Cyber Security Forum

  What is a Cyber Kill Chain The cyber kill chain is essentially a cyber security model created by Lockheed Martin that traces the stages of a cyber-attack, identifies vulnerabilities, and helps security teams to stop the attacks at every stage of the chain. The term kill chain is adopted from the military, which uses this term related to the structure of an attack. It consists of identifying a target, dispatch, decision, order, and finally, destruction of the target. How does the Cyber Kill Chain Work? The cyber kill chain consists of 7 distinct steps: 1. Reconnaissance – The attacker collects data about the target and the tactics for the attack. This includes harvesting email addresses and gathering other information. – Automated scanners are used by intruders to find points of vulnerability in the system. This includes scanning firewalls, intrusion prevention systems, etc to get a point of entry for the attack. 2. Weaponization – Attackers develop malware by leveraging s...

  Log4j Explained: How It Is Exploited and How to Fix It Log4j or Log4Shell, a critical vulnerability in the widely used Apache Log4j Library, has raised alarms and security concerns across the tech and info security communities. The Log4j flaw ( CVE-2021-44228 ),  reported  last week, is a remote code execution (RCE) vulnerability that enables hackers to execute arbitrary code and take full control of vulnerable devices. What Is Log4j? Apache Log4j is a Java-based logging utility developed by the Apache Software Foundation. Several companies use the Log4j library worldwide to enable logging and configure a wide set of applications. The Log4j flaw allows hackers to run any code on vulnerable machines or hack into any application directly using the Log4j framework. Looking at its severity, MITRE rated the vulnerability as critical and assigned a CVSS score of 10/10. Affected Systems and Enterprises The vulnerability reportedly affects sys...

  HTTP Status Codes httpstatuses.com is an easy to reference database of HTTP Status Codes with their definitions and helpful code references all in one place 1×× Informational 100  Continue 101  Switching Protocols 102  Processing 2×× Success 200  OK 201  Created 202  Accepted 203  Non-authoritative Information 204  No Content 205  Reset Content 206  Partial Content 207  Multi-Status 208  Already Reported 226  IM Used 3×× Redirection 300  Multiple Choices 301  Moved Permanently 302  Found 303  See Other 304  Not Modified 305  Use Proxy 307  Temporary Redirect 308  Permanent Redirect 4×× Client Error 400  Bad Request 401  Unauthorized 402  Payment Required 403  Forbidden 404  Not Found 405  Method Not Allowed 406  Not Acceptable 407  Proxy Authentication Required 408  Request Timeout 409  Conflict 410  Gone 411  Length ...

                                           MALWARE INVESTIGATION Identification We are monitoring  SIEM sentinel console 24/7. Once incident is triggered assign to our self and Change the status from NEW TO ACTIVE 2.Gather Information Finding the incident details in the incident page . After status change open the Incident  and  Open the Entities and collect the Host Name & Check in the EDR(Endpoint Detection Response) with the Collected Host Name. Details Gathered Host name Username /account Filename Hash value User email ID Detection : AV Primary AV : Microsoft Defender Device action : Prevented/quarantined  File path Device os : Linux Ubuntu Investigation After collecting the all the details  start the Investigation Check the Reputation of Hash value in various threat intelligence tools: Virus total JOE sandbox Valkyrie comodo IBM xforce Anyrun Pa...

What's a Brute Force Attack? A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly. These attacks are done by ‘brute force’ meaning they use excessive forceful attempts to try and ‘force’ their way into your private account(s). This is an old attack method, but it's still effective and popular with hackers. Because depending on the length and complexity of the password, cracking it can take anywhere from a few seconds to many years. What do hackers gain from Brute Force Attacks? Brute force attackers have to put in a bit of effort to make these schemes pay off. While technology does make it easier, you might still question: why would someone do this? Here’s how hackers benefit from brute force attacks: Profiting from ads or collecting activity data Stealing personal data and valuables Spreading malware to cause disruptions Hijacking your system for malic...