Tuesday, October 31, 2017

DLL - explicação




DIREITOS DE ACESSO
Cada célula na matriz representa os direitos de acesso concedidos a um determinado assunto para interagir com um objeto particular. Como a matriz lista todos os assuntos e todos os objetos no sistema, ele mostra todos os direitos concedidos. Quando falamos sobre o acesso à RAM, as opções de acesso incluem:

• Acesso de leitura / gravação permitido (RW abreviado)
• Apenas acesso de leitura, sem escrita (omita o W; mostre apenas R-)
• Nenhum acesso permitido (omite R e W, mostre dois hifens)

O sistema operacional sempre possui acesso completo de leitura / gravação à RAM usada pelos processos que executa. Isso permite que ele crie processos, para garantir que eles se revezem e removê-los do sistema quando eles terminaram a execução ou se portarem mal.
Em sistemas modernos, os programas geralmente contêm várias seções de controle separadas. Uma seção de controle contém o procedimento "principal" no qual o programa começa e termina. Outras seções de controle geralmente contêm bibliotecas de procedimentos que são compartilhadas entre vários programas diferentes. No Microsoft Windows, estas são chamadas de "bibliotecas de links dinâmicos" e carregam um sufixo ".dll".





ACCESS RIGHTS
Each cell in the matrix represents the access rights granted to a particular subject for interacting with a particular object. Because the matrix lists all subjects and all objects on the system, it shows all rights granted. When we talk about RAM access, the access choices include:
  Read/write access allowed (abbreviated RW)
  Read access only, no writing (omit the W; show only R-)
  No access allowed (omit both R and W; show two hyphens)
The operating system always has full read/write access to RAM used by processes it runs. This allows it to create processes, to ensure that they take turns, and to remove them from the system when they have finished execution or they misbehave.
In modern systems, programs often contain several separate control sections. One control section contains the “main” procedure where the program begins and ends. Other control sections often contain procedure libraries that are shared among many different programs. On Microsoft Windows, these are called “dynamic link libraries” and carry a “.dll” suffix.
(Smith 81)

Saturday, October 28, 2017

Risky online dating apps putting your privacy in danger


You may not be as anonymous as you think.
Risky online dating apps putting your privacy in danger
If you weren't nervous enough about the prospect of meeting a complete stranger after connecting on an online dating app, there's something else to worry about.
Just how carefully is your app keeping your personal information and location out of other people's sight?
Researchers at Kaspersky have taken a look at a number of online dating apps for Android and iOS, and found that some are doing a pretty poor job of securing users' details.
Firstly, some apps encourage users to enter their place of work on their profile:
First of all, we checked how easy it was to track users with the data available in the app. If the app included an option to show your place of work, it was fairly easy to match the name of a user and their page on a social network. This in turn could allow criminals to gather much more data about the victim, track their movements, identify their circle of friends and acquaintances. This data can then be used to stalk the victim.
More specifically, in Tinder, Happn and Bumble users can add information about their job and education. Using that information, we managed in 60% of cases to identify users’ pages on various social media, including Facebook and LinkedIn, as well as their full names and surnames.
In addition, some dating apps were found to track users' location - displaying the distance between a malicious party and a target. If a target was staying in one place, a hacker could feed an app bogus co-ordinates and receive information about their relative distance to track down the location of the person they were interested in.
The researchers reported that users of the Tinder, Mamba, Zoosk, Happn, WeChat, and Paktor apps were particularly susceptible to having their location determined.
Risky online dating apps putting your privacy in danger
Meanwhile, some apps were guilty of elementary security failures - transmitting sensitive information in an unencrypted format, opening opportunities for an attack to intercept the data in transit:
Most of the applications use SSL when communicating with a server, but some things remain unencrypted. For example, Tinder, Paktor and Bumble for Android and the iOS version of Badoo upload photos via HTTP, i.e., in unencrypted format. This allows an attacker, for example, to see which accounts the victim is currently viewing.
So, what should you do about this?
The first rule has to always be to think carefully about what information you share online (including in dating apps). Even if the information you have provided to the app isn't in itself enough to identify you, remember that chances are that you have left plenty of other information about yourself lying across the internet (maybe on Facebook on LinkedIn for instance) which will help someone to track you down.
Image searchIt may even be possible for an attacker to conduct what are known as "reverse image searches", where rather than type words into a search engine to look for something, someone could use the image that you have posted on a dating app and see if a similar image appears anywhere else online.
My guess is that many people may be quite happy using the same flattering snap of themselves in a dating app as on a social network or Instagram.
The other issue is that clearly some of these apps are poorly written. Your dating app may contain vulnerabilities that could lead to you unwittingly leaking your personal information, or provide clues that could lead someone to determining your true identity or location.
Depending on the vulnerability there may or may not be ways in which you can protect yourself from this - but I would always recommend using a secure VPN to protect your privacy when connected to the net via public Wi-Fi (even better use 3G or 4G if you're unsure about the Wi-Fi) and as a general rule only share information you don't mind ending up appearing in public online.

Patching



DNS attack and Defense





Risk Management framework


SUBVERTING THE CHAIN OF CONTROL



  Bootstrap the computer from a separate USB drive or DVD that contains an OS controlled by the attacker. This bypasses Alice’s normal operating system and uses the different, bootstrapped one to modify her hard drive.
  Trick Alice into running software that attacks her files. If she starts a process, the process has full access to her files.
  Trick the operating system, or an administrator, into running a subverted program with administrative or system privileges. This often allows a program to bypass security restrictions. This is how the Morris Worm attacked through the finger process.
We can install security measures to block these vulnerabilities, but we need to decide that these are risks worth addressing. This depends on the threat agents who might bootstrap her computer.

(Smith 76)

Os transbordamentos de buffer

Os transbordamentos de buffer são um problema contínuo e alguns culpam a linguagem de programação C, que foi usada para escrever muitos programas modernos, processos de protocolo e sistemas operacionais. As bibliotecas de programação originais para C não forneceram verificação de limites para entrada orientada para texto. Isso pode ter feito programas mais eficientes quando os computadores eram menores e mais lentos, mas os riscos de transbordamento do buffer não justificam mais os ganhos de eficiência.
Linguagens de programação modernas, como Java e muitas linguagens de script, verificarão automaticamente o estouro ou o transbordamento de buffer. No entanto, muitos programadores ainda usam C. As bibliotecas C modernas fornecem maneiras de verificar o estouro do buffer, mas nem todos os programadores os entendem e usam.


(Smith 66)
Smith, Richard E. Elementary Information Security, 2ª edição. Jones & Bartlett Learning, 20150223. Arquivo do VitalBook.

BUFFERS


Embora a maioria das instruções do computador envolvam aritmética de algum tipo, nem todos os dados são estritamente numéricos. Uma grande quantidade de processamento envolve blocos de texto ou outros dados estruturados ou dados "não processados" que estão sendo movidos entre circuitos de I/O, como os de conexões de rede.
Um roteador de rede é responsável por dirigir o tráfego de rede na Internet. Um roteador ocupado em um site grande transfere significante quantidades de dados enquanto tenta realmente "procurar" o mínimo possível. O roteador tenta passar o tempo todo dando comandos aos circuitos de I/O da rede. Quando gasta tempo olhando os dados dentro de uma mensagem de rede, atrasa a entrega da mensagem.
Quando os circuitos de I/O do roteador recebem uma mensagem de rede, os dados são lidos em uma área na RAM. Uma área na RAM usada para mover dados é chamada de buffer. No máximo, o roteador analisa alguns bytes no início do buffer e então informa uma interface de rede para transmitir o conteúdo do buffer em outra rede. Buffers sempre residem em uma seção de dados. Se o buffer for usado apenas dentro de um procedimento específico, o buffer provavelmente residirá na pilha(stack).


(Smith 57)
Smith, Richard E. Elementary Information Security, 2ª edição. Jones & Bartlett Learning, 20150223. Arquivo do VitalBook.
A citação fornecida é uma diretriz. Verifique cada citação para verificar a precisão antes de usar.

Wednesday, October 25, 2017

André Franco Montoro





Estava a caminhar no aeroporto de Guarulhos e li esta frase sobre integração.
Acredito que se os países não se unirem, é muito difícil competir com os G7 e por conseguinte, coloco aqui a importância do Brasil tornar seu povo letrado em espanhol e inglês. Sem essa comunicação, não teremos um diálogo frutífero e intercambiável com a América Latina.







Primeiro robô doméstico de companhia totalmente brasileiro

Saturday, October 7, 2017

Interview Questions - CEH

This appendix presents various questions you’re likely to be asked by prospective employers when you interview for a job position after completion of CEH. These questions tend to test the overall security aptitude as well as the technical competence of the candidate.


What is the difference between encoding, encryption, and hashing?

The purpose of encoding is to transform data so that it can be properly (and safely) consumed by a different type of system, e.g. binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it’s able to be properly consumed.
The purpose of encryption is to transform data in order to keep it secret from others, e.g. sending someone a secret letter that only they should be able to read, or securely sending a password over the Internet. Rather than focusing on usability, the goal is to ensure the data cannot be consumed by anyone other than the intended recipient(s).
Hashing serves the purpose of ensuring integrity, i.e. making it so that if something is changed you can know that it’s changed. Technically, hashing takes arbitrary input and produce a fixed-length string that has the following attributes:
  1. The same input will always produce the same output.
  2. Multiple disparate inputs should not produce the same output.
  3. It should not be possible to go from the output to the input.
  4. Any modification of a given input should result in drastic change to the hash.
https://danielmiessler.com/study/encoding-encryption-hashing-obfuscation/ 

-----------

What is the difference between proxy, firewall, IDS, and IPS?

  • Firewall - A device or application that analyzes packet headers and enforces policy based on protocol type, source address, destination address, source port, and/or destination port. Packets that do not match policy are rejected.
  • Intrusion Detection System - A device or application that analyzes whole packets, both header, and payload, looking for known events. When a known event is detected a log message is generated detailing the event.
  • Intrusion Prevention System - A device or application that analyzes whole packets, both header, and payload, looking for known events. When a known event is detected the packet is rejected.
The functional difference between an IDS and an IPS is a fairly subtle one and is often nothing more than a configuration setting change. For example, in a Juniper IDP module, changing from Detection to Prevention is as easy as changing a drop-down selection from LOG to LOG/DROP. At a technical level, it can sometimes require a redesign of your monitoring architecture.
Given the similarity between all three systems, there has been some convergence over time. The Juniper IDP module mentioned above, for example, is effectively an add-on component to a firewall. From a network flow and administrative perspective, the firewall and IDP are functionally indistinguishable even if they are technically two separate devices.

  • A firewall (usually) sits at the network perimeter of the system, whereas an IDS/IPS can not only work at the network level, but also work at the host level. Such IDS/IPS systems are called host-based IDS/IPS. They can monitor and take action against running processes, suspicious log-in attempts, etc. Examples include OSSEC and osquery. Perhaps anti-virus software can also be considered as a kind of IDS/IPS.
  • A firewall is probably easier to understand and to be deployed. It can also work on its own. But an IDS/IPS is more complex and probably needs to be integrated with other services. For example, the outcome of IDS will go into SIEM for correlation analysis, for human analysts, etc.
  • At least for "traditional" firewall, the core is a rule-based engine. But IDS/IPS might also use anomaly-based detection based methods to detect intrusion.
https://security.stackexchange.com/questions/44931/difference-between-ids-and-ips-and-firewall 

--------------

How does asymmetric encryption work?




How does SSL work?



What is TLS and how is it different from SSL?

TLS is the new name for SSL. Namely, SSL protocol got to version 3.0; TLS 1.0 is "SSL 3.1". TLS versions currently defined include TLS 1.1 and 1.2. Each new version adds a few features and modifies some internal details. We sometimes say "SSL/TLS".
HTTPS is HTTP-within-SSL/TLS. SSL (TLS) establishes a secured, bidirectional tunnel for arbitrary binary data between two hosts. HTTP is a protocol for sending requests and receiving answers, each request and answer consisting of detailed headers and (possibly) some content. HTTP is meant to run over a bidirectional tunnel for arbitrary binary data; when that tunnel is an SSL/TLS connection, then the whole is called "HTTPS".
To explain the acronyms:
  • "SSL" means "Secure Sockets Layer". This was coined by the inventors of the first versions of the protocol, Netscape (the company was later bought by AOL).
  • "TLS" means "Transport Layer Security". The name was changed to avoid any legal issues with Netscape so that the protocol could be "open and free" (and published as a RFC). It also hints at the idea that the protocol works over any bidirectional stream of bytes, not just Internet-based sockets.
  • "HTTPS" is supposed to mean "HyperText Transfer Protocol Secure", which is grammatically unsound. Nobody, except the terminally bored pedantic, ever uses the translation; "HTTPS" is better thought of as "HTTP with an S that means SSL". Other protocol acronyms have been built the same way, e.g. SMTPS, IMAPS, FTPS... all of them being a bare protocol that "got secured" by running it within some SSL/TLS.
https://security.stackexchange.com/questions/5126/whats-the-difference-between-ssl-tls-and-https

So then, should I choose TLS or SSL?

If you are configuring a server, you must install software that supports the latest versions of the TLS standard, and configure it properly.  This ensures that the connections that your users make are as secure as possible.  Using an excellent security certificate will also help a lot — e.g. one with 2048+ bit keys, Extended Validation, etc.  You should avoid using SSL v3 and should use only strong ciphers, especially if compliance of any kind is required.
If you are configuring a program (especially an email program) and have the option to connect securely via SSL or TLS, you should feel free to choose either one…. as long as it is supported by your server.
Note: many web browsers have special preference areas that allow you specifically enable/disable SSL v2, SSL v3, TLS v1.0, etc.  In these cases you are actually telling the browser what versions of these security protocols you will allow your browser to use when establishing secure connections. We recommend turning off SSL v2 and SSL v3 (they provide no real security).  Some web sites may support SSL v3 only; if you encounter one of these … please let them know that they are seriously behind the time and doing themselves and their visitors a serious disservice by pretending to provide safety while actually only providing broken, ancient encryption.
https://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html




Can you name a critical vulnerability found in SSL during recent times?

POODLE (CVE-2014-3566)

The Padding Oracle On Downgraded Legacy Encryption (POODLE) attack was published in October 2014 and takes advantage of two factors. The first is the fact that some servers/clients still support SSL 3.0 for interoperability and compatibility with legacy systems, and the second factor is a vulnerability that exists in SSL v3.0 which is related to Block Padding.
The Client initiates the Handshake and sends the list of the supported SSL/TLS versions. An attacker intercepts the traffic, performing a Man-in-The-Middle (MiTM) attack, and impersonates the Server until the Client agrees to downgrade the connection to the vulnerable SSL 3.0.
POODLE attack
Now that the connection between Client and Server is established on a vulnerable SSL version, the attacker can perform the actual POODLE attack. The vulnerability exists in Cipher Block Chaining mode. Since Block Ciphers have fixed length, if the data in the last block is not a multiple of its size, then padding is added to fill the extra space. One of the problems is that padding value is ignored by the server and checks only if padding length is correct as well as Message Authentication Code (MAC) of the plaintext. That means the receiver (Server) cannot verify if padding value has been modified.
https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/


What is port scanning? How can port scanning be prevented?  •   What is a man-in-the-middle attack? Can it be prevented?  •   What is the difference between false positive and false negative?  •   What does the term “defense in depth” mean?  •   What is a stateful inspection by a firewall?  •   What is a DMZ? Which systems should be placed in DMZ?
https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/

------

Is SSH completely secure?

Nothing is "completely safe"; the question is whether it adds any additional risks.
The SSH protocol sends the client's public key encrypted, only after it has negotiated a symmetric session encryption key with the server. So an adversary that eavesdrops on the connection doesn't learn the client's public key. This means that publishing it does give the adversary an extra piece of information they wouldn't have otherwise.
But what can the adversary do with that additional information? Well, this all hinges on whether the attacker can break RSA. Let's consider two subcases. (I'll assume that both the server and the client's RSA keys are large enough to be secure in the first place—2048 bits or more.)

The adversary has a general attack on RSA that requires knowledge of the public key

By general attack, I mean one that breaks RSA irrespective of what key you use. For example, this would be something like an efficient algorithm for solving the RSA problem (e.g., a polynomial-time prime factorization algorithm) or by building a practical quantum computer.
In this case it doesn't matter whether you publish your client public key or not, because SSH and every other application that uses RSA would be completely broken. So no additional risk.

The attacker has an attack against a subset of "weak" RSA public keys

This is a real-life problem. There are some systems that, because of faulty key generation algorithms or faulty random number generators, choose RSA keys that are actually vulnerable to attack. The most notable example is that the Debian GNU/Linux distribution shipped with a weak random number generator for nearly two years (September 2006 to May 13th, 2008)A 2011 survey of 7.1 million RSA keys in the public Internet found that about 0.4% of 1024 RSA public keys they saw were weak.
If your client public key is such a weak key and you publish it, then an attacker who obtains it may be able to tell so and exploit this fact. They would then be able to log in to the SSH servers that you use that key to authenticate to. That would indeed be an additional risk.
If your server has such a weak public key, then that server is insecure; an attacker can eavesdrop on the connections, which allows them to learn your public key anyway. So, in this case, there's no additional risk.

Conclusion

The additional risk from publishing your SSH client public key is small but not zero. The biggest risk is that your client public key is a weak one, something caused by faulty software. If you're going to publish a client public key you might want to take steps to make sure your key isn't a weak. For example:
  • Check your public key against a weak key tester tool
  • Generate your client keypair on a system where you've done due diligence to make sure that it won't give you weak keys. For example:
    • Apply all security patches to your operating system, particularly those that address issues with its random number generator, SSH, or any libraries that SSH depends on.
    • Take measures to ensure that the system has access to a good entropy source. (Complicated topic.)
shareimprove this answer


What is BYOD and what are the common security concerns associated with it? 
What are the different layers of the OSI model? Explain each layer in brief. 


What are honeypots?  •   How do you keep yourself updated with the latest trends in Information Security?  •   Which OS do you feel is more secure, Linux or Windows?  •   How does Kerberos work?  •   What is a zero-day vulnerability? Can it be prevented?  •   What is a rainbow table attack? How can it be prevented?  •   What is the difference between a hub, switch, and router?
What are some common security concerns in Cloud computing?  •   What is the difference between vulnerability assessment and penetration testing?  •   What are the high-level steps to perform vulnerability assessment and penetration testing?  •   What tools do you normally use for vulnerability assessment and penetration testing? Which tool you find the best and why?  •   Is it possible to hack into a system without using any tool?  •   What is the difference between active and passive information gathering?  •   How does HTTPS make a website secure?  •   What is a SQL injection attack? What are its types?  •   What is a XSS attack? What are its types?  •   What is CSRF? How can you prevent it?  •   What is the difference between white box application security testing and black box application security testing?  •   What standards do you refer to for web application security and related vulnerabilities?  •   Will a Layer 3 firewall be useful in protecting the web application against common attacks? If yes, then to what extent?  •   How does HTTP handle state?  •   How do you identify that an application is vulnerable to blind SQL injection attack?  •   What are the top five mobile application security threats?  •   What is the difference between a standard, a policy, and a procedure?  •   Name a vulnerability for each OSI layer.

© Sagar Ajay Rahalkar 2016 187 S.A. Rahalkar, Certified Ethical Hacker (CEH) Foundation Guide , DOI 10.1007/978-1-4842-2325-3

IDS

In our work, we assume that the monitored network is covered by multiple heterogeneous IDS systems (nodes). These heterogeneous IDS nodes detect attacks and intrusions by using various detection mechanisms and types of input data-netflows, signatures, logs, etc. We introduce a game-theoretical framework for a distributed co-adaptation that requires the following assumptions:
– Local self-monitoring - all IDS nodes should be able of a local reconfiguration to adapt on the current state of the network according to the proposed game model.
– Interoperability - outputs of all nodes should be in the standardized format (e.g. Intrusion Detection Message Exchange Format - IDMEF [4]), allowing their interaction even if their detection mechanisms are different. We will refer to these outputs as events.
– Communication - maintaining robust and reliable communication among multiple IDS nodes is essential assumption in the distributed collaboration. We will discuss this aspect further in this section more in detail.
– Security - for security reasons, nodes do not provide information about their internal state. Furthermore, secure communication channel should be provided to reduce the possibility of attacker’s manipulation with the system.
– Traffic assumptions - strategic deployment of IDS nodes in the network is important to provide relevant information to the game model.


International Conference on Autonomous Infrastructure, Management and Security, & Sadre, R. (2012). Dependable networks and services: 6th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2012, Luxembourg, Luxembourg, June 4-8, 2012: proceedings. Heidelberg: Springer.

Friday, October 6, 2017

TFTP through PXE

A system administrator needs to install an operating system onto a new server in a remote location using PXE. Which of the following methods will BEST accomplish this?
A.
SSH
B.
RDP
C.
TFTP

D.
HTTP


Remote Hybrid and Office work