“Mike did some excellent research and contributions for SecurityAegis.com. I'm not surprised at all he works with one of the best pentest teams in the world now. Expect nothing but hard work and good things from Mike in the future.”
Mike Kelly
Colorado Springs, Colorado, United States
367 followers
369 connections
367 followers
369 connections
About
Mike is an Information Security professional with a focus on Red Team Testing, Physical…
Experience
-
-
-
-
-
-
-
-
-
-
-
Education
-
Intellitec College
-
Licenses & Certifications
Publications
-
Inside the Wire - Network Attacks Against Physical Access Controls
THOTCON 0x9
We rely on physical defenses to protect our safety and the security of critical assets. Whether in a dedicated engagement or in the scope of a broader Red Team exercise, traditional assessments of physical security often focus on leveraging physical access to obtain network access. That methodology not only overlooks the broader impact of unauthorized physical access, but ignores the networked technologies that enable modern physical security defenses.
In this talk we expand on that…We rely on physical defenses to protect our safety and the security of critical assets. Whether in a dedicated engagement or in the scope of a broader Red Team exercise, traditional assessments of physical security often focus on leveraging physical access to obtain network access. That methodology not only overlooks the broader impact of unauthorized physical access, but ignores the networked technologies that enable modern physical security defenses.
In this talk we expand on that methodology by exploring multiple field-tested methods of leveraging basic network access to gain persistent, repeatable, and privileged physical access to critical assets and personnel. We discuss several network level attacks against physical access control systems and demonstrate two remote exploits against two common door controllers. The exploits result in the full control of device functionality, ultimately allowing for the creation physical access backdoors.Other authors -
-
CVE-2017-16241: Vulnerability in AMAG EN Series Door Controllers
CVE Advisory
See publicationA vulnerability in AMAG EN Series door controllers that allows an unauthenticated attacker to remotely, via the network, trigger door controller functionality including: locking/unlocking the door, disabling/enabling the controller, and adding new access card values to the controller's database. Addition of access card values allows an attacker to gain physical access using an illegitimate access card.
-
eHarmony Password Dump Analysis
SpiderLabs
See publicationIn depth analysis of eHarmony's 2012 password breach.
-
2012 Global Security Report - Business Password Analysis
Trustwave
Passwords continue to be a pertinent topic of discussion and study within both the security community and the world of technology at large. However, few studies have had the advantage of large amounts of real-world data. In this section, over 2.5 million anonymized passwords from Trustwave’s client businesses are analyzed.
Other authors -
Projects
-
Concierge Toolkit
See projectThe Concierge Toolkit is collection of various scripts and resources to aid the in identification and exploitation of physical access control and monitoring systems.
-
Wiegotcha - Long Range RFID Thief
See projectRPi 3 based portable Long Range RFID Reader (inspired by the Tastic RFID Thief)
Recommendations received
1 person has recommended Mike
Join now to viewOther similar profiles
Explore more posts
-
AttackIQ
Tired of managing security testing across a scattered team? AttackIQ Mission Control centralizes control testing for faster remediation and improved ROI. 📅 Join Jose Barajas at 10 AM PT/12 PM CT/1 PM ET on July 18th to learn how AttackIQ Mission Control streamlines security operations for organizations. Discover how to seamlessly orchestrate testing across departments and locations, gain insights specific to your role with role-based dashboards, and simplify testing workflows for faster results. ➡ Register today and optimize your #SecurityOperations: https://bit.ly/3RZa5hw #LinkedInLive #Cybersecurity
-
Wade Baker, Ph.D.
I often hear the question "Where/What are our biggest security exposures?" Cyentia Institute recently had the opportunity to explore this question using data from hundreds of thousands of attack path assessments conducted through the XM Cyber Continuous Exposure Management (CEM) platform. The attached figure gives a categorical breakdown of what we observed based on all entities (digital assets), total security exposures, and exposures affecting critical assets. . The left-most chart represents the attack surface based on broad categories of digital entities discovered during attack path assessments. Active Directory constitutes just over half of entities identified across all environments. On-premises IT and network devices account for another 31% of entities and cloud environments house the remaining 17%. Not all entities, however, are exposed via attack paths. If we change the scope of the attack surface to include only vetted exposures (entities susceptible to attack techniques), things look different. The middle chart captures this perspective and Active Directory exposures dominate the attack surface. But not all of those exposures affect critical assets. To be truly effective, Exposure Management must encompass all environments and account for where critical assets are most at risk. If we once again rescope the attack surface to focus on exposures to critical assets, a very different picture emerges, which is captured in the rightmost chart. Cloud environments now encompass over half of all critical asset exposures, followed by AD at 33% and IT/Network devices at 11%. Does this sync with exposures across your attack surface? Which perspective/view/chart is your primary guide for managing exposures? The full report contains tons of additional insights on exposure management. Download here: https://lnkd.in/dPfqXG7y #cybersecurity #exposuremanagement #cyberrisk
8 Comments -
C L A R I T A S
Unlock actionable intelligence faster with GrayKey, empowering you to solve cases quickly, reduce crime in your community, and maximize your mobile forensics investment. With GrayKey, you gain... Technical Features: • Faster brute force access to iOS and leading Android devices, unlocking critical evidence. • Ability to access and extract data from devices, regardless of their state. • Access to credential stores like Keychain and Keystore, potentially decrypting previously inaccessible content. • Category-Based Extractions to target specific data efficiently. Evidentiary Results: • Protect your community with real-time information through swift extractions. • Bring closure to victims by obtaining in-depth data to help bring criminals to justice. • Solve more cases by accessing devices quickly and securing vital evidence sooner. • When time is critical, selectively extract the specific data needed to jumpstart your investigation. Discover how GrayKey can enhance your investigations today. www.claritasinsight.com #OnlineInvestigations #CyberSecurity #MobileForensics #CLARITAS
-
Lindsay P. Stought, CSM, PMP
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security issue affecting GeoServer, an open-source geospatial data server. The agency has added an OSGeo GeoServer GeoTools eval injection vulnerability, known as CVE-2024-36401 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalog. GeoServer versions prior to 2.23.6, 2.24.4, and 2.25.2 are susceptible to Remote Code Execution (RCE) due to the unsafe evaluation of property names as XPath expressions. This vulnerability stems from how the GeoTools library API, utilized by GeoServer, processes property/attribute names for feature types, exposing systems to arbitrary code execution. The flaw affects all GeoServer instances, as it incorrectly applies XPath evaluation to simple feature types, making them vulnerable to exploitation. #Cybersecurity #GeoServer #Vulnerability #RCE #CISA #SecurityAwareness https://lnkd.in/ggDbpkyr
-
Tobias Musser
CMMC Level 2 Assessment Objective: Alternative Work Sites PRACTICE: Organizations must enforce safeguarding measures for containing controlled unclassified information (CUI) at alternative work sites. ASSESSMENT: Alternative work sites may include government facilities or the private residences of employees. Organizations must define and implement safeguards to account for protection of CUI beyond the enterprise perimeter. Safeguards may include physical protections, such as locked file drawers, as well as electronic protections such as encryption, audit logging, and proper access controls. Be prepared! Your assessor could ask to: 🔍 EXAMINE a list of safeguards required for alternative work sites 🗣 INTERVIEW personnel approving use of alternative work sites 📝 TEST organizational processes for security at alternative work sites (CMMC Assessment Guide: Level 2 Version 2.11, page 186) #CMMC #DoD #cybersecurity #NIST #InformationSecurity
-
Richard Ryan, CDPSE, CGEIT, CIPP/US, CISA, CISSP, PCIP
As I previously posted, I’m struggling with PCI 4.0 Targeted Risk Analysis(TRA) process on frequency. The frequency on certain activities like vulnerability scanning and user access reviews are already determined by Corporate Policy, not a TRA. And some of these are “influenced” by other regulatory requirements such as SOX - must conduct quarterly user access reviews. Maybe a TRA would be a better approach to determining frequency, but I already have standards. What does the TRA contribute to an existing standard? One could argue that the TRA supports that standard but in reality I think it leads us to a foregone conclusion that quarterly is sufficient. I may end up with some type of TRA word salad that validates whatever frequency that the Company standards dictate. I’m still working on it, version 5. But I think having supporting Corporate Standards allows me to examine the risks of not complying with the aligned standards is the best approach to produce a TRA. Unless I go to version 6, which is unknown at this time.
-
Amira Armond
Key quotes from the new 48CFR Rule for #CMMC. This rule is the one that goes into new and renewing contracts and requires having a CMMC certificate or self-assessment upon contract award. They tightened up the language quite a bit. On quick scan, it looks well done. The first 40 pages give a lot of information about the DoD's thought process on CMMC, including some technical clarifications like whether joint ventures need to be individually certified, and whether talking about CUI over the phone is in scope.
-
Summit 7
This week's podcast, CIRCIA Rulemaking: Double Incident Reporting for the DIB. Defense contractors have had cyber incident reporting obligations under DFARS clause 252.204-7012 for many years. Recently, however, CISA issued a 457-page proposed rule implementing the 2022 Cyber Incident Reporting for Critical Infrastructure Act. Unless CISA and DoD can reach an agreement, DIB contractors will have duplicative incident reporting obligations for two different agencies. Links to watch/listen are in the comments ⬇ #DIB #DOD #cyber
2 Comments -
Integrated Emergency Management LLC
The K-12 Anonymized Threat Response Guidance is a new resource to help kindergarten through grade 12 (K-12) schools and their law enforcement and community partners create tailored approaches to addressing anonymous threats of violence, including those received on social media. The toolkit outlines steps school leaders can take to assess and respond to anonymous threats, better prepare for and prevent future threats, and work in coordination with law enforcement and other local partners when threats arise.
-
Brett Osborne
Ask the CCP: CMMC REFERENCE DOCUMENTATION So, I am counting the days until October 28th: • 65 is the approximate number of work days (with weekends and holidays non-working) . . . . . . that sometime in late October CMMC version 2 will become effective. (And note that Congress is supposed to have 60 days review; goal to complete that before election has been repeated.) DoD DoD CIO LIBRARY https://lnkd.in/epBtJkKn Everything DoD DoD CMMC https://lnkd.in/ep5hHPTy HOVER on the CMMC link in blue banner menu – multiple topics Click the CMMC for the “about” page: CMMC 2.0 PROGRAM 5 STEPS TO CYBERSECURITY DoD CIO CMMC Documentation HOVER) Assessments Implementation Documentation More later . . . Resources More in the following post #CMMCv2 #ASSESSMENT #CUI #FCI
-
Wade Baker, Ph.D.
Thrilled to have the opportunity to analyze #vulnerability remediation timelines again, this time using data from NopSec. The chart below is based on a survival analysis of vulnerabilities across an environment. Essentially - the time it takes to remediate all affected assets after a vuln is discovered. Everytime I see analysis like this, I'm reminded of how different the real world of #vulnerabilitymanagement is from the "just patch it all yesterday" shallow advice that's so often bandied about. If it were that easy, vuln survival curves wouldn't look like this time after time. How does this square with your experience? I'll be discussing this chart and several others in a webinar next week. Register here and bring your questions, comments, and rants! https://lnkd.in/eHWDrEYN
26 Comments -
Upperity, Identity, Signature, dedicated AI and governance, a cloud alternative
Part of your security posture should involved identity validation when your provider calls your organization. "CDK warns: threat actors are calling customers, posing as support" This social engineering tactic has been used for long, and is very effective in targeted attacks. Don't let your security, governance and compliance effort be ruined by a phone call ! Awareness is key. This is happening for real, and your policies should cover this risk with proper processes. #cybersecurity #governance #compliance #identityandaccessmanagmeent #identity #technology https://lnkd.in/e6kKVech
-
Bob Chaput
ATTENTION: HEALTHCARE BOARD MEMBERS AND C-SUITE EXECUTIVES. ODDS ARE YOUR ORGANIZATION HAS NOT CONDUCTED AN OCR-QUALITY® RISK ANALYSIS! Shocking? NO! Since ... 90% of the organizations subjected to an OCR investigation involving electronic Protected Health Information (ePHI) are found to have failed to conduct the very first requirement (risk analysis implementation specification) in the very first standard (Security Management Process) in the very first area (Administrative Safeguards) of the ol' HIPAA Security Rule. OCR Audits produced equally dismal compliance findings. How can you address your cyber risks if you don't know what they are? EASY FIX! Attend the upcoming COMPLIMENTARY Clearwater OCR-Quality® Risk Analysis Working Lab. #HIPAA #riskanalysis #riskmanagement #cyberriskmanagement #boardcyberoversight #boardofdirectors
-
Anonybit
🔒 Lock down your security game with the latest guidance from National Institute of Standards and Technology (NIST). Early in the month, they gave the green light for syncable authenticators (aka passkeys) to be used for both enterprise and public-facing use cases and called out the potential risks that come along with these handy tools. 💻💡 From securely storing and transmitting keys to implementing strong authentication in shared device scenarios, NIST offers a good framework. But it doesn't go all the way. The real challenge comes when we look at AAL2 standards, where passkeys must be unlocked with a local authenticator (think biometric) or a password. 🤔 So what's the catch? Fraudsters can easily exploit the use of passwords in cloud-based accounts. But fear not, we've got a solution for that too. Introducing #Anonybit, which binds your passkey to your biometric for ultimate security. Only you can access and use your passkey, no tradeoffs between privacy and security necessary. 🙌🏼 Connect with us to see it in action and take your authentication game to the next level. Visit www.anonybit.io/contact
-
Charlene Deaver-Vazquez
It's here - CRQ Training! If you're a CISO, risk analyst or assessor interested in quantifying cyber risk don't miss this CRQ Mastery Workshop. Learn basic and advanced method. Hands-on exercises. Full toolkit and risk models. ISC2 and ISACA Chapters save and additional 20% for their members. 20 CPEs. More info and registration https://lnkd.in/ecVj8V5N #ISC2, #ISACA, #Training, CyberRiskQuantification, #CISO, #Cybersecurity
-
EXTEND Resources
A new CIS/MS-ISAC report sheds light on #TribalSector #cyberthreats and concerns. What is keeping tribal cybersecurity leaders up at night? Link to the full report in our summary. https://bit.ly/4h7PGlr Center for Internet Security Cybersecurity and Infrastructure Security Agency #TribalOrganizations #TribalNet #Cybersecurity #CyberRisk #Ransomware #CybersecurityAwarenessMonth #CyberCrime #SocialEngineering #InformationSecurity #DataBreach #CyberMaturity #ThinkEXTEND
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Mike Kelly in United States
4766 others named Mike Kelly in United States are on LinkedIn
See others named Mike Kelly