vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь...
TRANSCRIPT
![Page 1: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/1.jpg)
Vulnerability intelligence with vulnersIgor Bulatenko
![Page 2: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/2.jpg)
#:whoami
- vulners.com co-founder
- QIWI Group Security expert
- Web penetration tester
- Ex-security developer
- JBFC community participant
![Page 3: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/3.jpg)
#:groups
- QIWI Security Team- Kirill “isox” Ermakov (core)- Igor “videns” Bulatenko (search)- Ivan “vankyver” Yolkin (frontend)- Alex “plex” Sekretov (parsers)
- Alex Leonov (Analytics)
![Page 4: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/4.jpg)
Vulnerabilities are the gateways by which threats are manifested
SANS institute
![Page 5: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/5.jpg)
Vulnerable
- Vulnerability - weakness which allows an attacker to reduce a system's information assurance (Wiki)
- Some kind of information that represents security issues
- Format-free description of function f(object, conditions) returning True/False
![Page 6: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/6.jpg)
Captain Obvious: Risks
- Information systems takeover
- Revocation of the licenses
- Business continuity
- Money loss
- …and a lot of other bad things
![Page 7: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/7.jpg)
Vulnerability management process
- Mandatory component of information security
- Need2be for a security-aware companies
- Necessary to perform in accordance with the PCIDSS and others
- Best practice for survival in the Internet
![Page 8: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/8.jpg)
Quite easy overview
![Page 9: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/9.jpg)
Content sources fail
- Every product has it’s own source of vulnerability data
- Most information is not acceptable for automatic vulnerability scanners
- MITRE, NVD, SCAP, OVAL and others failed to standardize it
- Everyone is working on their own
- “Search”? Forget about it. Use Google instead.
![Page 10: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/10.jpg)
Vendors are so cool- Human only readable format
- Advisories instead of criteria
- Differs from page to page
- CSS wasn’t discovered yet
- HTML actually too
![Page 11: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/11.jpg)
Classics of vulnerability awareness- Security mailing lists
- “Let’s talk about…”
- Full of references and links
- Guess the syntax
![Page 12: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/12.jpg)
Vulnerability assessment
- Vulnerability Scanners
- Developed in 90th
- Heavy deployment process
- About 20-30 different vendors
![Page 13: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/13.jpg)
Under the hood of the typical scanner- Scripting engine
- PHP/Python/PAZL/NASL
- Vulnerability checks
- Hidden logic of detection
![Page 14: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/14.jpg)
The Good, the Bad and the Ugly- Slow in big enterprises
- Binary scripts
- Missing central management
- Agentless technology requiring root privileges
- Inventory != vulnerability scan
- Good model was designed years ago
![Page 15: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/15.jpg)
Feature racing
- Black magic challenge of collecting data
- More checks = better scanner
- Harmless pentest. ORLY?
- Do you trust your security vendor?
![Page 16: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/16.jpg)
Scanner check delay
![Page 17: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/17.jpg)
OPS style security
- Inventory is already done. No need to do it again.
- You already have a dashboard
- Targeted utilities acts better
- Version range checks
![Page 18: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/18.jpg)
Let’s start from the scratch
- Established at 2015 by QIWI Security Team
- Parsing and data collection framework
- Built by security engineers for OPS
- The only check to do: version range
- Clear scanning process
![Page 19: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/19.jpg)
vulners.com: Information security “Google”- Vulnerability source data aggregator
- Created by security specialists for security specialists
- Incredibly fast search engine
- Normalized, machine-readable content
- Audit features out-of-the-box
- API-driven development
![Page 20: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/20.jpg)
Content
- Vendor security advisories
- Exploit databases
- Security scanners plugins and modules
- Bug bounty programs
- Informational resources
- 0 days from security scanners
- … 60+ different sources and growing
![Page 21: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/21.jpg)
Normalization. We did it!
- All data has unified model
- Perfect for integration
- Security scanners ready
- Automatic updateable content
- Analytics welcome
![Page 22: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/22.jpg)
Coverage? One of the largest security DB’s
![Page 23: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/23.jpg)
Search- Google-style search string
- Dorks, advanced queries and many more
- UX-driven
- Human-oriented
- References and data linkage
- Extremely fast
![Page 24: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/24.jpg)
Power of the aggregation
- Unified model in database
- Ability to perform correlation
- Security scanners comparison
- Reveal trends
![Page 25: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/25.jpg)
API- REST/JSON
- Integration focused scan features
- Audit calls for self-made security scanners
- Easy expandable
- Content sharing features
![Page 26: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/26.jpg)
Advanced queries- Any complex query
- title:httpd type:centos order:published last 15 days cvss.score:[7 TO 10]
- Sortable by any field of the model (type, CVSS, dates, reporter, etc)
- Apache Lucene syntax (AND, OR and so on)
- Exploit search by sources and CVE’s- cvelist:CVE-2014-0160 type:exploitdb- sourceData:.bash_profile - sourceData:"magic bytes”
![Page 27: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/27.jpg)
Awareness as it should be- Inspired by Google Search subscriptions
- Get the only content that you need
- Query based subscription
- Any delivery method:- RSS- Email- Telegram- API
![Page 28: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/28.jpg)
RSS
- Fully customizable news feed in RSS format
- Powered by Apache Lucene query- https://vulners.com/rss.xml?query=type:debian
- Updates-on-demand. No cache, it builds right when you ask it to.
- Atom, Webfeeds, mrss compatible
![Page 29: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/29.jpg)
Email subscriptions
- Awareness service
- Absolutely customizable
![Page 30: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/30.jpg)
Telegram news bot
- Up to 3 subscriptions for user
- In-app search
- Broadcast for emergency news
![Page 31: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/31.jpg)
But…what about the scanner?
- Security scanner as a service
- Ready for Zabbix, Nagios, etc integration
- As simple as ”rpm –qa”
- Clear decision making logic
![Page 32: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/32.jpg)
Package version scanning
- Perform only host inventory
- Can be done manually
- Don’t need root privileges
- Vendors data provided in a compatible format
![Page 33: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/33.jpg)
Security audit
- Linux OS vulnerability scan
- Immediate results
- Dramatically simple
![Page 34: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/34.jpg)
Security audit API
- Easy to use: Just give us output of package manager- https://vulners.com/api/v3/audit/rpm/?os=centos&version=5&package=php-4.6.17-1.el5.remi-x86_64
- JSON result- Vulnerabilities list- Reason of the decision- References list (exploits, and so on)
- Ready to go for Red Hat and Debian family
- Typical call time for 500+ packages list = 160ms- It’s fast. Really fast.
![Page 35: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/35.jpg)
Security audit API
![Page 36: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/36.jpg)
Home made scanner
- Available at GitHub
- Example of integration
- Free to fork
![Page 37: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/37.jpg)
It is absolutely free
- Free for commercial and enterprise use
- Make your own solutions using our powers:- Security scanners- Threat intelligence- Subscriptions- Security automation
- Just please, post references if you can
![Page 38: Vulnerability intelligence with vulners.com / Кирилл Ермаков, Игорь Булатенко (QIWI)](https://reader034.vdocument.in/reader034/viewer/2022051502/586f90931a28ab54768b79fb/html5/thumbnails/38.jpg)
Thanks
- https://github.com/videns/vulners-scanner/
- We are really trying to make this world better
- Stop paying for features which are available for free