Saturday, February 29, 2020

Blog 6

This chapter was about enumeration.

  • Enumeration is gathering of information about a system to learn about its configurations, software, and services.
  • You can gather information such as usernames, group names, machine names, routing tables, network shares, and applications.
  • You can do brute force directory attacks, where your software will continue to run possibilities for usernames and passwords until something works.
  • Linux Enumeration
    • User accounts are stored in the /etc/passwd file. Passwords are stored as hashes in the /etc/shadow file. 
    • finger -s will obtain login names, real names, terminal names, write statuses, idle times, login times, office locations, and office phone numbers for all users.
  • Superscan is for Windows systems and does a really good job of enumerating. 
  • You can perform enumeration with nmap.
  • SoftPerfect network scanner can be used to get information about devices on a network.

Enumeration Countermeasures

  • SNMP countermeasures include monitoring traffic on SNMP ports.  Another way is to turn off the SNMP service. If you keep the service, update to the latest version and change default passwords.
  • DNS countermeasures include using DNS zone restriction to ensure a server only provides copies of zone files to specific servers. 
  • SMTP countermeasures include ignoring messages to unknown recipients instead of sending back error messages. Also configure your server to block open SMTP relaying.
  • Securing LDAP by reviewing and implementing security settings and services available with your server software.
  • ls -d is the command to use to get domain information that includes all the hosts on the domain. For example, ls -d google.com will show you all the hosts in that domain.

Article

This article was about data that was stolen from an AI company. Many of the customers are law enforcement agencies. The data stolen was its entire list of customers, the number of searches the customers made, and how many accounts the customers had set up. The company said they patched the flaw that led to this breach, but they wouldn't disclose what the flaw was. The company didn't seem to care too much, reportedly "shrugging and saying that data breaches happen". They did not find the person who hacked the company.

 https://www.cnet.com/news/clearview-ai-had-entire-client-list-stolen-in-data-breach/#
Posted by at No comments:

Saturday, February 22, 2020

Blog 5

This chapter was about scanning.

  1. War Dialing is used to dial a large amount of phone numbers to try to locate systems connected to a modem. If the scan gets a response, it accepts the connection, giving you an access point into the network.
  2. A stealth scan only sends a SYN packet to a port, so no security log is made on the target computer showing that it was scanned.
  3. If you type telnet followed by an IP address and port number, you could receive a response that can give you information about the targets system.
  4. You need to make decisions about how you want to do your scans as an ethical hacker, such as time of day, scans to use, etc.
  5. You need to use different techniques to scan if your attempts are being blocked by a firewall.
  6. Have companies do regular vulnerability scans.
  7. Preventing banner grabbing is as easy as disabling them.
Article

The article was about a company that makes vinyl covers. They had a data breach relating to their customers. The company is called Slickwraps.  Customer's names, email address, and addresses were compromised. A security researcher had been warning this company for several days about a massive vulnerability on their website. They ignored him and even blocked his account. An ethical hacker used this vulnerability to send out a mass warning email to all the customers about this breach. The culprit wasn't found.

https://www.engadget.com/2020/02/21/slickwraps-data-breach/
Posted by at No comments:

Thursday, February 13, 2020

Blog 4

This chapter was about reconnaissance, which is the act of gathering information about a target.

  • You can start with the Internet to search the company and/or the target.
  • Social Engineering is another way to get information about employees or the company.
  • Dumpster diving is still another method of gathering information.
  • Once you have employee names, you can turn to social media to find out even more about them.
  • Whois is used to gain information about a target network.
  • Nslookup queries DNS servers to gain information about the host network.
  • Arin is a website that will provide information about a network.
 The second section was about reconnaissance countermeasures. How a company can protect itself against reconnaissance.

  • Develop information sharing policies in your business.
  • Policies related to sharing of company information on social media.
  • DNS hardening is also important.
  • Search for services.msc to get to all services running on the system. 
  • Disable IIS banner broadcasting.

The article I read was about a company called Rutter's that was hacked. The hackers gained access to the stores' network system and planted malware. This malware collected information about customers' cards as they were processed. They didn't catch the hackers.

 https://www.zdnet.com/article/rutters-store-chain-discloses-security-breach-involving-pos-malware/
Posted by at No comments:

Saturday, February 8, 2020

Blog 3

This chapter was about social engineering, physical security, and countermeasures and protection.

Social Engineering

  • Foot-printing is like stalking, but in social engineering.
  • Pretexting is a made up situation to get someone to give information or do something.
  • Elicitation is a way to get information from someone with alerting them.
  • Preloading is influencing someone's thoughts, emotions, or opinions before something happens.
  • Spim is spam, but sent through an instant message.
Steps in Social Engineering

  • Research
    • The attacker starts gathering information about the company they will attack. Dumpster diving, company tours, browsing the company's websites, etc.
  •  Development Phase
    • This is when the attacker will select targets within the company and form a relationship with them.
  • Exploitation
    • This is when the attacker takes advantage of the relationships made to get information. 
Other Social Engineering Techniques

  • Shoulder Surfing and Eavesdropping
  • USB flash drives and keylogging
  • Spam and Spim
  • Hoax
    • When an email or message is displayed on the computer alerting you to a virus that has been downloaded. Viruses don't want to be found, so this is a dead giveaway.
Types of Attackers

  • Insiders 
  • Hackers
    • Hacktivist, script kiddies, white hat, black hat, gray hat, cyber criminal
  • Nation States
Types of Motivation Techniques

  • Authority
  • Social Proof
  • Scarcity
  • Likeability
  • Urgency
  • Common ground and shared interest
Social Engineering Techniques

  • Opportunistic attack
    • Motivated by making quick money, so will jump in and out without covering their tracks.
  • Target Attack
    • Much more dangerous. The attacking entity uses unknown exploits to expose information and covers their tracks when done.
  • Elicitation
    • Getting information from someone without them knowing.
  •  Pharming is when an attacker uses malicious programs on a targets computer so that any URL typed in redirects traffic to the attackers malicious website.
  • DNS cache poisoning is when the attacker attacks the DNS server. The attacker then changes the target's website IP address to a fake website. 
  • Host file modification is when the attacker sends malicious files in an email attachment. These files change the local host files on the PC. These altered host files automatically redirect traffic to the attackers malicious website.
Physical Security

  •  NIST: An institute that standardizes security controls and assessment procedures.
  • Bump Key is cut to the number nine position with some of the front and shank removed.
  • Scrubbing is a lock-picking method that is running a pick over all the pins with careful pressure.
  • Lock shim is a thin and stiff piece of metal used to open a padlock.
Countermeasures and Protection

  • Bollard is a physical barrier to deter intruders.
  • Strip-Cut shredder cuts paper into long, thin strips
  • Crosscut shredder cuts paper vertically and horizontally, making confetti
  • Full backup backs up every single piece of an organizations data
  • Incremental backup backs up changes since the last full or incremental backup
  •  Differential backup backs up any changes since the full backup
Article

This was about stolen health information which led to theft of member's PII.  Someone broke into a vendor of Health Share of Oregon and stole a laptop. Medicaid member data was exposed. It included names, addresses, phone numbers, dates of birth, social security numbers, and Medicaid ID numbers. They have not caught the burglar as of yet.

 https://www.zdnet.com/article/health-share-of-oregon-discloses-data-breach-theft-of-member-pii/


Posted by at No comments:

Sunday, February 2, 2020

Blog 2

This week was about an introduction to penetration testing.

Penetration Processes and Types
  • Ethical hacking is exploiting vulnerabilities in a system so that weaknesses can be found and remedied.
  • There is a red team and a blue team. The red tries to break into a system and the blue team tries to keep them out. 
  • There are five phases in ethical hacking.
    •  First is reconnaissance, which includes gathering information about the network or system to be hacked. This can include finding passwords, social engineering, and publicly accessible information.
    • Next is scanning/enumeration. This is using tools to gain information about open ports, computer systems, etc. Extracting information like usernames, computers systems. etc., is called enumeration.
    • Gaining access is when the hacker exploits the vulnerabilities to gain access to the system. 
    • Maintaining access is when the hacker installs a backdoor in the system to achieve permanent access. 
    • Clearing your tracks is when the hacker overwrites log files to hide that they were there.
  • The last stage in penetration testing is not clearing your tracks, it is reporting. You must report your findings.  
  • There are three types of penetration testing.
    • A black box test is when the ethical hacker has no information about the target or the network. This is great for completely outside attacks with no inside information. 
    • A white box test is when the ethical hacker is given all information for the systems, network, and infrastructure. 
    • A gray box test is when the ethical hacker is given partial information about networks and systems. 
Threat Actors

  • A white hat hacker is an ethical hacker. They help companies find vulnerabilities and fix them.
  • A black hat hacker gains access for malicious, illegal purposes.
  • A gray hat hacker usually has good intentions but may cross ethical lines.
  • A suicide hacker is only concerned with taking down their target for a cause. They don't care if they get caught or go to jail.
  • A cyber terrorist is motivated by religious or political beliefs and only wants to create disruption or fear.
  • A state sponsored hacker is employed by a government to hack other governments.
  • A hacktivist gains access to protest other companies or campaigns.
  • A script kiddie uses other's programs to hack computers as they have limited knowledge themselves on how to do it. 
The Article
  • This was about Nation-State actors that breached two US municipalities. They used a vulnerability in Microsoft Sharepoint servers. It doesn't really say if the hackers were caught. 
  •  https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/
Posted by at No comments:
Subscribe to: Posts (Atom)