The world of cyber security is being updated constantly with sophisticated technology to infuse more life in the eternal struggle between the good and the evil, the hackers and their ethical counterparts.
For more info Visit - https://www.isoeh.com/
2. GadgetProbe
Java deserialization exploits made easy
A new tool developed by researchers at Bishop Fox is intended to lessen the strain of exploiting Java
deserialization bugs, a challenging and often undervalued class of security vulnerabilities found in Java
web applications, by starting the trial-and-error effort needed to find potentially vulnerable Java libraries
used in remote applications.
"Given a list of libraries, GadgetInspector will automatically discover new gadget chains," Jake Miller,
security associate at Bishop Fox said, "By feeding the information from GadgetProbe into
GadgetInspector, you will be able to develop custom gadget chains unique to the specific set of libraries
present in the application you are testing."
3. Batea
Machine learning tool simplifies target discovery
Researchers at Delve Labs have engineered an open source tool that uses machine learning to
emphasize potential security threats in network device data. The utility is called Batea, a reference to the
instrument which gold prospectors use to find streaks of gold embedded in the sand and shale scooped
up from riverbeds.
It is an open source tool that leverages machine learning to find valuable information in network device
data.
Batea takes an XML version of an Nmap report and applies a series of transformations to create a matrix
of numerical features about each device, such as the number of open ports, the complexity of the
hostname, or the IP address octet.
It then uses Isolation Forest, an unsupervised machine learning algorithm suitable for anomaly detection,
to find the outstanding assets in the network.
"It's easy to make the parallel between gold mining and penetration testing, or even malicious network
intrusion," Serge Olivier Paquette, research lead at Delve Labs said.
4. SymTCP
Circumventing deep packet inspection
Academics have released a tool designed to bypass deep packet inspection (DPI) to the open source
community. Named as SymTCP, the software is described as a mean to "automatically discover subtle
discrepancies between two TCP implementations".
SymTCP can be used to find differences between a server and DPI, and exploit these differences to avoid
deep packet inspection.DPI can be priceless for preventing buffer overflow and man-in-the-middle attacks
in corporate setups, but it can also be used to conduct surveillance and establish censorship blocks at the
ISP level.
SymTCP first runs ‘symbolic execution' on a server's TCP implementation, and the resulting scan collects
execution paths labeled as either ‘accept' or ‘drop' for packet inspection. The DPI system is then checked
with generated packet sequences to ascertain which, if any, are processed in the same way by the DPI
and the server. If discrepancies in handling are detected, the open source tool is able to create packets
that can reach core elements in the code responsible for accepting or dropping requests, thereby
potentially avoiding DPI middle box checks.
5. Google tackles USB keystroke injection attacks
From offense to defence, Google has developed a tool for Linux machines that combats USB keystroke
injection attacks by flagging suspicious keystroke speeds and blocking devices classified as malicious.
In a post on the Google Open Source blog, Google security engineer Sebastian Neuner explained how the
tool uses two heuristic variables – keystroke speed and time between keystrokes – to distinguish between
benign and malicious inputs.
Neuner advises users to recalibrate the default parameters by gauging their own typing speed using online
utilities whilst running the Google tool in ‘monitoring' mode.
"The tool is not a silver bullet against USB-based attacks or keystroke injection attacks, since an attacker
with access to a user's machine (required for USB-based keystroke injection attacks) can do worse things
if the machine is left unlocked," Neuner said.
