William Bailey
For this week’s discussion, research an article describing a breach where wireless (Wifi) was the entry point for the breach.
What weaknesses in the configuration did the attackers use to enter their target’s system?
What countermeasures would you implement if you wanted to defend against this breach?
Please include the URL for the article, so that others can read the article(s).
During Week 11, what are your experiences with Security Shepherd?
Which deployment method (VMware / VirtualBox / Docker) did you choose, and why?
How many challenges did you complete?
When you encountered issues, what kind of steps did you take to resolve the issues and forge onward?
To help us understand what can be obtained via a web application that has vulnerabilities, or weaknesses, that an untrusted outsider can take advantage of. Krebsonsecurity talks about a breach caused to a web application that they had purchased from Fiserv, resulting in customers being able to to view account data for other customers, including account number, balance, phone numbers and email addresses. (https://krebsonsecurity.com/tag/fiserv/)
For this week, research a recent breach announcement that was attributed to a web application failure. How did attackers misuse the website, and what were they able to obtain? How could the breach have been averted?
Social Engineering involves acting and using psychology to get information from a target. As a follow-up to our discussions regarding social engineering, research an article of an incident where social engineering was essential for the incident / breach to have occurred.
In your post, include the URL so that others can read the article being referenced.
During this week we discussed the risks of malware that obtains the ability to operate within the kernel, and a Linux vulnerability reported regarding SUDO when the SUDOers file is set up to allow all users except root to run certain programs as “SuperUserDO”, e.g. vi, the text editor.
https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
With this week’s topic about malware, what does this vulnerability mean in regards to the likelihood and/or impact of the damage posted by malware?
This week we discussed Metasploit Framework, and some of the vulnerabilities we demonstrated were from 2008. For this week’s discussion, relate to the class a “hack” that involved a vulnerability that had been “in the wild” for at least six months.
NOTE: This is also the “In The News” for this week.
Note: Because we will be covering social engineering next week, this week’s hacks should be limited to technical attacks.
This week we talked about initial scans using NMAP and NESSUS. We also talked about using TCPDUMP as a packet sniffer. As you work through your virtual environment this week, choose one (or more) of the following questions:
One of the topics this week is about Reconnaissance, or learning about the target. You may be hired to think just like an outsider, someone trying to “hack” their way in. Remember that some of the “hacking” techniques may not require specific coding. There are so many methods, that for this week’s question, everyone needs to post a unique method of performing reconnaissance in order to earn full points. Describe the method of reconnaissance, and if possible, provide an example of a “hack” or other breach that can be tied back to the information learned due to reconnaissance.
I’ll start with an example that you’re likely seeing on television as part of New Jersey Transit’s “See Something, Say Something” campaign. The commercial promotes security awareness, with several suspicious actors. One of the scenes shows two people along the road, possibly looking at their potential target, but more specifically, another actor taking pictures, and the scene is shown from the viewpoint where we see that the pictures being taken are those of the CCTV system. Why? By taking pictures of the facility, the outsider is learning about the physical security controls of the facility, and can plan the attack to avoid the line of sight from these cameras.
