Search

Exploiting the Weakest Link in Security Through Social Engineering

Social engineering, as per Wikipedia, is the psychological manipulation of people into performing actions or divulging confidential information. In simpler terms, social engineering is taking advantage of a victim’s natural tendencies and emotional reactions. Social engineering is more interesting than it sounds! It involves various techniques including tricking the victim into sharing the OTP, Debit Card PIN, or their computer passwords. There have been attacks in the past where the attacker simply called up the data center, posing as a high-ranking official of the company, and manipulated the data center administrator into telling him the exact models of the servers residing in the data center.  Social engineering can be done at various steps of hacking, but typically, it is done at the time of information gathering or the reconnaissance phase. In the above example, the attacker may have likely got the server details like model number and maybe the operating system running on it. Once the attacker has this basic information, it is very easy to find the vulnerabilities in the OS and hardware using online sources like NVD (National Vulnerabilities Database) and CVE (Common Vulnerabilities and Exposures by Mitre). In this article, we will briefly look at what is ethical hacking to set the context for social engineering, various steps of ethical hacking and then take a deep dive into various techniques of social engineering. We will have a look at some recent data breaches where social engineering was used and finally some tips to safeguard your organization and yourself from social engineering attacks. What is ethical hacking? Hacking is a word which raises eyebrows every time someone mentions it. A hacker is not a person with a hoodie, sitting in a dark room, with multiple screens in front of him. That is what we see in the movies, right? In real life, a hacker is an individual with deep domain expertise of the domain he works in. So a cyber hacker is a person with deep domain expertise on computers and related infrastructure like networks, servers, etc.  Hacking a cyber system would involve overcoming the security mechanisms deployed to protect the confidential data by exploiting various vulnerabilities present in the system or network and gaining unauthorized access to the confidential information.Steps of hacking To understand social engineering, we need to first understand the various steps of hacking. Any hacker would follow these steps in order to successfully penetrate a system. Reconnaissance or Foot printing – As defined and used for military purposes, reconnaissance is the activity of gathering information about an area using soldiers, planes, etc. Similar to that, reconnaissance in hacking means gathering all the information about your target which you would use in the next steps of hacking. This step lays the foundation for your attack. More the information, easier the attack will be. Reconnaissance could be active or passive in nature. Active reconnaissance would involve the attacker scanning the network and websites of the target organization or individual directly. However, in the passive reconnaissance, the attacker would never get in direct touch with the target and would use various “social engineering” techniques to gather information. Scanning – After the attacker has some basic details, he or she starts scanning the network and websites of the target much more intensively and gathers information like active hosts, OS running on them, open ports and others which could be used to launch an attack. Gaining Access – Now the attacker has a lot of information like the IP ranges, key people of the organization, OS running on key servers, active hosts. The attacker will now use techniques to deliver a payload (the actual virus or a malicious code) to get into the network of the target. This is generally done by using some social engineering techniques like phishing. Maintaining Access – This is the next step when the attacker has the access to the network and the system, and would now make sure that he has a persistent access to the resources. He would generally do this by creating a backdoor, which no one else is aware of. This backdoor will ensure that even if the main gate has been closed by the target, there is a back gate which he could use to maintain the access to the compromised system. Covering tracks – Once the attacker is in the system and has access to all the data, his next step would be to remain undetected and anonymous. This would generally be done by deleting the logs and using a VPN or a Virtual Private Network to access the target network and systems. Taking a deeper dive into Social Engineering As we briefly discussed in the sections above, Social Engineering is getting information from the target by manipulating them. However, information gathering and social engineering goes hand in hand. Throughout this section, we will have a look at various techniques to gather information about an organization via online tools and social engineering methods. Who.is – You have a website name and you want to know all the basic details of the website, you can simply visit who [dot] is. You get the following details here: Name of the registrant Address and contact information Expiry date of the domain registration Name servers Registrar information Server type  With all this information, you will at least know the contact number and the address of company where the domain is registered. Command Prompt (Terminal for Linux users) – You must be thinking why we are talking about a Windows utility. Try and do this on command prompt, “ping knowledgehut.com”. What do you see? 4 packets sent, 4 received, but you got the IP address of the website. This is a very useful information when you are targeting an organization. Cisco Talos – Cisco Talos is a utility from Cisco and has many different components. For now, we would be focusing on the “IP Reputation” center. It helps you find the reputation of a domain or an IP address. Now how does this help in hacking? The answer is simple, once you have the IP address from the above step, you can now look at who this IP belongs to and mostly you will find the details of the platform where the website is hosted.Fake email domains or fake mailers – This is a very interesting process. You can actually send a mail from any email! Yes, you read that right. Let’s take an example. You can send a mail to any random person using an ID HR@facebook.com. How cool is that? These fake email domains also give you the liberty of getting a reply on your own mail box by setting up a “reply to” option. These kinds of domains are very widely used in phishing scams and a few of them are not even stopped by well-known email providers like Gmail. Emkei.cz is one such domain which allows you to send a fake mail. This is what the console would look like:  You get an option to choose a name and email ID you want to send an email from. For demonstration purpose, you can use the name Alex Johnson, and the email ID alex.johnson@facebook.com. You get advanced features like “reply to”, priority setting and even encrypting the email. What “reply to” will help us do, is, once the victim (whom we are sending this fake mail for a phishing attempt) replies, we get the mail in a legitimate email box (not a fake one!). This will ensure that the email sent looks like a legitimate mail even though it is a fake and you still get a reply. This fake mailer is largely used by attackers to lure job candidates into sending fake offers from an email ID which looks authentic and seek money for jobs. Attackers can also send a legitimate looking mail from the company HR and ask the users to fill in sensitive information. Temp Mailers – This is another tool on the internet widely used by attackers. This utility allows anyone to create a “temporary” email, which is valid for a very short duration (10 mins to 30 mins, depending on the website). You get an email address with a temporary inbox. People also use this to register on different websites where they do not want any promotional material landing in their personal mail boxes. Temp-mail.org is one such domain, you can find hundreds of such domains online. Social Media – Are we forgetting the social media? Social media gives you the maximum amount of information you want about an individual. You must be thinking how? Let us look at an example:  What all information did you get to know about Anne from this image?  Possible passwords,  maxthedog,  alexandrichard,  smith,  03181918;  Possible security questions and answers (remember setting up a few security questions in your bank account or even FB account?) Pet name: Max Best Friend: John Date of Birth: 18 Mar 1981 Maiden Name: Smith Address: from the link! When is the house vacant: 18th March 2016, Half term Other miscellaneous information: changing house, marital status (divorced), two sons, etc. Now you understand the humongous amount of information we have on our social media. Not to forget our regular social media updates, be it on Facebook, Instagram, Snapchat, Telegram or WhatsApp! Fake Calling – Something very common these days, where you get a call from a person posing to be a bank official. They generally try to get the OTP or the One Time Password from you, Credit card or Debit card PIN or CVV. This is among the most common types of social engineering attacks and is commonly referred to as phishing attacks. They are categorized as frauds under law. Phishing – Where we are the weakest link Phishing, as defined by Wikipedia, is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. It is generally done by using one or more techniques we discussed above. Let us take a few examples: Sending a fake mail, looking just like a bank email. It will generally ask you to click on a link and redirects you to a web page. This web page would look exactly like the Bank Page and you would be asked to enter your user ID and password. Now this being a fake page would either give an error message or redirect you to the authentic website after you enter your user ID and password. In the backend, the attacker gets the login credentials for your bank portal. Similar to this are lottery mails you get, in which every day you win $10,000. Cybersquatting is a fraudulent act of registering, selling or using a domain name which has resemblance to a known brand with an intent of profiting using the name of the already established brand. For example, creating a website goggle.com which is similar to google.com. This could have a serious impact if you register a website as annazon.com (notice the double n) instead of amazon.com. They look alike in the first glance. Now imagine 20% of the traffic of amazon.com going on annazon.com. It’s a huge loss for Amazon! Sending SMS on mobiles with links to upgrade the PayTM app or entering a lucky draw or even changing your “expiring” bank account. These links will either ask the victim to enter some confidential information like banking details or OTP or install an app or a software in the background. Now the installed app or software is designed to spy on the victim’s mobile device and send confidential information like SMS, photos, bank credentials, etc. to the attacker. Can we do anything about it? Simple answer is, not much. Social engineer, as the title of the article says, talks about exploiting the weakest link in security, which is us or the user. Unless the user is vigilant and aware, no amount of investment in the security tools and technologies can save the organization or the individual data from hackers. Organizations generally run Information Security Awareness campaigns, mandate the user to attend trainings, and even carry out phishing assessments. This gives the organization a direction to enhance its security program and train users to be better protected against cyber threats. As a part of this article, let us have a look at how we can detect a fake email. Email header analysis helps us identify whether the mail is authentic or not. It is very simple to analyze an email header in Gmail. 1. Open the email for which you want to analyze the header. Click on “Show Original” as shown below in the image.  2. Copy the header to clip board.  3. Open https://mxtoolbox.com/EmailHeaders.aspx and paste the header.  4. Click on analyze header. You will get all the details like email domain, sender, who will get the replies, SPF values, etc. Now you can actually know whether a mail was sent by an authentic domain or by a fake mailer service like emkei.cz! Recent attacks including social engineering fThe Sony Pictures Hack – November 2014 Target Data Breach – 2013 (Phishing) 2016 Democratic National Committee Email Leak – July 2016 (Spear Phishing) Associated Press Twitter Accounts – April 2013 (fake email) RSA SecurID Cybersecurity Attack – March 2011 (infected attachment in email) Concluding remarks Social engineering, coupled with information gathering is one of the easiest and efficient way of doing reconnaissance. Attackers make use of these techniques to make sure they are equipped with enough knowledge before they carry out any attack. User awareness and due diligence is the only way to prevent an organization or individual from a social engineering attack. 

Exploiting the Weakest Link in Security Through Social Engineering

9K
  • by Vatsal Jain
  • 07th Nov, 2020
  • Last updated on 07th Nov, 2020
  • 8 mins read
Exploiting the Weakest Link in Security Through Social Engineering

Social engineering, as per Wikipedia, is the psychological manipulation of people into performing actions or divulging confidential information. In simpler terms, social engineering is taking advantage of a victim’s natural tendencies and emotional reactions. Social engineering is more interesting than it sounds! It involves various techniques including tricking the victim into sharing the OTP, Debit Card PIN, or their computer passwords. There have been attacks in the past where the attacker simply called up the data center, posing as a high-ranking official of the company, and manipulated the data center administrator into telling him the exact models of the servers residing in the data center.  

Social engineering can be done at various steps of hacking, but typically, it is done at the time of information gathering or the reconnaissance phase. In the above example, the attacker may have likely got the server details like model number and maybe the operating system running on it. Once the attacker has this basic information, it is very easy to find the vulnerabilities in the OS and hardware using online sources like NVD (National Vulnerabilities Database) and CVE (Common Vulnerabilities and Exposures by Mitre). 

In this article, we will briefly look at what is ethical hacking to set the context for social engineering, various steps of ethical hacking and then take a deep dive into various techniques of social engineering. We will have a look at some recent data breaches where social engineering was used and finally some tips to safeguard your organization and yourself from social engineering attacks. 

What is ethical hacking? 

Hacking is a word which raises eyebrows every time someone mentions it. A hacker is not a person with a hoodie, sitting in a dark room, with multiple screens in front of him. That is what we see in the movies, right? In real life, hacker is an individual with deep domain expertise of the domain he works in. So a cyber hacker is a person with deep domain expertise on computers and related infrastructure like networks, servers, etc.  

Hacking a cyber system would involve overcoming the security mechanisms deployed to protect the confidential data by exploiting various vulnerabilities present in the system or network and gaining unauthorized access to the confidential information.

Steps of hacking 

To understand social engineering, we need to first understand the various steps of hacking. Any hacker would follow these steps in order to successfully penetrate a system. 

  1. Reconnaissance or Foot printing – As defined and used for military purposes, reconnaissance is the activity of gathering information about an area using soldiers, planes, etc. Similar to that, reconnaissance in hacking means gathering all the information about your target which you would use in the next steps of hacking. This step lays the foundation for your attack. More the information, easier the attack will be. Reconnaissance could be active or passive in nature. Active reconnaissance would involve the attacker scanning the network and websites of the target organization or individual directly. However, in the passive reconnaissance, the attacker would never get in direct touch with the target and would use various “social engineering” techniques to gather information. 
  1. Scanning – After the attacker has some basic details, he or she starts scanning the network and websites of the target much more intensively and gathers information like active hosts, OS running on them, open ports and others which could be used to launch an attack. 

  1. Gaining Access – Now the attacker has a lot of information like the IP ranges, key people of the organization, OS running on key servers, active hosts. The attacker will now use techniques to deliver a payload (the actual virus or a malicious code) to get into the network of the target. This is generally done by using some social engineering techniques like phishing. 

  1. Maintaining Access – This is the next step when the attacker has the access to the network and the system, and would now make sure that he has a persistent access to the resources. He would generally do this by creating a backdoor, which no one else is aware of. This backdoor will ensure that even if the main gate has been closed by the target, there is a back gate which he could use to maintain the access to the compromised system. 

  1. Covering tracks – Once the attacker is in the system and has access to all the data, his next step would be to remain undetected and anonymous. This would generally be done by deleting the logs and using a VPN or a Virtual Private Network to access the target network and systems. 

Taking a deeper dive into Social Engineering 

As we briefly discussed in the sections above, Social Engineering is getting information from the target by manipulating them. However, information gathering and social engineering goes hand in hand. Throughout this section, we will have a look at various techniques to gather information about an organization via online tools and social engineering methods. 

  • Who.is – You have a website name and you want to know all the basic details of the website, you can simply visit who [dot] is. You get the following details here: 
    • Name of the registrant 
    • Address and contact information 
    • Expiry date of the domain registration 
    • Name servers 
    • Registrar information 
    • Server type  

Exploiting the Weakest Link in Security Through Social Engineering

Exploiting the Weakest Link in Security Through Social Engineering

With all this information, you will at least know the contact number and the address of company where the domain is registered. 

  • Command Prompt (Terminal for Linux users) – You must be thinking why we are talking about a Windows utility. Try and do this on command prompt, “ping knowledgehut.com”. What do you see? 4 packets sent, 4 received, but you got the IP address of the website. This is a very useful information when you are targeting an organization. 

Exploiting the Weakest Link in Security Through Social Engineering

  • Cisco Talos – Cisco Talos is a utility from Cisco and has many different components. For now, we would be focusing on the “IP Reputation” center. It helps you find the reputation of a domain or an IP address. Now how does this help in hacking? The answer is simple, once you have the IP address from the above step, you can now look at who this IP belongs to and mostly you will find the details of the platform where the website is hosted.

Exploiting the Weakest Link in Security Through Social Engineering


Exploiting the Weakest Link in Security Through Social Engineering

  • Fake email domains or fake mailers – This is a very interesting process. You can actually send a mail from any email! Yes, you read that right. Let’s take an example. You can send a mail to any random person using an ID HR@facebook.com. How cool is that? These fake email domains also give you the liberty of getting a reply on your own mail box by setting up a “reply to” option. These kinds of domains are very widely used in phishing scams and a few of them are not even stopped by well-known email providers like Gmail. Emkei.cz is one such domain which allows you to send a fake mail. This is what the console would look like:  

Exploiting the Weakest Link in Security Through Social Engineering

You get an option to choose a name and email ID you want to send an email from. For demonstration purpose, you can use the name Alex Johnson, and the email ID alex.johnson@facebook.com. You get advanced features like “reply to”, priority setting and even encrypting the email. What “reply to” will help us do, is, once the victim (whom we are sending this fake mail for a phishing attempt) replies, we get the mail in a legitimate email box (not a fake one!). This will ensure that the email sent looks like a legitimate mail even though it is a fake and you still get a reply. 

This fake mailer is largely used by attackers to lure job candidates into sending fake offers from an email ID which looks authentic and seek money for jobs. Attackers can also send a legitimate looking mail from the company HR and ask the users to fill in sensitive information. 

  • Temp Mailers – This is another tool on the internet widely used by attackers. This utility allows anyone to create a “temporary” email, which is valid for a very short duration (10 mins to 30 mins, depending on the website). You get an email address with a temporary inbox. People also use this to register on different websites where they do not want any promotional material landing in their personal mail boxes. Temp-mail.org is one such domain, you can find hundreds of such domains online. 

Exploiting the Weakest Link in Security Through Social Engineering

  • Social Media – Are we forgetting the social media? Social media gives you the maximum amount of information you want about an individual. You must be thinking how? Let us look at an example:  

Exploiting the Weakest Link in Security Through Social Engineering

What all information did you get to know about Anne from this image?  

Possible passwords,  

  1. maxthedog 
  2. alexandrichard 
  3. smith,  
  4. 03181918;  

Possible security questions and answers (remember setting up a few security questions in your bank account or even FB account?) 

  1. Pet name: Max 
  2. Best Friend: John 
  3. Date of Birth: 18 Mar 1981 
  4. Maiden Name: Smith 

Address: from the link! 

When is the house vacant: 18th March 2016, Half term 

Other miscellaneous information: changing house, marital status (divorced), two sons, etc. 

Now you understand the humongous amount of information we have on our social media. Not to forget our regular social media updates, be it on Facebook, Instagram, Snapchat, Telegram or WhatsApp! 

  • Fake Calling – Something very common these days, where you get a call from a person posing to be a bank official. They generally try to get the OTP or the One Time Password from you, Credit card or Debit card PIN or CVV. This is among the most common types of social engineering attacks and is commonly referred to as phishing attacks. They are categorized as frauds under law. 

Phishing – Where we are the weakest link 

Phishing, as defined by Wikipedia, is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. It is generally done by using one or more techniques we discussed above. Let us take a few examples: 

  1. Sending a fake mail, looking just like a bank email. It will generally ask you to click on a link and redirects you to a web page. This web page would look exactly like the Bank Page and you would be asked to enter your user ID and password. Now this being a fake page would either give an error message or redirect you to the authentic website after you enter your user ID and password. In the backend, the attacker gets the login credentials for your bank portal. Similar to this are lottery mails you get, in which every day you win $10,000. 
  1. Cybersquatting is a fraudulent act of registering, selling or using a domain name which has resemblance to a known brand with an intent of profiting using the name of the already established brand. For example, creating a website goggle.com which is similar to google.com. This could have a serious impact if you register a website as annazon.com (notice the double n) instead of amazon.com. They look alike in the first glance. Now imagine 20% of the traffic of amazon.com going on annazon.com. It’s a huge loss for Amazon! 

  1. Sending SMS on mobiles with links to upgrade the PayTM app or entering a lucky draw or even changing your “expiring” bank account. These links will either ask the victim to enter some confidential information like banking details or OTP or install an app or a software in the background. Now the installed app or software is designed to spy on the victim’s mobile device and send confidential information like SMS, photos, bank credentials, etc. to the attacker. 

Can we do anything about it? 

Simple answer is, not much. Social engineer, as the title of the article says, talks about exploiting the weakest link in security, which is us or the user. Unless the user is vigilant and aware, no amount of investment in the security tools and technologies can save the organization or the individual data from hackers. Organizations generally run Information Security Awareness campaigns, mandate the user to attend trainings, and even carry out phishing assessments. This gives the organization a direction to enhance its security program and train users to be better protected against cyber threats. As a part of this article, let us have a look at how we can detect a fake email. 

Email header analysis helps us identify whether the mail is authentic or not. It is very simple to analyze an email header in Gmail. 

1. Open the email for which you want to analyze the header. Click on “Show Original” as shown below in the image.  

Exploiting the Weakest Link in Security Through Social Engineering

2. Copy the header to clip board.  

Exploiting the Weakest Link in Security Through Social Engineering

3. Open https://mxtoolbox.com/EmailHeaders.aspx and paste the header.  

Exploiting the Weakest Link in Security Through Social Engineering

4. Click on analyze header. You will get all the details like email domain, sender, who will get the replies, SPF values, etc. Now you can actually know whether a mail was sent by an authentic domain or by a fake mailer service like emkei.cz! 

Recent attacks including social engineering 

fThe Sony Pictures Hack – November 2014 

  1. Target Data Breach – 2013 (Phishing) 
  2. 2016 Democratic National Committee Email Leak – July 2016 (Spear Phishing) 
  3. Associated Press Twitter Accounts – April 2013 (fake email) 
  4. RSA SecurID Cybersecurity Attack – March 2011 (infected attachment in email) 

Concluding remarks 

Social engineering, coupled with information gathering is one of the easiest and efficient way of doing reconnaissance. Attackers make use of these techniques to make sure they are equipped with enough knowledge before they carry out any attack. User awareness and due diligence is the only way to prevent an organization or individual from a social engineering attack. 

Vatsal

Vatsal Jain

Author

Vatsal Jain is an Information Security professional with close to 3 years of experience. He has worked with multiple MNCs and has exposure in Information Security Auditing, creating and maintaining InfoSec Policies and Procedures, Network Security and Risk Management. He has cracked exams like CISA, CISM and CEH. He also holds certifications like ISO 27001 LA, ITIL Foundation, ISO 22301 LI and AZ-900. He has done B.Tech. in CSE with a specialization in Cyber Security and Forensics.

Join the Discussion

Your email address will not be published. Required fields are marked *

Suggested Blogs

How much do Ethical Hackers Earn?

IntroductionTechnology has flourished at break neck speed in the past decade. Inventions and innovations have transformed the way we live and work. We live in an interconnected world where everything is online. While this has made our lives easier, it has also made us vulnerable to sophisticated cyber criminals, who at their malicious best attack not just an individual but even a company, and in more brazen attacks even a nation's security and financial health.According to the latest report by Verizon, 70% of cybercrimes were caused by malicious hackers and outsiders. With a lot of sensitive data now being present online, the perception threat has steadily grown over the years.One of the foremost methods to prevent cybercrime is to reinforce the security of IT systems. Moreover, adding a dedicated team of ethical hackers to the workforce can help fix loopholes and prevent malicious attacks. With the surge in cybercrime, the need for cybersecurity has increased. This in turn has led to a rise in the demand for skilled ethical hackers and information security professionals.What is the CEH certification?The CEH(Certified Ethical Hacking) credential from EC-Council demonstrates that you have hands-on knowledge of niche techniques used by security professionals and hackers to prevent cyber-attacks. CEH also provides skills to assess the security aspects, scan the infrastructure, and detect vulnerabilities in the organizations. With the CEH course, you can:Enter into the industry as a security professionalLearn the hacker mentality to get a step ahead of cybercriminalsBoost your career in IT securityImprove your skills and knowledge which is a primary requirement for career advancementThe demand for Ethical HackersAccording to Forbes, "in this current year of 2020-21, the Global security market is worth $173 billion and within the next 5 years this will grow to around $270 billion." Statistics by the Australian Cyber Security Growth Network show that organizations across the globe are expected to raise their security budget by 8% annually.Source: austcyber.comMalicious cyber activities are increasing around the world, as cybercriminals are using sophisticated strategies for infiltration of systems and networks. Therefore, the demand for cybersecurity experts or ethical hackers will continue to increase.Opportunities for an ethical hackerIn India alone, more than 20,000 websites faced defacement, DDoS, or ransomware attacks just in 2019 as per the report of CERT(Indian Computer Emergency Response Team).Therefore, from private organizations to government entities, everyone needs an ethical hacker or security professional to counter unauthorized hacking and strengthen their security needs. As per the NASSCOM report, there will be 72000 security professionals in the coming years.Types of roles and responsibilities of an Ethical HackerCybersecurity experts will get various types of work opportunities from small scale organizations to giant tech corporations, government agencies, research organizations, and many others.The work of ethical hackers will differ and is not limited to the size and requirement of the organization, but also the skills and experience of hackers. However, here are some overall responsibilities expected from ethical hackers.To protect IT infrastructures, networks, devices, and data from cybercriminalsMonitor application and network performanceTo perform security tests to validate the strength of application, devices, and networkImplement information security management system to be followed by the entire organizationTo set detection and prevention facilities and make a barrier from outer /unauthorized accessTo stay connected with top management with updated risk management and business continuity plans.To perform all the above tasks and operations there are multiple designations hired by organizations, ranging from entry-level security personnel to CISO (Chief Information Security Officer). This pyramid shows the various levels of roles for cyber security professionals.Job roles and salariesEthical hackers can take on a variety of roles.Consulting - As explained earlier, almost all organizations require security professionals to secure their network,  data, devices, etc. Some organizations prefer to outsource the security solution rather than hire on their own.  In this case, the organization expects customized security solutions and suggestions and advice on protection of their assets against cyber-attacks.Bug bounty - Many organizations and tech giants organize bounty programs for hackers to find out vulnerabilities in their applications or websites and offer attractive cash prices.Training - Ethical hackers can provide training to professionals and students for advancement in their careers. These types of training also help to spread awareness in the society against cybercrime and to keep them secure from any potential fraud.Events - Tech giants like Tesla invites hackers to hack their cars. There are similar events for hackers to perform their skills and earn prizes, or in some cases jobs with handsome packages.The salary range for ethical hackersLucrative salaries are the most attractive part of this profession. Salaries in this field vary based on location, designation, skill, and experience. As we have seen in the pyramid earlier, there are multiple roles in the security field, with packages increasing from bottom to top. All organizations value their security, and are ready to pay top dollar for qualified candidates.As per a survey, the average salary of an ethical hacker or information security officer is INR 12,00,000 per annum with 3-5 years of experience. This is just an average figure. In some cases in New Delhi & Mumbai, suitable candidates got paid as much as up to INR 18,00,000 p.a. even without work experience.The package information mentioned above was just for India. Let's have a look at the below table to understand the worldwide salary ratio based on designation and experience.Do you have the skills for it?Before you decide to pursue ethical hacking as a profession, here are some skills you have to master:FocusPatienceStrategy making abilityGood CommunicationCuriosityDisciplineZest for learningThinking out of the boxPositive attitudeTop 10 technical skills:-Excellent computer skills  LinuxNetworking & InfrastructureProgramming skillsDatabase management systemsCryptographyCloud technologiesWeb applicationWireless technologiesPenetration TestingImportance of ethicsHave you heard the term 'Royal Guards'?  It refers to an elite group of highly skilled warriors who act as a monarch’s personal security guards. The monarch and the kingdom trust them and feel safe while surrounded by royal guards.In this field as well, an ethical hacker or a team of security professionals act as royal guards of the organization. Organizations trust the security professionals expecting security and implicit loyalty. Security professionals must be highly ethical, as they can have access to the most vital information systems, data, or any other assets. An ethical hacker must follow ethical /genuine practices during the entire employment term (and even after leaving a company) and uphold the trust of the management.EC-Council has written 19 steps of  'Code - of - Ethics' which must be followed by all ethical hackers to maintain the dignity of the profession.Below is a sample:As an ethical hacker, you must keep private and confidential information gained in your professional work (in particular as it pertains to client lists and client personal information). You should not collect, give, sell, or transfer any personal information (such as name, e-mail address, Social Security number, or another unique identifier) to a third party without the client's prior consent.ConclusionHighly skilled hackers will always be in demand because in the digital age, all organizations need to stay protected from hackers at any cost. This is a career that is surely future-proof!
2370
How much do Ethical Hackers Earn?

IntroductionTechnology has flourished at break nec... Read More

The Top Information Security Certifications to Consider

Cybercrimes have the ability to cripple even robust security systems in a matter of minutes. Malicious hacking has compromised the sensitive data of many individuals and enterprises. The only way to counter malicious hacking is to detect vulnerabilities in systems beforehand and take preventive measures.This is where ‘ethical hackers’ or ‘white hat hackers’ come into the scene. An ethical hacker, according to the EC-Council, is an individual who specializes in ethical hacking tools, techniques, and methodologies to secure an organization’s information systems. They work with organizations to make their security systems more fool proof. Ethical Hackers have become national treasures to governments as well as the most coveted assets to workforces in some of the finest companies across industries.If you are contemplating a career in ethical hacking, below are the top certifications you could consider getting to get a foothold in the ethical hacking industry.Certified Ethical Hacking (CEH)CEH is the oldest and most popular certification in ethical hacking. It is accredited by the prestigious EC-Council and is considered a must-have for aspiring ethical hackers. The latest version is CEH v11 and it trains you in the latest commercial-grade hacking tools, and methodologies every ethical hacker and information security professional should be aware of.On completion of the CEH course, you will have the skill set to detect vulnerabilities in target systems and undertake preventive measures to resolve them for the security of systems. The training will help you develop the mindset of an ethical hacker and validates your credibility as a skilled professional in white hacking.As far as jobs are concerned, the opportunities for CEH certified hackers are numerous. Typical job roles include:Penetration testerNetwork security specialistEthical hackerSecurity consultantSite administrator & auditor.This certification gives you the opportunity to not only work with corporates but also Government organizations. Since the threat of cybercrimes is always present, ethical hacking experts are an asset to the Govt IT sector, National Security Agency (NSA), the Committee on National Security Systems (CNSS) and the Department of Defense (DoD).Certified Information System Security Professional (CISSP)The CISSP certification trains you to design, implement and manage even the most complex cybersecurity programs. Accredited by the (ISC)², it validates your prowess as a security professional. It trains you in different areas like access control systems and methodology, business continuity planning and disaster recovery planning, physical security, operations, security, management practices, telecommunications and networking, security architecture application and systems development, law, and ethics.In order to be eligible for the CISSP credential, you should have a minimum of 5 years of relatable experience or four years of the aforementioned work experience, plus an information security degree from a National Center of Academic Excellence or a regional equivalent.With the CISSP, you become eligible for the following job titles:Security consultantSecurity analyst/ managerSecurity systems engineer/auditorDirector of securityIT manager/DirectorNetwork ArchitectSecurity ArchitectCertified Information Systems Auditor (CISA)People who hold CISA certifications are responsible for implementing the security controls in organisations. CISA is a sought after certification from ISACA, a global association that serves more than 145,000 members in more than 188 countries worldwide. CISA is the gold standard of achievement for professionals trained in auditing, monitoring, and assessing an organization’s business and IT systems. As a CISA certified auditor, you will have adequate knowledge to identify risks in target systems and fix them before malicious attacks occur.Certified Information Security Manager (CISM)The CISM certification, also from ISACA, indicates your expertise in multiple domains like information security governance, program development and management, risk management and incident management. It is highly recommended for security consultants and managers who have technical expertise in information security and controls. CISM is a natural fit after the CISSP certification, especially for a smooth transition into managing and overseeing information security at a strategic level.Certified in Risk and Information Systems Control (CRISC)This certification from ISACA validates your capacity to identify and manage IT risks while implementing and maintaining information systems controls. A highly-valued credential, the course explores various topics like IT Risk Identification, IT Risk Assessment, Risk Response and Mitigation Risk and Control Monitoring and Reporting.ISO 27001:2013 LI/LAISO27001 is a widely recognized certification in the information security industry. It has multiple related modules that explore various information security controls.There are two job titles you can pursue after this certification: Lead Implementer and Lead Auditor. The Lead Implementor is responsible for implementing the security measures in target systems as per ISO 27001:2013 standards. The Lead Auditor is hired by certification bodies to audit organizations that have applied for ISO certification and check if measures have been implemented properly.Certified Penetration Tester (CPT)Issued by the Information Assurance Certification Review Board (IACRB), this program trains you to become a well-versed penetration tester. Penetration testing or pen testing is the assessment of computers, application security architecture, and networks to detect loopholes that are prone to malicious hacking. The course trains you in Pen Testing, Network Testing and attacks, Windows vulnerability, Linux/Unix vulnerability, Enumeration, Web App Testing and Wireless Testing.CompTIA PenTest+This is another leading certification in cybersecurity from CompTIA.org. It offers security+ as a beginner certification, and Pentest+ as an advance level certification. CompTIA Pentest+ covers the entire process of vulnerability assessment starting from information gathering, scanning, exploitation, and reporting.This certificate will give you information about:Exploits and its useVulnerability enumerationInformation about BASH, PowerShell(windows), Python scriptReport CreationLicensed Penetration Tester (LPT)Yet another certification provided by EC-Council, is the Expert level Pen testing certification. This is an intensive certification program meant for expert cybersecurity professionals. Through this course, you will learn how to perform advanced penetration testing concepts such as fuzzing, PowerShell scripting, BASH, Python, Perl, and Ruby environments, scripting, and mobile device penetration testing, among others.Considering the above certifications, the onus to choose the right one is upon every aspiring cybersecurity professional out there. For a smooth learning journey, get started with a basic training program like CEH and gradually move on to the rest. Choose a recognized training provider with years of experience to help you chase your career goals with confidence.
5225
The Top Information Security Certifications to Con...

Cybercrimes have the ability to cripple even robus... Read More

Introduction to Vulnerability Analysis in Ethical Hacking

IntroductionIn this article we will discuss the various aspects of Vulnerability analysis in ethical hacking. We will walk you through common examples of vulnerability, various lists and models to prevent them. The models we will be discussing are firewall, password, logical bombing and web hijacking, and in this article, we will talk about the methods to protect systems from these vulnerabilities.What is Vulnerability?Vulnerability can be defined as an issue in the software code that a hacker can exploit to  harm the systems. It can be a gap in the implementation of cybersecurity procedures or a weakness in the controls.What is an example of vulnerability?Examples of vulnerabilities exist in every industry. These include:Unauthorized network access by Hackers due to a weak FirewallCracking of Wi-Fi PasswordsExposure of sensitive data due to lack of application securityCredit card data, Health RecordsSecurity misconfigurationMisconfiguration of passwordsInsecure cryptographic storageWhat are the 4 main types of vulnerabilities?The  4 main types of vulnerabilities are:Faulty defenses – Poor defense measures pave the way for easy intrusion by hackers.  This may be due to weak authentication, authorization, and encryption.Resource management not adequate –The chances of buffer overflow and the potential to have many vulnerabilities are greater when there is inadequate resource management.Insecure connections – If the connection between the system, application and networks is insecure, there is a higher probability of many threats like SQL injection.End user errors and misuse – In many cases, the errors are caused by humans and misuse of the systems.What are vulnerability lists?Below are the various types of Vulnerability lists as per OWASP. There are around 60 in number at present, and the list is growing:Allowing Domains or Accounts to ExpireWhen domain names have expired, the hacker may buy them and set up a mail server. The hacker can find out the incoming mails and get to know the details.Buffer OverflowA process where there is more data added to the buffer and the excess data becomes corrupted and susceptible to vulnerabilities.Business logic vulnerabilityThe software code may be missing a security control like authentications, encryption, or authorization.CRLF InjectionCarriage Return Line Feed – Can be done by modifying the HTTP parameter of the URL.CSV InjectionWhen untrusted CSV files are embedded to the websites causing vulnerabilities.Catch Null Pointer ExceptionWhen the program contains the null pointer, it is highly risky.Covert storage channelThis can help the attackers easily and often happens due to faulty implementation.Deserialization of untrusted dataInjection of malicious data into the applications to stop execution of programs.Directory Restriction ErrorHappens due to the improper use of CHROOT.Doubly freeing memoryThis error occurs when free() is called more than once in the memory address.Empty String PasswordEmpty string password is highly insecure.Expression Language InjectionInjection happens when attacker-controlled data enters an EL interpreter.Full Trust CLR Verification issue Exploiting Passing Reference Types by ReferenceCreate a file called by ValueTypeTest.cs and compile it using csc by Value Type Test.csc.Heartbleed BugCatastrophic bug in OpenSSLImproper Data ValidationMultiple validation forms with the same name indicate that validation logic is not up-to-date.Improper pointer subtractionThe subtraction of one pointer from another to determine the size is dependent on the assumption that both pointers exist in the same memory chunk.Information exposure through query strings in url Information exposure through query strings in URL is when sensitive data is passed to parameters in the URL.Injection problemThe basic form of this flaw involves the injection of control-plane data into the data-plane in order to alter the control flow of the processInsecure Compiler OptimizationImproperly scrubbing sensitive data from memory can compromise security.Insecure RandomnessInsecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context.Insecure Temporary FileCreating and using insecure temporary files can leave application and system data vulnerable to attacks.Insecure Third-Party Domain AccessOccurs when an application contains content provided from a 3rd party resource that is delivered without any type of content scrub.Insecure TransportThe application configuration should ensure that SSL is used for all access-controlled pages.Insufficient EntropyPseudo Random Number Generators are susceptible to suffering from insufficient entropy when they are initialized, because entropy data may not be available to them yet.Insufficient Session-ID LengthSession identifiers should be at least 128 bits long to prevent brute-force session guessing attacksLeast Privilege ViolationThe elevated privilege level required to perform operations such as chroot () should be dropped immediately after the operation is performed.Memory leakA memory leak is an unintentional form of memory consumption whereby the developer fails to free an allocated block of memory when no longer needed.Missing Error HandlingMust define a default error page for 404 errors, 500 errorsMissing XML ValidationFailure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.Multiple admin levelsMultiple level admins may alter the login credentialsOther list of VulnerabilitiesNull DereferenceOWASP .NET Vulnerability ResearchOverly Permissive Regular ExpressionPHP File InclusionPHP Object Injection PRNG Seed ErrorPassword Management Hardcoded PasswordPassword Plaintext StoragePoor Logging PracticePortability FlawPrivacy ViolationProcess ControlReturn Inside Finally BlockSession Variable OverloadingString Termination ErrorUnchecked Error ConditionUnchecked Return Value Missing Check against NullUndefined BehaviorUnreleased ResourceUnrestricted File UploadUnsafe JNIUnsafe Mobile CodeUnsafe function call from a signal handlerUnsafe use of ReflectionUse of Obsolete MethodsUse of hard-coded passwordUsing a broken or risky cryptographic algorithmUsing freed memoryVulnerability templateXML External Entity (XXE) ProcessingWhat is Vulnerability Analysis?Vulnerability analysis is a procedure to check all the vulnerabilities in the systems, computers and other ecosystem tools. The vulnerability analysis helps in the analyzing, recognizing and ranking of the vulnerabilities as per the severity. It helps with the identification and assessment of threat details, enabling us to keep a resolution to protect them from hackers. The analysis can be done for every industry from Healthcare to Retail to IT.Objectives of the Vulnerability analysisTo identify vulnerabilities – Configuration, system, Design, Code, ProcessDocumenting the vulnerabilitiesPreparation of guidance to mitigate the vulnerabilitiesImportance of Vulnerability AnalysisDeep dive insights of the security issuesHelps us understand the risks associated with the entire ecosystemFor security breachesAssets that are prone to cyber attacksSteps for the vulnerability AnalysisHow to check if the organization requires Vulnerability AnalysisTypes of Vulnerability AssessmentNetwork Based ScansTo identify network vulnerabilities. This scan helps to find the vulnerable systems in the wired and wireless networksHost Based ScansThis scan is to identify vulnerabilities in the ports, configuration, server workstations, other hosts and patch historyWireless Network ScansComplete scan on wireless networks to find the vulnerabilitiesApplication ScansTo test all portals and mobile applications for vulnerabilitiesDatabase ScansTo scan all the databases for potential vulnerabilitiesModels of Vulnerability in Ethical HackingFirewall modelInsider attacks -  A Perimeter firewall should be decided and this can take care of the external attacksMissed security patchesWhen the patch management of firewall has not happenedConfiguration issuesIf there are faults in the configuration of firewallDDOS attacksOnly allow legitimate traffic to avoid these attacksPassword modelTo crack the password the hacker uses any of the following – Dictionary, Hybrid model and Brute forceLogical BombingThis usually happens when the hacker uses a malicious code to inject the web application or the cloud infrastructureWeb HijackingThis happens when an unauthorized user tries to access the application bypassing the authorization mechanismProtection from HackingWe need to follow some simple steps to prevent hackingUpdating of Operating systemsInstallation of the proper firewall to prevent intrusionDestroying all personal information from all the web sourcesNo use of Open Wi-FiPassword – Strong password which is not easy to find outSmart emailing – Avoid opening of phishing mailsKeep the sensitive data in the protected environmentIgnore spamShut down the systems after useSecure the networkBack up the dataConclusionIn this article we have discussed the various vulnerabilities that hackers can exploit to gain unauthorized access to a system. Best practices and techniques on how to find the vulnerabilities are also discussed. We have discussed the analysis of vulnerabilities and how it helps in preventing the system from being hacked. Finally, we have discussed models of vulnerabilities in ethical hacking and the ways to keep ourselves protected from hacking.
1222
Introduction to Vulnerability Analysis in Ethical ...

IntroductionIn this article we will discuss the va... Read More