Monday, November 22, 2021

Polymorphic Viruses

Polymorphic Viruses By Ashley J. Oliver

A polymorphic virus has the capability of changing its own code, enabling it to have many different variants, making it harder for antivirus software to detect.

Why is it so scary? it can change itself, usually virus scanners can’t pick it up because there are so many different forms or versions of it.

Simply put, a virus can be an application or an actual string of code that intends to poison software. Viruses can affect code the same way that they can affect human beings. You catch a virus, it spreads, and your sick. All it takes to get into your system is to “catch” it. Once the virus gets in it can and will spread to multiple segments of your system or code.

One example of a virus is a Polymorphic Virus. This particular type of computer virus is amongst the most complicated because it duplicates/recreates itself and is also self-encrypted. While most of us are using AntiVirus (AVR) software to detect these types of intrusions, this virus can completely bypass your scanner because of the creation of itself in multiple variants.

What is the best approach for protection?

While it is highly recommended that you employ some type of AVR (Anti-Virus Removal) in your network, there is a bigger picture approach that will help “stave” off these malicious code attacks. Think in terms of Layered Security, what else can you do besides JUST having a virus scanner? Have you considered utilizing Antimalware as well? Yes, AVR scans for viruses, but Antimalware is actually designed to defend against actual malware attacks (malicious code attacks), what about Threat Detection? Do you have Email Security? Just some food for thought.

Monday, August 30, 2021

The Importance of Understanding Cybersecurity as a Professional and Student - CIA - Integrity

Oftentimes, most of us think of terms like ‘Hacking, and Hacker’ as some sort of nefarious individual that can hack into our Facebook accounts and steal our data. While there are impersonators, imposters, and deceptive individuals active and present on platforms like Facebook, the truth is that these are indeed NOT actual Hackers. 

First and Foremost, like any Security Professional will tell you, it is true that you must have the ability to think like a hacker in order to fully secure your system. This is true. However, all of us who work in the Cybersecurity Industry in the USA must uphold ourselves to a
higher standard because of the information and skills that we learn on the job.  A true security professional is aware of the implications of misusing and/or abusing their power.

Such as, legal implications. I was once at an ISC2 conference in New Orleans back in 2018 when a round-table conversation sparked a story about a professional who was hired to perform a Penetration Test for a Mid-Size Corporation in the Midwest. This professional was way more advanced professionally than me at that point, he was a Pro Pen Tester, and he knew what he was doing. He was very good at his job.

Long story short, and fast forward to what happened. He was thrown in jail while performing recon on the target. As it turned out, he was hired by a disgruntled janitor posing as a Manager at the company. This Janitor did not have the authority to hire him to perform this work. Therefore, when the Pen Tester called from jail and tried to explain that he was there to perform a sensitive job, it didn’t matter, because all of the signatures were from the Janitor, not management.

From my perspective, this is a high-level pen tester with years of experience, and even he fell victim to impersonation. That being said, be careful who you get your information from. You never know when you could be a target of deception, and not everyone who claims to be a ‘Hacker,’ or ‘Manager’ for that matter, actually is one.  

I myself have been questioned many times throughout my cyber career by civilians asking why I don’t just hack people’s phones, or social media platforms. I know the answer, and I know the reason why. Furthermore, I take my responsibility as a Cyber professional very seriously and I’d rather not end up in jail for practicing blue snarfing on someone’s headset. I can, but I won’t.

If you are interested in becoming a Cybersecurity Professional, or more specifically an Offensive Security Pro,  I recommend that you do your own research, read the books, articles, join the groups, reach out to other professionals in the field, take the classes, go to meetups, and learn as much as you can before testing/deploying/etc.

About the Author: Ashley Oliver is an experienced Cybersecurity Consultant, Engineer, Mentor and Teacher based in the Central New York area. Ashley has over 11 years of experience. Ashley is a SME in several areas of security including Network Security Engineering, Architecture, Policy, Standards, and Compliance. Ashley's rare and unique experience is based on her love for the Shell, and perfect design. Ashley has knowledge of NIST, and is very proficient in Layered Security, DLP, Encryption, IPSec, and more. She has a highly technical background, which is command-line (CLI) intensive, as well as high-level design and customer interfacing experience.  Ashley is always more than willing to share and to teach.

Questions? Email: olivercomsolutions@outlook.com

Interested in Ashley's Cybersecurity Mentorship Program? Book Your Discovery Call Here


 

Sunday, May 16, 2021

America is in Desperate Need of Overcoming Adversity, and so is our Infrastructure

It was 2019 when I lost my job. A job I didn't like to begin with.

When I entered the office in East Syracuse, something was off. No one looked up from their computers. These people who I thought were more than just 'colleagues.' There was no chit chat about Maria's window plants, or Patty's Sunday Service. All, just cowardly staring down at their keyboards, as if they didn't see me enter the building, as if they knew something they thought I didn't. I saw my manager out of the corner of the window in my office. I walked in, looked at him, saw the HR person on the monitor, and shut the door. 

I did not listen to a single word that was said that day. I can remember checking out, and staring out the window. Mad - that I washed my hair for this meeting that totally could have been put in an email. I cried, but not because I was losing my job, rather, because I wasted a year of my life pretending to be the kind of person who enjoys not working and sitting around waiting for meeting requests. They let me go anyway. I still remember as if it were yesterday, limping out of there (I made my manager carry my things to my car). My ego and pride were damaged. But I told him, I was meant to do something bigger than this. And that I did.

In the year 2020 I have earned more than most CEOs in America. I re-built my business and my brand. I made a name for myself. I started public speaking and mentoring other people, a truly rewarding job. I studied the most rigorous cyber engineering programs. And I was honestly happier. I chose not to let the disaster of the world around me get me down. Unfortunately, I don't feel that I can say the same for almost everyone right now.

When I think back to those days I am reminded of how strong of a person I really am. I can endure anything, and I have. Perhaps this is why I am so short and brazen with most people. I feel like a lot of people have lost their strive. Many of my clients are not showing interest in earning more, pursuing more, doing more. Business seems slow, it feels like we are all just "waiting." What are we waiting for?

The Pipeline Cyber Attack is a prime example of just how desperately we need Cyber Talent. I have spent countless days, and nights working with people who say they want a change - but when it's time to burn the midnight oil they disappear. Or, truthfully speaking - when I mention my rate, off they go. This is unfortunate, not only for me, but for them. You see, I offer a service is unlike any other. My clients have a 99.9% success rate. I always prepare people for jobs in our industry. My phone rings like crazy. I'm feeling a little burnt out at this point, like I'm the last man standing - and no one else will stand up. 

It is evidently clear to me at this point that people have lost their motivation, and I am not here to push you. You have to push yourself. You have to believe in yourself. You have to know that you can do this job. You have to know that you can solve problems under pressure. You have to be confident. You have to be competent. And so on. If you want to be comfortable and keep "waiting" for this pandemic to end, please - click off.

Sunday, May 2, 2021

Penetration Testing for Beginners

 

 
Come learn how to hack using the latest Kali Linux Distro :) and when you're done, come back and learn how to quickly become a Penetration Testing Consultant! -Ashley

Friday, April 2, 2021

Consultation Calls for Recent Cybersecurity Graduates & Professionals

 I'm so happy and grateful to have gained a following of truly passionate persons who are able to completely transform their lives. Throughout my years as a Job-Land-Mentor, I have watched candidates shift from recent Cybersecurity Graduates, Stay-at-home-moms, Property Managers, and many more, into Cybersecurity Professionals; Software Developers, Cybersecurity Analysts, and Engineers.

Cybersecurity is no-joke. If you want to get a job in our field; you have to be completely prepared for the phases of Interview-Seeking, Interview-Tactics, Securing Job Offers, and Negotiating. This is my specialty. 2021 presents us with the opportunities to Secure the 3.5 Million open Cybersecurity positions. My Mentorship will transform you into a Confident, Master of your Craft, and Master of Job-Security Professional.

In order to be considered for my Mentorship, Candidates must come full technically equipped. A few pointers to help you:

  • Candidate Must have Completed Relevant Cybersecurity Matriculation Program or Professional Cybersecurity Bootcamp
  • Self-Taught Candidate Must provide evidence in her or his ability to Speak Technical
  • Candidate Must be willing to NEVER take NO for an ANSWER
  • Candidate Must be willing to be brave, this journey is not easy; if it were easy, everybody would be doing it
  • Candidate Must have FUN! I take the boring out of Job-Seeking and Interviewing, if I don't make you laugh you get a Money-Back Guarantee 

1X1 Consultation