Introduction to Ethical Hacking

Karthik, R.  Burp Suite Guide: Part 1 – Basic Tools, Part 2 – Intruder and repeater tools,  Part 3 – Sequencer, decode and composer. SearchSecurity.techtarget.in.  Karthic’s terse three part guide provides an overview and illustrative screen captures of the free edition of the Java-based Burp Suite web-application security testing platform developed by the firm Portswigger Web Security.  The Burp Suite consists of a number of tools, including: Proxy and Spider introduced in Part 1, Intruder and Repeater described in Part 2, and Sequencer, Decoder and Comparer covered in Part 3.  Proxy enables inspection and modification of intercepted TCP/IP packets (internet traffic) sent between the browser and target application. Spider automates the process of developing a detailed site map of the content and functionality of a target web application.  Intruder helps penetration tester attack, identify, and exploit a rage of web application security vulnerabilities including SQL Injection (SQLi) and Cross-Site Scripting (XSS) attacks on a web page. Repeater enables penetration testers to iteratively probe target web pages by modifying and reissuing (playing back) HTTP requests to analyze vulnerabilities in a web page. Sequencer helps test the randomness/uniqueness, i.e. the quality, of web-application security tokens and their generators.   Missing from the free edition of Burp is Scanner, which seems to combine the functionality of the tools described in Karthic’s guide with tests to detect for many other security issues for $299 per user year.

Distler, D. (2013). Web Application Injection Vulnerabilities, A Web App’s Security Nemesis?, SANS Institute InfoSec Reading Room. This article complements Karthik’s articles with a more details presented in a good overview of two of more commonly exploited injection attack categories of web application vulnerabilities: SQL Injection (SQLi) and XSS.  Distler describes a number of mitigations including: installing a web application firewall (WAF), conducting explicit error checking for all input, conducting web application security scans, and providing developers with secure code writing training.  He balances the mitigations against a number of human “factors inhibiting organizations from remediating vulnerabilities” (including lack of budget, responsibility, and incentives) which are “as significant as… any security flaw.”  He concludes: “A greater understanding of the risks by leadership and developers alike can only lead to increased pressure to allow resources for adequate security to be built and maintained.”

In the News:  “ID Experts Wins $330M Federal Data Breach Recovery Services BPA,” With an initial task order valued at $133.3M and potential to grow over 3-years to $329.8 million, ID Experts is tasked to protect the financial identities of 21.5 million people affected by the cyberattack and breach at the Office of Personnel Management. http://www.govconwire.com/2015/09/id-experts-wins-330m-federal-data-breach-recovery-services-bpa/

Question for Class: Should an informed ITACS student affected by the breach at the Office of Personnel Management who is seeking to sign up for financial identify protection by ID Experts: 1) favor sharing their personal identifying information (including: Name, Address, Email address, Social Security Number, Birth Date and Year) the telephone to sign up, 2) favor use of a web form protected via SSL seeking the same PII, 3) be indifferent between 1 and 2, or 4) fear the risks of both options and choose not sign up for financial identify protection?

Reading Summary: Web Application Hacking

Web application hacking is very common through client-submission of unexpected inputs. Knowing how to leverage such vulnerabilities is very important and yet challenging for most organizations. Injection attacks are very popular which are delivered by a malicious code to a web application. The goal of such attacks are to obtain restricted data from a back end database which results in data exfiltration. A great example of a web application hacking is SQL injection which simply bypasses security controls and offers access directly into very sensitive data. However, there are already tools developed to minimize such attacks, if not stop them all together from occurring. One of these tools is Burp Suite which is an integration of various tools to perform security testing of Web applications. In addition, it aids penetration testers in the entire testing process from the mapping phase all the way to the identification of vulnerabilities and exploitation. Some of the features of this tool include proxy, spider, intruder, repeater, sequencer, decoder, and comparer where the two most important tools of the framework are intruder and repeater.

Question for the class:

Have you used any tools to prevent web application hacking such as those offered by the Burp Suite? If so, what was your experience and takeaway?

In the News:

Insight – Cyber insurance premiums rocket after high-profile attacks

Following a wave of attacks (i.e.: profile breaches at Home Depot Inc., Target Corp., Anthem Inc., and Premera Blue Cross) insurers have massively increased cyber premiums for some companies, leaving firms that are perceived to be a high risk scrambling for cover. Insurers are also raising deductibles and in some cases limiting the amount of coverage to $100 million, leaving many potentially exposed to big losses from hacks that can cost more than twice that.

For additional information regarding this article, please click here.

Malware infection is a very common attack vector utilizing various types of malware with common examples being Trojans and Polymorphic malware. Every organization should have a plan in place to handle an injection or infection of their systems to repel the malware attack.  This plan will enable cyber security professional or information security engineers to triage or resolve disruptions to the services being attacked.   SANS has a great guide which provides succinct Incident Handling Processes: preparation, identification, containment, eradication, recovery, and lessons learned.

In the news: http://www.databreachtoday.com/cia-directors-aol-email-account-reportedly-hacked-a-8605

U.S. law enforcement agencies are investigating reports that the personal email account of Director of the Central Intelligence Agency John Brennan was hacked by an American teenager and that personal information for some top U.S. intelligence and national security officials was stolen in the data breach and leaked online.

MALWARE

Malware, or malicious software, is a collection of malicious codes that have unique effect if executed on targeted system. Worms, spyware, rootkits, viruses, etc. are some of the examples of those codes. Malware compromises CIA security Triad. Malware are made by hackers – professional experts who develop certain threat to cause specific issue in order to achieve a particular goal, such as financial gain or possession of confidential data. Making a virus is the same as wring a program except it would for malicious intent. Any professional programmer can write a code to manipulate Windows or any other OS and cause serious issues. It is very important to have Incident Management strategy in place to plan and response to malware attacks.

Question to the Class: Has anyone experienced CryptoLocker infection and found a useful mitigation?

In the News

The personal email account of Central Intelligence Agency director John Brennan has allegedly been hacked. The hacker has released a contact list of email information for high-ranking intelligence officials.

Read More at: http://www.wsj.com/articles/cia-directors-personal-email-allegedly-hacked-1445290540

Malware  today stands for malicous software. This encompasses viruses, trojans, root kits, worms, logic bombs,etc. The reading article defines and explains the differences between those examples above, including backdoors, spyware,bots and botnets. It also talks about replication mechanisms and highlights how viruses require hosts while other types of malware do not.  The SANS 6 Step Handling Process was mentioned in the reading and suggests the following steps in chronological order: Preparation – Identification – Containment – Eradication – Recovery – Lessons Learned. For IT Security professionals, the preparation step is key because new methods and ways to circumvent or bypass anti-virus software are always being created. Since this is a cat and mouse game, this highlights how important it is to keep systems updated so the anti-virus software is patched and contains the latest definitions so it can detect the newly-cooked or discovered attacks or means of attack.  This is the only way it can stand a chance against malware.  If it is a step behind, it has no way of catching new threats.  Viruses are usually classified based on Memory Operation, Target , Obfuscation Technique and Payload.  There are multiple methods for each classification that show both the complexity and how resiliency and adaptabilty are designed into these malicious programs.

Cyber-Security News:

How a criminal ring defeated the secure chip-and-PIN credit cards

Hackers were able to do a classic man-in-the-middle attack by programming a second hobbyist chip called a FUN card to accept any PIN entry, and soldering that chip onto the card’s original chip. This increased the thickness of the chip from 0.4mm to 0.7mm, “making insertion into a PoS somewhat uneasy but perfectly feasible,”.

Malware recent developments and advancements have allowed hackers and attackers to exploit any device that has an internet connection; many hackers have resorted to using Cryptolocker malware to infect their target, then lock the user out from their files by encrypting them in order to blackmail the end user and pull him into a ransom payout in order to retrieve his/her files. Worms has been able to cause the most damage to end users for the least amount of effort on the attacker’s part; it’s life expectancy is prolonged though infinite loops and self-replication schemes.

In Cyber-Security News- Let’s Encrypt is one step closer to offering free HTTPS certificates to everyone! For more information, please see link below.
http://thenextweb.com/insider/2015/10/20/lets-encrypt-is-one-step-closer-to-offering-free-https-certificates-to-all-sites/

You have been invited to attend a Mediasite presentation.

Presentation Details:
Title: =MIS 5211.001_10/14/2015
Date: Wednesday, October 14, 2015
Time: 5:30 PM (UTC-05:00) Eastern Time (US & Canada)
Duration: 2:30:00
Link: http://tucapture.fox.temple.edu/Mediasite/Play/16323a223c884644af534be63d0adcda1d

Intro-to-Ethical-Hacking-Week-8

What is Malware?

Malware is a software that makes your computer do undesirable things, but are desirable to malicious actors. Malware can provide a backdoor or reverse shell of your computer to the bad guys, install keyloggers to capture passwords or sensitive information. Hackers could also charge a fee to fix the computer that they infected as a ransom. Malware can infect phones and tablets as well as all types of operating systems. Malware can be created by anyone from script kiddies to experts who write their own code to create the malware from scratch. Malware can reach your computer in the form of social engineering, client side attacks, phishing, or stenography.

Viruses

Malware is a blanket term that can include viruses, worms, trojans, bots, or rootkits. These tools are all malicious tools that can control your computer to the whims of a remote controller many miles away with unauthorized access. When malware is detected on your system, the recommended SANS incident response plan is to prepare a plan, identify when a an incident has occurred, contain and get rid of the threat, recover systems back to normal, and learn from the past to help prevent breaches in the future, or to build a better response plan.

News Story:
Facebook will alert you if a government entity is trying to hack your account
http://qz.com/528169/facebook-will-now-tell-you-if-a-state-government-is-hacking-your-account/

This week’s article was about malware. The reading talks about how different types of malware such as viruses, worms, Trojans etc. are different in nature. It also covered methods of operation for different types of malware and ways to classify malware by such methods, infection vectors/payload.etc.

It is important to understand how malware works to be able to develop a good action plan to protect an enterprise from malware. The article covered a Six Step Incident Handling Process from SANS

An article I found interesting can be found at

Disclosed Netgear Router Vulnerability Under Attack