cyber security certification – Infosavvy Cyber Security & IT Management Trainings

Essential Terminology in Cyber security

June 11, 2020 info savvy

Here are some terms and their definition, you must know before you start studying ethical hacking. As cyber security technology grows and expands, so does the vocabulary associated with it.

Hack Value:

It is the notion among hackers that one thing is price doing or is interesting. Hack value will be a playful disruption. It’s additionally maintenance for the imagination, surprise the far side tedium of living in a client, dominated culture.It crossovers between different fields and practices, regard their achievements and approaches inhacking instead of specific genres. Like alternative chapters a number of the artworks and comes exist their own right, inside and outside of gallery context.Alternative examples either play with or disrupt things through cultural enactments of communication with others. These embody publications, farming, food distribution and public heritage sites. All the comes and works studied are social. Some are political and a few are participatory.This includes works that use digital networks and physical environments also as written matter. What binds these examples along isn’t solely the adventures. They initiate once experimenting with alternative ways that of seeing, being and thinking.They additionally share common intentions to loosen the restrictions, distractions and interactions dominating. The cultural interfaces, facades and structures in our everyday surroundings. Hack value is the notion among hackers to evaluate something that is worth doing or is interesting. Hackers derive great satisfaction from breaking down the toughest network of cyber security . They consider it their accomplishment as no one can do.

Also Read this Blog 6 Quick Methodology For Web Server Attack

Vulnerability:

Vulnerability is the existence of weakness, design when exploited, leads to an unexpected and undesirable event compromising . Simply that allows an attacker to enter the system by bypassing various user authentications. Vulnerability comes from the Latin word for “wound,” values. Vulnerability is that the state of being open to injury, or showing as if you’re. It would be emotional, like admitting that you are loving with somebody who would possibly solely such as you as a friend, or it will be literal, just like the vulnerability of a soccer goal that is unprotected by any defensive players. Vulnerability is that the existence of a weakness (design or implementation error) which will result in a surprising event compromising the protection of the system.

Exploit:

An exploit is breach of IT system security through vulnerabilities, in the context of an attack on system or network. Exploitation is that the next step in an attacker’s playbook when finding a vulnerability. Exploits are the means that through that a vulnerability may be leveraged for malicious activity by hackers; these include pieces of software system, sequences of commands, or maybe open supply exploit kits.An exploit could be a code that takes advantage of a software vulnerability or security flaw.It’s written either by cyber security researchers as a proof-of-concept threat or by malicious actors to be used in their operations. When used, exploits enable an intruder to remotely access a network and gain elevated privileges, or move deeper into the network.It also refers to malicious software or commands that can cause unanticipated behavior of legitimate software or hardware through attackers taking advantage of the vulnerabilities. Exploit could be a breach of an IT system of cyber security through vulnerabilities.

Payload:

Payload is the part of a malware or an exploit code that performs the intended malicious actions, which can include creating backdoor access to a victim’s machine, damaging or deleting files, committing data theft and hijacking computer. Hackers use various methods to execute the payload. Payload is that the part of an exploit code that performs a supposed malicious action. For example, they can activate a logic bomb, execute an infected program, or use an unprotected computer connected to a network.In computing, a payload is that the carrying capability of a packet or different transmission information unit. The term has its roots within the military and is usually related to the capability of practicable malicious code to try and do injury. Technically, the payload of a particular packet or different protocol information unit (PDU) is that the actual transmitted information sent by act endpoints; network protocols additionally specify the most length allowed for packet payloads.

Related Product Certified Ethical Hacker | CEH Certification

Zero-Day Attack:

in a Zero-Day attack, the attacker exploits vulnerabilities in a computer application before the software developer can release a patch for them.A Zero-Day attack is an attack that exploits the PC vulnerability before software engineer releases a patch.Based on common usage of exploit terms, an exploit is said as a zero-day exploit once it’s wont to attack a vulnerability that has been identified however not yet patched, additionally called a zero-day vulnerability.

Daisy Chaining:

It involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that information. Daisy chaining involves gaining access to a network and /or laptop and so exploitation constant data to realize access to multiple networks and computers that contain desirable data.

Doxing:

Doxing is publication in person identifiable data concerning a private or organization. It refers to gathering and publishing personally identifiable information such as an individual’s name and email address, or other sensitive information pertaining to an entire organization. People with malicious intent collect this information from publicly accessible channels such as the databases, social media and the Internet.

Bot:

A “bot” (a contraction of “robot”) is a software application or program that can be controlled remotely to execute or automate predefined tasks. Hackers use buts as agents that carry out malicious activity over the Internet. Attackers use infected machines to launch distributed denial-of-service (DDoS) attacks, key logging, spying, etc. bot could be a software system application which will be controlled remotely to execute or alter predefined tasks.

Anti-Forensics Techniques

December 6, 2019 info savvy

• Data hiding in file system Structures
Data hiding is one in all the anti-forensic techniques utilized by attackers to form knowledge inaccessible. NTFS-based exhausting disks contain unhealthy clusters during a data file as $BadClus and also the MFT entry eight represents these bad clusters. $BadClus could be a sparse file, that permits attackers to cover unlimited information further as portion a lot of clusters to $BadClus to cover a lot of information.

• Trail Obfuscation
Trail Obfuscation is one in every of the anti-forensic techniques that attackers use to mislead, complicate, disorient, sidetrack, and/or distract the rhetorical examination method. the method involves totally different techniques and tools, such as:

Log cleaners
Spoofing
Misinformation
Backbone hopping
Zombie accounts
Trojan commands

In this method, the attackers delete or modify information of some vital files so as to confuse the incident res-ponders. They modify header data and file extensions exploitation varied roles. Timestamp, that is a component of the Metasploit Framework, is one in every of the path obfuscation tool that attackers use to switch, edit, and delete the date and time of a information and build it useless for the incident answer-er transfigure is another tool accustomed perform path obfuscation.

Using the Time-stomp application, one will modification the changed date and time stamp fully, thereby unsupported the validity of the document and deceptive the investigation method.

Overwriting Data/Metadata:
Intruders use various programs to write information on a memory device, creating it tough or not possible to recover. These programs will write information, metadata, or each to avert forensics investigation method. Overwriting programs add 4 modes :

Overwrite entire media
Overwrite individual files
Overwrite deleted files on the media
Overwriting information will be accomplished by using disk sanitizes

Overwriting Metadata:
Metadata refers to the data that stores details of knowledge. It plays a vital role within the comp. Her forensics investigation method by providing details like time of creation, names of the systems used for creation and modification, author name, time and date of modification, names of the users UN agency had changed the file and different details.Incident res-ponders will produce a timeline of attackers’ actions by organizing the file’s timestamps and different details in ordered order.

• Encryption
Encryption is that the method of translating the information into a secret code in order that solely the licensed personnel will access it. it’s an efficient thanks to secure the info. To browse the encrypted file, users need a secret key or a countersign that may rewrite the file. Therefore, most attackers use coding technique mutually of the most effective anti-forensic technique.Data coding is one of the usually used techniques to defeat rhetorical investigation method and involves coding of codes, files, folders, and typically complete exhausting disks. Intruders use sturdy coding algorithms to encipher information of investigatory price, that renders it just about unclear while not the selected key. Some algorithms avert the investigation processes by acting extra functions as well as use of a key file, full-volume coding, and plausible deniability.

• Encrypted Network Protocols
Attackers use the encrypted network protocols to protect the identification of the network traffic in addition as its content from forensic examination. Few cryptographic encapsulation protocols like SSL and SSH will solely shield the content of the traffic. However, to protect against the traffic analysis, attackers should also anonymize themselves whenever possible .Attackers use virtual routers like, the Onion routing approach, that provides multiple layers of protection. Onion routing is that the technique used for secret communication over a network. This network encapsulates messages in layers of coding, similar to the layers of an onion and employs a worldwide volunteer network of routers that serve to anonymize the supply and destination of communications. Therefore, tracing this sort of communication and attributing it to a supply is incredibly tough for incident res-ponders.

• Buffer Overflow against forensic Tools
In the buffer overflow exploit attack, the .attackers use buffer overflows as entry to a distant system to inject and run the code within the address house of a running program, thereby with success fixing the victim program’s behavior. Usually, attackers use buffer overflows to access the remote system, once that they transfer attack tools, that get saved within the target machine’s hard disk.

• Detecting Forensic Tool Activities
Attackers are absolutely awake to the PC forensic tools that incident res-ponders use to search out and analyze proof from a victim’s ‘computer or network. Therefore, they struggle to include rhetorical tools and method identification programs into the system or malware they’re using. These programs act intelligently and alter behavior on detective work the CFT.

Uncategorized

Understanding Indicators of Compromise

November 29, 2019December 10, 2019 info savvy

The Indicators of Compromise play a serious role in building and enhancing the cyber security posture of a company. Monitoring IOCs helps analysts find and answer varied security incidents quickly. Identification of continual concerns of explicit loCs helps the safety groups in enhancing the protection mechanisms and policies to shield and stop varied evolving attacks. This section provides an outline of IOCs and also the in importance, types of IOCs Key IOCs and also the pyramid of pain.

Indicators of Compromise

Cyber threats are endlessly evolving with the newer TTPs custom-made supported the vulnerabilities of the target organization. the safety analysts got to perform continuous observation of loCs to effectively and expeditiously find and answer the evolving cyber threats. Indicators of Compromise area unit the clues/artifact/ items of forensic knowledge that ar found on a network or OS of a company that indicates a possible intrusion or malicious activity in organization’s infrastructure .

However, loCsar itself not intelligence in reality, IoCs act as a odd supply of information of knowledgeof knowledge regarding threats that function data points within the intelligence method. unjust threat intelligence extracted from loCs helps organizations enhance incident-handling methods. Cyber security professionals use varied machine-driven tools to watch loCs to find and stop varied security breaches to the organization. ObservationloCs additionally helps the protection groups enhance

the security controls and policies of the organization to find and block the suspicious traffic to thwart any attacks. to beat the threats related to loCs, some organizations like STIX and TAXl l have developed standardized reports that contain condensed knowledge associated with the attack and shared it with others to leverage the incident response.

AnloC is outlined as associate atomic indicator, computed indicator, or activity indicator. it’s the data concerning suspicious or malicious activities that is collected from varied security institutions during a network infrastructure. Atomic indicators ar those who can not be metameric into smaller components, associated their which means isn’t modified within the context of an intrusion. samples of atomic indicators ar informatics address, email address, etc. Computed indicators ar that obtained from the info extracted from a security incident. Samples of computed indicators ar hash values and regular expressions. Activity indicators check with a grouping of each atomic and computed indicators combined supported some logic.

Why Indicators of Compromise Important?

Indicators of Compromise act as a chunk of forensic information that helps organizations discover malicious activity at an initial section. These activities that are sometimes labelled as red flags indicate associate anack that has the potential of compromising system or will cause a knowledge breach.

loCs will be as easy as information or as difficult as malicious code. Therefore, it’s troublesome to notice them. Threat analysts sometimes correlate varied loCs and mixture them to investigate a possible threat or an event. Using loCs, organizations will find, identify, and answer anacks or threats before they harm the network. Therefore, observance loCs is important to the organization from security compromises.

Following are the explanations why analysing loCs is crucial for the organization:

. Helps security analysts in detection information breaches, malware immersion makes an attempt, or different threat activities

. Assists security analysts in knowing “what happened” regarding the attack and helps the analysts observe the behaviour and characteristics of malware

. Helps improve latency still as upgrade the detection rate of the threats

. Provides security analysts with information feeds that may be fed into the organization’s auto response mechanism or machine-controlled security devices. It helps them perform scans automatically to find if those attacks exist in the setting or not. onceloCs follow some pattern or show revenant behaviour, analysts will update tools and security policies supported that specific behaviour of malware .

Helps analysts to find answers to the subsequent questions:

Does the file include malicious content?

Does the organization network compromised?

however did the network get infected?

what’s the history of a selected information processing address?

. Assists analysts in following a uniform approach for documentation of every specific threat which will be simply shared with team members

. Provides a better method for the detection of zero-day attacks that detection rules have to be compelled to be developed for the prevailing security tools

. Provides a decent supply of information and a decent place to begin for concluding investigation method.

Uncategorized

Definition of Cyber Threat Intelligence

November 25, 2019December 10, 2019 info savvy

According to Oxford dictionary, a threat is defined as the possibility of a malicious attempt to damage or disrupt a computer network or system.” Threat is a potential occurrence of an undesired event t hat can eventually damage and interrupt the operational and functional activities of an organization. A threat can affect t he integrity and availability factors of an organization. The impact of threats is very high, and it can affect t he existence of the physical IT assets in an organization. The existence of threats may be accidental, intentional, or due to the impact of some other action.

T he threat intelligence, usually known as CTI, is defined as t he collection and analysis of information about threats and adversaries and drawing patterns t hat provide an ability to make knowledgeable decisions for the preparedness, prevent ion, and response actions against various cyber attacks. It is t he process of recognizing or discovering any “unknown threats” t hat an organization can face so t hat necessary defense mechanisms can be applied to avoid such occurrences. It involves collecting, researching, and analyzing trends and technical developments in t he field of cyber threats (i.e., cybercrime, hacktivism, espionage, etc.). Any knowledge about threats t hat result in the planning and decision- ma king in an organization to handle it is a threat Intelligence. T he main aim of t he CTI is to make the organization aware of t he existing or emerging threats and prepare them to develop a proactive cyber security posture in advance before these threats could exploit them. This process, where the unknown threats are converted into the possibly known ones, helps anticipating the attack before it could happen and ultimately results in better and secured system in the organization. Thus, threat Intelligence is useful in achieving secured data sharing and transactions among organizations globally.

Threat intelligence process can be used to identify t he risk factors t hat are responsible for malware attacks, SQL injections, we b application attacks, data leaks, phishing, denial-of-service attack, etc. Such risks, after being filtered out, can be put on a checklist and handled appropriately. Threat intelligence is beneficial for an organization 17to handle cyber threats with effective planning and execution along with thorough analysis of t he threat; it also strengthens the organization’s defense system, creates awareness about the impending risks, and aids in responding against such risks.

In cyber threat intelligence, analysis often hinges on the triad of actors, intent, and capability, with consideration given to their tactics, techniques, and procedures (TTPs), motivations, and access to the intended targets. By studying this triad it is often possible to make informed, forward-leaning strategic, operational, and tactical assessments.

Strategic intelligence assesses disparate bits of information to form integrated views. It informs decision and policy makers on broad or long-term issues and/or provides a timely warning of threats. Strategic cyber threat intelligence forms an overall picture of the intent and capabilities of malicious cyber threats, including the actors, tools, and TTPs, through the identification of trends, patterns, and emerging threats and risks, in order to inform decision and policy makers or to provide timely warnings.

Operational intelligence assesses specific, potential incidents related to events, investigations, and/or activities, and provides insights that can guide and support response operations. Operational or technical cyber threat intelligence provides highly specialized, technically-focused, intelligence to guide and support the response to specific incidents; such intelligence is often related to campaigns, malware, and/or tools, and may come in the form of forensic reports.

Tactical intelligence assesses real-time events, investigations, and/or activities, and provides day-to-day operational support. Tactical cyber threat intelligence provides support for day-to-day operations and events, such as the development of signatures and indicators of compromise (IOC). It often involves limited application of traditional intelligence analysis techniques.

Cyber threat intelligence has proved beneficial to every level of state, local, tribal, and territorial (SLTT) government entities from senior executives, such as Chief Information Security Officers (CISOs), police chiefs, and policy makers, to those in the field, such as information technology specialists and law enforcement officers. In addition, it provides value for other experts as well, such as security officers, accountants, and terrorism and criminal analysts. Properly applied cyber threat intelligence can provide greater insight into cyber threats, allowing for a faster, more targeted response as well as resource development and allocation. For instance, it can assist decision makers in determining acceptable business risks, developing controls and budgets, in making equipment and staffing decisions (strategic intelligence), provide insights that guide and support incident response and post-incident activities (operational/technical intelligence), and advance the use of indicators by validating, prioritizing, specifying the length of time an indicator is valid (tactical intelligence). Over the next several years the inclusion of cyber threat intelligence into SLTT government operations will become increasingly important, as all levels and employees are forced to respond to the cyber threat.

In cyber threat intelligence, analysis often hinges on the triad of actors, intent, and capability, considerately given to their ways, techniques, and procedures (TTPs), motivations, and access to the supposed targets. By finding out this triad it’s usually possible to create informed, forward-leaning strategic, operational, and plan of action assessments.

• Strategic intelligence assesses disparate bits of data to make integrated views. It informs decision and policy manufacturers on broad or long-run problems and/or provides a timely warning of threats. Strategic cyber threat intelligence forms an overall image of the intent and capabilities of malicious cyber threats, as well as the actors, tools, and TTPs, through the identification of trends, patterns, and rising threats and risks, in order to inform decision and policy manufacturers or to produce timely warnings.

• Operational intelligence assesses specific, potential incidents related to events, investigations, and/or activities, and provides insights which will guide and support response operations. Operational or technical cyber threat intelligence provides extremely specialised, technically-focused, intelligence to guide and support the response to specific incidents; such intelligence is usually related to campaigns, malware, and/or tools, and will come in the form of forensic reports.

• Tactical intelligence assesses real-time events, investigations, and/or activities, and provides day-to-day operational support. tactical cyber threat intelligence provides support for daily operations and events, like the development of signatures and indicators of compromise (IOC). It usually involves limited application of ancient intelligence analysis techniques.

Cyber threat intelligence has established beneficial to each level of state, local, tribal, and territorial (SLTT) government entities from senior executives, like Chief data Security Officers (CISOs), police chiefs, and policy manufacturers, to those within the field, like data technology specialists and law enforcement officers. additionally, it provides price for alternative consultants yet, like security officers, accountants, and terrorist act and criminal analysts. Properly applied cyber threat intelligence will offer larger insight into cyber threats, granting a quicker, additional targeted response yet as resource development and allocation. as an example, it will assist decision manufacturers in determining acceptable business risks, developing controls and budgets, in creating equipment and staffing choices (strategic intelligence), offer insights that guide and support incident response and post-incident activities (operational/technical intelligence), and advance the use of indicators by verifying, prioritizing, specifying the length of your time an indicator is valid (tactical intelligence). Over future many years the inclusion of cyber threat intelligence into SLTT government operations can become increasingly important, as all levels and employees are forced to respond to the cyber threat

Tag: cyber security certification