Talk given by Juan J. Güelfo at SteelCon 2016, covering techniques that improve current methods for Computer Network Defense Analysis training and advanced security engagements. This talk also introduces Encripto’s Blue Team Training Toolkit (BT3), with lots of demos and relevant examples.
This is a collection of videos documenting the Blue Team Training Toolkit (BT3), our open source tool for training Network Security Monitoring and supporting advanced security engagements, developed av Juan J. Güelfo at Encripto.
This paper was presented at the Norwegian Information Security Conference (NISK) 2015. It proposes two methods that can be used to improve computer network defense analysis training. The main advantages are reduced risk and preparation costs, while increasing realism during training sessions. These methods can easily be implemented by both public and private organizations, as well as training institutions such as universities.
Application security testing is recommended on a regular basis, as the threats are constantly changing and new functionality gets added to the application. Encripto often gets questions about the recommended security level for different types of applications, in addition to the recommended frequency. Here you can find a guide that answers these questions.
Vulnerability assessment, penetration testing, red teaming and adversary replication. These are different kinds of security tests that can be conducted against networks or organizations. Encripto’s guide gives you an overview about the newest trends when it comes to network security testing, and the audience that can benefit from them.
Computer attacks are a risk for all kinds of companies, no matter what size they have. Security testing will uncover if your security countermeasures actually resist external threats, and how well they respond in case of an attack. Encripto’s guide for network security testing covers questions such as recommended frequency, scope and method.
Encripto discovered that Inteno ICE-CLIENT is vulnerable to web directory traversal. The vulnerability could be exploited directly with a web browser, and it could allow unauthenticated attackers to retrieve sensitive files from the device where ICE-CLIENT is running.
In September Encripto gave a talk at TEDx Trondheim’s event: “Caught Red Handed”. Here our security expert, Juan J. Güelfo, talked about web and wireless security. He demonstrated how easy it can be to hack a web application or access information transmitted via an open wireless network.
Encripto discovered that Inteno DG301 is vulnerable to command injection. The vulnerability could be exploited from the login form available at the web administration interface, and it could allow unauthenticated attackers to execute arbitrary commands with root privileges.
According to the vendor, Netgear ProSafe is a cost-effective line of smart switches for Small and Medium Businesses (SMBs). The products cover an essential set of network features and easy-to-use web-based management. Power over Ethernet (PoE) and Stacking versions are also available.
A range of ProSafe switches are affected by two different vulnerabilities: CVE-2013-4775: Unauthenticated startup-config disclosure. CVE-2013-4776: Denial of Service vulnerability.
SAS provides its customers the ability to order, pay, check in, choose their seat and much more directly on their mobile. The security expert Juan J. Güelfo at Encripto AS decided to look into the SAS application and discovered in a short time several security issues.