My top five blog posts for 2018

By | 31st December 2018

Another year has come and gone, and with the new year approaching, it’s timely to revisit some of my previous posts. It’s an exciting time in information security and always interesting to see what gets the most interest. Here’s to another year of blog posts, and hopefully some more content. Enjoy this run down and happy new year.

By a large margin, this post has gained the most hits this year and is without a doubt the simplest post on this site! One of the useful capabilities of PowerShell is the interactive shell, and the opportunity to quickly develop scripts that automate a laborious task. So, how can we ping a range of IPv4 addresses with minimal effort? None of the IP addresses are configured to supress ICMP ping requests. In this post you can find the answer. It’s good to see PowerShell having such popularity, and it’s no surprise to me: it’s quick and easy to develop some useful functionality for not much effort.

It’s not surprising this is a popular post as technical security is always a high priority.

PE files contain a number of header values that indicate how the executable will behave with modern security technologies built-in to the operating system. Two of the most important in my mind are ASLR and DEP, but there are numerous other capabilities that compilers can support that are worth looking into. ASLR is one of the most significant developments in system security in the last 15 years or so, and was brought into the mainstream by OpenBSD in 2003. Exploits that corrupt memory and modify the next execution location were widespread in the 1990s and early 2000s, as operating systems typically used predictable memory locations for key data when processes were created. Along with DEP, SEG and CFG, it is possible to analyse the flags in executables and build defensive strategies accordingly.

2018 was a year in which Linux continued its advance, and Ubuntu 18.04 LTS got a lot of attention for some of its new features in the mix (both security and general functionality). Finding a succinct and complete list of new features is elusive, so in this post I provided the run down of both feature sets. My favourite feature? Kernel 4.15 – which is a considerable enhancement over the previous LTS 16.04 release 4.4 kernel. This was apparently a late-in-the-day decision, and a good one, as it made available security protections not available in 4.14. There are some very interesting features available from this transition, including Ext4 largedir feature, AMD RAM encryption support, KPTI, Meltdown vuln protection, Retpoline et al., AMD storage encryption, default SMB3 dialect, self-encrypting SSD and OPAL support, EFI reset attack protection, 4 Pb of RAM, improved BFQ scheduler, and Kernel live patching.

Not so much a security capability, XRDP is nevertheless a useful access method for instance to VMs running pen testing configurations.

If you upgrade from 16.04 LTS to 18 LTS, you might find your XRDP installation fails to start. My advice is to remove the XRDP package and purge the configuration files after backing them up. This post uses XFCE4 to reduce overhead of the RDP connection. Remote desktop connections require a wired connection with low latency and little or no contention.

For several weeks over October I’d been trialling WordFence on my blog. WordFence is a plugin that can be added to any existing WordPress installation, adding Intrusion Detection and Prevention capabilities usually encountered on application layer gateways. It’s the market leading security plugin for WordPress sites so they claim, but why might you want to use such a plugin? As any inspection of CMS logs will show, WordPress sites are exposed to vulnerability scanning activities incessantly. In this post I reviewed the application of WordFence to the site.

And that wraps up the top five posts for 2018. A good couple of runner up posts on risk assessment featured in the site stats – see Part 2 to link into the post series, which I’ll be continuing in 2019.