In the September edition of Hakin9 Magazine, we decided to get you more familiar with some current hot topics within the cybersecurity universum, the main field being OSINT (Open-Source Intelligence).
In the opening article ‘What is OSINT?’ by John Walker you will read all about it! This piece can act as a comprehensive beginner's guide for those who want to get an idea about OSINT.
Later on, you will get to know more about building Cyber Threat Intelligence with OSINT. In this full of action and informative article by Bruno Rodrigues, you will gain new skills in order to better know your adversaries, but what is even more important, you will counter strike hackers and build a custom purpose CTI specific
to your needs!
Next, our informative article by Gabriel Carvalhaes called ‘What is a Privacy Red Team?’ discusses how a Red Team Operations and Privacy Red Team work, explains differences between Red Teaming, Pen Testing, and Threat Hunting, describes data security vs. data privacy, and more! Even if you’re a cybersecurity professional, you will learn something new in this article!
Another article by Atlas Stark is dedicated to NexVision, a company which has an AI-Powered OSINT tool utilizing real-time intelligence gathering for target investigations. In it, you will discover the future of OSINT and you will decide if you agree with it!
Especially for our tools’ aficionados, our authors came up with tutorials about Zeek (by Keith J. Jones) and PoshC2 (by Dan Dieterle), each having a totally different application. Zeek is an open-source network security monitoring tool and PoshC2 is a Command & Control framework running well on the Raspberry Pi Platform. Dive in!
Afterward, thanks to Chrissa Constantine, you will be able to delve into the topic of smart cities! You will find out what makes a city smart, what are the ‘smart city technologies’ and ‘smart city threats’, what role IoT plays in all of it, and many more! This is a very extensive (and engaging) study over this incredibly up-to-date topic!
Mtro. Jorge Vázquez del Río , tthe author of another article, ‘Backdoor through a Portable Executable’, discusses the Portable Executable, a binary file which can be executed in any of the Windows versions, in terms of cybersecurity. Check out how this knowledge can be useful to you!
Later, Michael Sommer will teach you about the Cyber Kill Chain, a concept applied to the defense of IT and enterprise networks, and how it can be used to defend ICS systems.
Last but not least, the subject of digital deception will be raised. In this article, dr. Char Sample and dr. Connie Justice composed an overview of the intriguing deception in the digital world, with some suggested solutions.
Enjoy this issue’s diversified content and stay safe,
Hakin9 Editorial Team
TABLE OF CONTENTS
What is OSINT?
Professor John Walker
What can be referred to as the grey art of OSINT (Open-Source Intelligence) has increased in traction over the last three years within commercial and government sectors and has been embraced by multiple law enforcement agencies to support investigations. OSINT has also been employed by professionals in various capacities, such as journalists, human resources, and researchers to leverage the power of discovering the unknown unknown world of potential intelligence. However, for those new to this grey art, what is OSINT?
Counter Striking Hackers: Building CTI with OSINT
Have you ever wondered who and from where hackers have attacked you? I have! On a daily basis, organizations are constantly attacked by malicious actors, that for now, we’re going to call hackers. We know little about their campaigns, technology capacity or even who they are. Cyber Threat Intelligence (CTI) is somewhat of a generic topic, not very often used by organizations to gain insights on what’s going on the cyber landscape.
Today, we are going to arm you with some OSINT tools to better know our adversaries, build your CTI and cyber resilience by knowing your adversaries better: what capabilities do they have, what technology are they using, is this an isolated campaign? Is your adversary state sponsored or a professional malicious actor? Are you being attacked from a compromised victim? What can you do to better protect yourself?
What is a Privacy Red Team?
Red teaming has been one of the most pursued careers in Cyber Security. However, many people, including IT professionals, mistake Red Team Operations for pentests and vulnerability scans. Although pentests and vulnerability scans can be part of a red team operation, they are security activities with a limited scope, whereas a true red team operation, in essence, has no limited scope in order to assess all types of flaws in a system or in a company. It can go for months on end and the goal is to emulate an Advanced Persistent Threat (APT) trying to break in through any means necessary.
NexVision: The Future of OSINT
NexVision, a Singapore-based company founded in 2014, is known for creating autonomous manufacturing solutions and healthcare technologies. Their technology also impacts a number of other industries. According to their project website, NexVision has an AI-Powered OSINT tool that utilizes military-grade, real-time intelligence gathering for target investigations. Now, the company refers to the AI as proprietary automation and mentions the use of advanced algorithms to perform its cutting-edge analysis. Obviously, they are not giving up the secret sauce just yet. In regard to parsing data from the dark web, they mention this is performed with their TOR engine proxy, so this alleviates the end user having to connect to TOR locally, which is a great feature, but how does all of this happen?
An Introduction to Zeek, an Open-Source Network Security Monitoring Tool
Keith J. Jones
In short, Zeek provides a language to interpret, log and alert upon different aspects in your network data. We can use Zeek to detect relevant security incidents on a network. By default, Zeek produces terse ASCII logs in TSV format, but can be configured to output JSON logs too. Zeek logs are compact, usually only consisting of a handful of lines for each network connection. The space required to save Zeek logs long term are typically much less than saving the equivalent full packet capture (PCAP) data because connections are summarized by Zeek in its logs.
PoshC2: Command & Control Using Raspberry Pi
Daniel W. Dieterle
In this article, we will take a look at using the PoshC2 framework on a Raspberry Pi running Kali Linux. PoshC2 is a full feature Command & Control (C2) framework that runs very well on the Raspberry Pi Platform. A C2 framework is used in offensive security to remotely interface with and control multiple target systems. First, the C2 creates shell payloads, very similar in a way to hacker’s exploit code. When a target system runs the payload, the C2 then has full remote control of the target system. The C2 then enables the security professional to interact with multiple targets at the same time. PoshC2 is a feature rich C2 that now comes installed on Kali Linux. We will look at using PoshC2, running on a Raspberry Pi, in action against both a Windows 11 & Windows Server 2022 target.
Smart Cities: Security, Resiliency, and Privacy Attacks
Smart cities use vast amounts of data to efficiently manage assets, resources, and services. This data is collected from various sources, such as people, devices, and buildings, and is used to improve city-wide operations. Thoughtful city planning requires critical public safety and security for networks carrying sensitive traffic or data (e.g., police dispatches), and that operate life-critical systems (e.g., emergency services communications).
Backdoor Through a Portable Executable
Mtro. Jorge Vázquez del Río
With the inclusion in the market of a new version of the Microsoft Windows operating system - specifically Windows NT - a new concept concerning file types also arose. The complexity caused by the customization based on architectures gave way to the development of a type of binary file, that is, Portable Executable (PE), which no matter the base system - operating system - can be executed in any of the Windows versions. It is worth mentioning that for Unix systems, this type of file is identified by the initials ELF (Executable Linkable Format).
ICS Cyber Kill Chain
The ICS Cyber Kill Chain is a concept designed to help IT security personnel better understand attacker campaigns. A campaign in this context is the totality of all operations against the organization. This article is composed of two parts. In the first part, the ICS Cyber Kill Chain is introduced and described. The second part shows how the ICS Cyber Kill Chain was applied to three case studies.
Dr. Char Sample & Dr. Connie Justice
Deceptive digital data takes many forms and has many entry pathways. Some of the earliest examples of deceptive digital data were hackers deleting incriminating log entries. Those actions represent a rather simplistic deception. The intruder who attempts to remove evidence of the attack, while practicing a deception, is not engaging in some of the more sophisticated deceptions that are newsworthy. The attacker who changes values of data that deceive the operator or decision-maker has the attention granting headline. Deceptive digital data has grown increasingly complex and may well prove to be cybersecurity’s most vexing challenge.