|Introduction to Ethical Hacking Preview.pdf|
Welcome to the new issue of Hakin9. This month we would like to talk about Threat Intelligence and identifying potential cybersecurity attacks. The primary purpose of threat intelligence is to help organizations (or companies) understand the risks of the most common and severe external threats. The articles we chose for this publication will give you in-depth knowledge about this topic.
Our magazine wouldn't be the same without a few articles dedicated to hacking or breaking through security systems! That's why we have articles such as Introduction to ethical hacking where you will learn how to take control over a network or PinkKite analysis, focused on malware.
All that and much more awaits you in our newest edition. We would also want to thank all authors, reviewers and proofreaders for participating in this project.
Have a nice read, folks!
Hakin9 Magazine Editorial Team
TABLE OF CONTENTS
Introduction to ethical hacking: Become the owner of network
Adrian Rodriguez Garcia
First we’re going to talk about the lab that has been designed for this article and know how to act on it. Then, with a series of tools and frameworks that will be seen throughout the article, we will begin the first stage of attack, which will consist of compromising an internal network element from an external network. The next challenge will be to compromise an internal network using the pivoting method to finally make the attack persistent.
Cyber Threat Intelligence Model:
An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence
Siri Bromander, Vasileios Mavroeidis
This paper introduces the Cyber Threat Intelligence (CTI) model, which enables cyber defenders to explore their threat intelligence capabilities and understand their position against the ever-changing cyber threat landscape. In addition, we use our model to analyze and evaluate several existing taxonomies, sharing standards, and ontologies relevant to cyber threat intelligence. Our results show that the cyber security community lacks an ontology covering the complete spectrum of threat intelligence. To conclude, we argue the importance of developing a multi-layered cyber threat intelligence ontology based on the CTI model and the steps that should be taken under consideration, which are the foundation of our future work.
Preventing Poisoning Attacks on AI based Threat Intelligence Systems
Nitika Khurana, Sudip Mittal, Anupam Joshi
In this paper, we use an ensembled semi-supervised approach to determine the credibility of Reddit posts by estimating their reputation score to ensure the validity of information ingested by AI systems. We demonstrate our approach in the cybersecurity domain, where security analysts utilize these systems to determine possible threats by analyzing the data scattered on social media websites, forums, blogs, etc.
Should Chess Players Learn Computer Security?
Gildas Avoine, Cedric´ Lauradoux, Rolando Trujillo-Rasua
The main concern of chess referees is to prevent players from biasing the outcome of the game by either colluding or receiving external advices. Preventing third parties from interfering in a game is challenging given that communication technologies are steadily improved and miniaturized. Chess actually faces similar threats to those already encountered in computer security. We describe chess frauds and link them to their analogues in the digital world. Based on these transpositions, we advocate for a set of countermeasures to enforce fairness in chess.
Formjacking: A major threat for online shoppers
As digitalization is taking over, online shopping sites are gaining popularity. In fact, online shopping has changed the way we used to shop. From electronic gadgets to fashion apparel, even groceries are available online and changing the shopping experience for the customers. The impressive returns make it a ‘must have’ platform for retailers and brands. While shopping, we tend to believe that the site is secure and share a lot of personal and financial information without worrying. But before making any online transaction, be very cautious. Hackers can wash off your account within a blink of an eye! Such attacks are called ‘Formjacking’.
Though it is not a new technique, recently the attacks have become more sophisticated and increased dramatically.
In this paper, I will analyze a POS malware named PinkKite. During analysis, you will learn the internals of magnetic stripe cards and basic functionality of malware targeting POS. The reader should already have a basic knowledge of assembly on a Windows OS environment and be familiar with tools used in reverse engineering.
Bad practices that will make your SIEM and SOC implementation fail
In all these years of experience in the SOC, SIEM and Incident Response arena, working on different SOCs and with different SIEMs, I want to share today with you the bad practices and fake ideas that will make your SIEM and SOC implementation fail.
SOC Services: What if your service provider is selling you smoke and mirrors?
It might be a surprise for you but, unfortunately, if you are a customer of third-party SOC services, you are probably wasting your money and leaving your business exposed to external threats. One of the biggest concerns of companies that contract an external SOC service is that they don’t actually have enough information about their risks and the best approach to mitigate them. The most important thing you should keep in mind related to SOCs: “If you don’t have an Operational SOC, YOU DON’T HAVE A SOC.”
Brief Walkthrough of Concurrency Model in Go
Around the year 2005, CPU manufacturers reached the limit of increasing the speed of the processors physically, which may also be thought of as reaching the saturation point of Moore’s Law. Hence they started adding more cores to the CPU viz. Dual Core processor, Quad Core processor, etc., for enhancing the performance.
Unfortunately, older languages are not very efficient at exploiting the benefits of the modern hardware comprising of multi core CPUs. Here, Go fills the need by having concurrency support built in, which can very efficiently make use of the multiple cores for better performance.
This article is a high level and brief walkthrough of the concurrency model of Go.
Cyber Threat Intelligence: weaponizing cyber defense
The core purpose of Threat Intelligence is to analyse and process data about identified threats. A specific intelligence type must follow the intelligence life cycle of planning and direction, collection, processing, analysis and production, dispersion and integration of the information.