Monday, June 13, 2016

Password Policy - Another Dumb and Dumber Story?

I just stumbled upon the image bellow on But it’s just a repost of an old post from Reddit’s /r/funny community. There are posts and reposts of the same image and it’s hard to know who the author is.

The posts talks about a user a possibly using a extremely log password because she had misunderstood the company password policy. It might not be a true story, but as a message it’s dead wrong.

Thursday, May 23, 2013

Selecting an SIEM Solution For Your Organization Simplified

Selecting the correct Security Information and Event Management (SIEM) solution for your organization is not an easy task. The purpose of this article is to educate you why you should or should not have an SIEM solution, what key areas to look at when acquiring and SIEM solution and I'll also give you some of my own opinions or certain vendors and options.

SIEM is an hybrid of two products SIM (security information management) and SEM (security event management). SEM technology evolves with real-time activities such as real-time correlation, alerting, dashboards, etc. SIM component is responsible for retention of logs for log-term analysis and forensics, reporting, pattern discovery, etc. Most of the leading SIEM vendors now provide ticketing/workflow management systems, integrated knowledge-bases various other components integrated to their SIEM solution.


Friday, November 4, 2011

Configure Policy-Based Routing On Check Point Secure Platform

There's no straight-forward way to achieve policy-based routing on Check Point SPLAT (Secure Platform). Since SPLAT is Linux-based and Check Point firewalls relies on operating system routing functions, policy based routing is also archived through iproute2 - a set of utilities used to control network traffic on Linux systems. iproute2 is available with most of the Linux distributions (including SPLAT) with a kernel version above 2.2.

For more information about iproute2, please refer to the links in Additional References section of this article.

When configuring policy-based routing with iproute2 on SPLAT, there are some important point you need to remember.
  1. You need to configure a routing table per policy and it's independent of your normal routing table
  2. Because of that, once a policy is matched only that particular table is looked for routing
  3. Therefore you must manually add all the routing information (including directly connected routes) for each and every table you create
  4. route --save command does not save the policy based route you configure using ip route command.

Monday, July 4, 2011

gnmap2csv - Generate a CSV File from Nmap Scan Results

I created this basic script to generate a small report from nmap scan results. It's just a quick-and-dirty bash script that can generate a CSV file from .gnmap files that are produced by nmap scanner. You can either use this for reporting or just to get a quick view of the hosts, open ports and services. It has been quite useful for me for penetration tests that I do.

The following is a sample file I generated from an nmap scan and I opened the CSV in Microsoft Excel.

Sunday, June 12, 2011

Automating Penetration Tests - Part 2

This is the part 2 of the article, click here to read part 1 of the article.

Modern Approaches to Attack Graphs Generation and Analysis

In the modern approach, attack graphs are generated without the full knowledge about the network – which represents real-world scenarios. Then during the attack phase rest of the information is learned and the attack graph is altered accordingly. A planner or an intelligent mechanism such as neural network is used to analysis the graphs and then to generate attacks.

There are two notable researches papers that discusses on attack planning. Ghosh and Ghosh proposed a new approach to attack planning using a planner [35]. Then Obes et al. have used the same concept and integrated the planner to a penetration testing framework to successfully conduct a penetration test [36].