Securely Access Your Desktop By NOT VPN’ing.

I have been thinking lately on how I can access my home desktop (don’t ask me why I wan’t to do this) or my router/firewall config (which is not directly accessible to internet.

On this article, let’s explore some ideas on how we can accomplish this without running a VPN server or subscribing to any third-party remote access services.

… stay tuned

 

ISC StormCast for Wednesday, December 7th 2016

By Johannes B. Ullrich, Ph.D. Attacking NoSQL Applications
https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications/21787/
Heap Buffer Overflow in Encase Forensic Imager
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161128-0_Guidance_Software_Encase_DoS_heap_buffer_overflow_vulnerabilities_v10.txt
Raspbian To Increase Default Security
https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel/
SONY Camera Backdoor
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt
Feedback: https://isc.sans.edu/contact.html
More Here      

ISC StormCast for Tuesday, December 6th 2016

By Johannes B. Ullrich, Ph.D. Video Walk Through: Analysing Hancitor Malicious Document
https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Videos/21783/
Rapid Distributed Credit Card Number Brute Forcing
http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf
Cloudflare Detecting Large DDoS Attacks Over Thanksgiving / Cyber Monday
https://blog.cloudflare.com/the-daily-ddos-ten-days-of-massive-attacks/
Free Windows Tool to Harden Networks: SAMRi10
https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b
NY State Outlawing Automated Ticket Purchasing Software
https://www.nysenate.gov/legislation/bills/2015/S8123
More Here      

ISC StormCast for Monday, December 5th 2016

By Johannes B. Ullrich, Ph.D. CSP Bypass with Polyglot Images
http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html
also see this Youtube video on Polyglot Images: https://www.youtube.com/watch?v=Ub5G_t-gUBc
Stack Overflow SQL Injection Questions
https://laurent22.github.io/so-injections/
Mirai Update: More Outages and Vulnerable Chipset Identified
http://www.theregister.co.uk/2016/12/02/broadband_mirai_takedown_analysis/
SEC503 Intrusion Detection in Depth in Brussles (Jan 2017):
https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
More Here      

ISC StormCast for Friday, December 2nd 2016

By Johannes B. Ullrich, Ph.D. Open Source Tool “Beamgun” Fights Rogue USB Devices on Windows
https://github.com/JLospinoso/beamgun
“Shamoon” Malware is back with a new destructive attack against Saudi Arabia
https://www.bloomberg.com/news/articles/2016-12-01/destructive-hacks-strike-saudi-arabia-posing-challenge-to-trump
British ISP “KCOM” Suffering Outage After Attack
http://www.hulldailymail.co.uk/kcom-blames-cyber-attack-for-thousands-losing-internet-access-in-hull/story-29944084-detail/story.html#xf23rtZbUqlh5uXY.99
Microsoft Fixes Long Known Priviledge Escalation Issue
https://threatpost.com/microsoft-silently-fixes-kernel-bug-that-led-to-chrome-sandbox-bypass/122179/
More Here      

ISC StormCast for Thursday, December 1st 2016

By Johannes B. Ullrich, Ph.D. Mozilla Patches Firefox 0-Day (Exploit already avaiable!)
https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+in+Firefox+used+to+Attack+Tor+Browser/21769/
SQL Slammer “Resurgance” ?
https://isc.sans.edu/forums/diary/Take+Back+Wednesday+SQL+Slammer+still+alive+but+barely+kicking/21767/
Goolian Android Malware
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/
Bypassing SAML 2.0 SSO
http://research.aurainfosec.io/bypassing-saml20-SSO/
Webcast: The Six Most Dangerous New Cyber Attack Techniques
https://cc.readytalk.com/registration/#/?meeting=9yq9nbx4tp7a&campaign=nggmjhc39guc
More Here