Tag: Hacking

Posted in Current Events, Informational, Research

“Hack the Hackers…”

Posted on by Steph

Cybersecurity in the News

It’s been in the news that after two large cyberattacks against 2 Australian companies the government is:

  • Contemplating a law to prevent paying ransomware payments
  • Creating a team to ‘hack the hackers’
Computer screen filled with orange, red, white, and green ‘code’

The problem with the former solution is that it will hurts businesses more than hackers. The time to outlaw payments for ransomware has long passed in my opinion. It doesn’t appear to offer a solution really or it doesn’t answer the real problem which is that there a lack of push or support for shoring defenses that would lower the success of these attacks.

The second outcome I have less of an opinion on. Though I will say that active countermeasures (similar to this idea) has been a idea in cyber for years.

Dark Reading has more to say on the latter than I.

I just think this geopolitically is something to watch. I’m also curious to see how cybercriminals might respond to both proposed actions.

More Reading:

Posted in Informational, Research, Topic, Vulnerabilities

Case Study: Stuxnet

Posted on by Steph

Enter the CyberWar

(A Day Late during to Travel)

If you’re paying attention to the War in Ukraine you’ve probably heard people talk about the ensuing cyber dimension of the conflict. This is just the latest skirmish–though some say it’ s the beginning of the new Era of Cyberwarfare–of cyberwarfare.

Stuxnet, wasn’t the first cyber operation nor was it the first virus, but it’s notable because it was one of the first that destroy hardware and an operation linked specifically to the U.S.

Stuxnet was a virus developed to target Iran’s nuclear capabilities. Basically, it targeted automated controls in industrial control systems causing the hardware to break. It did this by exploiting zero-days in Microsoft and Siemens software. The bad part is that Stuxnet worked to well and ended up spreading globally.

Read more:

Posted in Informational, InfoSec History, Research, Vulnerabilities

There is no Safe Haven: Mac Attacks

Posted on by Steph

I was all set to write about an interesting job in infosec today and then I woke up and saw reports of a new attack: ‘Pacman’, being leveraged against Apple computers. This report got me thinking about a conversation I saw on Social media where a connection was asking about what laptop to buy. One of this person’s friends mentioned getting an Apple because they are ‘safer’ than Windows machines and ‘antivurs wasn’t needed’ (no one but us tech geeks recommend Linux it wasnt even in the running). I recall thinking that laypeople are just really unaware that Apple systems are getting targeted at higher rates in recent years . So here we are talking about Mac Attacks.

As a disclaimer I’ve got no real dog in whatever battle exists between OSes. As a tech-head I have systems that run Windows, MacOS, and several flavors of Linux. The job isn’t to safeguard a specific type of system it’s to safeguard them all.

We can say, oh MacOS and Linux OS distros have less know vulnerabilities or are attacked less often, but to say that one or the other doesn’t have any or doesn’t get attacked is untrue. All systems are opened to be attacked.

Some Recent Apple Malware:

  • Pacman
  • Silver Sparrow
  • XLoader
  • GoSearch22
  • Thiefquest

A more in depth look at some Apple vulnerabilities and malware can be found here or here.

I will always advocate for user to protect themselves. Defense in depth isn’t just for enterprises it also means that users shouldn’t assume that the systems are just inherently ‘safe’. When people say security is everyone’s business I can support that because your end security should be your business which includes setting precautions to overlap where initial software and hardware might fall short.

Posted in What I've Used

What I’ve Used 02/2020

Posted on by Steph

The Basics of Hacking and Penetration Testing – Second Edition
By: Patrick Engebretson [Syngress]

I started this book before finishing the class I took for Cyber Attack and Defense in which in pairs we had to work through penetration testing methodology on a machine chosen from Vulnhub. I just finished it a few days ago, not because it is in any way dense or hard to follow, but because of time management.
Regardless of my shortcomings, this book is exactly as the cover states: The basics.
This book is highly recommended a beginner guide for anyone who is new to hacking or penetration testing. The penetration testing methodology that I spoke of in a recent post is clearly laid out in this book and chapter by chapter Engebretson, walks-through these steps and explains the tools to use and the basic ways in which to use them. There are also chapters that delve into Web Application Hacking and a brief touch on Social Engineering with SET (Social Engineering Toolkit) which were very informative.
I found myself highlighting throughout this book to come back to quickly for my next CTF. It’s a good start into learning these tasks and is excellent in that it sticks with emphasizing a structured approach to penetration testing and hacking. It wouldn’t be good for people who have been doing these tasks for any length of time, but for the intended audience it is definitely worthwhile.

5/5

Cover Image