Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

  • Days Won


About IDNeon

  • Rank
    Hak5 Fan ++

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. What does get into the industry even mean to you? That's probably the right place to start. Help desk > systems/network admin > then security Gotta know how something works to secure it
  2. I'm pretty sure encrypted police radios will be deemed illegal soon enough. Police are not protected by national security acts that are the only thing that allows public property to be hidden from the public.
  3. Oh and the "novel" portion is the terminology. I thought I explained in the beginning of the thread that I was asking about verbage to explain what is generally discussed in seminars on findings about APTs and their operations. I tried to illustrate such an instance, where the lecturers about such an APT had described a network of compromise, but had failed to give it a name. And had described the futiluty of wiping the device discovered to be compromised because the rest of the compromised devices would restore whatever device they wanted to that network of compromise. The idea the
  4. That's all in another thread. And this was a spinoff of that more along the lines of testing the concept of "network of compromise". The main point here which I hope hasnt been lost is that I think it's possible to box in an attacker into a smaller and smaller box which provides you faster counter intel. What this thread is not intended to do is to explain a sure-proof means of preventing exploits by network segmentation alone. So this thread starts with some initial assumptions that including other technical controls will effectively compartmentalize a smaller and smaller group
  5. Unspoken truth for sure. A real world example was a network I recently had to walk in on because of how messed up it had gotten by a number of issues. And one of them was the onsite IT moved the wrong servers physically to ports assigned to the wrong vlans for those servers. Among other physical issues. Such as switch configuration inconsistencies and problems. Point being. Given how complex a working infrastructure can become. When I'm crafting this document the word "actionable" comes to mind. If you have to build a space shuttle chances are your clients won't be able to.
  6. Disabling what you can for hardened OS per best practice to endpoints should always be a must. The general assumption is best practice technical controls will be applied. This more deals with what should the network look like (while security architecture deals with what should the whole IT infrastructure look like and why). It is apt to say this would be analog to wireless client isolation. But the reason is administrative. You want to be able to know what the attacker knows as soon as possible. It is not because such isolation is inherently more secure to exploit. That is
  7. Ok got a moment actually so to respond more to the other particulars of the above quote. The AP is a good analog where the server core should be the channel of communication between endpoints. Endpoints should not be able to communicate laterally outside of their allowed permissions to the server core.. Ideally the subnetting is for internal use to nuke these networks of compromise. The general assumption is the controls are effective. Thus you prevent lateral extension into the server core by other means alluded to in the "Security Architecture" thread. And you prevent latera
  8. I want to respond to you more in full but I am headed to a meeting so in brief first just soI remember to respond. The answer to your question lies in the nature of infiltration. It is harder to "land" on a server than to land on an end point and it is easier to "lock down" a server or other endpoints from lateral extension. It is extremely difficult to prevent endpoints from being "landing pads" or points of infiltration due to their use by lay-persons without security focus, and the latitude given them by your own policies which may or may not be enforced by rules or actual
  9. Just curious but you have two independent wifi adapters for your host?
  10. Lol this gives me the strange idea. Can you use virustotal as your host since apparently they let you download content that's been uploaded?
  11. There's a question in there somewhere for anyone interested in discussing. This isn't really a thread about networking. The question is based on the assumptions of APT activity within a compromised network does the remediation logically address the issue such that the defender can say they have effectively wiped out the network of compromise such that an attacker has to essentially start over from scratch. I think the methodology is on the right track and believe that subnetting and disabling certain services, remote features, etc, will box in the attacker so that their lateral
  12. I can't go into explicit details but would like some feedback on a concept Im working on as part of the security architecture document Ive also created a thread about. The network of compromise represents all the compromised machines in your network. The idea is that if you wipe one compromised machine, the command and control within this network of compromise can recapture the wiped machine. If the command and control machine is wiped, then any other machine in the network of compromise can be promoted to a command and control device. Because the network of compromise may consist of
  13. Update: some areas of focus have emerged. The goal continues to compartmentalize authenticated users so that a compromise in one compartment does not compromise the other. This leads to the concept of the server compartment being the core, while the other compartment or compartments (note the multitude) is for the endpoints. The problems here to be addressed is what happens to the compartmentalization when IT employee Bob tries to login to a workstation with a server-admin credentials. Through various technical controls I've narrowed it down to as far as the authentication
  14. So I have begun building the outline for this comprehensive topic. The paper as im currently working on includes: Logical controls. Control mechanisms. Technical controls. These 3 things describe the intention of your controls (logical controls) the bridge between your intentions and how to achieve those intentions (control mechanisms) and the controls as actually applied in a system suchas GPOs. (Technical controls). Similar to programming, you have a problem, pseudo code to describe how to solve the problem and then the actual code that solves the problem. Logi
  15. Something Im working on while desperately trying to avoid "reinventing the wheel" is Security Architecture. And what that entails is building a network so that all its components are secure. But not with the frame of mind that vulnerabilities are patched and best practices are implemented. But from the frame of mind that attacks work on certain strategic principles and to prevent those principles from ever being exploited in the first place. For instance in the most basic sense: an attacker controls a workstation and seeks privilege escalation or other credentials. In most netw
  • Create New...