Thursday 27 August 2020

UAE IA Standards: Measuring Cyber Security Maturity

The UAE has become an emerging technology hub in a fast-evolving interconnected digital world while cyber-threats at a global scale are becoming far more complex, and increasingly inevitable.

The UAE has significant resources and is continuously raising the bar when it comes to innovation. At the same time, smart technologies, automation and technological advances make the region a particularly attractive target to threat actors. Effective cybersecurity strategies are moving from a standalone defensive approach to mandatory security programs representing the competitive advantage among whole organisations.

The UAE's federal body released the UAE Information Assurance (UAE IA) Standards on 25th June 2014, as part of the Cyber Security Framework, to manage the country's cyberspace.

Since the release of the UAE IA standard, the UAE and the globe, has seen a nearly exponential growth of cybersecurity landscape. The lates statistics from various sources depict an exponential growth of the cyber landscape while at the same time, offer trustworthy and actionable recommendations for thought-leaders and decision-makers.

Wednesday 5 August 2020

Be aware of fraudsters taking advantage of the devastating incident in Beirut

As we have seen in the past, any major breaking news and large events draw the attention of cyber criminals, as they try to take advantage of such situations. It is devastating what happened in Beirut, and many countries have already sent help. 

As a cyber security professional, I would like to seize the opportunity and bring into people’s attention that malicious groups and fraudsters most probably will try to take advantage of the situation in order to profit from it. During such times there is a rise in different types of malicious communications such as, emails pretending to be from legitimate charities, spear phishing messages through all types of social media, even actual phone calls. 

This is a call to everyone to be vigilant, and especially to the security community to come together with a common message, to raise awareness. 

Please do your diligence if you want to help. Do not send money to charities that “pop-up” the last minute without any tangible evidence that these are legitimate. Do not trust links posted on social media about online donations. If you want to send financial aid, do that only through official channels (such as, official government sites)

Whatever the reason in such difficult times, be always aware that there are malicious groups out there that they only care about taking advantage of such situations. Please keep in mind that every dollar given unintentionally to fraudsters, is a dollar that will be missed by the people who are affected from this unprecedented incident. 

Wednesday 1 July 2020

SHe CISO - May 2020, Mentoring Call - CISO Talk

It was a really great to be invited to the SHe CISO mentoring call this May.  Lyn Webb and myself had the opportunity to have a chat with Chani Simms and Didar Gelici around Cybersecuiry challenges. 
In this call I had an opportunity to give a brief inside to my 3xM approach when it comes to dealing with challenges in the cybersecurity culture of organisations. 

The 3xM approach is composed of Mentality > Mindset > Maturity and how these interconnect with each other, in order to compliment each other, in a continuous cycle. Stay tuned for an upcoming talk that will attempt to set some foundations on how leading roles in cybersecurity have a responsibility to evolve towards a holistic 360 approach across all verticals of an organisation (digital ecosystem). 

Saturday 20 June 2020

Security BSides Athens 2020

Given the current situation with most conferences having been canceled in 2020, Security BSides Athens 2020 (www.bsidesath.gr) took the decision to convert this year's event into a virtual conference. Based on that decision, we seized the opportunity to reach out to more people around Greece, and of course, welcoming anyone who wanted to join us from around the world (see here).
A virtual event has many challenges, especially when having to make sure everything is 100% ready before you hit the "go live" button. For the past 5 year, this annual meetup of Security BSides in Athens brought people together from all over the world, both Greeks and non-Greeks. We all have busy lives and we wanted to give people to opportunity to keep in touch with friends & colleagues that we tend to see once a year. Hence, even though we do not want this virtual get-together to be the norm, at the same time, it allows us to stay in touch. In our case, we used this year’s virtual event as an opportunity to a) increase the number of people who can “attend”, b) invest to a bigger/better event in 2021. In other words, as we do this for the community despite how much more work it needed, we are very happy that we are now in a position to say: Security BSides Athens 2020, was not cancelled! ;) 

A big -Thank You- to the whole team for supporting the event and spending their time putting this year's virtual conference together. It goes without saying that we couldn't have done this without our sponsors and speaker, who decided to support this year's Security BSides Athens 2020. 

We have now archived the Security BSides Athens 2020 and you can find all the relevant information (speakers, sponsors, participation, youtube videos, etc.) here: 2020.bsidesath.gr 

Tuesday 19 May 2020

youtube-dl (how to) - best guide to get you started

####################################################################
###        youtube-dl - the best guide to get you started        ###
###                                                              ###

>> Installing
[Note]: Before you start; 
If you have upgraded to Catalina (on never have installed xcode and gcc before), then you will need to:
install Xcode (from Apple's App Store), then run the command: xcode-select --install 
then install gccand then install youtube-dl

[TIP]: You must run brew update first. Then you can either use the brew upgrade to update all packages, or, run brew upgrade youtube-dl to update only youtube-dl

//To install youtube-dl [1] under MacOS use:
brew install youtube-dl

//Once it is installed, update the application:
sudo youtube-dl -U

Friday 1 May 2020

Re-encode screen recordings to work in iMovie

There was a case where I did some screen recordings but iMovie refused to see the video files .mp4 format. Video captures can be very useful as proof-of-concept and/or evidence of actions performed, for example during a security assessment, such as penetration testing sessions. 

In my case, it was showing only a "green screen" instead of what it was actually captured during the screen recording. Bear in mind that VLC could play the video file without any issues, but when loaded in iMovie, the same video file was failing to show properly.

If you have ffmpeg installed on your MacOS, you can very easily fix this problem, by re-encoding e.g. from an .mp4 file to a .mov file. 

Keep in mind, simply changing the "container" from an .mp4 video to .avi/.mov in most cases won't fix your problem. Hence, doing something like the following, as many others advice online, it will simply not work for you:
- ffmpeg -i Video.mp4 -c copy Video.mp4
- ffmpeg -i Video.mp4 -acodec copy -vcodec copy -f mov Video.mov


Re-encoding however, will fix your problem and ensure that iMovie can see the video as they were captured:

ffmpeg -i ScreenRec.mp4 -c:v libx264 -preset fast -profile:v baseline outRec.mov 

Of course, if you want to keep the same format, you can do:

ffmpeg -i ScreenRec.mp4 -c:v libx264 -preset fast -profile:v baseline outRec.mp4


Sunday 26 April 2020

New iOS text bug (aka text bomb) can crash your iPhone

A newly discovered bug is capable of crashing your Apple iPhone or iPad by simply receiving a text notification. The bug occurs when an iOS device user receives a text message or tries to read a tweet which is written using some Sindhi characters. 
This type of bug is known as a "text bomb", because a malicious individual can use it to prank, bully, cause Denial of Service (DoS), or even "troll" their targets by constantly forcing the receiver's app to crash. The original message sent had the Italian flag in it and it was using the hashtag: #CaptureTheFlag. 

It is being reported from different sources on social media that the text message other that your iPhone it also may crash your iPad, Apple Watch, and other Apple Gadgets.

The text bomb looks like any of the following group of Sindhi characters with any emoji in between: 
For obvious reasons I had to take a screenshot so not to be held responsible for propagating this. It was tested and it works. 


Text bombs aren’t something new. There have been numerous cases in the past few years where  random strings of text have caused mobile devices to behave in an unexpected way. However, this one is slightly different as it will crash the iPhone to crash if the phone received a message or notification in any social media chat applications. Unfortunately there is nothing much a user can do to avoid this other that wait to install the new update from Apple. The issue seems to be affecting  all Apple's mobile OS version from 13.3 onwards. 

Note: If you receive this type of message use alternative means, e.g. through your Mac laptop or Twitter app under Windows, to delete the received/posted message. This will allow your phone to be able to have access to the affected app without being forced to crash. If you phone hangs completely, you will need to keep pressing the power and volume up keys, until it reboots.

Sunday 5 April 2020

Ping an IP range from the command line interface (CLI)

If you ever wanted to do host discovery while no specific network scanning tools were available (e.g. nmap), or you wanted to avoid creating a script file (e.g. due to having no write permissions)? Here are a couple of useful commands depending on the OS of your choice:

Windows OS:
for /L %i IN (1,1,254) DO ping -n 1 -w 1 192.168.1.%i| FIND /i "Reply" >> IPs.txt

Note: command prompt has a limitation when asked to return the exact string using regex and returns the whole line. Here is an example of replacing find with findstr in order to use a regular expression (regex). 
findstr /r "[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"

The regular expression can still be useful in cases such as:
ipconfig | findstr /r "[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"


Linux OS:
for i in {1..254}; do (ping -c 1 -i 1 192.168.1.$i >/dev/null && echo "192.168.1.$i" &); done

Note: The above command will only list the discovered IP address, without any additional text.

Tip/Trick: Did you know you can use apr to achieve the same results but much faster. This seems to be reliable under Linux. The following command will list the discovered host on your network, including any additional information per IP (including the IPv6 address).
for ip in $(seq 1 254); do arp -n 192.168.1.$ip | grep on; done

The following command however, will list only the IP addresses without any additional text (also avoiding to specify the IP range twice)
for ip in $(seq 1 254); do arp -n 192.168.1.$ip | grep on | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' ; done

Friday 3 April 2020

Awareness around COVID-19 SMS Phishing (Smishing)

This blog-post discusses an issue known for almost 20years, which is related to the online SMS platforms. Given the recent pandemic and the use of the GSM network for sending SMS notifications to the public, it in an opportunity to raise awareness regarding Smishing (SMS Phishing) attempts, targeting the public which is affected by COVID-19.


In Greece, the number 13033 is being used to send SMS confirmations to people who use this particular service, which is used for registering in advance their daily movements when it comes to get essential goods (such as, going to the supermarket, the pharmacy, etc.) before they exit their homes. Due to the COVID-19 pandemic, this process attempts to limit people’s unnecessary movement(s), in an attempt to minimise the risk of getting affected, or contaminating others in case the person is a carrier of the virus.

Given the importance of the pandemic and the necessity of this service, it is mandatory to mention that it is possible to spoof the SEND ID in order to send SMS updates to recipients pretending to be from the original 13033 service number. This action, have the potential to trick the recipients (general public) in clicking on malicious links, or by using Social Engineering (and potentially scare tactics) to ask recipients to pay a fine that has been imposed. 

"Given the current situation, it would be beneficial to everyone if the Ministry in Greece responsible for operating the 13033 service (and other Ministries around the globe that use similar services), could promote a campaign educating all recipients regarding the potential threat of Smishing"

More specifically, the public should be informed that they should under no circumstances visits any URLs received by the 13033 service and that the 13033 service will not send any messages requesting to pay any finesThe public need to be aware that in case they receive such messages, these should be ignored and deleted.  

The proof of concept for the alluded was tested and proven by @DimisMeu and we decided to publish this blog post in order to be able to raise the necessary awareness. 

Saturday 28 March 2020

Command line (CLI) check and monitor COVID-19 statistics

Use the following command to quickly check for COVID-19 (corona virus) statistics from the console (CLI), for the countries you want to monitor.


Command line:
clear && curl -s https://corona-stats.online/?minimal=true | grep "Rank\|(DE)\|(IT)\|(ES)\|(GR)\|(US)\|(AE)\|(GB)\|(CH)\|(AT)\|(NL)"


Modify the command as needed with any valid ISO 3166-1 Alpha-2 Country Codes. 

Thanks goes to @ekrysis for collecting the data sources and providing the means to query the information. See more at GitHub: https://github.com/sagarkarira/coronavirus-tracker-cli 

Some examples:
# Get data from worldometers api i.e source 2
curl https://corona-stats.online