Yet Another Recursive/Ridiculous Acronym (YARA) is a multi-platform tool for matching patterns of interest in malicious files. It was created by Victor Alvarez from VirusTotal. It is used to perform research on malware families and identify malware with similar patterns. It can help in categorizing malware in different malware families, and can also be used…
Month: December 2021
Try Hack Me – Advent of Cyber 3 – Day 20 – Malware Analysis
Key learnings: Use Remnux VM to analyze suspicious files. Syntax to check the file type file <filename> strings utility extracts and prints the printable character sequences from a given file or what’s also known as ‘strings’. VirusTotal is a website that will scan files, URLs, IP addresses, domains, or a file hash you provide using 60+ different…
Try Hack Me – Advent of Cyber 3 – Day 19 – Phishing
The definition of Phishing according to the MITRE ATT&CK Framework: “Adversaries may send phishing messages to gain access to victim systems. All forms of phishing are electronically delivered social engineering. Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such…
Try Hack Me – Advent of Cyber 3 – Day 18 – Containers
Containers are a virtualization mechanism similar to Virtual Machines (VMs), and container images are based on the Open Container Initiative Distribution Specification. However, when someone talks about “Docker” or “containers”, they often are talking about multiple container technologies that work together. Specifically, the term “Docker” is used to describe: Docker API – a local communication interface on…
Try Hack Me – Advent of Cyber 3 – Day 17 – ShadowIT & AWS
Shadow IT Sometimes business units go around corporate IT, procurement, legal, and security when they need to get the job done quickly. This leads to security teams not knowing what they need to protect and systems not built to IT or Security standards. Amazon S3 Amazon S3 (Simple Storage Service) is the hosted object storage service….
Try Hack Me – Advent of Cyber 3 – Day 16 – Open Source Intelligence (OSINT)
OSINT & The Digital Footprint OSINT stands for Open Source Intelligence, information that can be obtained from free and public sources. Offensive teams commonly use OSINT to perform reconnaissance on a target, an individual, or a corporation. Agencies and law enforcement can also leverage OSINT to gather information. OSINT is an extensive-term. It is an…
Try Hack Me – Advent of Cyber 3 – Day 15 – Cyber Careers
There were no exercises today, but 4 posts regarding careers in Cybersecurity. Someday I’ll come back and write a post on that. Meanwhile here’s the interview I did with Gyandhan on getting started with Cybersecurity and NEU admission process.
Try Hack Me – Advent of Cyber 3 – Day 14 – CI/CD
What is CI/CD?CI: Continuous Integration is the process in which software source code is kept in a central repository (such as GitHub). All changes are stored in this central repository to avoid ending up with different versions of the same code. CD: Continuous Delivery is the following (sometimes integral) step of the continuous integration model…
Try Hack Me – Advent of Cyber 3 – Day 13 – Privilege Escalation
Privileges A privileged account (such as Administrator on Windows systems or Root on Linux systems) will allow users to access any file on the system and make any changes they need. The best practice is to always allow an account with a lower privilege (aka Least Privilege) and then grant additional access when required. On…
Try Hack Me – Advent of Cyber 3 – Day 12 – NFS
Network File System (NFS) is a protocol that allows the ability to transfer files between different computers and is available on many systems, including MS Windows and Linux. Consequently, NFS makes it easy to share files between various operating systems. We can see the shared files using the command showmount. The -e or –exports show the…