The world of cyber security is being updated constantly with sophisticated technology to infuse more life in the eternal struggle between the good and the evil, the hackers and their ethical counterparts.
The year 2020 has seen a lot. Already.
It is only the first quarter of the year and we are isolated altogether!!!
Such is the effect of a global pandemic called Corona.
However there is a similar threat of a different danger that has been there in the virtual world for longer defined by the bad actors in the wild.
This year we have seen the development of a few open source tools, much to the happiness of the cyber security researchers.
Let us discuss them one by one.
A new tool developed by researchers at Bishop Fox is intended to lessen the strain of exploiting Java deserialization bugs, a challenging and often undervalued class of security vulnerabilities found in Java web applications, by starting the trial-and-error effort needed to find potentially vulnerable Java libraries used in remote applications.
GadgetProbe is in tandem with other deserialization vulnerability discovery tools, such as Gadget Inspector.
"Given a list of libraries, GadgetInspector will automatically discover new gadget chains," Jake Miller, security associate at Bishop Fox said, "By feeding the information from GadgetProbe into GadgetInspector, you will be able to develop custom gadget chains unique to the specific set of libraries present in the application you are testing."
Researchers at Delve Labs have engineered an open source tool that uses machine learning to emphasize potential security threats in network device data. The utility is called Batea, a reference to the instrument which gold prospectors use to find streaks of gold embedded in the sand and shale scooped up from riverbeds.
It is an open source tool that leverages machine learning to find valuable information in network device data.
Batea takes an XML version of an Nmap report and applies a series of transformations to create a matrix of numerical features about each device, such as the number of open ports, the complexity of the hostname, or the IP address octet.
It then uses Isolation Forest, an unsupervised machine learning algorithm suitable for anomaly detection, to find the outstanding assets in the network.
"It's easy to make the parallel between gold mining and penetration testing, or even malicious network intrusion," Serge Olivier Paquette, research lead at Delve Labs said.
"When trying to infiltrate a network, one has to separate muddy, uninteresting devices to focus attention on the heavier and shiny targets early on in the process."
Academics have released a tool designed to bypass deep packet inspection (DPI) to the open source community. Named as SymTCP, the software is described as a mean to "automatically discover subtle discrepancies between two TCP implementations".
SymTCP can be used to find differences between a server and DPI, and exploit these differences to avoid deep packet inspection.DPI can be priceless for preventing buffer overflow and man-in-the-middle attacks in corporate setups, but it can also be used to conduct surveillance and establish censorship blocks at the ISP level.
SymTCP first runs ‘symbolic execution' on a server's TCP implementation, and the resulting scan collects execution paths labeled as either ‘accept' or ‘drop' for packet inspection. The DPI system is then checked with generated packet sequences to ascertain which, if any, are processed in the same way by the DPI and the server. If discrepancies in handling are detected, the open source tool is able to create packets that can reach core elements in the code responsible for accepting or dropping requests, thereby potentially avoiding DPI middle box checks.
From offense to defence, Google has developed a tool for Linux machines that combats USB keystroke injection attacks by flagging suspicious keystroke speeds and blocking devices classified as malicious.
In a post on the Google Open Source blog, Google security engineer Sebastian Neuner explained how the tool uses two heuristic variables – keystroke speed and time between keystrokes – to distinguish between benign and malicious inputs.
Neuner advises users to recalibrate the default parameters by gauging their own typing speed using online utilities whilst running the Google tool in ‘monitoring' mode.
"The tool is not a silver bullet against USB-based attacks or keystroke injection attacks, since an attacker with access to a user's machine (required for USB-based keystroke injection attacks) can do worse things if the machine is left unlocked," Neuner said.
As the war between life and death intensifies by the day so does the tug-of-war between the threat actors and the ethical hackers.
The biological struggle against Corona will end one day, but the virtual war will last.
ISOEH is the oldest organization which teaches the cyber enthusiasts the latest techniques of internet security.
Read on to know more about being safe with the internet.
The recent pandemic was unexpected and unknown to most part of the world. It has changed our life and we are slowly adapting to our new lifestyle. The risks associated with the new lifestyle, both personal & corporate, are unknown to most of us.Read Details