Securely Access Your Desktop By NOT VPN’ing.

I have been thinking lately on how I can access my home desktop (don’t ask me why I wan’t to do this) or my router/firewall config (which is not directly accessible to internet.

On this article, let’s explore some ideas on how we can accomplish this without running a VPN server or subscribing to any third-party remote access services.

… stay tuned

 

ISC StormCast for Monday, May 2nd 2016

By Johannes B. Ullrich, Ph.D. ATM Jackpotting: Analysis of ATM APIs
https://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/
Reverse Engineering A ATM Machine Skimmer
https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/
Bathroom Scale Vulnerability
https://help.fitbit.com/articles/en_US/Help_article/How-do-I-update-my-Aria-scale/
Fake Mobile Payment Apps in Google Play Store
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
More Here      

ISC StormCast for Friday, April 29th 2016

By Johannes B. Ullrich, Ph.D. Powershell and DNS/DHCP
https://isc.sans.edu/forums/diary/DNS+and+DHCP+Recon+using+Powershell/20995/
New Version of PCI Standard Released
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf
OpenSSL Patch Pre-Announced
https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html
NTP Patches
http://blog.talosintel.com/2016/04/vulnerability-spotlight-further-ntpd_27.html#more
More Here      

ISC StormCast for Thursday, April 28th 2016

By Johannes B. Ullrich, Ph.D. SAML Federated Identity Vulnerability in Office 365
http://www.economyofmechanism.com/office365-authbypass.html
.AS Registry Vulnerable to Direct Object Reference
https://isecguy.wordpress.com/2016/04/25/flaw-allowed-anyone-to-modify-take-control-over-any-as-domain/
Driveby Exploit Used to Deliver Android Ransomware
https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware
CryptXXX Decrypt Tool
https://support.kaspersky.com/viruses/disinfection/8547?_ga=1.128163404.1397432418.1454514283#block3
More Here      

ISC StormCast for Wednesday, April 27th 2016

By Johannes B. Ullrich, Ph.D. OS X Memory Forensics
https://isc.sans.edu/forums/diary/An+Introduction+to+Mac+memory+forensics/20989/
Facebook App Used to Delivery Facebook Phish
http://news.netcraft.com/archives/2016/04/22/hook-like-and-sinker-facebook-serves-up-its-own-phish.html
Android.Spy.277.origin Keeps Being Delivered By Google Play Store Apps
http://blog.checkpoint.com/2016/04/22/in-the-wild-google-cant-close-the-door-on-android-malware/
Tool To Replay RDP Sessions From pcaps
http://www.contextis.com/resources/blog/rdp-replay-code-release/
Juniper Update
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727&cat=SIRT_1&actp=LIST
RouterSploit Router Exploit Framework
https://github.com/reverse-shell/routersploit
More Here      

ISC StormCast for Tuesday, April 26th 2016

By Johannes B. Ullrich, Ph.D. Details From the Breach of the Central Bank of Bangladesh
http://baesystemsai.blogspot.de/2016/04/two-bytes-to-951m.html
Apple Image IO Denial of Service
https://www.landaire.net/blog/apple-imageio-denial-of-service/
Text Messages Used to Phish Apple IDs
http://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-id-password-expired-expiry-text-website-scam-phishing-a6991126.html
Critical HP Data Protector Patch
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988
Armada Collection (or imposter) Making Fake DDoS Threats
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
More Here