The reading discussed techniques that penetration testers can use to evade IPS. Examples are fragmenting packets, obfuscation, using decoy trees, using open ports .etc. The main lesson is that an IPS and other systems by themselves won’t protect your client. You have to make sure unwanted services are turned off, activities are logged & monitored in combination with other measures. There is no panacea for vulnerabilities because there is always a way into an enterprise. Security professionals should make the best use of available resources to make it as difficult as possible to breach the enterprise.

Articles I found interesting for discussion are:

https://threatpost.com/one-badbarcode-spoils-whole-bunch/115362/

https://answers.microsoft.com/en-us/windows/forum/windows_10-security/windows-10-and-hipaa-compliance/037e3f2e-8262-42eb-8909-05832e856645?auth=1

https://www.linkedin.com/pulse/does-windows-10-violate-hipaa-steve-hoffenberg

This weeks reading covered SQL injection & XSS vulnerabilities and the Burp Suite. The burp suite readings cover basic usage of Burp Suite on non encrypted HTTP connections. The Web Application Injection Vulnerabilities reading show howbad coding habits and lack of data verification can allow attackers entry into the backend of websites/apps. It also talks about how checking for errors, penetration testing web applications, using secure coding practices and installing web application firewalls can be used to mitigate risks against such attacks.

An article I found interesting can be found at:

http://www.informationweek.com/government/mobile-and-wireless/smartphones-on-drones-can-hack-your-wireless-printer/d/d-id/1322547

This week’s article was about malware. The reading talks about how different types of malware such as viruses, worms, Trojans etc. are different in nature. It also covered methods of operation for different types of malware and ways to classify malware by such methods, infection vectors/payload.etc.

It is important to understand how malware works to be able to develop a good action plan to protect an enterprise from malware. The article covered a Six Step Incident Handling Process from SANS

An article I found interesting can be found at

https://threatpost.com/disclosed-netgear-router-vulnerability-under-attack/114960/

This week’s reading covered netcat. Netcat is extremely popular because it can be used for more purposes than just port scanning. This article talks about how to use netcat to open remote command prompt instances, send & receive files. It also covers how netcat can be hidden in a Windows NT environment. Something I found interesting is how the article mentions that netcat can be by defenders to see what attackers are doing by monitoring network activity from the attacking netcat instance. The article then talks about how defenders should not count on this as a detection method because netcat traffic can be encrypted when attackers use the cryptcat variant of netcat.

An article I found interesting can be found at

http://www.darkreading.com/attacks-breaches/state-trooper-vehicles-hacked-/d/d-id/1322415?

The article covers how pen testers were able to demonstrate proof of concept on how blackhat hackers can take control of non-networked vehicles. The article covers how such attacks can be done and what can be done to mitigate chances of success against such threats.

The reading for this week covered packet sniffing. The article covered aspects of sniffing switched, non-switched and wireless environments. It also talked about common applications used for sniffing as well as decryption of encrypted traffic. Some of the common methods and terminologies covered are ARP spoofing and man in the middle attacks. The article concluded by providing strategies to mitigate sniffing by either detection or locking down networks.

Articles I found interesting are:

http://www.dailydot.com/technology/tor-anonymous-os-tails-freitas/

http://thehackernews.com/2014/06/tails-operating-system-website-has-beed.html

This article is interesting because neither TAILS nor Tor can’t stop an ISP from monitoring your company’s entry and exit nodes and selling/giving data to competing firms – provided that the ISP is willing to do this and the competitor would be willing to pay for your packets which might have to decrypted.

Since there is no such thing as an anonymous Internet connection, what can firms to do prevent ISPs from providing entry and exit node packets to all entities except for the law enforcement? – From the perspective of a US firms conducting business in countries with corruption, lack of regulation, audits.etc.

This weeks article covered why it is important to footprint systems. The article talks about how it is important to look at what footprints potential attackers are going to see on a system and modifying them so that attackers see what you want them to see. The benefit of proactive footprinting is that you can implement countermeasures.

Another article covered in the reading went over the steps that hackers take to attack and common tools and links to these tools. Using offensive tools will allow defenders to best think about defensive measures and tactics to help secure their organizations.

I found an interesting article on ArsTechnica about malware that able to get on the official Google Play store.

http://arstechnica.com/security/2014/03/malware-designed-to-take-over-cameras-and-record-audio-enters-google-play/

Reading Summary

This week’s reading was about vulnerability scanning. The reading talked about how scanning for vulnerabilities is a better and more proactive solution than using a password to protect files and waiting until something bad happens. The product used to talk about vulnerability scanning was Nessus. Nessus is free, open-source and powerful remote vulnerability scanner. Nessus needs to be updated with its latest library of plugins along with other tools such as firewalls, IDS, IPS .etc. to proactively protect systems. The article also contains instructions on how to install, configure and setup Nessus to run scans.

Question

What kind of protection will you use to protect smartphones and mobile devices given to employees by your organization from information security breaches?

Article

http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/

I found this article interesting because it talks about how Android 5.x OS phones could be “hacked” by adding enough characters in the password field to crash the lockscreen process.

In the News

http://www.nbcnews.com/tech/tech-news/whatsapp-hack-attack-puts-200-000-risk-n424101

This article talks about a security vulnerability in WatsApp Web which allows attackers to disguise malicious content as vcfs. Vcfs files are used to share contact information. Attackers can send vcfs which will run malicious code after the receiver opens the vcf.