How To: Mitigating The New Intel Management Engine Vulnerability

Background On November 20, 2017, Intel published INTEL-SA-00086, a security advisory detailing local and remote exploits in the Intel Management Engine. The Intel Management Engine (ME) has three vulnerable modules in this advisory: The Active Management (AMT) module The Trusted Execution Engine (TXE) module The Server Platform Services (SPS) module The only module of the three that can be exploited remotely is the AMT module. Interestingly, this same module was the subject of a May 1, 2017 advisory for INTEL-SA-00075 as well. [Read more...]

One Second Analysis Followup: Credentials Posted to Pastebin

As a followup to last week’s post regarding the number of stolen account credentials that show up on Pastebin daily, I’ve collected enough data to get a more accurate picture of the posting rate. As a reminder, here was the first day’s data: Start time: 20171113 2100UTC Credentials parsed to date: 792,488 Clean (unproblematic) credentials: 734,807 Unique clean credentials: 475,653 Credentials parsed to date: I’ve had a homebrew pastebin scraper analyzing new pastes, watching for email addresses, for a while now. [Read more...]

How To: Building A Dark Web Scraper

In a previous post, I demonstrated a way to run Linux command-line tools through Tor. Let’s take it a step further, and come up with a way to scrape sites on the dark web. This will allow us to hunt for mentions of various pieces of information we may want to be alerted to, such as the presence of company names, email addresses, etc. We’re going to need some code. [Read more...]