MY THOUGHTS FEED

On this page, I am going to talk about random but cybersecurity-related things, my thoughts, brainstorming questions and their answers, summaries, checklists, tools, etc.

Basically, I want to keep the backup of my data. Feeds here contains the data from my Linkedin wall posts directly.



Practicing lock picking - Red Team



Red Team Thoughts

Hackers sometimes use pay per minutes numbers they own. They can turn other people's phones into ATMs. It can be used to cause the financial disruption/damage to their targets (a company, individual, etc.).


Hackers call some desk phones in the office. If no one picks up and if that phone can check voicemail remotely, it will be activated. The phone will ask a hacker to insert the pin to check voicemails. HACKERS USE THE LAST FOUR DIGITS OF PHONE AS PIN FOLLOWED BY # KEY. This is usually the default pin for voicemail box. Once, inside the voicemail, they can go to the configuration option to change the call forwarding number to be the number if their pay per minutes lines. If a legit customer dials that phone next time, it will be redirected to a hacker's phone.


Positive sides of the darkweb/darknet

We know that darkweb has a majority of the dark side and people do a range of illegal stuff with the help of darkweb/darknet using Tor browser.

I want to list down all the positive sides of the darkweb. Can you think of any except mentioned below?

- Normal users can use it for the anonymity purpose to surf the web without worrying about being tracked/spied.

- Normal users can use secure email communication with one another.

- Darkweb/Darknet allows journalists and activists to communicate in oppressive countries as a part of the freedom of speech to those who would otherwise have no way of reporting state-sponsored activities/campaigns against humanity that occur in these areas.

- Tor is the revolutionary software. It has changed the definition and the standard of the encryption. Darkweb helped Tor researchers and developers to create high standard legacy encryption.

- Corporates can use darkweb/darknet to apply threat intelligence activity to identify potential leaks of their company data.

- Tor allows the next developer to develop an even more secure platform than Tor.


Are there any other good purposes of using the darkweb/darknet?

Cybersecurity Summary July 2017> Carbon lack Report: China, Russia & NorthKorea Launching Sophisticated, Espionage-Focused Cyberattacks - https://lnkd.in/gV2fWtR Skybox Report - Vulnerability and threat trends - https://lnkd.in/gHxPdS4 Magniber ransomware improves, expands within Asia - https://lnkd.in/gCi8w5W NHS databreach affects 150,000 patients in England - https://lnkd.in/gBpVbZt Mystery hacker has been trying to sell stolen military documents on the MQ-9 Reaper drone for just $150 - https://lnkd.in/gTDFb7v Google ’s Chrome browser will mark non- HTTPS sites as ‘not secure’ - https://lnkd.in/g75MErG Bluetooth Hack Affects Millions of Devices from Major Vendors - https://lnkd.in/gXfNs-q Hacker sells Airport 's Security System Access On DarkWeb for just $10 - https://lnkd.in/gxDxFwr Evilginx 2 - Next Generation of Phishing 2FA Tokens -https://lnkd.in/gqC3dVw How to search for Open Amazon s3 Buckets and their contents - https://lnkd.in/g2fKAzn Taking apart a double zeroday sample discovered in the joint hunt with ESET - https://lnkd.in/gqNj58P Titan Security Keys – Google launches its own USB -based FIDO U2F Keys - https://lnkd.in/g6HmHZ8
Cybersecurity Summary June 2018>

WiFi Alliance introduces WPA3 standard to improve Wi-Fi security - https://lnkd.in/gWqWzM5
75% of ‘open’ Redis servers infected - https://lnkd.in/g-EPtBM
Facebook alerts 14M to privacy bug that changed status composer to public - https://lnkd.in/gVQENca
VPNFilter: New Router Malware with Destructive Capabilities - https://lnkd.in/gm7XSKS
Dixons Carphone apologises for the breach involving 5.9m customers’ bank card details - https://lnkd.in/g947Ypw
Tesla chief ElonMusk accuses worker of sabotage - https://lnkd.in/gGHjtE9
Russia will fine companies for issuing links to prohibited sites will be fined - https://lnkd.in/ghvXWYy
China hacked a Navy contractor and secured a trove of highly sensitive data on submarine warfare - https://lnkd.in/g8X7aJD
Microsoft fixes 50 vulnerabilities for various software - https://lnkd.in/gp9K5Vw
Operation Prowli - Monetizing 40000 Victim Machines - https://lnkd.in/gyk2ciH
Fortnite for Android APK download leads mawlare - https://lnkd.in/gyJQiVT
Google Developer Discovers a Critical Bug in Modern Web Browsers - https://lnkd.in/gYnQr54

GlobaLeaks >
It is an open-source, free software intended to enable secure and anonymous whistleblowing initiatives developed by the Hermes Center for Transparency and Digital Human Rights - https://lnkd.in/gqdzc8v

Starting Cybersecurity Career >

Do you want to start your career in cybersecurity?
Do you want to learn penetration testing for free?
Can't you afford huge coaching fees of training institute around you?
Why do you want to pay where you can get everything freely available?

Here is my idea -

There are numerous YouTube videos on penetration testing, and they teach A to Z everything. You don't need to pay a single penny to any training institute. The only problem is all those videos are scattered on various YouTube channel. I am thinking to combine the list of YouTube URLs and organise them in a meaningful way to giveaway everyone for learning penetration testing starting from web application security followed by network VAPT.

Benefits -

- You don't need to pay a single penny for any training/coaching institute around you.
- Custom certification of xyz security company's course is may not be recognised to find your first job unless and if you work for that company only after your course.
- Maybe you will learn more from various industry professionals around the world.

Spread the news and let me know who all are interested in this! 
It's a help to all beginners who can't afford coaching fees. I want to reach out and help every needy


Threat hunting vs Threat intelligence >

A very simple example to understand threat hunting and threat intelligence.

One country’s intelligence agency sharing a tip about a terrorist hiding in another country. (Threat intelligence)

Another country finds a terrorist and executes him/her using that tip. (Threat hunting)

Threat intelligence is a knowledge base shared among countries, parties, communities where threat hunting is finding threats using those knowledge base which may or may not be hiding in systems.

Why do you hunt for something? The simple answer is because you cannot find it easily.

In computer systems, legacy antivirus solutions often fail to detect such threats sitting in systems. Hence, it requires threat hunting to find hidden threats which are not detected by a few antiviruses and other security solutions.

Few of the examples are:

- Unsigned applications accessing LSASS process
- Application processes made DNS requests to uncommon countries
- Non-windows scheduled tasks activities registered
- Executables running from browser file paths and download folders

These can be false positive as well. They are just examples.

How selling yourself in this industry can benefit you >

Cybersecurity is all about "Selling". I have been using this word quite often in the last two years. Ranging from an individual to any company, it is very crucial how we "sell" ourselves.

For an individual, there are skilful people, but they cannot portray their skills and things they are best at via any medium such as website, GitHub and resumes.

Many companies have products that are very standard and quite often seen in the market by other vendors, but they "sell" (do marketing, show things in a very unusual way, scare others by not using their products) their products in a unique style which attracts others towards it.

This is a crucial lesson for all of us. We must know how to describe ourselves to others for creating a valuable impression.

Everything you need to know before entering into Cyber Security field - India >

https://rrambling.quora.com/Everything-you-need-to-know-before-entering-into-Cyber-Security-field-India


Cybersecurity documentaries >

In the last two weeks, I saw two documentaries.

1. Gringo: The Dangerous Life of John McAfee 
2. Kim Dotcom: Caught in the Web


I recommend you all to watch these documentaries. I know there are plenty of Cybersecurity movies and documentaries available on the Internet. I have also seen plenty of them. I found these documentaries have a great piece of drama and a perfect mixture of social, professional and hacking life.

Threat intelligence thought >

Malware is the only piece of code, the actual threat is the human who executes it and creates it.

OSINT thought > 

What you do first, matters a lot. Setup new devices away from your personal networks. Disables location services and set privacy before using it for the regular use.


CCSP certification notes >
Little little steps will take me there someday ...
One step closer to the actual CCSP certification by ISC2. There was no exam though!
Download notes for a quick recap - https://lnkd.in/gAR2A8B
Well, I recommend the official CCSP book only for the preparation. However, notes that I shared will be good for a quick recap.

Risk Analysis - How to prioritise security of your hardware and software assets >

Out of plenty, ask below mandatory questions to prioritise implementation of security to an asset.

1. What is a value of an asset - How much you are paying for these assets yearly?
2. What is an exposure factor to an asset - Internal | external | Shared
3. What is the probability factor of a single point of failure to an asset which can demolish an entire organisation or some critical operations of it?
4.Half-yearly threat occurrence probability
5.Half-yearly loss occurrence probability upon a successful result of a threat
6. What is the annual cost of maintaining this asset? - It may include monitoring solutions, additional security layers to protect that asset.
7. Return on investment - Amount of money saved and profited by implementing this asset.

Why Cryptojacking is on the rise >

The cryptocurrency market has witnessed an incredible amount of attention and hype in last few years due to stolen cryptocurrencies, exchange hacking and impetuous price lift up and down.

Cryptocurrency mining is not that easy path to money considering the number of efforts (GPU usage, power consumption and time complexity). So the number of investments (efforts) are more and return is less. So what is the solution for cybercriminals? Public networks are the ideal target.

Cryptojacking allows a malicious actor to gain access to thousands of machines on the planet which do mining for them for their monetary benefits.

iOS Application Security Assessment on Non-Jailbroken Device >

Even if you don't have Jail-broken device, MacOS and Linux machine, you can still test below major test cases:

1. Does app accept any self-signed certificate or not?
2. Is SSL pinning implemented or not?
3. Does app communicate over unencrypted HTTP protocol?
4. Check whether sqliteDB stores any juicy information or not (App sandbox folder)
5. Triggering buffer overflow or memory corruption using fuzzing attacks
6. Juicy information stored in plist files (App sandbox folder)
7. iOS application snapshot vulnerability
8. Does application store any extra unnecessary files from the server?

Data Center Security Considerations >

Take care of below things while building a safe and secure data centre:

- Violence Alarms underneath security desk or concealed points
- Securing entries - Biometrics, Access cards, etc
- Walkie-Talkie for security staffs
- Access control system joined with fire control in case of an emergency release
- Emergency response team kit
- Smoke detectors
- Cabling security
- Asset Inventory
- Server racks security - Locks numbering and rack fans
- Access Inventory
- Motion sensing alarms
- Thermal tracking devices
- Paper shredders near printers (if any in the data centre)
- Fire safety devices - Hoses, Hydrants, Wet riser
- Access logs - Person, department, number, the purpose of visit, time duration
- Emergency lights
- Gas based fire substance
- Water sprinklers
- Fire exit doors/ways must not be locked
- CCTV including backup facilities
- Pest control mechanism
- Temperature and humidity control mechanism
- No photos or videos allowed - Special permission required 
- No mobile phone or mobile phone signal jammers for highly secured DC
- Worth adding No Food or Drink allowed inside DC

Cybersecurity Awareness Topics >

Hi All, Can you guys help me to create the complete list of cyberseucirty awareness training topics?

I have few in mind already and I want to cover any missing in the list.

- Importance and impact of the information you possess 
- Lock phone, computer
- User training on basic AV handling
- Phishing
- Importance of HTTPS
- Smartphone Security
- Social engineering - Phishing, dumpster diving, shoulder surfing, etc.
- Use of strong password
- Secure email writing practices
- Importance of 2-factor authentication
- General security guidelines (company policies)
- How to avoid malicious web surfing
- Hazards of attaching personal devices (BYOD)
- Importance of updating/upgrading your tools/OS
- Importance of backup and backup's backup
- Educating on web and phone scams
- Limit use of public Wi-Fi
- Privacy and security

Suggestions from the community

- Data classification and how to handle them wisely
- Security audits countermeasures
- Usage of mobile in youngsters (schools, kids)
- Social media sharing risk
- Due care and due diligence
- Hazards of pirated software (malware, spyware) 

OSINT thoughts >

If you think that the Wayback Machine - Internet Archive (http://web.archive.org/) website is not so much help because it only shows that how the target website was looking in the past, you are wrong. It mirrors the entire website along with the website resources on it's server.

During my pentest, I found that in 2015, the target website used to store entire source code in ZIP archive on the server itself. Unfortunately, those links are not working in the present. However, wait! The waybackmachine allowed me to download those resources from their server and now I have the entire source code of my target website.

Blue team thoughts >

Blue team should use LOG-MD tool in order to know the windows system health in terms of security. LOG-MD was designed for Windows-based systems to audit log and advanced audit policy settings and guide users to enable and configure the audit settings to help push and encourage moving security and detection forward. LOG-MD was also designed to gather the artifacts from malicious activity, referred to as "Malicious Discovery", faster than the standard methods many professionals use today. 

OSINT thoughts >

If you are a 20-year-old kid and you think, "I am just 20; I don't care about my privacy, etc., that may work now. However when you are above 35 or 40 when you have more credibility and if someone discovers something on the web of 25 years ago, it can hurt you and your reputation.

Hence, do self-assessment using osintframework.com and build your own threat model of your personal, social and professional life's data. Decide what all you are willing to share and what not. Stick to the plan whenever you surf the internet, register on the website or submitting any information somewhere.


KPMG's New Threat Hunting Service Announcement >

I'm excited to be involved as one of the key members of the new 'Threat Hunting Service' we've just launched.

We apply advanced threat intelligence tactics along with our in-depth security expertise to help clients identify and block known, unknown malware, prevent ransomware, detect and respond lateral movement during attack and post-attack.

KPMG’s Threat Hunting Service is the first of its kind in New Zealand and KPMG globally! 


Cyber Security Interview Question >

What if an interviewer asks you that you have 10 minutes to impress me?

What will be your answers?

Share your opinion and feel free to share this post in your network for more ideas and opinions.

Suggestions from the community:

 - Ask for Wi-Fi password at reception for any legitimate urgent need and tell a interviewer that you may want to restrict your team from sharing Wi-Fi password to anyone.
- Perform OSINT on an interviewer and find some interesting facts about his/her life.
- Tell me your greatest challenge so I can deliver the solution.
 - Be observant, and when you go anywhere, you should look at people behavior, the place, everything. In this case, you should try to remember the weaknesses you find in your observation that could leave an unauthorized person to have private information or access and say it for the interviewer.

Tool of the day - Defectdojo > 

DefectDojo is a security program and a vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.


Cyber Security Summary May 2018

- Everything you need to know about GDPR - https://lnkd.in/e5bVkbS
- Cybercriminals took advantage of GDPR and targeted victims through social engineering attack - https://lnkd.in/epkeGkj
- Attackers targeting to layer 7 based DDOS attack - https://lnkd.in/eu8k-xk
- Twitter asked 300+ million users to change passwords after Internal Leak - https://lnkd.in/etn-trD
- New Vehicle Security Research by KeenLab: Experimental Security Assessment of BMW Cars - https://lnkd.in/eynr2it
- Airbnb customers targeted with phishing attack - https://lnkd.in/eUBTv9r
- Lastpass Report: Psychology of Passwords - https://lnkd.in/eUQhFPf
- T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number - https://lnkd.in/eUgBBTR
- 2017 Cylance Threat Report - https://lnkd.in/er_ZNHN
New Phishing Scam uses AES Encryption and Goes After Apple IDs - https://lnkd.in/e9y6Qyi


What is a 'Dead Drop'? - The dead drop tipper

If you are walking around a street and find a USB stick sticking out of a wall, don't get surprised.

You've most likely come across what's known as a 'Dead Drop'. It's a global project borrowed some tricks from the world of spies and espionage. In history, spies exchanged information in person which is known as the 'Live Drop'. Due to its nature of working, it was quite dangerous. That's why dead drop was invented.



Spies started hiding/dropping information on secret places like loose bricks in the wall for them to be picked up later.

Berlin-based scientist Rom Arthel decided to create an offline peer-to-peer sharing network in the public space. This project enables everyone to swap confidential information with others by hiding memory sticks all over the world.

There are various dead drops databases available on the internet which gives you information about multiple locations with its photos where the dead drops are installed/placed.

One of the largest databases is https://deaddrops.com/db-map-2/.


Once you find USB drive at your desired location, you can do anything such as deleting files from it, copying it or adding your own.

In New Zealand, the first, dead drop was found in the Manchester Street. There are over 1500 dead drops over the planet in various continents. In total these dead drops contain over 27212 GB of data.

http://www.stuff.co.nz/technology/digital-living/4550538/New-Zealands-first-Dead-Drop-kicks-off

Possible New Zealand dead drops.



I am just sharing this information for your knowledge, make sure you do not do any illegal activity using this.


Red team tip


In the red team engagement, it is a mistake to allow your C2 (Command and Control) server to directly communicate with the target machine. If the Blue team detects the IP of your C2 server, they can simply block it and do further investigation to find out to which organization/group/company it belongs to.

Therefore, it is good to use the C2 redirectors to hide an actual C2 server IP from getting detected by the blue team. One can use any domain with TLS encryption over well-known HTTP(s) port to accomplish this. There are various ways on the internet to create C2 redirectors.

CORONA Virus vs. Business Continuity Plans

When there is a disease outbreak globally (WHO declared a global emergency for CORONA virus), your management team can take a few steps to support your business continuity plan across the organisation.

- Determine roles that can be allowed to work from home and enable employees to work from home. Make sure that, not all critical roles are allowed to work remotely. 

- Find an alternative staff for critical operations/roles and enable them to replace existing staff temporarily. Perform a proper business impact analysis before executing this step.

- Work with the crisis management team to ensure if there is any sudden change in the office culture due to one or more employees are infected with CORONA virus or being unwell due to flu. The crisis management team must focus on crisis communication, lockdown scenarios, evacuation and panic relief. These teams should constantly be monitoring CORONA virus outbreak status, news, impact, and simple remedies steps that an organization (corporate) can take to prevent it by all means such as awareness, physical and mindset.


In this situation, your primary focus should be the 'People'.

I prepared a small list of areas that must be covered in the network architecture review activity. I hope you like it.

The agenda is to understand key components while auditing network architecture and measure some of the mandatory security requirements of network architecture. When I say network architecture(infrastructure), I consider network and host components.


At the same time, I am interested to audit entire network infrastructure from protective and detective perspective with layered security approach.

Important areas to review in the network architecture

I prepared a small list of areas that must be covered in the network architecture review activity. I hope you like it.

The agenda is to understand key components while auditing network architecture and measure some of the mandatory security requirements of network architecture. When I say network architecture(infrastructure), I consider network and host components.


At the same time, I am interested to audit entire network infrastructure from protective and detective perspective with layered security approach.

https://www.linkedin.com/posts/chintangurjar_architecture-review-activity-6630742075061207040-OkX0

Some Cloud Pentest Footprinting Techniques
  • Find DNS information and look for cloud providers
  • Find all subdomains and look for any subdomains that are misconfigured or expired.
  • Search for cloud assets and services from certificate transparency method or DNS records.
  • Search default cloud service configuration files, user accounts from a cloud provider's default documentation. Try to access default configuration files if exposed online.
  • Search for API keys, leaked credentials, setting files, configuration files, exposed on the Internet. (SEarch via Google dorks and other OSINT methods such as Github, Bitbucket, Pasties websites)
  • Identify different cloud models for an organization, for example, Azure storage, Azure ARM, AWS Government cloud or AWS public cloud.
  • Find any servers which provide services such as OpenID, saml, oauth, sso, etc.
  • Search for compromised email ids and passwords from the leaked credentials in the past.
  • Identify cloud storage servers and services.
  • Search and access API, perform various functionalities using API access such as enumerating user accounts, enumerating user roles, etc.
  • Identify and analyze native and mobile application code. Find secrets, stored passwords or keys, and other important information.

Threat hunting methodology
https://www.linkedin.com/posts/chintangurjar_threat-hunting-methodology-activity-6628773458551672832-YthC

How can you define the value of an asset during the risk management/risk assessment process? Ask below questions to yourself:

- What would be the cost of acquisition of that asset?
- Who would be taking the liability if the asset is not well protected?
- What would be the cost to replace that asset if not available/broken/damaged/unusable anymore?
- What is the cost of production and development of an asset?
- What is the role of an asset in the business?
- If the asset is compromised, how much productivity and production would affect from it?
- What would be the value of this asset, or amount that would be offered by adversaries to have it?
- What would be the cost of maintenance of this asset?


If you ask the above questions to yourself, you would understand the value of an asset in your risk management process.

Security is all about finding a balance behind and between what is an appropriate level of control to mitigate the risk very effectively without disturbing the business from doing its day to day operations.

Build a cyber fusion center

The following chart presents an approach for creating a fusion center. Organizations just starting out should consider creating a fusion center with the “Beginning” components and positions. The numbers shown in the position titles are specific roles and positions from NIST-NICE Standard Practice 800-181.


Source - resources.sei.cmu.edu - https://www.linkedin.com/posts/chintangurjar_threathunting-threathunt-cti-activity-6623292209942921216-AGPT

Here is everything you need to know about embedding security into DevOps process.


Security Awareness Program Guide

Security threats are evolving, and hackers are becoming smart. Hackers are not anymore those guys who stay in a dark room. They engage, socialise and social engineer innocent people who fall into their traps.

Therefore, security training awareness programs must be updated and improved. What to cover in this training is not the only important part. 

How you conduct entire training and how you measure the effectiveness, completeness, outcomes and accuracy of the training is an essential thing.

I have prepared this small guide which will guide you:
- what to cover in such training programs
- how to execute an entire program
- how to measure the performance and maturity of the program that lets you know the further improvement points.


Are you planning to start your own cybersecurity firm?

Here are things to know about starting a cybersecurity business. https://www.linkedin.com/pulse/so-you-all-set-start-your-own-cybersecurity-firm-chintan-gurjar/

No comments: