Cyber Threat Intelligence - Preview

Dear readers,

In this month’s edition, we would like to take a closer look at cyber threat intelligence. Other topics are also featured, so we hope that everyone will find something for themselves.

We have four articles dedicated to threat intelligence. If you are relatively new to this area we recommend checking Cyber Threat Intelligence - Overview. It’s not an ordinary introduction, as it contains in-depth details that will help you understand the topic better. Moving forward, Cyber Threat Intelligence Landscape will dive deeper into this area and focus on Incident Response activities. What are the benefits of CTI information exchange, presentation of threat findings? And how can this increase awareness of prevention methods? The authors tried to find answers to those questions in their article.  An Analysis of Cyber Threat Intelligence will show you how to analyse data about threats, and how to effectively use it for prevention. The last article about threat intelligence presents a more hands-on approach. Infection with Malware By Script Python NOT Detected by AV brings the result of a security analysis with an offensive mindset, performing the execution of two Python scripts responsible for downloading some malware in our environment.

Of course that’s not all! You can also read about MiTM attacks on the secure sockets layer. For hardware fans, we have an article about Raspberry Pi and self-driving cars! You definitely don’t want to miss it. And, finally, two articles about IoT - one is focused on the blockchain relation to the Internet of Things devices, while the second is a tutorial about brute-force attacks on IoT. 

We hope that you enjoy reading this edition, and that no matter where you are, you are safe, taking care of yourself and your loved ones. 

Enjoy the reading,

Hakin9 Editorial Team

>>If you want to buy this magazine click here <<

>>If you are a subscriber, download your magazine here<<

INSIDE OF THE PREVIEW: Full article by Filipi Pires "Infection with Malware By Script Python NOT Detected by AV"

TABLE OF CONTENTS

Bots Scheduler: A Web-based Cron-like security task scheduler

by Alexandre D'Hondt

Various useful Web services exist to check for multiple security-related aspects. For instance, Shodan allows one to verify if ports and services were left publicly open for a range of IP addresses. Manual checks can be cumbersome and, at some point, it can be very useful to schedule this task on a regular basis, especially in order to check if the monitored issue was solved. While Shodan may have its own monitoring service, it would be very handy to be able to schedule such a task also for other Web services that don’t have such a feature. That is where Bots Scheduler comes into play. Relying on a Web-based scheduling solution made by Nextdoor, it extends its capabilities and dedicates it to building jobs that fit to some security-related Web services with reporting. This way, Bots Scheduler manages jobs, reports and email notifications. It currently supports the following services: Shodan, Censys, HaveIBeenPwned, PwnedPasswords, GhostProject, Nuclear Leaks and HaveIBeenSold.

Man-in-The-Middle Attacks Against SSL/TLS

by Muneer Alwazzeh, Sameer Karaman

Knowledge of the attacking methods allows development of appropriate security models. Although secure socket layer/transport layer security (SSL/TLS) is the most secure web security protocol [1], it has lots of vulnerabilities resulting from weak cipher support, poor negotiation, weak authentication and integration and misconfiguration, like exploits of TLS’s cipher block chaining (Lucky 13 Attack), or exploits of the HTTP compression technique (Breach Attack) and need quick solutions. Transport layer undergoes many types of attacks (Eavesdropping attacks, Port scan attack, Reply attack, Man-in-the-Middle attack, Denial-of-Service attack, and so on).

Cyber Threat Intelligence - Overview

by Stjepan Groš

The goal of this research is to review several of the research fields that the authors identified to have some commonalities with the cyber threat intelligence, but in the same time are much older than CTI, with respect to the use, experience and the body of research. It is the idea that the knowledge accumulated in those other research fields can be applied to CTI in some way. In that way, we hope to give some guidelines for advancing cyber threat intelligence much faster by reusing ideas, methodologies, experiences and other knowledge elements from the other, older, research fields. In that way, we aim to fulfill the main objective of this article, to give research directions in CTI by connecting it to much more mature related fields.

Cyber Threat Intelligence Landscape

by Günther Pernul, Christine Sperl

In the field of threat intelligence and cybersecurity, a lot of research has been conducted in the last years. However, the number of publications covering approaches for modelling and unifying CTI is limited. This stands in contrast to the fact that exchanging CTI has become more urgent to face security incidents [19]. It can be observed that especially research work that considers available CTI data formats and the underlying data structures is rare. Most common in the area of modelling and unifying CTI are ontology proposals that clarify terms and their relations to each other in a defined area. Ontologies that can be found in literature can be distinguished in specialized and generic approaches.

Self-Driving Automotive using Raspberry Pi

by Raj Shirolkar

In the past decade or two, self-driving cars have been drawing considerable attention for various applications in military, transportation and industrial production. Here we present a remote controlled car that can drive itself to the selected destination using voice commands as input.

Blockchain and Internet of Things (IoT)

by Tanweer Alam

Blockchain (BC) in the Internet of Things (IoT) is a novel technology that acts with decentralized, distributed, public and real-time ledgers to store transactions among IoT nodes. A blockchain is a series of blocks and each block is linked to its previous blocks. Every block has the cryptographic hash code, previous block hash, and its data. The transactions in BC are the basic units that are used to transfer data between IoT nodes.

Cloud Computing Security Threats

by Farah Abdulaziz Almangour, Johara Abdulrahman Aljarri

Cloud is a turning point technology that twisted cybersecurity and changed the path of businesses and hackers. The shift to cloud technology has caused many new security challenges to rise by introducing a new set of security risks as well as creating many cloud security problems. Unfortunately, the availability of cloud computing services online provides anyone with the correct credentials to access it. In addition, the accessibility of enterprise data draws the attention of several hackers who seek to study the technology itself, discover different flaws and exploit the system for their own advantage.

Infection with Malware By Script Python NOT Detected by AV

by Filipi Pires

The purpose of this document was to execute several efficiency and detection tests in our endpoint solution, provided by Cybereason. This document brings the result of the defensive security analysis with an offensive mindset performing an execution of two Python scripts responsible to download some malware in our environment.

Investigating Brute Force Attack in IoT

by Deris Stiawan, Rahmat Budiarto

The investigation focuses on attacks launched from the internal network, due to the assumption that the IoT network has already installed a firewall. An insider/internal attack launched from an internal network endangers more than the entire IoT security system. Our experiments use an IoT network testbed that mimics the internal attack scenario with three major goals: (i) to provide a topological description on how an insider attack occurs; (ii) to achieve attack pattern extraction from raw sniffed data; and (iii) to establish attack pattern identification as a parameter to visualize real-time attacks. Experimental results validate the investigation.

An Analysis of  Cyber Threat Intelligence

by Vector Guo Li, Kirill Levchenko 

Today a wide array of public and commercial sources distribute threat intelligence data feeds to support this purpose. However, our understanding of this data, its characterization and the extent to which it can meaningfully support its intended uses, is still quite limited. In this paper, we address these gaps by formally defining a set of metrics for characterizing threat intelligence data feeds and using these measures to systematically characterize a broad range of public and commercial sources. Further, we ground our quantitative assessments using external measurements to qualitatively investigate issues of coverage and accuracy. Unfortunately, our measurement results suggest that there are significant limitations and challenges in using existing threat intelligence data for its purported goals.