20 YEARS OF EXPERIENCE IN ITS SECURITY AUDITS

I was going to try to put together some chores about things that I learned after almost 20 years of experience in technical cyber security audits from my time in, among other things. FRA, the Swedish Armed Forces and now as self-employed.
The older I get, the more time I spend reflecting on and drawing conclusions on an overall and broader level.
It may not sound like important, but trying to estimate and prioritize the time you have allocated for the assignment is important. Not to spend too much time on things that can lead to a dead end.

Calculate time


Let the tools work for you and automate as much as you can, and in this way you can focus on things that require manual work, such as understanding an underlying logic in a system or software.
However, do not rely solely on automated tools but always verify and double check the results.

Communication

Establishing a good deliverable such as documentation (report) and being able to communicate this deliverable to your contractor is of great importance for success. You may be very capable technically but once the client receives your deliverable two weeks late, the value of your deliverable will decrease.
Do you know that you are less good at communicating and documenting but good at technology then make sure your team contains one or more people who can communicate or document.

Support functions and processes

Having good processes and routines as well as support functions that help you and elevate you in your work so that you can deliver according to your optimal ability is important. It may be that you do not have to go to boring meetings where you may have nothing to do or minimize time reporting. Or to avoid having to reinstall your own operating system, drivers or similar.

In your work, you can lean back to a good foundation when it comes to how assignments are received, allocated, prioritized and then delivered. And after completing the assignment how uncovering is done.
Internet access may not be available or should be used, so you or your colleagues need to think about what may be needed for offline use. I usually make sure to have many open source repos, indexed digital books (many publishers you can buy bulk cheaply) as well as deb packages available quickly.

Here you will find the shortcomings

My experience tells me that the security deficiencies are usually found in places like:
  • Undocumented features / interfaces / APIs
  • New or old code. Search for code that handles old file formats or protocols, for example
  • Code that parses text or other complex functions
  • Features that can be used in ways other than what the developer had intended
  • Incorrect or inadequate separation between permissions or users
  • Changes to the basic system. Most operating systems nowadays are relatively secure in their basic design, look for changes that have been implemented.
  • Places where you can reach far into the system or code with external input
Of course there is a wealth of things I look at, maybe in a book in the future.

Traceability

Documenting your findings during your assignment is of great importance. Especially since you can probably find some kind of gold bar when you examine, for example, all http responses from the web server or all the network traffic that you have saved in pcap format.

The subsequent documentation will also be incredibly much easier if you save as much as possible. Also, screenshots or the like can also be useful as a complement to your ongoing text documentation (war diary) or raw data.
Also, do not forget that you must have a process to safely erase all information after completion of the assignment, if needed, part of your OPSEC.

Always think one step further

You might be quick to push a new exploit from Metasploit to a vulnerable server or client. But think about before this can have consequences in a second or third step and you need to make a case.
It may be that security monitoring (SOC) detects that you are conducting a Red Teaming operation and then you may need to change your IP address, mac address or similar. And then it is important to know how this goes before.

Other

I also always try to have the opportunity to do things in at least two different ways, it means that I can verify and double check certain things and if a tool or method fails I can always do it in some other way. Practice is also important so that you and your team or your tools and methods work when it is a sharp activity or assignment.
Also, make sure you can quickly and easily set up an environment that mimics the target system or software that you are reviewing. It allows you to find more shortcomings and not have to send all your tests over the network or similar.

Final words

Hope this can lead to you, your business or your team getting better at what you do in cybersecurity. Because I think it is important that we share our lessons and wisdom with each other and in this way we build more secure infrastructure, systems and software.
Also make sure to train your client so that he becomes a good customer, and help with requirements and expectations and conditions.

Comments

Post a Comment

Popular posts from this blog

Test of English as a Foreign Language (TOEFL)

 This is one of the most famous proficiency tests in Brazil and the world. It was developed in 1964 by ETS, an American non-profit institution, focused on educational testing. Since its creation, it has been applied more than 20 million times. It is accepted in institutions in the United States, United Kingdom and Australia, in addition to more than 110 countries for the issuance of the visa. Read more:  Amazon Saheli Quiz Answers The tests are carried out between two to three times a month, in accredited institutions. The tests assess text comprehension (from 60 to 100 minutes), listening comprehension (between 60 and 90 minutes), oral exam (20 minutes) and written exam (50 minutes). Each stage is worth 30 points, with 120 being the highest possible score. It is important to note that the minimum grade required varies according to the institution. The evaluation costs approximately 700 reais. Read more:  http://techhub.bloger.id/competitive-differential-equal-to-everyone-else-s.xhtml
Read more

Targeted by DDoS attacks

Distributed Denial of Service (DDoS) attacks are a common method used by hackers to try to take down a website. By inundating the site with traffic from multiple sources, the goal is to overwhelm the web server until it crashes or is forced to shut down. DDoS attacks can hit any organization large or small. But certain industries and types of businesses are more heavily targeted, according to a report from Imperva. Most DDoS attacks in 2019 were directed toward companies in the gaming and gambling sectors, the report found. how to mitigate ddos attack ? Released on Wednesday, Imperva's annual Global DDoS Threat Landscape Report looks at the greater scale, effective strategies, and higher frequency of DDoS attacks. In 2019, most of the DDoS attacks observed by Imperva were smaller than in the past. Around 25% lasted less than 10 minutes and 15% less than 30 minutes. Only around 5% lasted more than 24 hours. The small duration could be explained by the need to do as much dam
Read more

What Is a DDoS Attack?

A distributed denial of service (DDoS) attack is kind of like a traffic jam on a website What is a DDoS attack and what does it mean for your website? Instead of jumping deep into technical details, let’s start with a real-world analogy that makes it really easy to visualize what a DDoS attack is… DDoS attack mean Imagine, for a moment, that it’s a Sunday afternoon and you’re driving down the highway with your family, headed to your favorite picnic spot. You’re cruising down the highway at 70 miles an hour – it won’t be long before you’re at the park enjoying a lovely autumn day! You check your GPS traffic report, only to see that the jam extends for miles and there’s no way around it. There’s no way you’ll make it to the park in time for your picnic. That’s basically what a distributed denial of service (DDoS) attack is – lots of users (in this case, cars) that are jamming up a system (the highway) to deny you from accessing a service (the park). Usually when we talk about
Read more