Apr 28, 2021

Headless Vmware Workstation Player

To run your VMware Workstation Player (16) in headless mode, here is the configurations.

First,  shutdown all the VMware Virtual Machines, then edit the VMware preference file below:

  • (Linux) $HOME/.vmware/preferences
  • (Windows) %HOMEPATH%\AppData\Roaming\VMWare\preferences.ini

Next, append the following lines at the bottom of the files.

pref.vmplayer.exit.vmAction = "disconnect"  
pref.vmplayer.confirmOnExit = "FALSE"

 

Apr 23, 2021

When HTTPS is not Sufficient

HSTS stands for HTTP Strict Transport Security.

HSTS is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. The HSTS Policy is communicated, from the server to the user agent, via an HTTPS response header field named "Strict-Transport-Security".

It specifies a period of time in which the user agent should only access the server in a secure fashion.[2] 

Note that the protection only applies after a user has visited the site at least once. It works by upgrade to HTTPS automatically, without making an HTTP request, to prevents the HTTP man-in-the-middle attack from occurring. 

To detect if a HTTPS server is supporting HSTS, just examine the HTTP response header if the following header exists.

Strict-Transport-Security: max-age=31536000; 

It is accepted in HTTPS communication only. The max-age parameter specifies how long to remember the rule in seconds (31536000 corresponds to a year). Append ; includeSubDomains at the end to apply the rule for all subdomains as well.

Here, I'm using my browser (MS Edge) to query if a website is supporting HSTS or not. Enter the "edge://net-internals/#hsts" or "chrome://net-internals/#hsts" at the URL, and put in the website for query.

support HSTS


Nowadays, it is hardly find a website that does not support HSTS, so I run a simple HTTP in my lab.

Not supporting HSTS

Benefits of HSTS:

  • Simple to implement at web server.
  • Helps in implementing HTTPS correctly.
  • Enabling HSTS helps to ensure that you remain compliant with privacy and data security regulations that require the use of HTTPS.

Links:

  • https://www.rapid7.com/blog/post/2011/05/03/strictly-https/
  • https://www.rapid7.com/db/vulnerabilities/hstsdetection-hstsattack-1/
  • https://www.rapid7.com/db/modules/auxiliary/scanner/http/http_hsts/


Apr 22, 2021

What Happen in the Past-14-Day?

Do you know how many new CVE have been added to NVD in the past 2 weeks? And how many old CVE have been updated, like new poc exploit released or malware released? How about ransomware and crypto-mining attack?

The answer is 10,768 CVE have been updated. 

10,768 CVE updated in past 14 days

 This includes:

  • New CVE been released.
  • Old CVE with new details being released.
  • Any pre-NDV vulnerabilities

Yes, you may get those information from National Vulnerability Database. However, how are you going to do a quick analysis of all those CVE, like:

  • What is the trend and velocity of a particular CVE being attack now?
  • What are the new exploit being released? 
  • Any malware or ransomware being released for a CVE?
  • Any prediction on a particular CVE with artificial intelligence analysis on how likely a particular CVE is going to be exploited in the future.

Finally, how fast you learn about all these new CVE/attack/ransomware/cryptomining? 

(Below is the quick dump of all the information above into a CSV file. And it just happen that while I exporting the CSV, the list becomes 10769 CVE)

10,769 cve exported