Clickable Credits[30]
- Web Session Activity Analysis Web sessions are a good way to analyze what the users are doing especially the accounts with administrative privileges, these sessions are created with their tokenID and session cookies, they stay active as long the user is working on the particular website, these cookies and tokens can be stolen by attackers to mimic the authenticity of a real user. These things can be integrated into more diverse scripts and making them fully automated is a plus for the company. The less the employees spend their time on minute things such as these, the more work with priority can be done. The work load in security can be daunting, that’s why the work load is evenly distributed to manageable chunks. Analyzing for anomalies and practicing secure coding while constantly making employees aware of such risk is the best way to mitigate web based attacks. 2. RPC Traffic Remote Procedure Call(RPC) Traffic is a method to analyze the traffic that has been running on a different host system in a different network, they both interact with each other to share resources for their respective processes, this can be done to reduce local process loading time and increase the applications’ boost. RPC isn’t mainly used these days, mostly because of the cloud computing integration and with the help of AI, It became more convenient to do so. 3. Protocol Metadata Analysis Each network protocols have their own metadata, this data can be generated after its initial usage. Everything coming from alteration, modification, deletion have their own set of metadata. This metadata can be used to uniquely identify the services which It had been used. Metadata can be viewed by the attackers(after stealing of course) to see which type of networks it had been interacted with and plausible sightings of an admin activity. 4. IPC Traffic IPC(Inter process communication) is a method to interact with other processes that are residing in a special place but not the home network. As we had discussed about the RPC, RPC is a technique for this process. IPC lends a helping hand for the processes that are running out of resources, the said resources are fetched from other processes, so that the process gets finished and returns a successful run. When a process gets terminated without being executed perfectly, It may create problems for the other applications that are running while taking this one as the foundation. 5. Connection Attempt Analysis Connection attempts can be used to check the legitimacy and authenticity of the user requests from a network, this is done to keep on monitoring the network for DOS/DDOS attacks, each attempt can be done from a single browser, the user might be having network issues/System issues but the IP won’t be changed unless they use a VPN. Even if they use a VPN, we can make an accurate assumption of that person, their IP address can be masked but the content they are looking for defines their idenity. Let’s say I’m looking eCom services to buy a smartphone under 20k, I suddenly changed VPN, even though I did my previous interaction with the server had been logged, If i go again using a VPN, I still might be looking for the same thing, That’s how we can catch people! Those are the small things for today, I’m happy that this is coming to an end, I’ve proved myself that I can do the things i set myself on without facing failure, I’ll have a special post tomorrow mentioning overall of the content and ofcourse the things i had learnt and taught. I’ll see you tomorrow then for the last time(for a few months atleast).