Powered by Blogger.
Showing posts with label Windows. Show all posts
Showing posts with label Windows. Show all posts

Cloud Security Suite: Auditing Tool For AWS Infrastructure


Cloud security suite one-stop tool for auditing the security posture of AWS infrastructure

Pre-requisites

[Python 2.7
pip
git]

Installation

[git clone https://github.com/SecurityFTW/cs-suite.git
cd cs-suite/
sudo python setup.py]
Note - Generate a set of ReadOnly AWS keys which the tool will ask to finish the installation process.

Virtual Environment installation

(So you don't mess with the already installed python libraries)
[pip install virtualenvironmentwrapper]
Add it to the respective rc file of your shell (bashrc/zshrc) (for fish shell users check virtualfish)
[echo "source /usr/local/bin/virtualenvwrapper.sh" >> ~/.bashrc]
source the file
[source ~/.bashrc]
Run env:
[cd cs-suite/
mkvirtualenv cssuite
workon cssuite
pip install -r requirements-virtual.txt
aws configure]
Once the installation is done, the tool will ask you for the AWS keys and region. These two are mandatory for the tool to work.

Run

[python cs.py]

Documentation 

Installation and running CS Suite:

Cloud Security Suite - Installation and Initiation of an AWS Audit


Cloud Security Suite - Auditing a Windows Instance

Cloud Security Suite - Auditing a Linux Instance

Microsoft Kept Secret That It Suffered a Data Breach Four and a Half Years Ago


Reportedly, Microsoft had suffered a data breach in 2013 when a highly-skilled hacking group by various names including Morpho, Butterfly and Wile Neutron, who exploited a Java Zero-Day vulnerability to hack into Apple Mac computers of the Microsoft employees.

When Microsoft discovered the compromised database in earlier 2013, an alarm spread inside the company. With such a database in hands, the so-called highly sophisticated hacking group could have developed zero-day exploits and other hacking tools to target systems worldwide.

There's no better example than WannaCry ransomware attack to explain what a single zero-day vulnerability can do.

Following the concerns that hackers were using stolen vulnerabilities to conduct new attacks, the tech giant conducted a study to compare the timing of breaches with when the bugs had entered the database and when they were patched.

On being contacted, Microsoft declined to speak about the incident, beyond saying: "Our security teams actively monitor cyber threats to help us prioritize and take appropriate action to keep customers protected."

via: TheHackerNews
Subscribe to: Posts (Atom)
 

Copyright © . Designed By Templatezy