How To: Enriching IPs With Python

I need a certain amount of enrichment on IP addresses multiple times per day. While certain tools and controls have built-in enrichment, I often find myself sitting at a shell prompt needing the same or similar info quickly. So, I decided to write something that will take an IPv4 address as an argument, and return the data I need in an easily-parsable format. The code is available here. Usage The code takes an IPv4 address as input, and outputs the following: [Read more...]

How To: Mitigating Web Session Replay Information Leakage

Background There has been a lot of talk in the news lately about security issues surrounding web-based session replay. The issue is a simple one: many popular websites are now running scripts that record every keystroke and every mouse movement, allowing them to replay your entire visit to their website, as though they’re looking over your shoulder. However, that data’s being collected and retained by third parties, not the websites themselves. [Read more...]

How To: Mitigating The New Intel Management Engine Vulnerability

Background On November 20, 2017, Intel published INTEL-SA-00086, a security advisory detailing local and remote exploits in the Intel Management Engine. The Intel Management Engine (ME) has three vulnerable modules in this advisory: The Active Management (AMT) module The Trusted Execution Engine (TXE) module The Server Platform Services (SPS) module The only module of the three that can be exploited remotely is the AMT module. Interestingly, this same module was the subject of a May 1, 2017 advisory for INTEL-SA-00075 as well. [Read more...]