7blessings.co.uk Open in urlscan Pro
94.102.158.162  Public Scan

Form analysis
0 forms found in the DOM

Text Content

HTTP
HTTPs
SelfSigned
Expired
HomePage
About / Releases
SocOps.Rocks
9999Hours

Proxy Bypass
Noxxi

Fake Malware for Malware Analysis
Malware Eicar C
Malware Eicar C#
Malware Sandbox

Fake Malware for Cynic
ATP Endpoint

SSL / TLS
SSLV Config Race

Misc
Zipped Files
HTTP POST Upload
HTTP Headers


...
...


...



7Blessings Toolbox
2019 - The site is NOT infected, it's the EICAR files. Amazingly it took 4 years
for AV to flag it.
While there are many vendors that claim to protect your environment, it is often
hard to separate facts from claims.

For example:
Is malware inside SSL really being scanned?
Are you using the most secure cipher suite possible?
Has your NGFW/UTM really moved away from signature based detection?

This site contains a handful of tools to help you demonstrate and test your
deployments. See the description below for more details on each tool.

Is configuring an Encrypted Traffic Management policy complicated?
View This Video to see how we do it. Compare this to the complicated experience
with configuring the same setup in a load blaancer or NGFW
Is it important for a Proxy/Webfiltering to see inside a SSL/TLS stream?
If you can't see inside SSL/TLS, how can your perimiter security stack protect
you?
Use This Test to download EICAR inside different Ciphers Suites and check what
you are able to see block. Run this with the Symantec SSLv and with your other
technology to see the difference.
Is it important for a DLP to see inside a SSL/TLS stream?
Use This Test to upload PII inside different Ciphers Suites and review which
data was blocked. Run this with our SSLv and with your other technology to see
the difference.
The SSLv supports over 70 Ciphers, is that really important?
To avoid known weaknesses and attacks (BEAST, POODLE, CRIME, RC4 weaknesses etc)
Clients and Servers start an encrypted session by negotiating the *most secure*
cipher possible. Unfortunately some solutions downgrade this to an 'easier to
handle' cipher which introduces vulnerabilities.
Use This Test to check how your perimiter security stack is handling downgrades.
(aka Cipher 'Agility')
For further reading on the importance of this test:
https://jhalderm.com/pub/papers/interception-ndss17.pdf
Is my Cloud Proxy platform sandboxing malicious payloads in realtime?
Signature based detection is dead. Are you using signature based detection for
your travelling users?
Use This Test on a remote user/mobile/tablet to download a safe 'malware' with a
unique hash.
BAD: If you can download the same file twice, you are likely not performing
detonation at all.
OK: If you can download it only once, you are likely detonating, but not real
time.
GREAT: If you can't download the file at all, you are performing realtime
detonation and blocking
Is your Malware Analysis detonating correctly?
After a MAA iVM is configured you may wish to detonate a unique safe 'malware'
to test the output.
This can be used:
Upload the sample direct to MAA
Download the file through a Proxy/CAS/MAA
Download the file through Security Analytics monitored network
The different files are:
This File will download a unique piece of safe 'malware' that runs with native
Windows
This File will download a unique piece of safe 'malware' that tests DotNet is
installed and working
This File will download a unique piece of safe 'malware' that tests Microsoft
Office is installed and detonating correctly
You can also combine these tests by loading this website over HTTP / HTTPs to
test different configurations
Why is Packet Capture important in post breach forensics?
Visit ClueBoat Here to run a safe simulation that demonstrates the power of
packet capture.
Does your Proxy/NGFW apply policy to password protected Zip files?
This Test allows you to download a few different files (e.g. password protected
zip) for you to test your policy.
What HTTP headers are you leaking to the internet?
This Test will repeat back to you, the HTTP headers observed as part of your
request. Is anything being leaked? Did the remote server see your custom HTTP
headers?