Cybersecurity

270

Solutions

29

Articles & Videos

624

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

Experts,

On my meterpreter session I need to execute this command:
procdump64.exe -accepteula -ma lsass.exe lsass1.dmp

this does not work:
meterpreter > execute -f procdump64.exe -accepteula -ma lsass.exe lsass1.dmp
nor
meterpreter > execute -f procdump64.exe -a -accepteula -ma lsass.exe lsass1.dmp
0
Back Up Your Microsoft Windows Server®
LVL 4
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Can someone recommend a syntax on john the ripper using the default word list that I can use to crack an ntlmv2 hash for the password below in under 5 minutes?

DaLLasTexas!!
0
Hi All,

May I know where shall I manually add the below entry if I handle the Public DNS using Windows Server box in my DMZ ?

DKIM: Create a CNAME record for k1._domainkey.MyDomain.com with this value:
dkim.mcsv.net

Open in new window

SPF: Create a TXT record for MyDomain.com with:
v=spf1 include:servers.mcsv.net ?all

Open in new window


What is the risk or issue when implementing it during the business hours ?
0
We need to have a standalone IPS solution put in.  We currently run two pfSense firewalls in an HA setup.  I was looking around on eBay and saw a Tipping Point 210E (two of them).  Are they still good with updates to definitions?  Any other less cost recommendations?
pfSense HA works a little odd too, so I'm not sure if this will even work.
Firewall 1 WAN IP x.x.x.1
Firewall 2 WAN IP x.x.x.2
Firewall Shared WAN IP x.x.x.3

Same setup with internal LAN IPs.  Each firewall has its own physical connection to the modem via ethernet for the WAN side and LAN side.
0
Hi Experts,

On our public-facing OWA server on IIS 7, we turned on IP Address and Domain Restriction. If from the log we detect any IP trying brute force to log into our Web Outlook interface, we will put the IP into "Deny Restriction Rule" in the hope that IP will be 'blocked', meaning not even able to get the login screen. Actually it seems to be a wishful thinking since we noticed one of the IP we already added in the 'Deny' list that particular ip still keeps showing up in the log and we can see it got the login form and then denied with sc-status 401-1.

My question is, it seems this feature does NOT "block" the IP from getting the login form, but instead simply "deny" their login request. Is it correct?
0
I have a hacker who is aggressively attacking my network and need advice on which router is the most secure/encrypted?
0
Hello All,

I stuck with very odd issue .

One server running with 2k8r2 last patched on Aug 2015 not due to wannacry client asking to patch the server.
If i am checking the old patches in WSUS ,its showing declined & expire .
This server doesn't have internet , I try to installed monthly rollup for march but it got failed.

Is there any way to patch the server ???????
Please help
0
is there any technique/command/tool that can be used to remotely report the system centre endpoint protection status from a remote PC (definitions created on, definitions last updated, virus definition version, spyware definition version).
0
Hi there,

I am curious to know if there is a process to help map all DIACAP controls to RMF ? Or if there is already a mapping that was done for this already.

Please let me know your suggestions or experience. Any bit helps

-Michelle
0
Currently our Proofpoint can take from a few minutes to 3 hours before it detects new
emails containing certain attachments & links (ie new threats) are 'malicious' or spam.
To claw back malicious emails 2-3 hours later is rather late. Wud rather have late delivery.

Our Bluecoat MAA that protects against malicious downloading (or malicious sites) can
take up to several minute : just encountered one case yesterday where malicious .eot
files were downloaded by several users before it blocked users from downloading.
This Bluecoat MAA is supposed to protect against 0-day and unknown threats as well
but we have got quite a few infections/downloads in the past: possibly its 'sandboxing'
is not real-time / fast enough.

I'm hesistant to deploy endpoint IPS (HIPS) on workstations at this moment so skip
this for the time being as HIPS can impact legit services/apps if not tested thoroughly
while network based tools like MAA (& Trendmicro Discovery) are less disruptive.

Besides educating users (which we have done quite a lot), I'm looking for sandboxing
products that could perform much faster : I read one academic article that products
that implement 'prefetching' using multi layer of caches are much faster.  If they use
SSD, wud it be faster?

In particular against ransomware as one highly successful one as extracted below:

Sky News Technology Correspondent Tom Cheshire described the attack as "unprecedented". The ransomware appears to use NSA 0-day …
0
Announcing the Most Valuable Experts of 2016
LVL 6
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Hi All,

We are using Sophos EndPoint antivirus, but now we have decided to change the product means we have started to evaluate different Antivirus products, reason we are changing Sophos because we got hit by Miner C virus few times, and Sophos EndPoint or there support was not able to resolve it
.
Anyways we are going to meet a tech and see live demonstration of Kaspersky, is that a good product? what others should we try? What questions should we ask them?

Our main need for Antivirus product is to provide secure environment to staff, generate reports, lock USB drives and also manage company mobile phones (Wipe/Lock if device gets lost), and exclude or include whitelisting's for applications, anything else we should look or explore in antivirus products?

thanks.
0
Hi, i need help setting up Forcepoint Triton APX (inbound, outbound and encrytpiong)
Would be great to get assistance, I do have a project open
0
Parsing through my system logs yesterday after my internet signal dropped out I observed several DNS Client Events, type 1014.  Most of them are familiar, but quite a few had no reason to be there and I cannot ping them.  I listed a few examples below - should I be concerned and explore farther, or are these entries innocuous?

Name resolution for the name hytrvmnhuqu.localdomain timed out after none of the configured DNS servers responded.
Name resolution for the name rbkabhldz.localdomain timed out after none of the configured DNS servers responded.
Name resolution for the name rfsqiauqhiolob.localdomain timed out after none of the configured DNS servers responded.
Name resolution for the name zuhwgpvszqz.localdomain timed out after none of the configured DNS servers responded.
Name resolution for the name wpad.localdomain timed out after none of the configured DNS servers responded.
0
I work for a company with an office of about 20 employees.  We have had our email and website hosted by a 3rd party hosting company on a "shared" hosting platform for over a decade.  The platform is a Linux web host, and we manage our account using Cpanel.  We have no problems with our current service on this platform.

The hosting company we use is pitching a VPS to me, and I am trying to determine if switching from our current "shared hosting" plan to a Virtual Private Server within the same hosting company would provide us with more protection from data breaches or not.  The VPS would run Linux and WHM.  I am mostly concerned with having our email accounts and/or website hacked.  Please confirm or deny my reasoning below and provide your own thoughts.

Reasons why shared hosting is more secure

1. I believe that sharing an IP address with several other companies (as in our current shared hosting environment) makes our company's Internet presence more obscure to any potential attacker.  In this situation, the attacker would have a more difficult time isolating our traffic from the other companies that use the same IP address, leading to better security.  Is this true?

2. I also believe that any hosting company would provide better software maintenance (security patches as soon as they are available) and breach detection for a shared hosting server as opposed to a VPS environment.  With a VPS, it seems like all of that maintenance is the responsibility of …
0
So here's the situation.

We got hit with cryptolocker and we managed to restore our files from backup but the techs forgot to delete the encrypted files first and we aren't 100% sure that the restore worked.
Now I have to verify that every single folder on our filesystem has the same # or greater # of unencrypted files than encrypted ones before I can mass delete the encrypted files.
Sounds simple, aside from the fact that it's several Terabytes of data and thousands of folders.

I need help to design a script (or find a tool) that will recursively scan through all the folders in our filesystem and perform the following logic:

If # '.locked' files into folder > # of != '.locked' files in folder > paste folder path into log file.
0
I'm seeing something in a SIEM that I can't seem to wrap my head around. I have an internet facing ASA that is configured to deny spoofed IP addresses (I don't manage these devices). Shortly after feeding syslog events from this device into the SIEM, I started seeing "Traffic from Tor Exit Node" and "Deny IP Spoof" events in the SIEM. I bring up both items as I'm not sure if they're related.

Anyway, when I look at "Traffic from Tor Exit Node" events where the source IP is the known Tor exit node (most of them), there is no corresponding destination IP address or destination port. I've crafted a few stories in my head involving nmap scans through Tor but I can't convince myself of anything I've come up with. Anyone have a plausible explanation?

Thanks,
TR
0
I'm tasked with providing an email solution for a Defense Dept. (.MIL) organization that allows DoD students to submit messages and forms  containing personally identifiable information (PII) from their personal email accounts usually with no encryption.

The customer's requirements calls for the student information to be archived and tracked on a server that resides on the DoD organizational network.

The solution must support DoD 8500.1 guidelines and applicable FIPS/NIST standards  for CyberSecurity and processing PII information.

Please see the attached spreadsheet listing the requirements. The highlighted boxes are the toughest challenges.

I am open to any and all suggestions including Intranet, DMZ, VPN ...etc
Requirements.xlsx
0
I'm working on my master's dissertation in computer forensics and cyber security, and the topic is on bring-your-own-device (BYOD) acceptable use and security policy. There are many security implications that come along with BYOD. I am most interested in what organisations are doing today regarding BYOD?

If anyone has a few minutes and would like to participate in this anonymous BYOD survey, I would really appreciate the feedback.

The survey can be found here: https://www.surveymonkey.com/s/XPHCQSV 

Thank you!
0

Cybersecurity

270

Solutions

29

Articles & Videos

624

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.