How can I verify if TLS 1.2 is supported on a remote Web Server?
Today I was asked how can you verify if a WebServer is running TLS 1.2?
Using NMAP and with script SSL-ENUM-CIPHERS
User Summary
This script repeatedly initiates SSLv3/TLS connections, each time trying a new cipher or compressor while recording whether a host accepts or rejects it. The end result is a list of all the ciphersuites and compressors that a server accepts.
Each ciphersuite is shown with a letter grade (A through F) indicating the strength of the connection. The grade is based on the cryptographic strength of the key exchange and of the stream cipher. The message integrity (hash) algorithm choice is not a factor. The output line beginning with Least strength shows the strength of the weakest cipher offered.
more...[https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html]
Example Usage
nmap -sV --script ssl-enum-ciphers -p 443 <host>
Read moreHow can I verify if TLS 1.2 is supported on a remote Web Server?
Office 365 Connectors from Microsoft Teams via Python API
I was going to look at creating a Slack Channel with just DNS news for my coworkers but then found out we are going to use Microsoft Teams. Mmmmm M$ Teams, never was a fan of Microsoft but my good buddy told me to check it out.
I was surprised it was like Slack but out of the box integrated with all my Coworkers(guess since it is Office 365 integrated). Ok now for the fun part taking my Google News alert and posting it to Teams Channel.
So I get Google News that mostly for nerds like myself, but I work with a lot of those nerds as well. So I decided to post the Google News alert to the channel using their API.
I use python mostly, so I was looking for documentation on Python and Microsoft Teams did not find anything but found a reference to MS Teams Dev(Link) nothing of relevance, but I found on that site a load of information, some about Office 365 Connectors (Link)
From within Microsoft Teams, click "..." next to the channel name in the list of channels and then select Connectors.
Now we are going to choose “Web Hooks”
Now we give the Web Hook a useful name and hit create
It will take a second to create and give you the URL that is needed to make the API call
Copy the very long URL and we are going to use CURL to test our API call first.
Post a message to the webhook
For this part of the exercise, you'll need cURL. It's assumed that you have this installed and are familiar with basic usage.
1. From the command line, enter the following cURL command:
curl -H "Content-Type: application/json" -d "{\"text\": \"Hello World\"}" <YOUR WEBHOOK URL>
2. If the POST succeeds, you should see a simple 1 output by cURL.
3. Check the Microsoft Team. You should see the new card posted to the team.
Now that's a little plain, let's add a "title" to post
curl -H "Content-Type: application/json" -d "{\"title\": \"Testing 123 from CLI with CURL\", \"text\": \"Hello World\"}" <YOUR WEBHOOK URL>
Now that looks better but what if you want to add a link in the post here is an example:
curl -H "Content-Type: application/json" -d "{\"title\": \"Testing 123 from CLI with CURL\", \"text\": \"Hello World - [Microsoft](https://www.microsoft.com)\"}" <YOUR WEBHOOK URL>
Notice the link will take you to www.microsoft.com
Ok now for the fun stuff with Python...Part2 comming soon!
Rolling your own SYSLOG and fake SIEM
So I was tasked with developing a way to show customers how Syslog messages are sent to their SIEM. The problem I don't have a SIEM at home :)
I decided to fake it some good buddies over at DC719 recommend some great software(all free of course - Logstash, Filebeat, Logwatch, fluentd). But for me, it was more overkill and I wanted some I can reuse easily on my MacBook for demoing purpose
So I started my Google Search, came across this "gem" called "Tiny Python Syslog Server" - Link
Read moreRolling your own SYSLOG and fake SIEM