Category: Security

Learning Path of a Security Engineer

February 24, 2023 by Abhi·0 Comments

If you are looking to become a Security Engineer or already started on the path, below is a learning path that could be followed to achieve the goal.

Learn the basics of computer networking:
- Start by learning the fundamentals of computer networking, such as the OSI model, network topologies, and protocols. You can find plenty of resources online, such as videos and tutorials.
- Familiarize yourself with networking devices such as routers, switches, firewalls, and load balancers.
- Learn about IP addressing, TCP/IP, DNS, and DHCP. These are the building blocks of network communication and are essential for a security engineer.
- Practice configuring network devices, such as setting up VLANs, access control lists, and VPNs.
- Links
  - Cisco Networking Academy: https://www.netacad.com/
  - Udemy: https://www.udemy.com/topic/networking/
  - Computer Networking Basics: https://www.computernetworkingbasics.com/

Gain proficiency in programming:
- Choose a programming language to focus on, such as Python or Bash.
- Start by learning the basics of programming, such as syntax, data types, and control structures.
- Move on to more advanced topics, such as file I/O, error handling, and regular expressions.
- Practice writing scripts and programs to automate tasks, such as network scanning or log analysis.
- Explore libraries and frameworks that can help you with specific security tasks, such as Scapy or PyCryptodome.
- Links
  - Codecademy: https://www.codecademy.com/
  - Udacity: https://www.udacity.com/
  - Learn Python the Hard Way: https://learncodethehardway.org/python/

Develop a solid understanding of operating systems:
- Choose an operating system to focus on, such as Linux or Windows.
- Learn the basics of the command-line interface and how to navigate the file system.
- Familiarize yourself with system administration tasks, such as managing users and permissions, configuring services, and troubleshooting.
- Learn about security features of the operating system, such as firewalls, antivirus software, and encryption.
- Links
  - Linux Journey: https://linuxjourney.com/
  - Windows Server Administration Fundamentals: https://www.udemy.com/course/windows-server-administration-fundamentals/

Learn the fundamentals of cybersecurity:
- Start by learning about the CIA triad: confidentiality, integrity, and availability. These are the core principles of cybersecurity.
- Study the different types of attacks, such as phishing, malware, and social engineering.
- Learn about risk assessment methodologies and threat modeling.
- Explore cryptography and how it is used to secure data and communications.
- Study security controls, such as access control, auditing, and monitoring.
- Links
  - SANS Institute: https://www.sans.org/cyber-security-resources/
  - Cybrary: https://www.cybrary.it/
  - Introduction to Cybersecurity: https://www.coursera.org/learn/introduction-cybersecurity

Get familiar with penetration testing:
- Learn about the different phases of a penetration testing engagement, such as reconnaissance, scanning, enumeration, exploitation, and post-exploitation.
- Practice using penetration testing tools such as nmap, Metasploit, and Burp Suite.
- Learn about web application security testing, such as SQL injection and cross-site scripting.
- Familiarize yourself with wireless security testing, such as cracking WPA2 passwords and sniffing wireless traffic.
- Links
  - Offensive Security: https://www.offensive-security.com/
  - Penetration Testing and Ethical Hacking: https ://www.udemy.com/course/penetration-testing-and-ethical-hacking/

Study security frameworks and standards:
- Study security frameworks such as NIST, ISO 27001, and CIS. These frameworks provide guidelines on how to secure systems and networks.
- Learn about compliance standards, such as PCI-DSS and HIPAA. These standards are mandatory for certain industries and provide guidance on how to protect sensitive data.
- Explore privacy regulations such as GDPR and CCPA. These regulations provide guidance on how to handle personal data and protect individual privacy.
- Links
  - National Institute of Standards and Technology (NIST): https://www.nist.gov/
  - Center for Internet Security (CIS): https://www.cisecurity.org/
  - ISO/IEC 27001: https://www.iso.org/isoiec-27001-information-security.html

Gain practical experience:
- Participate in security-related projects, such as creating a honeypot or building a secure web application.
- Join bug bounty programs and practice finding and reporting vulnerabilities in web applications and software.
- Do an internship in a security-related field. This will give you hands-on experience and help you build your skills.
- Links
  - Hack The Box: https://www.hackthebox.eu/
  - Bugcrowd: https://www.bugcrowd.com/
  - Cybersecurity Internships: https://www.internships.com/cyber-security

Get certified:
- Consider obtaining certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP). These certifications validate your skills and knowledge in the field of cybersecurity.
- Links
  - Certified Ethical Hacker (CEH): https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
  - Certified Information Systems Security Professional (CISSP): https://www.isc2.org/Certifications/CISSP
  - Offensive Security Certified Professional (OSCP): https://www.offensive-security.com/pwk-oscp/

Keep up to date:
- Cybersecurity is a rapidly evolving field, and it is important to stay up to date with the latest threats, technologies, and trends.
- Subscribe to security blogs and news sites to stay up to date with the latest developments in the field.
- Attend conferences, seminars, and webinars to network with other security professionals and learn about new technologies and techniques.
- Join online communities such as Reddit or StackExchange to discuss security topics with other professionals.
- Participate in CTF (Capture the Flag) competitions to practice your skills and learn new techniques.
- Links
  - Threatpost: https://threatpost.com/
  - Dark Reading: https://www.darkreading.com/
  - The Hacker News: https://thehackernews.com/
Specialize in a specific area:
- Consider specializing in a specific area of cybersecurity, such as network security, application security, cloud security, or incident response.
- Learn about the tools and techniques specific to your area of specialization.
- Obtain certifications or attend training courses that are specific to your area of specialization.
- Gain practical experience in your area of specialization through internships, projects, or on-the-job experience.
- Links
  - Network Security: https://www.cisco.com/c/en/us/solutions/enterprise-networks/network-security.html
  - Application Security: https://www.owasp.org/
  - Cloud Security: https://cloudsecurityalliance.org/
  - Incident Response: https://www.sans.org/cyber-security-resources/incident-response/

Questions, Comments and Feedbacks are welcome.

It’s a trap – The Coronavirus (COVID-19) tracking app you are using could be a malware or a ransomeware. Microsoft to the rescue.

March 18, 2020 by Abhi·0 Comments

WHO has declared Coronavirus a global pandemic and almost every country in the world is impacted by it. A lot of people are trying to track the state of pandemic and it’s impact. A lot of people and organizations have come forward to help in this global crisis. But just like everything else where there is good there is evil. Malicious apps, websites, scams and ransomware have spun up to take advantage of the situation.

One of the ransomeware app it the Covid 19 Tracker which promises to give you the real time tracking of the spreading virus near you.

But in the background changes the password of your android phone and locks it. It then demands $100 in Bitcoin to be paid to be able to unlock your phone.

Be safe and just like always visit only the sites you trust and please refrain from installing untrusted apps on your mobile phone.

Microsoft has delivered the fastest project of this size that I know of to provide accurate and up to date information on the coronavirus (COVID-19). You can visit the live tracker at https://bing.com/covid. The website is mobile friendly as well.

Decrypt Secure (TLS / SSL) Browser Traffic with Wireshark

August 26, 2016 by Abhishek Shukla·Comments Off

The only future of web applications is with SSL and TLS however this is a nightmare for me and many other web application developers. When we moved all our applications to use secure communications always it became difficult to debug the web application and web api. Luckily Wireshark helps us solve this problem. Currently any secure traffic captured by Wireshark looks like this.

a picture showing normal packet capture using WireShark

Normal SSL Traffic Capture

The previous versions allowed to decrypt the secure traffic that used RSA only if the private key could be provided to Wireshark but it is no longer possible to decrypt traffic with just the private keys. This is where Session Key Logging comes into the picture. The browsers that we care about (Chrome and Firefox) support logging symmetric session key which is then used by Wireshark to decrypt the secure traffic.

Enable Session Key Logging

This could be done by simply by adding an environment variable. To add an environmental variable in Windows go to Computer Properties. One way to reach there is by Right-Clicking the My PC and select Properties.

a picture showing how to open computer properties

My PC Properties

Then Select Advanced System Setting

Advanced System Settings

Followed by selecting Environment Variables

Environment Variables

Now add a new User Environment Variable.

SSLKEYLOGFILE User Variable

Note – Restart your browser so that the log file is created.

Now that we have our environment variable setup. Let go to Wireshark and configure it read these keys to decrypt traffic. To do that go to Edit –> Preferences

a showing where to open wireshark preferences from menu

Wireshark preferences menu

Navigate to Protocols –> SSL. Browse to the path where you specified the log file to be created and select the file.

a picture showing where to specify the session keys log file in wireshark

wireshark ssl keys

Now we are all set to decrypt the secure traffic in wireshark. Start capturing traffic with Wireshark and select any TLS or SSL packet to decrypt.

a picture showing normal ssl packet details captured by wireshark

Normal SSL Traffic Capture

But when you move to the Decrypted SSL you would be able to see the decrypted traffic.

Decrypted Packet

Hope this helps you with your work with secure web packets.

Any questions, comments and feedback is always welcome.

Jigsaw ransomware – want to play a game (deletes your files as you wait)

April 22, 2016 by Abhi·Comments Off

A brand new breed of ransomware has ramped up the sport in an evil means by threatening to delete user files if they refuse to drop and pay the ransom.

The malware, dubbed Jigsaw, is one in all the newest entries into the ransomware family learned by researchers.

Jigsaw, otherwise called the at one time branded BitcoinBlackmailer. exe, was engineered on March 23rd 2016 and was discharged into the wild solely every week later. Once a victim downloading the malware, the harmful code encrypts user knowledge and creates a fastened screen rather than the private laptop, within the typical manner of ransomware. Users square measure then control to ransom and asked to pay a payment in virtual forex to retrieve their content.

However, in step with Forcepoint researchers, this ransomware not solely encrypts files, however it threatens users with a enumeration by displaying the face of Billy the Puppet from the worry flick Saw, victims are told files are chosen by the hour for deletion if the ransom isn’t paid.

The threatening notice says that in the primary day, solely a couple of files are erased, however following now, many thousand are removed on a daily basis for missing payment. If users try to shut the system or shut down the pc, Jigsaw tells users one thousand files are deleted on startup “as a social control. ”

Jigsaw Countdown

Yet , the code isn’t specifically refined. As Jigsaw is written in. NET, the team were ready to reverse engineer the malware’s code and tear out the encoding key used by Jigsaw to secure away user files — moreover as find each one of the a hundred Bitcoin addresses accustomed store ransomware repayments.

In the video below, you’ll be able to observe however the ransomware behaves every system is compromised — and also the creepy message victims given to force those to pay.

The infection rates are tiny and therefore the come looks to be poor. However, the practicality of this new variety of ransomware remains value noting. As law-breaking becomes additional refined and tools are developed, even those with an absence of talent will take advantage and Jigsaw could be a prime example of however ransomware could find yourself evolving on a wider scale within the future.

How to check if your computer is being monitored (command line – No software)

October 24, 2014 by Abhi·Comments Off

Figuring out whether your machine is continuously observed can be a test, contingent upon the checking method’s level of refinement. Older machines used to run slowly while being observed, however present day machines have enough power to make observing unclear. Checking for observing fittings and programming is a methodology of end and not secure.

So we will resort to a more foolproof mechanism of determining if someone is connected to your system and you have not authorized that connection.

Open the Run Window by either pressing Windows + R or typing Run in the Start Menu of Windows and type cmd

Run

Now type the command netstat -ano.

netstat

netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics.

-a –> Displays all the network connections along with all the TCP and UDP ports on which your computer is listening

-n –> Displays active TCP connections, however, addresses and port numbers are expressed numerically and no attempt is made to determine names.

-o –> Displays active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager. This parameter can be combined with -a, -n, and -p.

(Source – Wikipedia)

When you hit enter you would end up seeing something like below.

So the established connections are the ones which you should verify if those are the ones you made or were made automatically or are unauthorized. So to see who is connected you your system, open the task manger and move to the Details tab and look for the PID for that connection. In our case it is 5372 and we see that this is the Process ID fr google chrome.

Task Manager – Process Details

But if it is not one of the processes that you expected you could simple right and end it or find more details about it like

End Task
End Process Tree
Opening the file location
Searching it online
Check its properties
Navigate to its services

PID Actions

This way you would able to exactly figure out the process the process or exe that is running on your system and figure out if that’s one of your intended connection or not.

Any questions, comments or feedback are most welcome.