Module 13

Module 13

In this module, we learn about wireless, Bluetooth, and mobile networks. The chapter discusses various types of WiFi networks and how secure they are. The WiFi networks use broadcasts to pass their traffic. Broadcasting makes the WiFi networks very vulnerable to sniffing and Man in the middle attacks. Bluetooth is a very old standard that allows convenient connection between mobile devices. Unfortunately, this communication protocol is very vulnerable to several types of attacks. A common type of attacks include bluejacking, bluesnarfing and blue bugging. 

Interesting article about the latest Bluetooth hacks. The described in article Bluetooth flaw enables an "attacking device" to interfere with the connection encryption process, essentially stealing the encryption key and accessing the data traffic between target devices.

https://www.forbes.com/sites/zakdoffman/2019/08/15/critical-new-bluetooth-security-issue-leaves-your-devices-and-data-open-to-attack/#42aba7ad4ec8 

Module 12

Module 11

In Module 11 we learn about Web servers and Web application hacking techniques and tools. We reveal in detail web server attacks and countermeasures. The author describes the best practices in securing the webserver and application environments. Lastly, we review the SQL injections types and countermeasures.

Since we discuss WEB server vulnerabilities I found this interesting article about the WordPress vulnerabilities. After carrying out an analysis of 84,508 WordPress plugins, Spanish security researchers Jacinto Sergio Castillo Solana and Manuel Garcia Cardenas discovered more than 5,000 vulnerabilities, including 4,500 SQL injection (SQLi) flaws.  The SQL injection is one of the most popular hacks but also one of the oldest. If  still use WordPress  maybe you should use a different platform.

https://portswigger.net/daily-swig/wordpress-terror-researchers-discover-a-massive-5-000-security-flaws-in-buggy-plugins 

Module 11

Module 11

In Module 11 we learn about the IDS intrusion detection system and IPS intrusion prevention systems. The systems are designed to help defend the network from know as well as unknown threats. The signature-based systems will search for the signature pattern which if discovered will fire alert in IDS and if IPS is enabled then the connection will be drooped or quarantined. More sophisticated IDS/IPS is built on network or user behavior, this system uses IA to learn the network/user patterns it will alert on any anomalies. These systems will be much more useful than regular IDS/IPS since using machine learning can spot a needle in a haystack. However if not properly tuned can produce a lot of false/positive.

I found an interesting article about ZOOM user names and passwords sell on the dark web. After many zoom bombing attacks, companies have risen some of the security settings attackers are now posting and selling videoconferencing credentials online. 

https://www.darkreading.com/threat-intelligence/criminals-selling-videoconferencing-credentials-on-dark-web/d/d-id/1337539?&web_view=true

Module 10

Module 10

In module 10 we learn about sniffing, session hijacking, DDOS and DNS spoofing. Sniffing is a way of monitoring the data flowing over the network by using a tool called "network sniffer" .IP Spoofing is when a malicious actor trying to impersonate the known IP by doing a redirection on the DNS level.

This week I would like to share about a very hard to spot and defend a DDOS attack called R.U.D.Y or "R U Dead Yet". This attack is hard to detect since its submitting the data at a very slow pace similar to regular request which coming from legitimate users. To protect from this type of attack you need to have a reverse proxy between customers and your website and monitor all of the traffic for slow attack traffic like RUDY which is almost impossible if you have thousands of hits per minute on your website. The best way to protect is to use a third party such as Cloudflare which automate the detection and prevention process without the interruption on legitimate traffic.

https://www.cloudflare.com/learning/ddos/ddos-attack-tools/r-u-dead-yet-rudy/

Module 09

Module 09

In module 9 we learn about different types of malware. In detail, we covered the features and differences among viruses, worms, Trojans and rootkits. The malicious code is designed to damage or disrupt host, software or networks. The damage from malware can vary from staling PII information, destroying the data or compromising the systems.

The computer malware and viruses are constantly evolving here is the list of the most dangerous viruses in 2020. The list as usual lately starts with sophisticated Ransomware

https://www.safetydetectives.com/blog/most-dangerous-new-malware-and-security-threats/