The ECB has published a manual with instructions for inspectors reviewing the asset quality of products of the eurozone’s biggest lenders. The central bank is to take over banking supervision in November of this year. Continue reading
I am engaged with a mission to detect digital signatures on the client computers. Then, I decided to write a script to search for client computers in the internal network using WMI.
For anyone who would like to use it, here is the script. Save it as a search.vbs, and run as CScript search.vbs.
arrEtensions = Array("cer","pfx","p12","p7b") AdminUsername = "Administrator" AdminPassword = "AdminPassword" UserSegment = "172.16.1." WorkingDir = "C:\Users\pen\Desktop\PenTest\script\" Const OverwriteExisting = True On Error Resume Next 'Search for computers 172.16.16.17 to 172.16.16.254 For comp=29 To 29 : Do strComputer = UserSegment & comp Wscript.Echo "Searching for: " & strComputer Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator") Set objWMIService = objSWbemLocator.ConnectServer(strComputer, _ "root\cimv2", AdminUsername, AdminPassword) if Err.Number <> 0 Then Wscript.Echo "Error: " & Err.Number & Err.Description Err.Clear Exit Do End If strSearch="Select * from CIM_DataFile where " For Each Extension In arrEtensions strSearch = strSearch & "Extension = '"& Extension & "' OR " Next 'Delete last OR strSearch = Left(strSearch, Len(strSearch) - 4) Wscript.Echo strSearch Set colFiles = objWMIService.ExecQuery(strSearch) Wscript.Echo colFiles.Count If colFiles.Count > 0 Then Set oFSO = CreateObject("Scripting.FileSystemObject") If Not oFSO.FolderExists(strComputer) Then oFSO.CreateFolder strComputer End If 'Write the results file Set objFSO = CreateObject("Scripting.FileSystemObject") Set objTextFile = objFSO.CreateTextFile(strComputer & "\files.txt " , True) objTextFile.Write(strSearch & vbCrLf) filecount = 0 Set WshShell = CreateObject("WScript.Shell") mountLine = "net use w: \\" & strComputer & "\c$ /user:" & _ AdminUsername & " " & AdminPassword Set oExec = WshShell.Exec(mountLine) Do While oExec.Status = 0 WScript.Sleep 100 Loop For Each objFile in colFiles filecount = filecount + 1 sourceFile = objFile.FileName & "." & objFile.Extension sourceDir = objFile.Drive & objFile.Path netDir = "w:" & objFile.Path strLine = _ objFile.Extension & vbTab & _ sourceDir & sourceFile & vbTab & _ Round(objFile.FileSize /1024, 2) & "Kb" & vbCrLf WScript.Echo oExec.Status objTextFile.Write(strLine) copyLine = "xcopy " & """" & netDir & sourceFile & _ """" & " " & "" & WorkingDir & strComputer & _ "\" & objFile.FileName & "-" & filecount & _ "." & objFile.Extension & "*""" & " /Z /C" Wscript.Echo "Copying... " & copyLine Set oExec = WshShell.Exec(copyLine) Do While oExec.Status = 0 WScript.Sleep 100 Loop Next Set oExec = WshShell.Exec("net use * /delete /y" ) Do While oExec.Status = 0 WScript.Sleep 100 Loop objTextFile.Close End If Wscript.Echo "Completed: " & strComputer Loop While False: Next
Well, it is all started that I wanted to add a recurring event for the world famous La Tomatina of Spain, where people throw tomatoes to each other in a sunny day of Valencia. The event is held on the last Wednesday of August, during the week of festivities of Buñol. Unfortunately, there is no way to add a recurring action like this on the website of Google.
However, the Google Calendar can read and understand successfully the iCalendar format, not to be confused with Apple iCal, so you can make use of it to achieve what you want. All you need to do is to create an iCalendar event with the below recurrence rule. The term -1WE, means last Wednesday of the month, and the rest is self-explanatory. You can find more information in the related RFC.
You can paste the below text into a new text file and save it as latomatina.ics. Then, you can go Settings page of Google Calendars, click on Calendars, and then click on import. You will need to select the latomatina.ics, and the calendar you want this event to appear. Now, it is done. You can edit this event on your calendar. However, you should not edit the recurrence part on the web interface of Google Calendar.
BEGIN:VCALENDAR BEGIN:VEVENT DTSTART;VALUE=DATE:20120302 DTEND;VALUE=DATE:20120302 RRULE:FREQ=YEARLY;BYDAY=-1WE;BYMONTH=8 DESCRIPTION: La Tomatina Festival LOCATION:Buñol\, Valencia\, Spain SEQUENCE:0 STATUS:CONFIRMED SUMMARY:Spanish Tomato Festival TRANSP:TRANSPARENT END:VEVENT END:VCALENDAR
If you don’t know what is SQL injection, you should read this first.
However, if you authenticate users in a similar approach as below, you have already met with it, but you are not yet aware of it.
mysql_query(&amp;quot;SELECT * FROM users WHERE username='&amp;quot; .$_POST['username']. &amp;quot;' AND '&amp;quot; . &amp;quot; password='&amp;quot;.$_POST['password'].&amp;quot;'&amp;quot;;);
Well, these are old school tricks and old fashion attacks, therefore, I will not digg into the attack side.
Quick and Dirty Prevention
Simply escape the user inputs with built-in mysql function mysql_real_escape_string. Something like below:
mysql_query(&amp;quot;SELECT * FROM users WHERE username='&amp;quot;. mysql_real_escape_string($_POST['username']). &amp;quot;' AND password='&amp;quot;. mysql_real_escape_string($_POST['password']) .&amp;quot;'&amp;quot;;);
I have complied a list of regulations which affects IT Division of any bank, who develops core banking system in house, in Netherlands. Continue reading
It is a question I hear occasionally. Sometimes, I hear some confusions about their roles. Sometimes, some thinks that one is subordinate to another or one department is more important than the other one.
I associate the IT Security department to the Police Department, and IT Audit department to the Intelligence Service.
BRSA (Banking Regulation and Supervision Agency), the primary regulatory body of Financial Sector in Turkey, has developed a promising system named BADES for the reporting of the findings which are determined by the external auditors during the course of application controls and general IT controls audit engagements. The BADES system has also capable of importing and exporting XML files which have detailed information about the findings and remediation plans.
Thanks for the openness of BADES system, I decided to write a desktop application, which is roughly a specifically formatted XML editor, to accelerate the inputting process of findings and automate the most of the work. You can see the full feature list below. Continue reading
If you are working on a highly-critical engagement or a maganizish investigation you have to be sure that the information you have gathered or your audit program should be kept confidential. Otherwise, it would hurt you or the ones who are affected with your work. However, it might be quite though when all your data “belongs” to your company, and the “data custodians” of your company can easily browse your files even you will not notice whatsoever. I will tell you, how I cope with this situation.
One day, I heard an auditor colleague of mine suspiciously “lost” some of his audit evidences in the mid of his work. He was completely sure that he took the related evidences and put them all in that folder, which is not there at the moment. He was suspicious about some IT guys had deleted that folder from his computer. I took some measures to protect myself after hearing this story. Continue reading