Archive for December, 2015
This repository includes several binaries from and tools for Red Star OS. These can be used for further research work. Continue reading
A TOP-SECRET document dated February 2011 reveals that British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks, a leading provider of networking and Internet security gear. Continue reading
Shortly after reading my post, Willem Pinckaers pointed out that the
reseed_system_prng function sets the global variable
system_prng_bufpos to 32. This means that after the first invocation of this function, the for loop right after the reseed call in
system_prng_gen_block never executes. Hence, the ANSI X9.31 PRNG code is completely non-functional. Continue reading
The term, “Advanced persistent threat” (APT), has become almost as mainstream as security breaches in everyday news. With a multitude of scary pandas, jackals, lions and spiders to constantly worry about entering your corporate network, it can be hard to understand that there are some basic commonalities required for these advanced threats to gain a foothold in your network. We’ll detail some of the adversary thought process now. Continue reading
In today’s dynamic security world, organizations must understand the benefits of proactively testing their cyber security posture to properly defend against targeted attacks. An effective penetration testing and vulnerability assessment program is a critical component of enterprise security.
Did the NSA knacker ScreenOS? Probably not
To my friends running ScreenOS from Juniper, please review this critical security notice.