Questions? Call 877-752-7170 or contact@fyrmassociates.com

Blogs

breathmint, A Refreshing Burp Parser

Burp Suite has been my favorite web app testing tool for a while and seems like it keeps getting better with age & updates. Typically, I have avoided using other tools to parse the Burp output (xml) because most of what we report comes from manual testing. Somewhat recently, I started using extensions to add the manual testing results to Burp and thus it made sense to write a script to parse Burp xml output.

Continue reading

DEF CON 27 Blue Team Village Badge Wrap Up

Table of Contents Honeypots Challenge Communications Add-ons Updates Easter Eggs Trivia Prototypes Conclusion DEF CON 27 has come and gone, and it was amazing to see folks get engaged with the badge, solving the challenges, having fun with the honeypots. We received lots of great feedback, and folks were very curious about the honeypot data. We had great conversations about what hacking actually happens at DEF CON, what kind of hacking can be expected, and we think there is enough evidence to at least partially answer that question.

Continue reading

DevSecOps and Audit Compliance

Integrating Compliance Auditing with DevSecOps By now you have probably at least read about the benefits of merging development, security, and operations into a cohesive unit (if not also implemented to some degree). Now it’s time to take it a little further: integrating security compliance audits. Whether you face mandated audits, like PCI, FISMA and agency specific implementations like Security Controls Testing (SCA) or NISTIR 8011 flavored Adaptive Capabilities Testing (ACT), or self-imposed assessments for your own [good] reasons (or both), integrating an external audit with your system development and maintenance process can help your organization more efficiently remediate vulnerabilities and weaknesses, and the overall audit process will be less costly.

Continue reading

A Portable Honeypot, the DEF CON 27 Blue Team Village Electronic Badge

Table of Contents Background Inspiration Features Design Hardware Software Programming Photos Videos Conclusion Last Updated: 2019-10-10 This post is part 1 of 2. Visit Part 2 of 2 for spoilers and behind the scenes info. With the wave of low-cost PCBs and components, electronic conference badges are now pervasive. I decided to deviate a bit from our usual offensive security focus, have a little fun and build a mobile AP and honeypot which has now evolved to the DEF CON 27 Blue Team Village badge.

Continue reading

nepali, A Lightweight Nessus Parser

Having a vulnerability management tool like Tenable Security Center is great. They offer a lot of functionality to analyze, track, and report on the current and past state of systems in the environment. But sometimes that’s overkill. Sometimes you want something quick and easy. Hence we wrote a quick little python script that parses one or more .nessus files and produces a spreadsheet (Excel format). There are five worksheets in the workbook output file:

Continue reading

Advanced Recon Techniques or How We Find All The Things (part 1)

After the rules of engagement are finalized but before we actually start a penetration test, we perform no-touch reconnaissance or “recon”, all without sending a single packet to our target organization’s environment. The goal is to identify all the in scope assets and data exposures, as the more coverage we attain of a target environment the more thorough we can be with our penetration testing. This information can include things like ip addresses, subdomains, code repositories, employee data or anything that tells us more about the company and introduces a crack in the external defenses.

Continue reading

macOS Spotlight Data Leak (Vulnerability Fixed)

For a period of time, it was possible to read snippets of memory on a screen-locked mac OS system from the USB port. A while back we noticed some interesting files created by macOS when inserting a USB drive. These files were related to Spotlight, macOS’s built-in search functionality which indexes and enables searching of files on the system, among other things. The presence of the files is fairly standard, as an invisible /Volumes/<Volume Name>/.

Continue reading

Getting Social with the Smart Grid @ DEF CON 18

I will be co-presenting [“Getting Social with the Smart Grid”] (https://defcon.org/html/defcon-18/dc-18-speakers.html#Morehouse) at this year’s DEF CON in Las Vegas. Littered with endless threats and vulnerabilities surrounding both social networking and the Smart Grid, the marriage of these two technologies is official, despite protests by the security community. Consumers love it because they can brag to their friends about how green they are. Businesses love it more because it provides fresh material for their marketing departments.

Continue reading

We're Doing it Wrong

As an industry, we have failed. Miserably. Cyber security professionals have implemented a broken methodology and graduated from failing to properly identify the problem to failing to present an effective solution. The network security methodology of: 1. Find Vulnerabilities, and then 2. Apply Security Patch, simply does not work for the custom web application environment. This statement may seem obvious, but it’s exactly what the industry has tried to do.

Continue reading

GuestStealer Wrapup

In addition to the previously mentioned Nmap script, GuestStealer has now made its way into a [Nessus plugin] (http://www.nessus.org/plugins/index.php?view=single&id=44646) and a Metasploit module. Nessus Plugin 44646 was released by Tenable a few weeks ago and the Metasploit module was pushed up to the trunk last week. GuestStealer has been mentioned in several articles and blog posts recently, including [DarkReading – Tech Insight: Securing The Virtualized Server Environment] (https://www.darkreading.com/tech-insight-securing-the-virtualized-server-environment/d/d-id/1132946) and The Hacker News Network.

Continue reading