For a while I had struggled with installing Linux on Oracle VM and it always fails at some point during the installation.
What I did
I updated my VM and downloaded the Kali light version, then installed it and followed the steps carefully. It worked!!
What went wrong
After installation, login failed. I had to create another VHD to install a fresh version of Kali, only to find out that the username is simply "root" without the quotes and use the password you setup, capische!,..
Let pen testing practice begin!!
Sunday 27 November 2016
Monday 14 November 2016
My First with ARM programming
What you need to know before learning the assembly language: any knowledge of programming will help, even better with prior knowledge of BASIC
My Experience
So I found resources online that will get me started in programming the microcontroller. I was excited initially but my excitement wore off when I realised I'd be programming in ARM on an x86, okay... not as planned.Well, I found this tool online that gives you an IDE in programming in ARM. It gets you started and you can find more examples on the website (see link below). This IDE is uVision by Keil. I found it pretty cool tbh but I couldn't go further and this is it after couple of hours playing around, it's off my computer!
Unfortunately I didn't take a snapshot of the IDE when it was open, I realised that when I was uninstalling it. I'll be moving on to x86, and I'll keep you posted as I go along. For those who'd like to learn ARM, I'll post my resources below. Please share with us as you get along programming your architecture.
Resources to get you started
ARM IDE (Keil uVision description and visual representation) ¦ http://www2.keil.com/mdk5/uvision/
ARM programming examples from Keil ¦ http://www.keil.com/support/man/docs/armasm/armasm_dom1359731145503.html
ARM IDE (Download - you may need to register) ¦ https://www.keil.com/demo/eval/arm.htm#/DOWNLOAD
Tutorials about ARM Assembler and the language
1. http://www.heyrick.co.uk/assembler/
2. http://www.peter-cockerell.net/aalp/html/frames.html
3. http://www.rigwit.co.uk/ARMBook/ARMBook.pdf (free online book, I believe)
Saturday 12 November 2016
My note from Recorded future using Splunk
Splunk is the security nerve centre:
found in SOC/ SIEM and Command centres
Splunk is at the heart of web proxy, firewall, app, network, threat intelligence servers, endpoints, identity, internal network security
It is used to correlate your information from your Recorded future resources or your OSINT.
Adaptive response
Enterprise security (information, permission) is built on Splunk. With Adaptive response you can run a command on an ad-hoc bases.
You can specify the domains and vulnerability type, you can use information from a log file as well. You can run it and find the information Recorded future may have pulled around that vulnerability or IP, you find the rule that was used to pull the information. References could be non traditional from twitter and blogs.
With recorded future, quick response is integrated into Splunk. There's enrichment i.e. adding content to what you are monitoring or to your information. Recorded future data is pulled in in real-time and reduces traffic for analysis.
For example: monitoring an IP, finding it malicious but it may be related to hashes and other IPs, it gives you more locations to investigate.
found in SOC/ SIEM and Command centres
Splunk is at the heart of web proxy, firewall, app, network, threat intelligence servers, endpoints, identity, internal network security
It is used to correlate your information from your Recorded future resources or your OSINT.
Adaptive response
Enterprise security (information, permission) is built on Splunk. With Adaptive response you can run a command on an ad-hoc bases.
You can specify the domains and vulnerability type, you can use information from a log file as well. You can run it and find the information Recorded future may have pulled around that vulnerability or IP, you find the rule that was used to pull the information. References could be non traditional from twitter and blogs.
With recorded future, quick response is integrated into Splunk. There's enrichment i.e. adding content to what you are monitoring or to your information. Recorded future data is pulled in in real-time and reduces traffic for analysis.
For example: monitoring an IP, finding it malicious but it may be related to hashes and other IPs, it gives you more locations to investigate.
Seminar from Splunk and Recorded Future
Thursday 10 November 2016
D-link routers - Buffer overflow vulnerability
As reported on US-cert, D-link routers have the buffer overflow vulnerability. Specifically it was mentioned that it is the stack-based buffer overflow vulnerability (the buffer overwritten is located on the stack), this is due to SOAP malfunction. It has to do with the action of login (username, password, login action and the captcha).
How this may have worked:
An attacker can leverage this vulnerability by injecting a shellcode through the login function and this can cause a stack overrun, which will the return address in the stack to be overwritten and the attacker can gain root privileges. Basically, in the shellcode, the attacker specifies where its own return address, this gives the attacker the upper hand and an elevated privilege.
Solution to D-link users: Update your firmware, there's a new update available
If you have a better explanation, I will appreciate it very much.
How this may have worked:
An attacker can leverage this vulnerability by injecting a shellcode through the login function and this can cause a stack overrun, which will the return address in the stack to be overwritten and the attacker can gain root privileges. Basically, in the shellcode, the attacker specifies where its own return address, this gives the attacker the upper hand and an elevated privilege.
Solution to D-link users: Update your firmware, there's a new update available
If you have a better explanation, I will appreciate it very much.
Schneier's thought on the Internet of Things - Security
This is just a quote on Schneier's online article:
"On the Internet of Things, integrity and availability threats are much worse than confidentiality threats. It's one thing if your smart door lock can be eavesdropped upon to know who is home. It's another thing entirely if it can be hacked to allow a burglar to open the door -- or prevent you from opening your door. A hacker who can deny you control of your car, or take over control, is much more dangerous than one who can eavesdrop on your conversations or track your car's location"
the complete article can be found on: The real world security and the Internet of Things
This article makes it clear what we need to focus on in securing that great technology from a DOS or tampering. If you disagree, please share your thoughts.
"On the Internet of Things, integrity and availability threats are much worse than confidentiality threats. It's one thing if your smart door lock can be eavesdropped upon to know who is home. It's another thing entirely if it can be hacked to allow a burglar to open the door -- or prevent you from opening your door. A hacker who can deny you control of your car, or take over control, is much more dangerous than one who can eavesdrop on your conversations or track your car's location"
the complete article can be found on: The real world security and the Internet of Things
This article makes it clear what we need to focus on in securing that great technology from a DOS or tampering. If you disagree, please share your thoughts.
Thursday 3 November 2016
The language of the Computer and its significance in IT Security
Reverse Engineering
While at University I didn't know the intricate details of reEngineering or why it was so important, till I took a course that detailed RE and I played with x86 assembly language.
Afterwards
I remember speaking to someone over the phone and saying I hadn't done RE and after that conversation I told myself "hold on a sec, didn't you play with the gnu debugger and all those assembly language codes you played with to reverse a program?"
In the Industry
It has been huge for years but only almost recently did Security analyst begin looking into RE for safety. There is the battle, some call it "the battle of the Titans": ARM vs x86
My interest
Between these two, I'm still confused. However, I read on a blog by a Cambridge research student that the x86 is a safer route to take than the ARM. So I am still contemplating which will be fastest for me to learn and grasp quickly. I need to get into this technology so that I can understand what hackers think in the process of RE.
Having said all, I'll keep you posted when I start learning one of these assembly languages.
Next up: the differences between ARM and x86 (Intel).
While at University I didn't know the intricate details of reEngineering or why it was so important, till I took a course that detailed RE and I played with x86 assembly language.
Afterwards
I remember speaking to someone over the phone and saying I hadn't done RE and after that conversation I told myself "hold on a sec, didn't you play with the gnu debugger and all those assembly language codes you played with to reverse a program?"
In the Industry
It has been huge for years but only almost recently did Security analyst begin looking into RE for safety. There is the battle, some call it "the battle of the Titans": ARM vs x86
My interest
Between these two, I'm still confused. However, I read on a blog by a Cambridge research student that the x86 is a safer route to take than the ARM. So I am still contemplating which will be fastest for me to learn and grasp quickly. I need to get into this technology so that I can understand what hackers think in the process of RE.
Having said all, I'll keep you posted when I start learning one of these assembly languages.
Next up: the differences between ARM and x86 (Intel).
Tuesday 1 November 2016
Who says buffer overflow attack is old school?
I remember while studying this at University and later researching about this attack, some people said this was old and doesn't exist any more. Well, if you are one of those, it means you don't have an HP to reveal this attack Not exactly..
HP system management homepage has been recently exploited due to some vulnerabilities and buffer overflow attacks were performed on it.
HP system management homepage has been recently exploited due to some vulnerabilities and buffer overflow attacks were performed on it.
Wednesday 26 October 2016
IoT the "man" behind Friday hack
So as I initially suspected that this new buzz of Internet of Things with companies setting up DevOps and equipping their departments, there would soon be a security issue behind this.
Last Friday hack had this IoT behind its hack: Twitter, Spotify and Paypal were affected.
How it worked
The attack was targeted at Dyn a company for helping hi-traffic websites and this affected other companies. The attack came from an IoT device and caused a DDOS attack on Dyn's DNS. This was successfully done using botnets.
I remember studying this at University it was one interesting topic for me. Also heartbleed attack has a relationship with this.
How can this be solved
If you have an idea please share, I'll share mine when I fully understand the IoT environment.
For more information
https://www.washingtonpost.com/news/the-switch/wp/2016/10/21/someone-attacked-a-major-part-of-the-internets-infrastructure/
https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/
Last Friday hack had this IoT behind its hack: Twitter, Spotify and Paypal were affected.
How it worked
The attack was targeted at Dyn a company for helping hi-traffic websites and this affected other companies. The attack came from an IoT device and caused a DDOS attack on Dyn's DNS. This was successfully done using botnets.
I remember studying this at University it was one interesting topic for me. Also heartbleed attack has a relationship with this.
How can this be solved
If you have an idea please share, I'll share mine when I fully understand the IoT environment.
For more information
https://www.washingtonpost.com/news/the-switch/wp/2016/10/21/someone-attacked-a-major-part-of-the-internets-infrastructure/
https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/
Tuesday 25 October 2016
The big exception in Cyber security jobs
These days most Cyber security jobs have this exception to their application, SPLUNK!
So I had to look it up.. It makes sense for Cyber security researcher like me! It's an operational intelligence software for analysing machine data.
I'll be Splunking soon on here so join me, view these videos here and I'm sure you'll be just as excited as I was. Available on Linux, Unix and Windows
http://www.learnsplunk.com/splunk-training-videos.html
So I had to look it up.. It makes sense for Cyber security researcher like me! It's an operational intelligence software for analysing machine data.
I'll be Splunking soon on here so join me, view these videos here and I'm sure you'll be just as excited as I was. Available on Linux, Unix and Windows
http://www.learnsplunk.com/splunk-training-videos.html
Saturday 22 October 2016
Vulnerabilities found in 3 vendors (ISC, RedHat, and Linux)
The details of these vulnerabilities is not known but this would be researched and posted in the next few hours or days.
The information presented on CVE, CWE and Skybox is that on ISC and RedHat there's a DOS attack on their products - these versions 9.9.0 - 9.9.P2 have been affected when handling DNS packets. There is an issue with assertions, basically the exit failure is being exploited.. (more information about this later)
Linux Vulnerability
Reported as medium. Kernel versions 2.6.22 - 4.8.2 is prone to an Escalation of Privilege vulnerability (talk about obtaining root access.. eish!) Try it at home and let us all know what you did and if it worked. I'll try it on my VM.
The information presented on CVE, CWE and Skybox is that on ISC and RedHat there's a DOS attack on their products - these versions 9.9.0 - 9.9.P2 have been affected when handling DNS packets. There is an issue with assertions, basically the exit failure is being exploited.. (more information about this later)
Linux Vulnerability
Reported as medium. Kernel versions 2.6.22 - 4.8.2 is prone to an Escalation of Privilege vulnerability (talk about obtaining root access.. eish!) Try it at home and let us all know what you did and if it worked. I'll try it on my VM.
Friday 21 October 2016
I finally get a break from Study
I don't think I'll study any more this isn't for me but before you think I've quit, here's what I'd like you to know.
My interest in Cyber security is burning so terribly I just want to pop. So many interesting things and now I am looking at the security of IoT (Internet of Things). And no, I am not jumping the gun. I am going out there into the industry to know about about all these new phrases, technology and applications going on.
I'm jumping right into programming as well, well I think I'll stick to scripting. I'll be using this blog to post my updates as I find new things. Sit back and enjoy the ride because I am sure it is going to be challenging, interesting and captivating.
This is what I love and this is who I am.
My interest in Cyber security is burning so terribly I just want to pop. So many interesting things and now I am looking at the security of IoT (Internet of Things). And no, I am not jumping the gun. I am going out there into the industry to know about about all these new phrases, technology and applications going on.
I'm jumping right into programming as well, well I think I'll stick to scripting. I'll be using this blog to post my updates as I find new things. Sit back and enjoy the ride because I am sure it is going to be challenging, interesting and captivating.
This is what I love and this is who I am.
Subscribe to:
Posts (Atom)