Someone Is Learning How to Take Down the Internet

Bruce Schneier has an interesting article about a development that brings back memories from when Stuxnet was discovered.

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses.

This may be in line with some findings that a new larger team is developing malware and exploits for an international scale. It also urges a lot of parties to take security more serious and not only go for compliance. It also may put the announcement from GCHQ about the great British firewall in a new light.

Security Weekly: The State Of Healthcare Security

Security Weekly episode 479 has an interesting section about the State of Healthcare Security.

The most interesting question is how we as an sector are going to convince people to by new equipment every 3 to 5 years or how we can make something that will last at least 20 to 30 years.

Kali Linux 2016.2

Last week Kali Linux 2016.2 was released so it was time to make a new VirtualBox instance for it to see the difference from the release in January. But let’s automate a little bit to quickly rebuild virtual machines for Kali Linux.

$ cd ~/Downloads
$ wget

Let’s create the virtual machine and boot it. In this example it is bound to the wireless network card and allocates an 16 GB disk image as the default 8 GB size for Debian is too small and 10 GB is the minimum advised.

$ export VM="Kali Linux 2016.2"
$ VBoxManage createhd --filename "$HOME/VirtualBox VMs/$VM/$VM.vdi" --size 16384
$ VBoxManage createvm --name "$VM" --ostype "Debian_64" --register
$ VBoxManage storagectl "$VM" --name "SATA Controller" --add sata --controller IntelAHCI
$ VBoxManage storageattach "$VM" --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium "$HOME/VirtualBox VMs/$VM/$VM.vdi"
$ VBoxManage storagectl "$VM" --name "IDE Controller" --add ide
$ VBoxManage storageattach "$VM" --storagectl "IDE Controller" --port 0 --device 0 --type dvddrive --medium $HOME/Downloads/kali-linux-2016.2-amd64.iso
$ VBoxManage modifyvm "$VM" --ioapic on
$ VBoxManage modifyvm "$VM" --boot1 dvd --boot2 disk --boot3 none --boot4 none
$ VBoxManage modifyvm "$VM" --memory 1024 --vram 128
$ VBoxManage modifyvm "$VM" --nic1 bridged --bridgeadapter1 wlp1s0
$ VBoxManage startvm "$VM

After the installation is completed and the machine is powered down it is safe to remove the virtual DVD and create a snapshot to always quickly return to.

$ VBoxManage storageattach "$VM" --storagectl "IDE Controller" --port 0 --device 0 --type dvddrive --medium none
$ VBoxManage snapshot "$VM" take "Snapshot 1"

I can now continue to prepare for the Offensive Security Certified Professional (OSCP) training. Hopefully I can also join the CTF organized by Platform voor Informatie Beveiliging.