Photo by Bernard Hermant on Unsplash
Hey there folks,
Hoping that the day had been wonderful, It’s the 10th day of our continuous series, can’t believe that it has already been 10 days since i started writing. I’m not a good writer even now too, you can see sometimes my wording gets very clumsy but I’m learning along side with you. It’s so far so good, when you teach, the things you teach won’t be forgotten. Be it from your mind or from the existence. They would be there on the minds of the people who learn it, it’s a beautiful thing!
1.Multi-Vector Attacks
Now, What are Attacks? attacks are nothing but a group of different but connected procedures that the attackers do, I know It sounds obvious but hear me, the attacking part is a broader term just as our topic. To do a specific attack, a hacktivist group or a hacker, needs the security intelligence about that company and the details about the target such as systems’ information and the company’s blueprint, like “what is happening inside?”, “what WOULD happen to them if we do this?”, “What are their security flaws?”, they can prepare a more sophisticated check-list in a paper and start checking each and everything, I like perfection, who doesn’t? It’s how a plan with no flaw rises. They can then point out which part and in which area their security is weak/vulnerable. Humans are tend to make mistakes, and do you know that developers make more mistakes than an average humans? Small info, It is said that an average mid to senior level full stack developer gets as little sleep as the night becomes morning, mostly due to constant the deadlines and quality workmanship which the industry demands, when you’re running on coffee you only feel whether you’re doing progress or not, but the brain is too tired to think out of the box, but a hacktivist group thinks only “out of the box.” That’s how successful attacks arise.
Photo by vackground.com on Unsplash
Now, they are the common vector attacks, they focus on compromising the systems with only a single goal which can be, corrupting the device’s disk after execution, making the system do certain things etc. Multi-vector attacks have more than a single goal, these ways helps the attackers to do more than one thing, they can create a polished malware/Trojans to transfer the payload to the victim’s computer and make it executed, after execution the malware can do various tasks such as being in a stealth mode and infecting more systems which are on the network, dumping files by using a restrictive amount of data(If the victim finds out about the huge network usage he may get a suspicion), eavesdropping, keylogging, harvesting victim’s credentials, spying through the webcam etc. The probability of a malware creation with such attack capabilities can’t be seen that easily, maybe they exist we just don’t know about them.
2.Offense & Defense In-Depth
What is Offense and Defense? In security terms, Offense is attacking a given machine with a variety of cyber arsenal, It happens as we had discussed above. The machine gets tested with a lot of tools and with stress/fuzz attacks, the researchers look for vulnerable endpoints and common flaws and then they report it to the respective department. Coming to Defense, It has the opposite meaning but in a different way, the applications which were being tested by the offensive researchers won’t be defended in real-time by these defenders(the applications are deployed after their creation right away with no defense part). The real defense team’s part starts after the offensive team’s part is done with their pwning, doesn’t make sense right? let me break it down to you. There are 999 ways to target and attack a machine by the offensive team, let’s assume they do. Now, what about their footprints on the machine? If they get found then it’s a game-over for the offense.(It means the offensive team lacks proper footprint clearance and evasion, why should they require the skill at the first place? If they can’t do it, What If a real hacktivist group does it with a correct evasion method? that’s why)
Photo by Justin Campbell on Unsplash
The defense team starts by seeing and filtering out the network logs and audit the entire company’s infrastructure, they can then search for intrusions picked by automated tools and see anomalies, such as things that took place which aren’t supposed to happen normally/usually. The logs can be stored at different places and can be accessed by people that control the infra, of course only to those who know what is what. I know, If we go like this the scenarios can literally be uncountable, You now understood how red teaming and blue teaming works! There’s no fun, if you see the terms in the beginning, i hope you like surprises just as i do.
3.A Thing about Cyberattacks
We have some very generic term here, I am very aware that these are boring to discuss like what’s the fun If i do the same yapping as those news articles do? Lets dig in to our topic in a different way. Cyberattacks are nothing new, ever since the dawn of the internet, they are always there in ways that are unbeknownst to normal people, From malware family to binary exploitation, cyberattacks are done in the discretion of promised safety, why? People (Big companies) like to promise for the things that they DO NOT have. They can assure themselves and pat on their own backs thinking that this is something that nobody can touch, but we all know what happened with Adam and eve, Adam ate the forbidden fruit to gain things which he believed are his “own” rights and must be acquired. Don’t worry I don’t believe in the concept of a god either. Understood the context? Just like Adam these hacktivist groups try to break-in to have a taste which they think that it’s their right, These companies can assure us, but they will never be true to their words. If anything happens, It’d be us who would suffer, like obviously it’s not their data.
Photo by Patrick on Unsplash
What makes a database breach so serious? Let’s say you used a same password and email in many websites, when a website “A” suffers a breach, the data is then dumped to a different secure place as a copy, this copy can range from 20 gigs to 50 gigs or even more, the attackers keep a copy for themselves and sell the other copies to clients across the globe, now who are these clients? these people call themselves as “crackers” no, not the diwali crackers. These guys collect the humongous amount of data and arrange them in a format of email:password, and then they use applications such as open bullet, slayer leecher. These are paid software meaning their legit applications aren’t available through public, copies can be seen though. How they work? The breached data is then placed as a wordlist into the application, then the application tries for any hits(of accounts with still same creds) for the given website, Now, if you had used the same password for website “B” as “A” then the application will mark your breached data as a hit and continue doing the same for other millions of data. That’s why you should never use the same password for other websites, use a password manager or a pattern of identical passwords. If I get any good amount of time just as today, I’ll surely discuss on the said password pattern creation.
4.Buffer Overflow
Let’s see what is actually a buffer zone, buffer is nothing but a temporary data storage which facilitate for programs to store values in the memory, Whenever these buffer zones get values than they can hold, they often overwrite previous data with the new data, which can be manually injected by an attacker to gain the system access(compromise), These are serious threats because the machines can be compromised with little to no effort at all, all we need is to replace the existing code with our own and that’s it, when the application/service restarts, It works as had instructed it to do.
Photo by Zac Harris on Unsplash
I can say confidently that the number of buffer overflow attacks are reducing, thanks to the change in technologies and the ease usage of programming languages. It can happen in many of the services we use from day-to-day life, If they fall prey to it, who knows what can happen to our data, or in which kind of hands It’d land.
5. Compliance Management
Compliance management is a practice where a company takes the accountability and responsibility for it’s Information security practices or even their security operations, facing and agreeing with the digital laws and complying with governmental rules and regulation, Whenever a new tool or technology is being developed by a certain organization, It must be complying with the state/country ‘s laws, If the said product is not obeying the rules, the company can land in huge trouble, often by facing charges and fines.
Photo by Ryan Brooklyn on Unsplash
Making changes to the privacy policy is necessary to support and agree with local new laws and amendments which were recently taken care into consideration. It can even stretch into the results of incident response, secure coding practices, auditing processes and company’s vulnerability/threat assessment. It surely has a part in everything.
Those are the topics for today, I feel like the title is getting boring, I’ll think about new titles for each day, Maybe we will get some new faces around here? Let’s see! I’ll see you tomorrow then.