More Related Content


Information Security 201

  1. Session On Information Security 101 25th February,2022 Bhubaneswar
  2. Who AM I?  Cybersecurity Analyst at Network Intelligence  Cybersecurity Researcher   Travel freak, Gym, Cricket and many more
  3. Agenda  Antivirus  SAST/DAST  CIA Triad  Active/Passive Reconnaissance  Reverse shell  Endpoint Detection And Response  Configuration Review  Vulnerability Assessment  Penetration Testing  Critical Infrastructure security
  4. Antivirus (AV)  It is a computer program/software designed to detect and prevent any kind of malware or viruses from damaging or corrupting the system (PC, Laptop, Tablet, Smart-Phone, etc.)  Malicious Software commonly known as malware is a code/computer program/script that can harm a computer or any smart electronic device and can perform theft of digital data. Therefore, antivirus detect and prevent the malicious program a.k.a malware from installing and getting executed in the system.  Antivirus products normally work by detecting , quarantining and deleting malicious code, in-order to prevent the execution in the system. Modern antivirus products update themselves automatically, to provide protection against the latest malwares or viruses.  Some commonly known antivirus product brands are Quick Heal, Kaspersky and Norton. But there are other antivirus product brands in the market. Normally the choice of antivirus product brand depends on the cost, usage and many more factors.
  5. SAST/DAST  SAST typically stands for Static Application Security Testing.  Normally this approach is used in Source Code Review Scope or White Box Penetration Testing.  Here in SAST we manually review the source code of the software in-order to detect vulnerabilities in the software.  Some known SAST tools are Bandit, MobSF, SonarQube, Veracode and many more.  DAST typically stands for Dynamic Application Security Testing.  Normally this approach is used in dynamic analysis of the traffic where we try to manipulate the headers and numerous parameters in-order to assess the vulnerability and it’s impact.  DAST approach is used in Black-Box and Grey-Box Penetration Testing.  Some known DAST tools are Acunetix web vulnerability scanner, Burpsuite, Owasp- ZAP, Nikto, and many more.
  6. CIA Triad  “C” stands for Confidentiality:- It means that the data remaining the state of static or dynamic must be secured and no other user can access the sensitive data.  “I” stands for Integrity:- It means that no modification should be done to the data via malicious threat actor and the genuinity of the data must be maintained throughout the process.  “A” stands for Availability:- It means that the service provided must be up and running and also the information should be consistently and readily accessible for authorized parties.  Any deviation done from the CIA triad results in the security issue of the asset and expose it into the surface of the malicious threat/actors.
  7. Passive/Active Reconnaissance  Passive Reconnaisance is the approach to gain information about the target without actively engaging with the system.  Passive Reconnaisance is not noisy and the information depends on the publicly available information and use of sniffing tools.  Some know tools for passive reconnaissance are Wireshark, Ettercap , Tshark , OSINT tools , Google dorks , Shodan and many more…  Active Reconnaisance is the approach to gain information about the target with actively engaging with the system.  Active Reconnaisance is noisy and therefore there is a chance for the traffic to get detected, therefore respective measures should be taken for not getting detecting especially during red team engagements.  Sone know tools for active reconnaissance are Nmap, Zenmap , SQLmap , Nikto , SSTImap and many more..
  8. Reverse Shell  Shell is normally an interaction interface program that makes possible for the application or the system to interact with the operating system kernel.  Reverse shell is intended for malicious purpose where an adversary after exploiting the vulnerability in a system uploads a reverse shell to interact with the target system in-order to perform post exploitation engagement.  The persistency in a target system depends on the reverse shell stability. The more the reverse shell is stable the more there is persistency to access the system.  There are various types of reverse shell. They are Bash reverse shell, PHP reverse shell, Java reverse shell, Python reverse shell, Perl reverse shell, Netcat reverse shell and many more.  Reverse shell can be coded/programmed using any programming language.
  9. End Point Detection And Response (EDR)  EDR stands for “End Point Detection And Response”.  It is a security tool that focuses on detecting and mitigating suspicious activity on devices and hosts.  The value of EDR is the ability to detect advanced threats that may not have a recorded behavioral pattern or malware signature.  Some known EDR product brands are Crowdstrike, Cisco, Fortinet and many more.
  10. Configuration Review  Configuration review is the scope where a consultant/security researcher do secure review over the configuration done to the network and perimeter devices.  Configuration review is carried out referring the two benchmarks namely CIS benchmarks and STIG benchmarks.  Configuration review is an essential scope for infrastructure security where secure configuration leads to secure network/infrastructure architecture.  Some know tools to perform configuration review are Nessus, Nipper and many more.  But it is always best to manually perform the configuration review either through the provided config files or taking the remote of the system.
  11. Vulnerability Assessment (VA)  VA stands for “Vulnerability Assessment”.  It is an approach or method to assess the vulnerabilities present in the infrastructure or in the application.  It comes from two words:- Vulnerability + Assessment  Here in this method we use VA scanner tools to check what vulnerabilities are present in the infrastructure or in the application.  Some know VA Tools present in the market are Nessus, Qualys, Acunetix, Nikto, OWASPZAP, Open VAS and many more.  However, there are many commercial tools and opensource tools available, it mainly depends upon the scope and budget of testing.
  12. Penetration Testing (PT)  PT stands for “Penetration Testing”.  Penetration Testing method/approach means exploiting the vulnerability found in the application or in the infrastructure.  Penetration Testing also notifies whether the vulnerability results found in the VA scanner tool is actually false positive or not.  There are mainly two types of penetration testing namely Infrastructure security/penetration testing and Application security/penetration testing.  In Infrastructure security/penetration testing we have Network penetration testing, Scada/OT security assessment, Hardware hacking and many more. Application security/penetration testing covers Web application pentesting, Mobile application pentesting, API pentesting, Thick client pentesting, Devsecops, Cloud pentesting.  Scope of penetration testing is White Box, Black Box and Grey Box.
  13. Critical Infrastructure Security  Critical Infrastructure security is now an added scope into the security field where mainly the critical infrastructures like power plant, oil/gas factories, nuclear plant, water treatment plant, etc.. especially the core sectors are getting their operations computerized.  So mainly, this security sector is being given the term “critical” as any malicious vector can take down the plant or can result in the loss of life.  Here mainly the availability issue of CIA triad plays the major role.