Vulnerability Management and more

2021-03-03 02:11:42 Example -^ Open / Comment

2021-03-03 02:11:07 I have completed a major refactoring of #Vulristics. Now it can create beautiful reports not only for Microsoft Patch Tuesdays, but for any set of CVEs! Well, for the best results it should recognize the type of vulnerability and the name of vulnerable software in the CVE description. But in any case, this is a very pleasant and important milestone for me. I made a short video about this. There is also a text version. If you suddenly do not follow me on Youtube, plz subscribe with a bell and press a like button. If not you, then who? Thanks! Open / Comment

2021-02-20 01:10:48 I recently tried Microsoft Defender for Endpoint. Not that free antivirus built into Windows, but an enterprise product. The thing is very promising. Even from the Vulnerability Management side. I made a video based on my experience. In addition, I finally figured out how to combine images in OpenShot and filled the video with some memes. It turned out that such editing is much more fun, maybe it’s also fun to watch. BTW, likes and subscriptions on YouTube make me quite happy, especially with the bell. Text version is also available. Open / Comment

2021-02-11 23:50:37 Hello everyone! This episode will be about Vulners Linux Audit API, which allows you to detect vulnerabilities on a Linux host knowing only the OS version and installed packages. I had a similar post about this 4 years ago, but some details have changed, so I came back to this topic.

YouTube
Here is the text version on the blog Open / Comment

2021-01-30 01:26:44 By the way, I believe that Qualys did not use the malicious SolarWinds Orion and that their researchers were simply imprudent. The corp.qualys.com leak doesn't look good though. But anyway, it happened, it got a lot of media coverage, and it seems crazy to keep using the SUNBURST theme in marketing. IMHO, it's time to stop Open / Comment

2021-01-21 12:02:29 Hi! According to the statistics of this channel, at least 25% of my subscribers are Russian-speakers. I launched a new channel with Information Security news in Russian @novostipoib (similar to my English news channel @avleonovnews). I did it mostly for myself, because it's good for tracking local news from government officials and regulators. But if you like it - welcome! Open / Comment

2021-01-11 02:08:55 In this episode I would like to make a status update of my Vulristics project. For those who don't know, in this project I retrieve publicly available vulnerability data and analyze it to better understand the severity of these vulnerabilities and better prioritize them. Currently, it is mainly about Microsoft Patch Tuesday vulnerabilities, but I have plans to go further. Also in this episode I want to demonstrate the new Vulristics features on Microsoft Patch Tuesday reports for October, November and December 2020.

YouTube
Blog post with text version and full vulristics reports Open / Comment

2021-01-10 17:17:31 I am already playing this mind game in my fb, but why not play here too (in comments).

Many of my followers are advanced in information technology, information security and digital communications.

Let's formulate a hypothetical problem:

1. There is a person with a powerful personal brand who, for historical reasons, has relied on social media for the mass communications and has achieved great success, tens of millions of followers.

2. Now, for some reason, this person has become enemy number one for all major American IT companies, which have begun to delete his accounts and are even willing to remove third-party apps from the mobile stores just because they provide him with a platform.

What actions would you, as a professional, suggest this person to keep at least part of his audience in these new conditions.

Budget? Let's say one hundred million USD. Open / Comment

2021-01-06 17:22:38 2. #PyTouchOk is also a Tkinter application for automating routine actions with GUI (similar to SikuliX and AutoIt). The idea was to create a companion app that would track the content of the screen and, under certain conditions, take control to perform routine actions. As an example of such a routine action, I implemented the export of slides from LibreOffice Impress in svg format via pyautogui by automatically clicking in the interface. This operation cannot be performed for all slides through the GUI, and LibreOffice API is quite difficult to work with. But the main goal was to create a companion app that could be easily expanded with new skills. And it succeeded, the program "understands" that LibreOffice Impress is open on the screen and starts automatic actions. Here is the demo on youtube, and the sources on github. Open / Comment

2021-01-06 17:22:38 1. #Yennysay is a GUI text-to-speach tool that uses a free offline TTS engine in Windows 10. This was my first experience with Tkinter and it turned out to be quite successful. I use this tool a lot now. Yennysay can read English and Russian texts aloud, show progress, track clipboard, retrieve text from copied URL, open YouTube URL in SMPlayer, and so on. Check out the video and sources on github. Open / Comment