[Hack]in(sight) Vol.2 No.9
Vulnerability analysis, also known as vulnerability assessment, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure. In addition, vulnerability analysis can forecast the effectiveness of proposed countermeasures and evaluate their actual effectiveness after they are put into use.
Vulnerability analysis consists of several steps:
- Defining and classifying network or system resources
- Assigning relative levels of importance to the resources
- Identifying potential threats to each resource
- Developing a strategy to deal with the most serious potential problems first
- Defining and implementing ways to minimize the consequences if an attack occurs.
If security holes are found as a result of vulnerability analysis, a vulnerability disclosure may be required. The person or organization that discovers the vulnerability, or a responsible industry body such as the Computer Emergency Readiness Team (CERT), may make the disclosure. If the vulnerability is not classified as a high level threat, the vendor may be given a certain amount of time to fix the problem before the vulnerability is disclosed publicly. The third stage of vulnerability analysis (identifying potential threats) is sometimes performed by a white hat using ethical hacking techniques. Using this method to assess vulnerabilities, security experts deliberately probe a network or system to discover its weaknesses. This process provides guidelines for the development of countermeasures to prevent a genuine attack.
In this release we prepared 7 technical articles that will help you improve your vulnerability analisys in the real world examples:
Page 7: Malware Security: Deep Inside Malicious PDF
Most of the attacks in this days are focused on client side attacks, when attacker target company or organization network they face a lot of challenges like IDS, IPS and firewalls which are prevent them to reach the internal network so they basically targeting for examples employees working In the target organization by many methods like phishing attacks or sending Malicious PDF files.
Page 19: Threat Emulation and Red Teaming
First things first, you’ll want to define the goals of your red team and what value it’s going to offer to your organization. Some private sector internal red teams do a variety of offensive tasks and work like an internal consulting shop to their parent organization. If you think this is you, please don’t ignore some of the tasks that may fall on your plate such as reviewing web applications and evaluating different systems for vulnerabilities/bad configuration before they’re added to your environment. I don’t do much with this side of red team activity and my recommendations will show this gap.
Page 22: WPS Brute Force Attack with Bully
Bully is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification. It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options. It runs on Linux, and was specifically developed to run on embedded Linux systems (OpenWrt, etc) regardless of architecture.
Page 32: The IT security preparedness of our society and the need for action
This article will focus on a small country, which is partially located north of the Polar Circle, far up north. Throughout the years, it has held a position as a country with early adopters, a high level of innovation and a leader in technology based on successes such as Skype, Spotify, and many more.
Page 38: JetLeak Vulnerability
GDS discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests submitted to the server by other users.
Page 47: Practical usage of OWASP ZED Attack Proxy
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
Page 65: Open Source Whistleblower platform: SecureDROP
SecureDrop is an open-source software platform for secure communication between journalists and sources (whistleblowers).It was originally designed and developed by Aaron Swartz and Kevin Poulsen under the name DeadDrop.
Special thanks to Mr. Jim Steele from Cyes Design Studios (www.cyexdesign.com).
For more ethical hacking publications available on our website, subscribe to Hack Insight and receive:
--> 24 unique magazine editions per one year.
--> Access to all the previous releases from the archives.
--> Access to special publications, workshops and video tutorials.