Security

Random bits of security related knowledge I want to keep together.

definitions

  • OSINT : Open source intelligence gathering. practiced by lots of security personnel, at various stages of whatever security jobs they’re working.

  • APT: Advanced Persistent Threat

  • Botnet: the one i just heard about was taken down by bringing down the command & control servers. this was done by collaborating with the dns provider for the domain names that the command and control serve

  • Supply chain attack

  • SOC: Security operations centre

  • CnC (Command & Control server): related to botnet,

  • MSP (Managed Service Provider)

  • deep packet inspection

youtube stuff

Attackers with good operations security

  • botnet active between 2005 - 2015/16
  • over 500 000 infected machines
  • the black hat team had an interesting network topology set up, they wouldn’t just connect to the internet. to reach the command & control server,each member of the team was given a pre-configured router & antenna, which they’d use to steal wifi from people within a 1.5 mile radius, proxy through at least 3 infected machines, & only then communicate with CnC. this is just one layer of their OpSec 🙌
  • they also had an interesting & automated election process, to choose which infected machines were good enough to be used as proxies
  • Attackers had a pretty good automation game, over the years they automated people out of jobs with the org, and in turn became more secure

Verdict: to sum it up, a really interesting video.

learning resources

  • INE free account

  • CTFtime

  • eJPT cert

    • with strategies on how to get started with blue team work, and work your way to where you want
    • includes study & practice tips too, to especially get you prepared & hireable for that first job in security.
    • 3 things he Neal says you ought to do: 1. free INE cert; 2. look for free/cheap hands on education: things like hackthebox, tryhackme, ctftime; 3. make friends in the industry
    • OSCP, CEH, these certs are the language that recruitment speaks, essentially gatekeeper certs. there’s no pressure to rush to this, especially if you’re good at what you do.
    • r/hacking wiki - packed packed collection of resources.
    • AWS Cybersecurity Awareness training

  • Hacksplaining: Web Security for Developers

The best protection against being hacked is well-informed developers. Make your development team into security experts today.