The Wealth of Knowledge with Ashley J. Oliver: July 2019

Friday, July 26, 2019

Advanced Persistent Threats (APT)

Ashley Oliver
Oliver COM Solutions, d/b/a

2019 CISSP Candidate

Advanced Persistent Threats (APT)

Patience is a virtue. When applied with skill, vigor, and talent, it can be a gateway to massive movement. This linear disposition can be applied in positive and negative ways. One of my favorite Netflix shows, ‘Love, Death & Robots’ depicts this ideal in one of their episodes where a woman and a man are at war with their minds. Ultimately, the woman wins. She displays patience and strength throughout the battle, she almost loses, but in the end she wins. At the highest level, the skilled attackers who are capable of the most damage apply this same level of resilience. Advanced Persistent Threats (APT).

Much larger than Anonymous, APT’s concentrate on the exploitation of one or more explicit targets. This group of attackers is unlikely to be focused on hacking into your Facebook account, but rather the President’s Twitter, plus his cabinet, plus his family, etc. Certified Ethical Hackers, Pen Testers, et al have to sign an oath because it is our responsibility to learn and think like Hackers in order to best protect. However, unfortunately there are negative entities in the world that use their skill/talent for malicious gain.

Threat Modeling

In my opinion, Threat Modeling is the act of identifying the specific goals of an attacker. Data breach? Stealing information? Taking down a system or website? Each of these ideas are a result of a separate goal, and Threat Modeling helps us to identify the goals of the attacker. Threat Modeling is priority based and categorized pertaining to the asset in question.

Asset Valuation – Focused on Assets

Based on the actual value of the asset. Once the value is determined, the data being hosted needs to have its access controls evaluated. Any threats that attempt to bypass authentication/authorization mechanisms are the focus in this approach.

Identify Attackers – Focused on Attackers

This is the simple act of identifying the attacker and pinpointing the threats they embody.

Software – Focused on Software

Software developers. Most organizations today develop their own software. The more sophisticated said software is, the more likely potential threats against the software can exist.

Sunday, July 21, 2019

Domain Name System (DNS) Exploits

Ashley Oliver

Oliver COM Solutions, d/b/a

2019 CISSP Candidate

Domain Name System (DNS) Exploits

Consider a conversation that you may have with a friend, or even with a total stranger out on the street. How do you start this conversation? Perhaps a smile that leads to a compliment which leads to a full-blown conversation (communication). Well, if you consider network communications, it essentially works the same way. Think further about the conversation with this person, perhaps the conversation evolves into a friendship, or a relationship. By now, you know this person’s name and they know yours, correct? This is an important component of network comms, whereas, addressing and naming are a key element that makes Network Communications possible. This is the fundamental idea behind DNS.

In the IT world, naming conventions, nomenclatures and acronyms are as common as expletives (come on have you ever had to do a migration on a production system)? By the same token, it would be our responsibility to rely on numbering systems to identify computers without our naming schemes. We don’t have the time. Therefore, we use DNS to resolve those number systems to human-friendly IP addresses. I mean, I have no desire to memorize the static IP for Google.com, but I visit it a lot. Never mind the inner workings of DNS for now, that’s for us to know and you to not have to worry about. But in the sense of Cybersecurity, let us take a bit of a deep technical dive into the risks that this service provides.

DNS – TCP and UDP Port 53 is used for ‘zone’ transfers. When a response exceeds 512 bytes, TCP 53 is used, as well as when there are zone file exchanges between DNS servers. UDP 53, is commonly used for most usual DNS queries. Client resolution to a DNS server can happen in a few different ways. First, the client can check its own local cache (with content from the HOSTS file), second, a DNS query can be sent to a known DNS server, lastly, a Broadcast Query can be sent to any possible local subnet DNS server.

Inherent Risks

DNS Poisoning

DNS information can be falsified on the client side, if any of the three steps above fail during initial communication, or resolution, DNS poisoning can then occur at any point. During that failure can ensue the corruption of the HOSTS file or the DNS server query.

Rogue DNS Server

Imagine playing paintball with your friends and then the one guy that’s really good is always sneaking around corners listening in on everybody else to learn their next move. This is essentially the idea behind rogue DNS service. A Rogue DNS Server can listen in for DNS queries on Network traffic. The Rogue DNS server then sends a DNS response to the client with false IP info. It is important that the 16-bit QID is included in the false response.

Proxy Falsification

This is the act of planting false web proxy information into a client’s browser, thus – this method only works against Web comms. The hacker can use the rogue proxy to modify HTTP packets to reroute requests to whichever site the hacker wants. In my opinion, this method can actually lead to an even worse attack because it is essentially luring the end user into following the prompts..what does this remind you of? Phishing? Can we even talk about Social Engineering right now? No. Come back later 😊

How can you protect your Enterprise, Corporate, or Individual Network from these attacks? Well, there are methods to protect, like using the newer DNSSEC to secure your infrastructure, or deploying a NIDS in your network, amongst many others.

For more information on how we can protect your infrastructure and to learn more about the Cybersecurity Consulting services I provide; please visit my website at www.olivercomsolutions.net. Thanks for reading and have a great..I don’t know what day it is. #thanksCISSP

Other ways to reach me:
Facebook
LinkedIn - Ashley J. Oliver
InstaGram - Oliver COM Solutions
Email: olivercomsolutions@outlook.com

Guest - Ashley Oliver - Cybersecurity, Cash, and You

Even though these are huge advances to the technology community, we still have to be concerned and be aware of the cyber risks that are imposed because if we're not, then we're gonna just make ourselves a target for those types of attacks. Kelly and Karin chat with Ashley Oliver, Syracuse's resident cybersecurity Subject Matter Expert, about her AVR of choice, the upcoming 5G network in Syracuse, and how to get started on a career in cybersecurity. We also discuss ethical hacking, penetration testing, and the difference between antivirus and malware protection. Connect with Ashley LinkedIn | Instagram Read Ashley's latest blog post on polymorphic viruses here Want to learn more about 5G?

The Wealth of Knowledge with Ashley J. Oliver

Friday, July 26, 2019

Advanced Persistent Threats (APT)

Sunday, July 21, 2019

Domain Name System (DNS) Exploits

Saturday, July 20, 2019

Oliver COM Solutions - Intro Phase1:1

Popular Posts