Cyber Security Forum

Installing Virtualization Software Before installing a virtual operating system, we need to install one of the virtualization software that enables this. While there are some differences between them, any of the virtualization software will help us for our dynamic analysis. You can install one of the following virtualization software: VMware Workstation VMware Fusion (for macOS) Oracle Virtualbox We will use VMware Workstation virtualization software during the training and it is recommended for you to install it so that you can follow the training easily. You can download and install VMware Workstation here. Installing Operating System After installing the virtualization software on our system, let's set up our operating system with the help of these virtualization software. In order to install the operating system together with the virtualization software, we need to obtain the ISO files of the operating systems. You can use the application called MediaCreationTool published by M...

 We will need some software when applying the dynamic analysis method. Let's take a look at these software categories. Virtualization Software We do not want to conduct dynamic analysis on our own system as we need to run the malware to be able to examine its activities. For this reason, we should make use of Virtualization Software that helps us work on some virtual systems. Thanks to these software, you can use a different operating system on your host operating system. If they are configured properly, you can perform your analysis safely, as malicious software cannot escape from this virtual operating system. It is useful to make a small note here on these virtualization software. Since these virtualization environments are essentially software, various vulnerabilities that allow malwares to escape out of these virtual environments and allow code executions on the host operating system may occur on these environments. For this reason, It is crucial to keep your virtualization so...

 If you ask a friend of yours who works as a SOC analyst about what they do at work, one of the things you may probably hear will be that "I am analyzing suspicious files". Malware analysis is one of the most important tasks of SOC. I can easily say that you will work closely with malware in your daily life, no matter what level of SOC analyst you are. So why dynamic analysis and not static analysis? Both analysis methods have their own advantages and disadvantages. In fact, these two methods do not substitute each other. When you want to analyze a malware, you need to combine these two methods and analyze it. Malware analysis is divided into two as an analysis method, and in this tutorial, we will focus on Dynamic Analysis. As a SOC analyst, you are racing against time. The faster you can detect a harmful situation, the faster you can take action against it. SOC analysts first prefer the dynamic analysis method since it can produce much faster results than the static analysi...

 Dynamic malware analysis method is an analysis method in which malware is run and examined in secure environments. In this method, it is aimed to analyze the behavior of the malicious software by examining the activities like network, and file, etc. in secure environments. It is a method that is widely preferred by the SOC analysts in the first place as you can perform faster analysis than the static analysis method. You can find our blog post about Static Analysis and Dynamic Analysis methods here. Various sandbox solutions are available to automate the dynamic analysis. Sandboxes run the malware in their own isolated environments and automatically present the analysis results. These sandbox solutions are crucial for the SOC analysts. Advantages of the Dynamic Analysis Method Some of the advantages of the dynamic analysis method are; It produces much faster results than the static analysis method, You can perform automated analysis with sandboxes, It is an analysis method that re...

Surprising Differences Between TLS and SSL Protocol TLS is simply a successor of SSL 3.0, TLS is a protocol which provides Data encryption and Integrity between communication channels. SSL 3.0 is served as a base for TLS 1.0. SSL OR TLS Which is good? We use to believe that TLS 1.0 is a Successor of SSL 3.0. As we know SSL3.0 are very old and recent attacks like POODLE, BEAST and other attack vectors made SSL3.0 lifeless as a security protocol. Due to POODLE attack, SSL v3 is being completely disabled on web sites around the world. Then the BEAST attack which completely break web sites running on older SSL v3.0 and TLS v1.0 protocols. Sadly still some of the websites does not use TLS, you can check your website configuration using Comodo SSL analyser. TLS Handshake Protocol When a TLS  and server first start communicating, they agree on a protocol version, select cryptographic algorithms, optionally authenticate each other, and use public-key encryption techniques to generate share...

 The OWASP Top 10 security risks point out the common vulnerabilities seen in web applications. But it does not list the set of attack vectors that WAFs (Web Application Firewalls) can simply block. This is but a myth often propagated by many a security vendor. OWASP Top 10 protection is the joint responsibility of the security vendor and the application developers. There is a lot that an effective security solution and WAF can do to secure OWASP vulnerabilities. But in some cases, the security solution may not be able to give complete coverage against it and requires the developers/ organizations to take preventive action. In this article, we help you understand how a comprehensive, intelligent, and fully managed WAF can augment OWASP Top 10 protection. A Quick Introduction to WAF WAF is the first line of defense between the web application and the web traffic, filtering out malicious requests and bad traffic at the network edge. The best WAFs are part of larger security solutions...

  A Dictionary attack is one of the ways through which the attackers try to gain access to the keys of the reign. Bad actors take advantage of people using common dictionary words as their passwords. A study has proved how the majority of people like to reuse their passwords or use common phrases that are relatively easy to remember.  Databases used in dictionary attack does not only include the common dictionary words, but also the passwords leaked in previous attacks. Dictionary Attack Using Burp Suite Tool: BurpSuite is indeed a great tool for testing vulnerability in web applications. We are here using its free-version which has limited capabilities but works well for learning! Lets began the process to brute force/dictionary attack.  So, we’ll be using VM setup, with Kali and Bee-Box as a Web Server which is the victim. The process for setting up the Burp Suite and proxy in the browser is explained here. Make sure you have set up your proxy to your localhost. STEP1:...

 Hi everyone and welcome back on this new write-up. Today, I would like to talk about a vulnerability I found on some programs that allowed me to bypass their 2FA protections. On a side note, due to the fact that the programs are private, all the informations about the websites will be redacted. That’s said, let’s start ! Introduction : As many hunters, when I start my research on a new bug bounty program, I use the application as a lambda user. This allow me to understand how the applications work and notice which features can be interesting to test. I noticed that the applications had a 2FA feature, I enabled it and I started to play with it. For those who are not familiar with the concept of 2FA (Two-factor authentication), this can be defined by: Two-factor authentication (2FA) is a way to add additional security to your account. The first “factor” is your usual password that is standard for any account. The second “factor” is a verification code retrieved from an app on a mobi...

  Hi everyone and welcome back on this new write-up. Today, I would like to talk about a vulnerability I found on some programs that allowed me to bypass their 2FA protections. On a side note, due to the fact that the programs are private, all the informations about the websites will be redacted. That’s said, let’s start ! Introduction: As many hunters, when I start my research on a new bug bounty program, I use the application as a lambda user. This allow me to understand how the applications work and notice which features can be interesting to test. I noticed that the applications had a 2FA feature, I enabled it and I started to play with it. For those who are not familiar with the concept of 2FA (Two-factor authentication), this can be defined by: Two-factor authentication  ( 2FA ) is a way to add additional security to your account. The first “factor” is your usual password that is standard for any account. The second “factor” is a verification code retrieved from an app o...

 

  Phishing investigation Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.   In SIEM investigation. Phishing mails reports us 1. Customers 2. Employees or 3. We get alert In SIEM tool.   The investigation following Firstly we requested to employee or customers to send saved email. Once we receive mail à We have to save mail   Go to properties. Copy the complete in Internet Header information Then we have Threat Intelligence tool Mx tool Box open In Header Analyzer   Then Paste   In Header analyzer part.. Need to check Following point   1. SPF : sender policy   Framework   Find the Original Sender ip address then check reputation of this from various Thr...