substitution patterns. Continue reading “SNORT rules Advanced Parser for pulledpork”

Launching Nessus scans inside Metasploit

Network by Rosmarie Voegtli from Flickr
Network by Rosmarie Voegtli

[UPDATE Feb 24th 2018: tenable disabled the API to execute remote scan since version 7 so keep in mind that if you use nessus>7 this won’t work]

Metasploit is my favorite tool while I do Pen Test and Secuirty Checks. I use also Nessus for Vulnerability Assessment and integrate Nessus and Metasploit is a must.

Follow a short guide on how to launch Nessus from Metasploit (for reference, I used NESSUS 6.5 and Metasploit PRO but also Community Edition should be ok).

Continue reading “Launching Nessus scans inside Metasploit”