Synchronise Tokens

Cross Site Request Forgery.

According to Wikipedia, "Cross Site Request forgery" known as a one-click attack or session riding and abbreviated as CSRF or XSRF ,is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts".

XSS is a vulnerability that exploits a user's trust he has on his website/server.CSRF exploits the server's trust it has on the user.

CSRF vulnerability makes use of the fact that the website doesn't verify whether the request is coming from a legitimate user or not.Rather , it just checks if the request is coming from browser of an authorized user.

Requirements for a CSRF attack to work .

1. The victm must be authenticated to the server.

2. Attacker has to send a crafted link to the victim.This link is crafted in such a way that it sends a request to the target website.

3.Victim must click/execute the malformed link from his browser,which is already having a session.It sends a request on the victim's behalf and executes a specific task from the current session.

Preventing CSRF vulnerabilities

1. Synchronize Token Patterns approach.

2. Double submit cookies approach.

Synchronize Token Patterns approach will be discussed in this blog post.Double submit cookies approach will be discussed in a future blog post.

• Any state changing operation requires a secure random token (e.g., CSRF token) to prevent CSRF attacks.
• CSRF Token value should be
• Unique per user session.
•  A random value
• Generated by a cryptographically secure random number generator.(MD5,sha1)
• The CSRF token is added as a hidden field for forms or within the URL if the state changing operation occurs via a GET
• The server should  reject the requested action if the CSRF token fails validation.

I have implemented a small example to demonstrate the Synchronize Token Patterns approach.

I used a hard coded user credentials for the  demonstration purpose.

Upon login, I generated a session identifier and set as a cookie in the browser.

At the same time the CSRF token will be generated and it will save in the server side.

In the website, I have implemented an endpoint that accepts HTTP POST requests and respond with the CSRF token.The endpoint receives the session cookie and

based on the session identifier, return the CSRF token value.

I have Implemented a web page that has a HTML form. The method should be POST and action should be another URL in the website.

When this page loads,  an Ajax call will be executed via a javascript, which invokes the endpoint for obtaining the CSRF token created for the session.

I have added a hidden field in the web page that has the value of the received CSRF token.

Once the HTML form is submitted to the action, in the server side,extract the

received CSRF token value and check if it is the correct token issued for the particular session.obtain the session cookie and get the corresponding CSRF token for the session and compare that with the received token value. If the received CSRF token is valid, show success message. If not show error message.

You can find the Source code from here.

Bypassing Local Windows Authentication to Defeat Full Disk Encryption

Full Disk Encryption
• A scheme for protecting data at rest. Encrypts an entire disk or volume.
• Mitigates the impact of a threat with physical access; generally does not provide protection against remote adversaries.
• Encrypts everything, often including the OS.

Microsoft BitLocker
• BitLocker is Microsoft's proprietary full-disk encryption feature.
• Built into all professional/enterprise versions of Windows since Vista.
• Uses the system's Trusted Platform Module (TPM) to store the master encryption key.

What is a TPM?
• A TPM is a hardware module responsible for performing cryptographic operations, performing attestation, and storing secrets.
• It has fairly general APIs, so how it is used is mostly up to applications.
• Example applications include remote attestation, and storing encryption keys.

Storing Secrets on a TPM
• A TPM contains several Platform Configuration Registers (PCRs).
• Starting with the BIOS (which is assumed to be trusted), the next part of the boot process (e.g. the MBR) is hashed and this value is stored in the a PCR.
• Each stage of the boot process is responsible for hashing the next and storing it in a PCR.

Storing Secrets on a TPM
• A boot, the TPM has a zero in all PCR registers.
• Whenever the TPM is told to update a register r with a value v, it always sets: r = HASH (r | v)
• So PCR values can never get set directly, only appended to. Arbitrary PCR values cannot be spoofed.
• This means a set of values in the PCRs can only be replicated by having that same boot chain.

Storing Secrets on a TPM
• When the TPM stores a secret key, that key can be sealed. When a key is sealed, the TPM references the current value of the PCRs.
• An API call to unseal that key will fail unless the current PCR values match the original values from when the key was sealed.
• So effectively, only the original boot process will be able to retrieve that secret key.

Transparent BitLocker
• BitLocker, in addition to the TPM, can optionally require a PIN or a key saved on a USB drive.
• However, it’s recommended configuration works transparently. It seals the secret key in the TPM and only BitLocker can retrieve it.
• Your computer boots up to a login screen as usual, with no indication that FDE is enabled.

Attacks Given Physical Access
• Known Hardware Attacks
            – Attack the TPM (grounding control pins)
            – Do a cold-boot attack to get the key from RAM
• Attack an early part of the boot chain
            – Flash the BIOS/EFI with a custom image
            – Look for a defect in the BIOS, MBR, or boot loader

• Or see we can attack the OS itself and see if Windows will give us the key...

Booting Up With BitLocker

Local Windows Authentication
• The Local Security Authority (LSA) manages authentication, usually using a Security Subsystem Provider (SSP).
• For a client-domain authentication, the Kerberos SSP exchanges messages with the Domain Controller (DC).
            – When attacking FDE, we have physical access. So we control the network and can run a “mock” DC.

Windows Domain Authentication
• Requests a session ticket (TGT) from the DC.
            – The TGT includes a secret key S, encrypted by the DC with the saved user password. Login screen decrypts S using the typed password.

Windows Domain Authentication
• TGT and S are used to request a service ticket T from the DC for the target service (in this case, the local workstation).
            – The local workstation verifies T

Machine Passwords
• When a workstation first joins a domain...
            – A secret key is generated, called the machine password.
            – This password is sent to the DC, so they have a shared secret for future communication.
• To grant access to the workstation, the login process must present a valid service ticket T.
            – This ticket is signed using the machine password.
            – Which we don't have...

If the DC uses the wrong machine password

The Local Credentials Cache
• A user can login when the DC isn’t available
            – Like when you’re using your laptop at a conference during someone’s talk…
• The cache is usually updated whenever the workstation sees the credentials are changed.
            – So it's updated when you successfully login and were authenticating against the DC.
            – Also updated when you change your domain password.

Too Bad We Can't Change the Password On the Login Screen

Password Reset

Poisoned Credentials Cache

Poisoned Credentials Cache

What Now?
• Dump the BitLocker key from kernel memory
            – As long as the domain account is a local admin
            – Although at this point you already have access to all the local user files, so it's pretty moot.
• Just dig through personal data
            – Saved passwords, Outlook emails, source code…
            – Drop in a trojan / backdoor, or whatever other malware you like.

System Configurations Effected
• Applies to any computer with:
            – BitLocker without pre-boot authentication
            – Attached to a domain
            – With a least one person having logged in with a domain account.
• Tested on Windows Vista, Windows 7, and Windows 8.1, Windows 10.
            – (Also Windows XP and Windows 2000)

How Else Does This Attack Apply?
• This isn't really BitLocker specific. More generally, this is an authentication bypass for domain accounts.
• If someone is logged in, locks their screen, and steps away, you could use this to unlock the PC.
            – Someone on their laptop at a coffee shop.
            – A computer in an office.

Impact and Mitigation
• This is 100% reliable attack, software-only, low sophistication, and takes a matter of seconds.
• You could use BitLocker with pre-boot authentication (i.e. using a PIN or USB key)
• You could use a BIOS password on boot
• Microsoft is releasing an update to address the issue. Expected release is November 10.
– ACK to the Microsoft Security Response Center

Reflections: Why Does This Work?
• The protocol for password changes was written in RFC 3244 for Windows 2000, publish in 2002.
• At that point, local access was total access. Local access wasn’t a valid threat model during protocol design.
• But local access is precisely the threat model under which FDE is applicable.

Black Hat Sound Bytes
• A defect in Windows domain authentication means BitLocker Full Disk Encryption can be bypassed; the attack is fast and non-technical.
• Microsoft is releasing a patch for the issue (expected November 10). Make sure all your workstations are up-to-date!
• Threat models change; when they do, you need to re-evaluate previous security choices.

How Bitcoin Mining/Block Rewards Work

Many people new to Bitcoin in 2018 are just buying and holding it, but quite a few are getting involved with Bitcoin mining.

In this guide we're going to explain how Bitcoin mining rewards work, covering with what a block reward, how it's calculated/created, and how money is split between mining pools/individual miners.

There are two aspects of mining where you get money, the block reward and transaction fees. The block reward part is often called 'coinbase', so you may see these terms used interchangably - not to be confused with the Coinbase exchange. Both of these rewards are given in Bitcoin.

What are Block Rewards?

A Bitcoin block is 1MB in size, and Bitcoin transactions are stored inside these blocks (each time someone sends Bitcoin, a new transaction is added). If a miner mines a new block, they're given a reward in the form of the block reward (coinbase). This is the main incentive for Bitcoin miners, as the block reward is 12.5 BTC as of writing this, or around $150,000, a significant amount of money.

The block reward is halved every 210,000 blocks, which is approximately every 4 years. You can see Bitcoin's code for this here. When Bitcoin was created the Block reward used to be 50 Bitcoin, and is now 12.5 BTC. This decrease in block reward means that over time less and less new Bitcoin are created, which combined with increased demand is theorised to keep pushing Bitcoin's price up - so in principle the USD value of the block reward should be similar in 10 years time. When the block reward has halfed 64 times, the block reward becomes 0.

This block reward has to be claimed by miners, where they add it as the first transaction on a block. It has no inputs, but has an output to the miner's wallet address. Here is an example on Block Explorer (it should be the first transaction in the list).

What are Transaction Fee Rewards?

When sending Bitcoin, a fee needs to be paid by users - called a transaction fees. This exists to incentivise miners to include transactions in mined blocks. It's effectively a bidding war to get your transaction into a block, where whoever pays the highest fee is processed first. A side effect of high demand for sending Bitcoin is more transactions being sent, and higher fees.

This transaction fee is given to miners, so essentially - the more congested the Bitcoin network, the more money miners earn. This fee is essentially an extra payment sent with any Bitcoin transaction, and can be worked out by subtracting the outputs from the inputs of a transaction. As the block reward (coinbase) reduces over time, if Bitcoin price doesn't increase at the same rate - these fees can provide an incentive for miners to continue mining.

How do pools distribute rewards?

So when you start mining, you might have a dream of getting say 13-14 BTC in a week. You need to be aware that there is a huge number of people competing to create new blocks. By creating a new mining pool by yourself, the chance of getting this block reward is extremely low - although if you did get it by chance, you'd get a significant reward. Instead, most miners join an existing mining pool - where they'd get a more steady income rather than having to wait years for a block reward to themself. Mining pools are large groups of miners, where if any one of them creates a new block - the reward is shared based on how much work each miner contributed.

Work is defined in hash power or hashrate, which in general means how many guesses can be made per second for the required hash. The split between miners differs between mining pools, we're going to use Slushpool as an example in this guide - but you can see how other pools work here.

How does Slushpool distribute rewards?

Slushpool, which has 11.1% of Bitcoin's total hashpower at the time of writing this (January 25th 2018), distributes rewards based on its miners submitting proof of the work they're doing. For example if the goal is a hash that consists of 18 zeros, a miner can submit any time after they've found the first 8 - which would prove that they've done work to get this far.They'd need to get all 18 zeros to win the block, but it would at least prove the miner is putting the effort in - and so they should be rewarded for it. The split is counted by the amount of work they have proved vs the total work proven by all the miners in the pool.

Lets step back a moment though, now that we know how much work everyone's done - how is the reward distributed? The block reward for the miner who was lucky enough to find it would be very large, a lot more than the miner will see as a return from the pool in the short term. What stops the miner taking that reward and leaving as if they were in their own pool? Well the blocks are pre-built by the pool. Everything except the nonce (the value in the block that miners change to get a hash with a certain amount of preceding zeros) must stay the same. One would assume that the pool can then just verify the nonce, and rewards wouldn't be awarded if the user changes the address (as the hash won't pass when being verified by the pool) - incentivising miners to follow the pool's rules (although we are yet to find documentation on this).

How are Rewards Split Between Pools?

This part is nice and simple. Whichever pool guesses a Block's hash first wins the Block reward. The more hashing power a pool has, the higher the probability that the pool will succeed. Extend this over a long period of time, then the reward split between pools should be similar to the share each pool has of total hashpower. Slushpool for example, which currently has 11.1% of hashpower - should receive around 11.1% of block rewards and 11.1% of transaction fees.

Reverse Engineering

Reverse Engineering is the conversion of information from a low-level format, usually readable only by a computer, into a higher level format, which is easily readable by humans. Typical examples of reverse engineering tools are disassemblers and decompilers, which translate an object file produced by some compiler into an ASCII representation.

The reverse engineer can reuse the obtained code in his own programs or change an existing (already compiled) program to perform in other ways. He can use the knowledge obtained from reverse engineering to improve application programs, also known as bugs. But the most important is that one can get extremely useful ideas by observing how other programmers work and think, thus improve his skills and knowledge!

What comes in our minds when we hear RE, is cracking. Cracking is as old as the programs themselves. To crack a program, means to trace and use a serial number or any other kind of registration data, needed for the proper operation of a program. Therefore, if a shareware program (freely distributed, but with some difficulties, like crippled functions, nag screens or limited capabilities) needs a valid registration data, a reverse engineer can give that information by decompiling a particular part of the program.

In the past, many software companies have blamed others for doing RE in their products and stealing technology and knowledge. Reverse engineering is not limited to computer applications, the same happens with a car, weapons, hi-fi elements etc.

Reference: https://beginners.re/RE4B-EN.pdf

How To Apt-Get Update, Upgrade, Dist-Upgrade, Full-Upgrade and Their Similarities and Diffirencies

deb based distributions provides apt or apt-get to manage packages interactively and from network repositories. While updating packages update, upgrade or dist-upgrade can be used. But what is the difference between these two commands. In this tutorial we will look this issue.

Update

The real update operation will be down with upgrade command. This command will download packages and upgrade accordingly. So upgrade command will be run after update command. We should have root privileges in order to complete update operation so we will use sudo before upgrade command.

Upgrade

The real update operation will be down with upgrade command. This command will download packages and upgrade accordingly. So upgrade command will be run after update command. We should have root privileges in order to complete update operation so we will use sudo before upgrade command.

    upgrade is used to install the newest versions of all packages
    currently installed on the system from the sources enumerated in
    /etc/apt/sources.list. Packages currently installed with new
    versions available are retrieved and upgraded; under no
    circumstances are currently installed packages removed, or packages
    not already installed retrieved and installed. New versions of
    currently installed packages that cannot be upgraded without
    changing the install status of another package will be left at
    their current version. An update must be performed first so that
    apt-get knows that new versions of packages are available.

Dist-Upgrade

dist-upgrade command is very similar to upgrade command. This command will upgrade too but during upgrade there will be some prompts related with package configuration. In dist-upgrade this questions will be answered automatically by apt which will make our upgrade operation more easy and intelligent.

    dist-upgrade in addition to performing the function of upgrade,
    also intelligently handles changing dependencies with new versions
    of packages; apt-get has a "smart" conflict resolution system, and
    it will attempt to upgrade the most important packages at the
    expense of less important ones if necessary. So, dist-upgrade
    command may remove some packages. The /etc/apt/sources.list file
    contains a list of locations from which to retrieve desired package
    files. See also apt_preferences(5) for a mechanism for overriding
    the general settings for individual packages.

Full-Upgrade

full-upgrade  is the same as dist-upgrade so we can use both command interchangeable.

Proof of-work vs proof of-stake

Recently you might have heard about the idea to move from an Ethereum consensus based on the Proof of Work (PoW) system to one based on the so-called Proof of Stake.

In this article, I will explain to you the main differences between Proof of Work vs Proof of Stake and I will provide you a definition of mining, or the process new digital currencies are released through the network.

Also, what will change regarding mining techniques if the Ethereum community decides to do the transition from “work” to “stake”?

This article wants to be a basic guide to understanding the problem above.

What is the Proof of work?

First of all, let’s start with basic definitions.

Proof of work is a protocol that has the main goal of deterring cyber-attacks such as a distributed denial-of-service attack (DDoS) which has the purpose of exhausting the resources of a computer system by sending multiple fake requests.

The Proof of work concept existed even before bitcoin, but Satoshi Nakamoto applied this technique to his/her – we still don’t know who Nakamoto really is – digital currency revolutionizing the way traditional transactions are set.

In fact, PoW idea was originally published by Cynthia Dwork and Moni Naor back in 1993, but the term “proof of work” was coined by Markus Jakobsson and Ari Juels in a document published in 1999.

But, returning to date, Proof of work is maybe the biggest idea behind the Nakamoto’s Bitcoin white paper – published back in 2008 – because it allows trustless and distributed consensus.

What’s trustless and distributed consensus?

A trustless and distributed consensus system means that if you want to send and/or receive money from someone you don’t need to trust in third-party services.

When you use traditional methods of payment, you need to trust in a third party to set your transaction (e.g. Visa, Mastercard, PayPal, banks). They keep their own private register which stores transactions history and balances of each account.

The common example to better explain this behavior is the following: if Alice sent Bob $100, the trusted third-party service would debit Alice’s account and credit Bob’s one, so they both have to trust this third-party is to going do the right thing.

With bitcoin and a few other digital currencies, everyone has a copy of the ledger (blockchain), so no one has to trust in third parties, because anyone can directly verify the information written.

Proof of work and mining

Going deeper, proof of work is a requirement to define an expensive computer calculation, also called mining, that needs to be performed in order to create a new group of trustless transactions (the so-called block) on a distributed ledger called blockchain.

Mining serves as two purposes:

To verify the legitimacy of a transaction, or avoiding the so-called double-spending;

To create new digital currencies by rewarding miners for performing the previous task.

When you want to set a transaction this is what happens behind the scenes:

Transactions are bundled together into what we call a block;

Miners verify that transactions within each block are legitimate;

To do so, miners should solve a mathematical puzzle known as proof-of-work problem;

A reward is given to the first miner who solves each blocks problem;

Verified transactions are stored in the public blockchain

This “mathematical puzzle” has a key feature: asymmetry. The work, in fact, must be moderately hard on the requester side but easy to check for the network. This idea is also known as a CPU cost function, client puzzle, computational puzzle or CPU pricing function.

All the network miners compete to be the first to find a solution for the mathematical problem that concerns the candidate block, a problem that cannot be solved in other ways than through brute force so that essentially requires a huge number of attempts.

When a miner finally finds the right solution, he/she announces it to the whole network at the same time, receiving a cryptocurrency prize (the reward) provided by the protocol.

From a technical point of view, mining process is an operation of inverse hashing: it determines a number (nonce), so the cryptographic hash algorithm of block data results in less than a given threshold.

This threshold, called difficulty, is what determines the competitive nature of mining: more computing power is added to the network, the higher this parameter increases, increasing also the average number of calculations needed to create a new block. This method also increases the cost of the block creation, pushing miners to improve the efficiency of their mining systems to maintain a positive economic balance. This parameter update should occur approximately every 14 days, and a new block is generated every 10 minutes.

Proof of work is not only used by the bitcoin blockchain but also by ethereum and many other blockchains.

Some functions of the proof of work system are different because created specifically for each blockchain, but now I don’t want to confuse your ideas with too technical data.

The important thing you need to understand is that now Ethereum developers want to turn the tables, using a new consensus system called proof of stake.

What is a proof of stake?

Proof of stake is a different way to validate transactions based and achieve the distributed consensus.

It is still an algorithm, and the purpose is the same of the proof of work, but the process to reach the goal is quite different.

Proof of stake first idea was suggested on the bitcointalk forum back in 2011, but the first digital currency to use this method was Peercoin in 2012, together with ShadowCash, Nxt, BlackCoin, NuShares/NuBits, Qora and Nav Coin.

Unlike the proof-of-Work, where the algorithm rewards miners who solve mathematical problems with the goal of validating transactions and creating new blocks, with the proof of stake, the creator of a new block is chosen in a deterministic way, depending on its wealth, also defined as stake.

No block reward

Also, all the digital currencies are previously created in the beginning, and their number never changes.

This means that in the PoS system there is no block reward, so, the miners take the transaction fees.

This is why, in fact, in this PoS system miners are called forgers, instead.

Why Ethereum wants to use PoS?

The Ethereum community and its creator, Vitalik Buterin, are planning to do a hard fork to make a transition from proof of work to proof of stake.

But why they want to switch from one to the other?

In a distributed consensus-based on the proof of Work, miners need a lot of energy. One Bitcoin transaction required the same amount of electricity as powering 1.57 American households for one day (data from 2015).

And these energy costs are paid with fiat currencies, leading to a constant downward pressure on the digital currency value.

In a recent research, experts argued that bitcoin transactions may consume as much electricity as Denmark by 2020.

Developers are pretty worried about this problem, and the Ethereum community wants to exploit the proof of stake method for a more greener and cheaper distributed form of consensus.

Also, rewards for the creation of a new block are different: with Proof-of-Work, the miner may potentially own none of the digital currency he/she is mining.

In Proof-of-Stake, forgers are always those who own the coins minted.

How are forgers selected?

If Casper (the new proof of stake consensus protocol) will be implemented, there will exist a validator pool. Users can join this pool to be selected as the forger. This process will be available through a function of calling the Casper contract and sending Ether – or the coin who powers the Ethereum network – together with it.

“There is no priority scheme for getting inducted into the validator pool itself; anyone can join in any round they want, irrespective of the number of other joiners,” he continued.

The reward of each validator will be “somewhere around 2-15%, ” but he is not sure yet.

Also, Buterin argued that there will be no imposed limit on the number of active validators (or forgers), but it will be regulated economically by cutting the interest rate if there are too many validators and increasing the reward if there are too few.

A safer system?

Any computer system wants to be free from the possibility of hacker attacks, especially if the service is related to money.

So, the main problem is: proof of stake is safer than proof of work?

Experts are worried about it, and there are several skeptics in the community.

Using a Proof-of-Work system, bad actors are cut out thanks to technological and economic disincentives.

In fact, programming an attack to a PoW network is very expensive, and you would need more money than you can be able to steal.

Instead, the underlying PoS algorithm must be as bulletproof as possible because, without especially penalties, a proof of stake-based network could be cheaper to attack.

To solve this issue, Buterin created the Casper protocol, designing an algorithm that can use the set some circumstances under which a bad validator might lose their deposit.

He explained: “Economic finality is accomplished in Casper by requiring validators to submit deposits to participate, and taking away their deposits if the protocol determines that they acted in some way that violates some set of rules (‘slashing conditions’).”

Slashing conditions refer to the circumstances above or laws that a user is not supposed to break.

Conclusion

Thanks to a PoS system validators do not have to use their computing power because the only factors that influence their chances are the total number of their own coins and current complexity of the network.

So this possible future switch from PoW to PoS may provide the following benefits:

Energy savings;

A safer network as attacks become more expensive: if a hacker would like to buy 51% of the total number of coins, the market reacts by fast price appreciation.

This way, CASPER will be a security deposit protocol that relies on an economic consensus system. Nodes (or the validators) must pay a security deposit in order to be part of the consensus thanks to the new blocks creation. Casper protocol will determine the specific amount of rewards received by the validators thanks to its control over security deposits.

If one validator creates an “invalid” block, his security deposit will be deleted, as well as his privilege to be part of the network consensus.

In other words, the Casper security system is based on something like bets. In a PoS-based system, bets are the transactions that, according to the consensus rules, will reward their validator with a money prize together with each chain that the validator has bet on.

So, Casper is based on the idea that validators will bet according to the others’ bets and leave positive feedbacks that are able accelerates consensus.

What is Cyber Security ???

Learn about cyber security, why it's important, and how to get started building a cyber security program in this installment of our Data Protection 101 series.

A DEFINITION OF CYBER SECURITY

Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.

THE IMPORTANCE OF CYBER SECURITY

Cyber security is important because government, military, corporate, financial, and medical organizations collect, process, and store unprecedented amounts of data on computers and other devices. A significant portion of that data can be sensitive information, whether that be intellectual property, financial data, personal information, or other types of data for which unauthorized access or exposure could have negative consequences. Organizations transmit sensitive data across networks and to other devices in the course of doing businesses, and cyber security describes the discipline dedicated to protecting that information and the systems used to process or store it. As the volume and sophistication of cyber attacks grow, companies and organizations, especially those that are tasked with safeguarding information relating to national security, health, or financial records, need to take steps to protect their sensitive business and personnel information. As early as March 2013, the nation’s top intelligence officials cautioned that cyber attacks and digital spying are the top threat to national security, eclipsing even terrorism.

CHALLENGES OF CYBER SECURITY

For an effective cyber security, an organization needs to coordinate its efforts throughout its entire information system. Elements of cyber encompass all of the following:

Network security
Application security
Endpoint security
Data security
Identity management
Database and infrastructure security
Cloud security
Mobile security
Disaster recovery/business continuity planning
End-user education
The most difficult challenge in cyber security is the ever-evolving nature of security risks themselves. Traditionally, organizations and the government have focused most of their cyber security resources on perimeter security to protect only their most crucial system components and defend against known treats. Today, this approach is insufficient, as the threats advance and change more quickly than organizations can keep up with. As a result, advisory organizations promote more proactive and adaptive approaches to cyber security. Similarly, the National Institute of Standards and Technology (NIST) issued guidelines in its risk assessment framework that recommend a shift toward continuous monitoring and real-time assessments, a data-focused approach to security as opposed to the traditional perimeter-based model.

MANAGING CYBER SECURITY

The National Cyber Security Alliance, through SafeOnline.org, recommends a top-down approach to cyber security in which corporate management leads the charge in prioritizing cyber security management across all business practices. NCSA advises that companies must be prepared to “respond to the inevitable cyber incident, restore normal operations, and ensure that company assets and the company’s reputation are protected.” NCSA’s guidelines for conducting cyber risk assessments focus on three key areas: identifying your organization’s “crown jewels,” or your most valuable information requiring protection; identifying the threats and risks facing that information; and outlining the damage your organization would incur should that data be lost or wrongfully exposed. Cyber risk assessments should also consider any regulations that impact the way your company collects, stores, and secures data, such as PCI-DSS, HIPAA, SOX, FISMA, and others. Following a cyber risk assessment, develop and implement a plan to mitigate cyber risk, protect the “crown jewels” outlined in your assessment, and effectively detect and respond to security incidents. This plan should encompass both the processes and technologies required to build a mature cyber security program. An ever-evolving field, cyber security best practices must evolve to accommodate the increasingly sophisticated attacks carried out by attackers. Combining sound cyber security measures with an educated and security-minded employee base provides the best defense against cyber criminals attempting to gain access to your company’s sensitive data. While it may seem like a daunting task, start small and focus on your most sensitive data, scaling your efforts as your cyber program matures.

What is Tunneling?

Tunneling is a method that protects the contents of protocol packets by encapsulating them in packets of a different protocol. Actually, transferring a letter to your grandma includes the use of a tunneling process. You create the personal letter (the primary content protocol packet) and place it in a container (the tunneling protocol). The container is delivered through the postal service (the untrusted intermediary network) to its proposed receiver.

Tunneling can be used in many conditions, such as when you are avoiding firewalls, gateways, proxies, or other traffic control devices. The bypass is accomplished by encapsulating the restricted content inside packets that are authorized for sending. The tunneling process stops the traffic control devices from blocking or filtering the communication because such devices don’t know what the packets really contain.

Tunneling secures the contents of the internal protocol and traffic packets by covering it in an authorized protocol used by the intermediary network or connection. Tunneling can be applied if the original protocol is not routable and to have the entire number of protocols supported on the network to a minimum.

What is Bitcoin? How does it work?

What is Bitcoin?
Bitcoin is a cryptocurrency and a digital payment system created by an unknown programmer, or a group of programmers, under the name Satoshi Nakamoto. It is the first decentralized digital currency.

Bitcoins are digital coins, you can send over the internet. Compared to other choices, bitcoin have many advantages. They are transferred straight from person to another via Internet without going to the bank. It means that the transactions fees are extremely lower, anyone can use them in every country, the account cannot be frozen and there are no limits.

How does it work?
Many currency exchanges exist on the Internet where you can buy and sell bitcoins. Your coins are saved in your digital wallet on your computer or mobile device or any online wallet. Sending and receiving Bitcoins is as easy as sending and receiving email, you can buy anything with Bitcoin.

When it comes to the transaction it generates a first Bitcoin address, something like an email, which acts in a way that they can send you money, by using that address you can use it and receive the Bitcoins in your wallet. You can generate as many addresses as you want, it is best to use them only once.

The bitcoins system is secured by individuals called Bitcoin miners. Workers or miners are paid newly created bitcoins for verifying transactions. All transactions after verified are recorded in a transparent public record.

What is a Jammer?

Signal jammer is created to help people solve different problems coming from cell phones, radio signals and wireless connections. Every kind of signal jammer is designed to work with a specific frequency range.

For example, WiFi signal jammer has been created to successfully block wireless signals in WiFi frequency range (2.4-2.5 GHz) and in addition, it blocks Bluetooth signals because the match the same frequency range. Everything else in this type of jammer works the same as in other jammers, maybe with some minor differences.

Jamming is regularly recognized from interference that can happen due to device defects or other accidental events. Devices that easily cause interference are regulated under various regulations. Jamming happens when an operator transmits on a busy frequency without first checking whether it is busy, or without being able to hear stations using the frequency.

There are some techniques to identify and stop these sorts of attacks. Wireless intrusion prevention systems (WIPS) can make the signal jammer apparent, WIPS is a network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention). Some radio-based devices support spread spectrum modulation so that hardware can cycle through different frequencies to make the devices harder to jam.

Man in the middle attacks tutorial

MITM attacks (Man -In-The -Middle )

MITM are attacks where the attacker places themself between a “victim machine” and the “router”, this  generally occurs without the knowledge of the victim.

A MITM attack exploits the real-time packets in transit allowing attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.

Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you

Victim IP address : 1.0.0.98
Router IP address : 10.0.0.1
Requirements:

1. Arpspoof
2. Driftnet
3. Urlsnarf

Open your terminal and configure your Kali Linux machine to allow packet forwarding, because Kali Linux must act as router between “real router” and the victim.
first step is setting up arpspoof between victim and router.

# sudo arpspoof -i eth0 -t 1.0.0.98 10.0.0.1

And then setting up arpspoof  to capture all packet from the router to the victim machine .

# sudo arpspoof -i eth0 10.0.1.1 10.0.1.98

now all the packet sent or received by the victim should be going through the attacker machine.

as an exemple we will capture image trafic , so we need to use drifnet Driftnet ( is a program which listens to network traffic and picks out images )

to run drifnet just type :

# sudo driftnet -i eth0

when the victime browse a website with images , drifnet will capture all images trafic .

this is the victime machine while browsing images

and driftnet will capture all image traffic as shown in the screenshot below.