Vulnerability Management and more

2021-11-01 03:24:27 Hello everyone! This episode will be about the VMconf 22 Vulnerability Management conference. CFP started on November 1, which will last a month and a half. So please submit your talk or share this video with someone who might be interested.

Video:


Blogpost: https://avleonov.com/2021/11/01/vmconf-22-vulnerability-management-conference-call-for-papers-started/

CFP: https://vmconf.pw/#cfp
VMconf channel: @VMconf
VMconf chat: @VMconfchat Open / Comment

2021-10-26 20:43:55 Hello everyone! A little more about @VMconf. Typically CFP descriptions include "Topics of Interest" section. And usually I find it difficult to choose something there. But with VMconf we can we can set these topics ourselves. I would like the event to focus on Vulnerability Management, in other words, the main features of MP8/Nessus/Qualys/Nexpose. Otherwise, it will become yet another general hacker conference and the concept will collapse. So, I get something like this:

Vulnerability Knowledge Bases
Vulnerability Detection
Vulnerability Prioritization
Vulnerability Remediation and Patching
Asset/Target Management
Vulnerability Management Process Standards and Best Practices
Vulnerability Management for unusual IT environments
Security Hardening and Compliance Management

Any ideas what would be cool to add or remove? #VMconf #vmconf22 Open / Comment

2021-10-23 23:58:13 From idea to implementation. We will host an independent Vulnerability Management conference. CFP launch in a week. https://vmconf.pw/
#vmconf #vmconf22 #vulnerabilitymanagement Open / Comment

2021-10-23 23:58:13 Ok, I decided that we can arrange this. I have no high expectations. Even if it will be an event for 5 speakers (and I am among them) and 10 spectators, it will be a success for me. But so far the public interest is quite encouraging. Let's see how this will develop. Open / Comment

2021-10-21 03:29:37 Hello everyone! This episode will be about relatively recent critical vulnerabilities. Let's start with Microsoft Patch Tuesday for October 2021. Specifically, with the vulnerability that I expected there, but it didn't get there.

Security News: Microsoft Patch Tuesday October 2021, Autodiscover, MysterySnail, Exchange, DNS, Apache, HAProxy, VMware vCenter, Moodle

Video:


Blogpost: https://avleonov.com/2021/10/21/security-news-microsoft-patch-tuesday-october-2021-autodiscover-mysterysnail-exchange-dns-apache-haproxy-vmware-vcenter-moodle/ Open / Comment

2021-10-17 22:53:12 Open / Comment

2021-10-17 22:52:51 What do you think about this idea? "No", "yes", "yes, I would like to see it", "yes, I am ready to participate." Open / Comment

2021-10-17 22:52:32 This post will be about Vulnerability Management and conferences. I look at the lists of cyber security conferences and I feel bad about it. Specialized conferences are mainly about SOC, DLP, AntiFraud, cryptography. Conferences with broad topics are aimed mainly at C-level executives or hardcore offensive specialists. Conferences are usually very regional. Of course, there are events organized by VM vendors, but their marketing goals are clear and there are usually no CFPs (Calls For Papers) at these events. In our covid times, it has become much more difficult to attend offline events.

It would be great to have our own international event dedicated exclusively to Vulnerability Management. From the community (in a very broad, global sense) and for the community. For interesting content and development of horizontal connections between people, not for marketing.

What I would like:
1. Completely online event.
2. No regional specifics, something emphatically neutral as a formal location.
3. All presentations in English. It is impractical to waste resources on translation.
4. All papers should go through CFP and program committee voting.
5. Invite speakers/bloggers from VM vendors, researchers, developers of open source utilities and content.

What about money?
It seems to me that such a completely online event could be held without a budget at all. We can stream it to YouTube or Twitch and add people to the stream via Zoom or Skype. If there will be a relatively small number of participants, we can do it entirely in Zoom, which is even easier. For those who will not be able to connect because of technical reasons (and this is inevitable), it will be possible to add their performances in the form of video recordings, and discuss it in comments section on Youtube. Open / Comment

2021-10-17 03:38:30 The CLI for Scanvus is ready. You can run checks like this:

python3.8 scanvus.py --assement-type "localhost"

python3.8 scanvus.py --assement-type "remote_ssh" --host "linuxserver1@corporation.com" --user-name "jsmith" --key-path "/home/jsmith/.ssh/id_rsa"

python3.8 scanvus.py --assement-type "docker_image" --docker-image "python:3.9.6-slim-bullseye"

Also added keys for exporting results to files. Open / Comment

2021-10-16 04:24:53 Hello everyone! I spent some time this weekend on my new Linux Vulnerability Scanner project (Scanvus - Simple Credentialed Authenticated Network VUlnerability Scanner ), which uses the Vulners Linux API under the hood. It can already scan remote hosts via… Open / Comment