Latest Security News

How to generate malicious network traffic and help security teams to evaluate security controls and network visibility





See below some open source tools and frameworks

https://github.com/alphasoc/flightsim

https://www.kitploit.com/2018/02/aptsimulator-toolset-to-make-system.html


More docker security tools to review

Takenfrom the the morning paper :

https://blog.acolyer.org/2017/04/03/a-study-of-security-vulnerabilities-on-docker-hub/


Tools


To this list we can also add the following (and maybe others I’m not aware of or have forgotten too):
See also Docker’s ‘Benchmark for Security‘ recommendations. Be careful out there!

dockerscan - Docker Security Analysis and Hacking Tools

Interesting tool to test  ( from KitPloit - PenTest Tools!)



dockerscan - Docker Security Analysis and Hacking Tools







What's dockerscan

A Docker analysis tools


Very quick install
> python3.5 -m pip install -U pip
> python3.5 -m pip install dockerscan
Show options:
> dockerscan -h





Available actions
Currently Docker Scan support these actions:
  • Scan: Scan a network trying to locate Docker Registries
  • Registry
    • Delete: Delete remote image / tag
    • Info: Show info from remote registry
    • Push: Push an image (like Docker client)
    • Upload: Upload a random file
  • Image
    • Analyze: Looking for sensitive information in a Docker image.
      • Looking for passwords in environment vars.
      • Try to find any URL / IP in the environment vars.
      • Try to deduce the user used internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: “sudo”, “gosu”, “sh -u”… And report the user found.
    • Extract: extract a docker image
    • Info: Get a image meta information
    • Modify:
      • entrypoint: change the entrypoint in a docker
      • trojanize: inject a reverser shell into a docker image
      • user: change running user in a docker image

What's the difference from Clair or Docker Cloud?
The purpose of Dockerscan is different. It's foccussed in the attack phase.
Although Dockescan has some functionalities to detect vulnerabilities in Docker images and Docker registries, the objective is the attack.


Documentation
Documentation is still in progress...

For the moment we only have the slides presented at RootedCON Spain, the conference where Docker Scan was presented:
https://www.slideshare.net/secret/fxVqD2iXqanOCX

Or you can watch it in video format (recommended):


Also, you can watch a dockerscan usage demo:


Nmap 7 Realesed


Nmap 7.00 comes after more than three years of development, and it's the biggest release of the open-source network discovery and security auditing software appreciated by hundreds of thousands of system administrators and security professionals around the globe. The latest release includes a great number of new features and fixes numerous issues reported by users since Nmap 6.00.
"It is the product of three and a half years of work, nearly 3200 code commits, and more than a dozen point releases since the big Nmap 6 release in May 2012. Nmap turned 18 years old in September this year and celebrates its birthday with 171 new NSE scripts, expanded IPv6 support, world-class SSL/TLS analysis, and more user-requested features than ever," reads the announcement.
Highlights of Nmap 7.00 include excellent SSL (Secure Sockets Layer) and TLS (Transport Layer Security) analysis, the addition of over 170 new NSE (Nmap Scripting Engine) scripts, better support for the next-generation IPv6 network protocol, faster synchronous network scanning, Ncat enhancements, and support for the Windows 10 and Mac OS X 10.11 El Capitan operating systems.
Download Nmap 7.00 for GNU/Linux, Mac OS X, and Microsoft Windows operating systems right now from Softpedia. New to network security? Don't hesitate to check out the project's official website for tutorials and other information regarding the Nmap software.

Wireshark 2.0 releasd

After being in development for a few months, Wireshark 2.0, the world's most popular open-source network protocol analyzer software, has been released today for all supported operating systems, including GNU/Linux, Mac OS X, and Microsoft Windows.
Prominent features of Wireshark 2.0 include a revamped graphical user interface (GUI) that has been rewritten in Qt 5 and designed from the ground up to provide users with a smoother and much faster network protocol analyzing experience. The new user interface also offers a faster workflow for multiple operations.
"The Windows installer provides the option of installing either the new interface ('Wireshark') or the old interface ('Wireshark Legacy'). Both are installed by default. Note that the legacy interface will be removed in Wireshark 2.2. The OS X installer only provides the new interface. If you need the old interface you can install it via Homebrew or MacPorts," reads the announcement.
Among other new features implemented in Wireshark 2.0, we can mention the addition of multiple dialogs, such as MTP3 statistics and summary, WAP-WSP statistics, UDP multicast statistics, WLAN statistics, display filter macros, as well as capture file properties. There are also numerous bugfixes and improvements in Wireshark 2.0.

Still the world's most popular network protocol analyzer

Wireshark 2.0 is a massive release that includes numerous, hundreds of changes, so it is recommended that you read the official release notes if you're interested in every little thing that has been implemented in the application, which remains the world's most popular network protocol analyzer.

Defcon 22 ( 2015 ) Youtube Video Channel

Windows images for sandbox or other use

Catch  this quick LINK for ISO file for windows operating system for your sandbox \virtual machine installation