Nmap

How Penetration Testing Tools Can IT Support Engineers

Photo by Christina @ wocintechchat.com on Unsplash

Nmap

Nmap, short for Network Mapper, is a reconnaissance tool that is widely used by ethical hackers to gather information about a target system. This information is key to deciding the proceeding steps to attack the target system. Nmap is cross-platform and works on Mac, Linux, and Windows. It has gained immense popularity in the hacking community due to its ease of use and powerful searching and scanning abilities.

Using Nmap you can:

  • Audit device security
  • Detect open ports on remote hosts
  • Network mapping and enumeration
  • Find vulnerabilities inside any network
  • Launch massive DNS queries against domains and subdomains

Wireshark

Wireshark is free open-source software that allows you to analyze network traffic in real-time. Thanks to its sniffing technology, Wireshark is widely known for its ability to detect security problems in any network, as well as for its effectiveness in solving general networking problems. While sniffing the network, you’re able to intercept and read results in a human-readable format, which makes it easier to identify potential problems (such as low latency), threats and vulnerabilities.

Main features:

  • Saves analysis for offline inspection
  • Packet browser
  • Powerful GUI
  • Rich VoIP analysis
  • Inspects and decompresses gzip files
  • Reads other capture file-formats including Sniffer Pro, Tcpdump, Microsoft network monitor, Cisco Secure IDS IP log, etc.
  • Exports results to XML, PostScript, CSV, or plain text

Wireshark supports up to 2000 different network protocols, and is available on all major operating systems including:

  • Linux
  • Windows
  • Mac OS X

Wapiti

Wapiti is a free open-source command-line based vulnerability scanner written in Python. While it’s not the most popular ethical hacking tool in this field, it does a good job of finding security flaws in many web applications. Using Wapiti can help you to discover security holes including:

  • XSS attacks
  • SQL injections
  • XPath injections
  • XXE injections
  • CRLF injections
  • Server-side request forgery
November 15, 2024 by Career Building 0

Attack Surface: How can I reduce the attack surface?

Photo by Azamat E on Unsplash

There are various ways to decrease the attack surface. Let’s take a look at some of the more widely used techniques.

The digital side

The easiest target to attack is the digital attack surface. Let’s explore effective strategies to reduce the attack surface.

Less code, less software attack surface

When you reduce the code you’re running in your desktop, server, or cloud instance, you’re reducing the possibilities for entry points to be discovered and later exploited. Turn off, disable, or remove unnecessary software features, and simplify your code. Fewer codes also mean fewer software bugs and vulnerabilities; at the end of the day, that equals fewer security risks overall.

Remove unnecessary OS software and services.

Cleaning the OS includes removing unnecessary functions, applications, and system tools. Do you need a printing service running if you don’t use a printer? What about that MYSQL server running on the 3306 port? Do you need it if you don’t host any databases? And is Adobe Suite required if you don’t work with any PDF files? Install only the strictly necessary applications for your employees’ daily work, and turn off all unused protocols or services. The same advice goes for servers.

Scan your network ports.

Scanning the open ports in your public IP addresses is often the first thing attackers do when performing infosec reconnaissance on any target.

Luckily, there are many ways for you to stay one step ahead of your attackers. And your best bet is to begin auditing your network ports before they do. In our previous article about most scanned ports, we showed a quick way to get famous using the almighty Nmap command.

While using the Nmap top-ports option helps audit your port exposure, this activity can be done using different port scanners such as Unicornscan, Angry IP Scanner, or Netcat.

Analyze your SSL certificates.

People often see SSL certificates as a way to prove a website is secure, but that can be a big mistake.

How hardened are your SSL certificates? Are you keeping your SSL chains complete and well-secured? Are you using strong cipher suites? These are fundamental questions that all developers, system administrators, and technical managers should ask themselves more often. Additional information can be found in our article: Is SSL a real sign of security?

But SSL security doesn’t end up in your hardening, chain, and overall security score. You also need to consider the data you’re exposing to the public.

Have you ever thought about your SSL certificate expiration and validity? Your attack surface includes all your SSL certificates—valid, active, and expired ones.

Of course, the bad guys can explore such public information. So, remember that while SSL certificates are suitable for encrypting your information…not having a thorough audit or control over them can lead to some of your worst nightmares.

Segmentation your network

Keeping all your assets within a single network is often one of the biggest mistakes you can make. Splitting and segmenting your network is one of the easiest ways to reduce your attack surface.

This will help increase your network barriers and, at the same time, help you gain better and more effective server or desktop controls over all machines connected to the network.

Audit your software, network, and traffic.

Auditing your software is one of the oldest known tactics for reducing your attack surface. This will help detect misconfigurations and outdated software, test the security system, and keep users’ activity under control.

Analyzing the network, protocols, OS services, and current and past traffic over the network is a great way to detect factors that could expose your attack surface even more.

Log analysis plays a critical role in reducing your attack surface. Also, running scheduled audits on overlooked services (such as the DNS service) can help keep your exposure under control, as we covered in our previous article: Why should I perform a DNS audit?

The human side

The physical attack surface involves our world, making its most significant component none other than the human being.

As we’ve said before, company staff is often one of the weakest links in the cybersecurity chain of your online business.

Let’s see what can be done to avoid exposing your physical attack surface as much as possible:

Train all your employees to avoid getting tricked by social engineering calls or phishing emails. These are two of the most common ways to sabotage networks, routers, and other physical hardware, most of the time allowed by your human capital. 

While nothing can prevent rogue employees from stealing sensitive information about your company (including email or user logins), human resource and hiring departments do have psychological tests in hand for screening applicants. These tests may reveal the true nature (including many unconscious aspects) of the people in line to work with your team.

Teaching your employees correct policies concerning using unknown and unauthorized devices in the office can also help reduce baiting attacks. 

There are more social engineering techniques we’ll explore in future posts. Fortunately, they all rely on following company-based security practices and constant employee education.

November 15, 2023 by Cyber Security 0

Attack Surface: What is an attack surface?

Photo by Bernd 📷 Dittrich on Unsplash

What does “attack surface” mean? I see the attack surface as the entire network and software environment exposed to remote or local attacks. For others, it’s the sum of compromised points—although that’s not the attack surface, but the attack vectors.

An attack surface refers to all the ways attackers can exploit your apps. This includes software, operating systems, network services and protocols, domain names, and SSL certificates.

A classic example to help illustrate the concept of attack surface is your business’s physical office. What’s the attack surface of your local office?

The answer is simple: doors, windows, safe boxes, etc. What about your home? Even simpler: front and back doors, windows, garage doors, climbable trees or tables, etc.

The difference between detecting a breach in your home and a violation in your company’s online attack surface can be characterized by the size of the area and its inclusion of multiple complex regions to explore.

You’d clearly notice if someone had broken a window or forced open the door in your home. It’s even easier to have a home alarm system that notifies you immediately.

However, due to the extensive network, software, protocols, and services running within an online company, detecting what part of the attack surface was the origin of the breach or intrusion can be tricky, even with a solid IDS in place, application firewalls, and notification alerts. Most of the time, it may pass unnoticed.

November 7, 2023 by Cyber Security 0

Bypassing Firewalls Using Nmap

Photo by Sigmund on Unsplash

Nowadays, almost every system is protected by firewalls or Intrusion Detection Systems (IDS). Nmap provides various ways to bypass these firewalls or IDS to perform port scans on a system.

TCP ACK Scan

nmap -sA x.x.x.x

How it works…The filtered and unfiltered port scan results depend on whether the firewall is stateful or stateless. A stateful firewall checks whether an incoming ACK packet is part of an existing connection. It blocks it if the packets are not part of any requested connection. Hence, the port will show up as filtered during a scan. Whereas, in the case of a stateless firewall, it will not block the ACK packets,

TCP Window Scan

nmap -sW x.x.x.x

Idle scan

Idle scanning is an advanced technique where no packets sent to the target can be traced back to the attacker’s machine. It requires a zombie host to be specified.

nmap -sI zombiehost.com domain.com

Idle scan works based on a predictable IPID or an IP fragmentation ID of the zombie host. First, the IPID of the zombie host is checked, and then a connection request is spoofed from that host to the target host. If the port is open, an acknowledgment is sent back to the zombie host, which resets (RST) the connection as it has no history of opening such a connection. Next, the attacker checks the IPID on the zombie again; if it has changed by one step, it implies an RST was received from the target. But if the IPID has changed by two steps, it means a packet was received by the zombie host from the target host, and there was an RST on the zombie host, which implies that the port is open.

July 29, 2023 by Network Security 0

Open Source Security Testing Tools You Can Start Using Today

Photo by Andrew on Unsplash

In today’s interconnected world, ensuring your digital assets’ security is paramount. As cyber threats continue to evolve, it’s crucial to have effective security testing tools at your disposal. Fortunately, the open-source community offers a wealth of powerful security testing tools to help identify vulnerabilities and strengthen defenses. In this blog post, we’ll explore some of the top open-source security testing tools you can use today.

  1. OWASP ZAP (Zed Attack Proxy): OWASP ZAP is a popular open-source web application security scanner. It provides a comprehensive set of features for finding vulnerabilities in web applications, including automated scanning, manual testing, and security analysis. ZAP is highly extensible, allowing you to customize and enhance its capabilities according to your specific requirements. It’s an invaluable tool for identifying common web application vulnerabilities like cross-site scripting (XSS), SQL injection, etc.
  2. Nmap (Network Mapper): Nmap is a versatile and powerful open-source network scanning tool for security auditing and network exploration. With its extensive scanning techniques, Nmap can map out hosts, identify open ports, and detect potential vulnerabilities. It supports a scripting engine that enables you to automate tasks and create custom scripts for targeted scanning. Nmap is an essential tool for assessing network security and identifying potential entry points for attackers.
  3. Wireshark: Wireshark is a widely used open-source packet analyzer for network troubleshooting and security analysis. It allows you to capture and examine network traffic at a granular level. Wireshark provides detailed insights into network protocols, allowing you to detect anomalies, analyze network behavior, and identify security threats. Its robust filtering capabilities and extensive protocol support make it an indispensable tool for network security professionals.
  4. Metasploit Framework: The Metasploit Framework is a powerful open-source penetration testing platform that enables you to assess and exploit vulnerabilities in systems and applications. With a vast collection of exploits, payloads, and auxiliary modules, Metasploit simplifies the process of penetration testing and helps security professionals validate the effectiveness of their defenses. It also offers a collaborative community and a wide range of resources for sharing knowledge and expertise.
  5. Nikto is an open-source vulnerability scanner to identify security flaws in web servers and applications. It performs comprehensive tests, including server misconfigurations, outdated software versions, and potentially dangerous files or scripts. Nikto provides detailed scan reports, making prioritizing and remediating identified vulnerabilities easier. Its simple command-line interface and extensive plugin support make it a valuable tool for security testing.

Securing your digital assets requires a proactive and comprehensive approach. By leveraging open-source security testing tools, you can enhance your security posture and protect against potential threats. The tools mentioned in this blog post, including OWASP ZAP, Nmap, Wireshark, Metasploit Framework, and Nikto, offer powerful capabilities to identify vulnerabilities, assess network security, and perform penetration testing. Start exploring these open-source tools today and take a proactive stance in securing your systems and applications. Remember to stay updated with the latest releases and actively participate in the open-source community to maximize the benefits of these valuable resources.

May 18, 2023 by Cyber Security 0

Top 2 Free Open Port Check Tools

Photo by Compare Fibre on Unsplash

The open ports in your hardware could be critical points of vulnerability if the services exposed to them are misconfigured or unpatched. Unfortunately, many organizations are exposing their sensitive resources through such malicious connections, heightening the risk of ransomware attacks, supply chain attacks, and data breaches. Fortunately, free tools can detect all of the open ports in your ecosystem to assess the level of criticality of each exposure.

In this post, we discuss the two best free open port scanners you can start using today to check for open ports in your ecosystem.

What is Open Port Scanning?

Port scanning is the process of analyzing the security of all ports in a network. It involves identifying open ports and sending data packets to select ports on a host to identify any vulnerabilities in received data. Network reconnaissance should be completed regularly to identify and remediate vulnerabilities before cyber attackers discover them. Unfortunately, cybercriminals also use port scanners to garnish vulnerability intelligence about a potential victim before launching a cyberattack.

Because many of these tools are freely accessible, you must assume that cybercriminals are using them to study your open ports. So they cannot be the only security controls protecting your network. This is why network administrators should only use free open port scanners to determine the level of network visibility available to potential cyber attackers. In addition, all free port scanners should be supported with additional security solutions for maximum security. TCP Port scanners can also help penetration testers determine which specific ports accept data to protect them from compromise.

List of Common Network Port Numbers

Every port in a network transports a specific type of network traffic. Each of these ports is assigned a particular number to be easily differentiated.

There are two types of network ports:

TCP – Transmission Control Protocol

UDP – User Diagram Protocol.

What’s the difference between UDP and TCP?

The TCP uses a handshake protocol. TCP also checks each data packet for errors. UDP doesn’t include verification, error checking, or any handshakes. Because of the different processes, TCP is a slower protocol than UDP.

Port numbers range from 0 – 65,535, forming a total of 65,536 ports. These ports are either TCP, UDP, or a combination of both. Because of this extensive range, port numbers are ranked by relevance to shorten the list of network options.

Ports 0-1023 are primarily designed for internet connections.Ports 1024-49151 are ‘registered ports’ designated for exclusive use by registered software corporations and applications. Ports 49152-65,536 are private ports that can be used by anyone.

Tools

1. Nmap

Nmap (short for Network Mapper) is one of the most popular free, open-source port scanning tools. It offers many different port scanning techniques, including TCP half-open scans.

Key features:

Multiple port scanning techniques.

Identifies all open ports on targeted servers.

Operating system detection.

Discovers network services

Scans remote ports

TCP SYN Scanning

UDP and TCP port scanning.

Can scan comprehensive networks housing tens of thousands of network devices. Supports Mac, Linux, Windows Solaris, OpenBSD, Free BSD, and more.

2. Wireshark

Wireshark is a free network sniffing tool used to detect malicious activity in network traffic. This tool can also be used to detect open ports.

Key features:

Reveals request and reply streams in each port.

Malicious network discovery.

Troubleshoots high bandwidth usage.

Offers multiple data packet filters.

Allows users to follow and monitor data streams of interest.

December 29, 2022 by Software 0

Recent Comments

No comments to show.