Posted on by Leave a comment

Beginners guide to cybersecurity

Hello, aspiring ethical hackers. In our previous blogpost, you learnt about ethical hacking. In this article, you will learn what is cybersecurity. Cybersecurity and ethical hacking can be confusing to people. That’s because they are closely related but yet they are different. But don’t worry by the end of this article, you will understand clearly the difference between them.

What is cybersecurity?

Cybersecurity is the name give to the complete process of protecting computer systems, network and data from cyber attacks and malware.

Importance of cybersecurity

Now, that you have understood what cybersecurity is, let me explain to you it’s importance. As the world moves more towards digitization, humans increasingly depend on technology and internet. With the difficulty of performing a hacking attack becoming simple day-by-day and threat actors and cybercriminals increasingly evolving their tactics, the role of cybersecurity has become all too important not only for organizations but also individuals.

Principles of Cybersecurity

There are three core principles for cybersecurity. Popularly known as CIA triangle, they are Confidentiality, Integrity and Availability. Let’s learn about each of them in detail.

1.Confidentiality:

Confidentiality ensures that all the sensitive information is safe from unauthorized access.

2. Integrity:

Integrity ensures that the sensitive information is safe from destruction without proper authorization.

3. Availability:

Availability ensures that the information is available to authorized users whenever they need them.

Types of Cybersecurity

Although cybersecurity is a single word, it is a combination of different branches. Let’s learn about each of them in detail.

1.Network security:

Network security refers to protection of the network infrastructure both software and hardware, communication infrastructure, communication protocols etc. This includes all the devices in a network, communication between them and even between them and external assets.

2.Endpoint security:

Endpoint security deals with security of the endpoint devices in the network. These include Desktops, Laptops and other devices that act as access point to an organization’s network.

3. Web security:

This refers to protection of websites, web applications and the infrastructure coming with it.

4. Mobile security:

Mobile security is concerned with security of the mobile devices like mobiles and tablets which are increasingly being used in organizations.

5. Application security

Application security deals with protection of all the applications used in organization.

6. Cloud security:

Cloud security refers to protecting of data, applications and services hosted in private and public cloud environment.

7. IoT Security:

IOT security refers to protection of Internet Of Things (IOT) devices and networks from cyber attack and data breaches.

Cybersecurity vs Ethical hacking

By now you should have clearly understood what cyber security is. Let’s see what is the difference between cybersecurity and ethical hacking. Ethical hacking, also known as penetration testing is a method used to identify security vulnerabilities in a network, software, applications etc by simulating hacking attacks. This is done to assess the security of an organization. Ethical hacking is part of cybersecurity.

Posted on by Leave a comment

Beginners guide to vulnerability management

Hello, aspiring ethical hackers. In our previous blogpost, you learnt what is a vulnerability and about vulnerability scanning. In this article, you will learn in detail about vulnerability management.

What is vulnerability management (VM)?

Vulnerability management is a continuous process of identifying, prioritizing, assessing, remediation, reporting and verification of vulnerabilities in an organization.

Stages of vulnerability management

There are fives stages in vulnerability management. They are ,

1. Identification:

To be able to effectively manage vulnerabilities in an organization and to prevent them from becoming a threat, first and foremost, the vulnerability needs to be identified. For this, vulnerability scanning needs to be performed on all the software, hardware, operating systems and services running in an organization.

2. Prioritizing:

After all the vulnerabilities are identified, they need to be prioritized based on the risk they pose to the security of organization and the impact its exploitation has on it. This stage includes vulnerability assessment and use of vulnerability scoring.

3. Acting on the vulnerabilities:

After all the detected vulnerabilities are classified and assessed based on the risk they pose, the next stage is to remediate or fix the vulnerabilities or at least mitigate the vulnerability. This can be done by patching the vulnerabilities, reducing its exposure etc.

4. Reporting:

The next stage is reporting the vulnerabilities. The reporting is not just limited to the heads of the organizations but also to all stakeholders like public CVE databases, partners or customers. The goal of vulnerability reporting is to bring awareness about the vulnerabilities to others before they become victim of a cyber attack.

5. Reassessing:

The last stage of VM is to once again start the entire process from the beginning. Note that vulnerability management is a cyclical or continuous process that is used to improve the security of the organization.

    Vulnerability management vs vulnerability scanning vs Vulnerability assessment.

    Although these terms are used interchangeably they are entirely different. Vulnerability scanning is the process of identifying the security vulnerabilities in a software or a network of the organization.  Vulnerability assessment is a systematical review of vulnerabilities or weaknesses in an organization. Vulnerability scanning and vulnerability assessment are part of vulnerability management.

    Vulnerability management vs penetration testing

    Many people often confuse VM with pen testing, if not in reading of the terms may be in their use. While VM is useful in finding out and managing the vulnerabilities in an organization, Pen testing is performed to find out and exploit the vulnerabilities and weakness in the applications, system, device and network. Both play equally important and different roles in protecting the organization from cyber attacks.

    Next, learn what is threat intelligence.

    Posted on by Leave a comment

    Sparrow-wifi: a complete guide

    Hello, aspiring ethical hackers. In our previous blogpost, you learnt about LinSSID, the graphical wifi scanner for Linux. In this article, you will learn about sparrow-wifi, a graphical wifi analyzer. Sparrow-wifi is a Python tool that provides a comprehensive GUI based alternative to tools like InSSIder. . This tool can be used to analyze WiFi, software defined radio, bluetooth and GPS etc.

    Its features include,

    1. Basic wifi SSID identification.
    2. Wifi source hunt: Switch from normal to hunt mode to get multiple samples per second and use the telemetry windows to track a wifi source.
    3. 2.4 GHz and 5 GHz spectrum view: Overlay spectrums from Ubertooth (2.4 GHz) or HackRF (2.4 GHz and 5 GHz) in real time on top of the wifi spectrum (invaluable in poor connectivity troubleshooting when overlapping wifi doesn’t seem to be the cause).
    4. Bluetooth identification: LE advertisement listening with standard bluetooth, full promiscuous mode in LE and classic bluetooth with Ubertooth.
    5. Bluetooth source hunt: Track LE advertisement sources or iBeacons with the telemetry window.
    6. iBeacon advertisement: Advertise your own iBeacons.
    7. Remote operations: An agent is included that provides all of the GUI functionality via a remote agent the GUI can talk to.
    8. Drone/Rover operations: The agent can be run on systems such as a Raspberry Pi and flown on a drone (its made several flights on a Solo 3DR), or attached to a rover in either GUI-controlled or autonomous scan/record modes.
    9. The remote agent is JSON-based so it can be integrated with other applications.
    10. Import/Export : Ability to import and export to/from CSV and JSON for easy integration and revisualization. You can also just run ‘iw dev scan’ and save it to a file and import that as well.
    11. Produce Google maps when GPS coordinates are available for both discovered SSID’s / bluetooth devices or to plot the wifi telemetry over time.
    12. Integration with Elasticsearch to feed wireless and optionally bluetooth scan data into Elastic Common Schema compliant indices.

      Let’s see how this tool works. For this, we will be using Kali Linux as sparrow-wifi is available by default in its repositories. We will also be needing a wireless adapter that can monitor wireless packets. I am using ALFA AWUS036NHA adapter for this article.

      Note that Sparrow-frim needs SUDO root privileges to work.

      This is how the interface of sparrow-wifi looks.

      To start scanning for wireless networks click on “scan” button.

      It will display the available wifi networks in 2.5ghz and 5ghz frequencies separately. From the telemetry menu, you can see the telemetry information about any wireless access point. For example, let’s see telemetry of target network “Hackercool_Labs”.

      As you have already read at the beginning of this article, Sparrow-wifi has a hunt mode in which multiple samples per second are grabbed and used to track a wifi source.

      Recently they added a new Falcon Plugin to this tool. Falcon provides the following features.

      1. aircrack-ng integration which allows for the enumeration of hidden SSIDs
      2. client station enumeration
      3. client station probed SSID enumeration
      4. client station connected access point and channel
      5. deauthentication right-click capabilities (single and continuous, targeted and broadcast)
      6. WEP IV captures
      7. WPA password hash capture and hash capture detection

      Falcon Plugin can be accessed from Falcon menu as shown in the above image. First, let’s enable monitoring mode on this tool by clicking “Create monitoring interface” button.

      Immediately, all available wireless access points and clients are displayed. You can export clients to a CSV file using the “Export clients” button.

      Select a wifi access point to target. For example, I select “Hackercool_Labs” as shown.

      Stop the scan. Right clicking on the selected wifi network opens a menu which contains the following options.

      • Copy
      • Telemetry
      • Deauth Broadcast-single
      • Deauth Broadcast-continuous
      • Capture WPA key.

      Let’s select “Capture WPA keys”. After selecting this, you can once again right click on the target access point and select any deauth broadcast. What this does is it with deauthenticates all the clients connected to our access point. Why are we doing this? This will force all the clients to connect to our access point again and hence we get a WPA handshake. Once a key is captured, sparrow wifi will display a message as shown below.

      You can save it to the location you want.

      Then, it will display information on how to crack the key. You can use aircrack or Cowpatty to crack the passphrase.

      That’s all about sparrow-wifi. Next, learn about airgeddon, a multi purpose wireless auditing tool.

      Posted on by Leave a comment

      Beginners guide to LinSSID

      Hello, aspiring ethical hackers. In our previous blogpost on wifi hacking, you learnt everything about wireless networks, their security and different types of attacks. In this article, you will learn about a tool named LinSSID.

      LinSSID is a simple graphical tool that can be used to scan and find all the available wireless networks in the vicinity. Let’s see how this tool works. For this, we will be using Kali Linux, as this tool is available by default in its repositories. We will also be needing a wireless adapter that can monitor wireless packets. I am using ALFA AWVS036NHA adapter for this article.

      Make sure that you don’t enable monitor mode on the wireless adapter.

      When the GUI of LinSSID opens, start scanning by clicking on “Run” button.

      Very soon LinSSID will display all the wireless access points available along with their MAC addresses, channel on which they are operatng, type of security they use used and the strength of their signal.

      You can also see whether wifi access points are running on 2.4ghz and 5ghz.

      From the “view” menu, you can also decide what information about the wifi access point you want to see.

      After detecting the available wireless networks, the information can be used to select the wireless access point whose security you want to audit. You can audit its password strength using tools like aircrack, Fern wifi cracker, Besside or wifite. If you want to create a rogue access point or an evil twin, learn how to do them with wifipumpkin or wifi phisher.

      Posted on by

      Beginners guide to wifi phisher

      Hello, aspiring ethical hackers. In our previous blogpost on Wifi hacking, you learnt about what is a evil twin attack. In this article, you will learn about wifiphisher. Wifi phisher is a rogue access point and evil twin creation framework for conducting wireless security testing. Let’s see how this tool works. For this, we will be using Kali Linux as wifiphisher is available by default in its repositories. We will also be needing a wireless adapter that can monitor wireless packets. I am using ALFA AWVS036NHA adapter for this article.

      Note that Wifi phisher needs root privileges to work.

      After starting, wifi phisher starts scanning for all the access points it can detect.

      Select the wifi access point you want to target. For example, here I select “Hackercool Labs”. Then, this tool will display the available phishing scenarios (Actually, there’s only one here). Select it.

      Then this tool will create a evil twin of this network.

      This is how it looks for any client or users trying to to connect to “Hackercool_Labs” access point.

      Wifi phisher tries to de-authenticate all clients connected to the genuine access point.

      You can see the connected clients.

      When any of the clients tries to connect to the evil twin instead of genuine access point, he will be asked to type password of the genuine access point as shown below.

      Wifi phisher will log all HTTP requests. So you can see password the user is typing.

      Next, learn about wifipumpkin, another powerful wifi rogue access point framework.