cyber security

The Return of PunkSpider

PunkSpider is a tool that automatically crawls the internet searching for vulnerable websites. It then lists those websites and their vulnerabilities in a public database with the intention of creating a more secure online world. It was originally launched by developer Alejandro Caceres and his company Hyperion Gray, but was eventually shut down. It is slated to return at Defcon in August of 2021. But what does this really mean for vulnerable websites?

When asked about his intentions with this tool, the developer said “wouldn’t it be cool if I could scan the entire web for vulnerabilities? And to make it even more fun, wouldn’t it be cool if I released all those vulnerabilities for free? I knew it was going to have some kind of implications. And after I started thinking about it, I really thought they might be good” (Caceres, WIRED article).

The other side of the argument comes down to timing. Regardless of the good intentions, “bad actors can exploit the vulnerabilities faster than administrators can plug them, leading to more breaches” (Karen Gullo, email to WIRED).

This raises the question: should a tool like PunkSpider exist? Should those vulnerabilities be made public? Will this lead to more ransomware attacks? Caceres responded to these concerns by saying “you know your customers can see [the vulnerabilities], your investors can see it, so you’re going to fix that s*** fast.”

What do you think about PunkSpider? Leave a comment below. Thanks for reading!

TryHackMe - What is Splunk?

(Photo credit: Vishnu R Nair)

(Photo credit: Vishnu R Nair)

TryHackMe is a great resource for learning basic hacking concepts and getting hands-on experience! This article will show you around the “Detect Attacks Using Splunk” room from TryHackMe. “Splunk” is a product that captures and organizes data into digestible formats to help find patterns and solve problems for companies.

Begin by creating a TryHackMe account and completing the first few click-throughs, which eventually leads to this link:


Once you’ve entered the Splunk “room,” you will need to start your virtual machine. While the machine loads, you will answer some basic questions about Splunk commands. Google is your friend!

Following your quiz is an opportunity to learn about “BOTS,” which is described as a “blue-team jeopardy-esque (CTF) activity.” Learn more about that here.

Eventually, your virtual machine will load. Open the web browser and navigate to the URL listed in the instructions. This should lead you to the first exercise, with a screen that looks like this:

Splunk2.png

Our first task is to track down P01s0n1vy, who is attacking our company, Wayne Enterprises. Follow the prompts to begin to understand which IP address attacked us, and which software was used to carry out the attack. While all of the answers are more or less given to you, it is best to always click the green button to “Run the Search in a New Tab,” which helps you see exactly how Splunk works with data to find the answers.

Splunk3.png

You will then progress through a series of questions. Don’t be discouraged if you need to google some of the answers. The most important thing to remember is that as long as you are learning something, your time is well spent. Everyone starts somewhere, and TryHackMe is a great way to expose yourself to the world of hacking! Keep going and you will keep learning.

(Photo credit: Kaur Kristjan)

(Photo credit: Kaur Kristjan)

Here is a link that provides many answers if you get stuck.

Good luck, and enjoy!

What are DoS and DDoS Attacks?

What is the difference between DoS and DDoS?  (Photo credit: Kevin Ku)

What is the difference between DoS and DDoS? (Photo credit: Kevin Ku)

A “Denial of Service” (DoS) attack involves disrupting a computer or network and making it unavailable to users. This can be accomplished by exploiting a vulnerability in the system. One common DoS method is to flood the network with requests to overload it, which stops legitimate requests from coming through.

A “Distributed Denial of Service” (DDoS) attack is a DoS attack that comes from multiple coordinated sources. This is often achieved by using a botnet, which is a network of private computers maliciously being controlled without consent from the owners. A botnet has strength in numbers and is able to overwhelm a target by abusing protocols such as DNS, ICMP, and Network Time Protocol.

Here are some ways to protect yourself against DoS and DDoS attacks:

  • Use a multi-level defense strategy. This could include Intrusion Prevention and Detection Systems, firewalls, VPNs, content filtering, secure backups, and more depending on the scope of your network.

  • Keep software and firmware updated on all of your network devices. Avoid using hardware that is no longer supported with security updates from the manufacturer.

  • Monitor your network traffic. Understand your baseline so you can recognize anomalies as they occur.

  • Consider implementing cloud-based technologies as a way to outsource DDoS prevention.

Denial of Service attacks normally target business and larger companies, but individuals should also practice good security habits online. This includes using a firewall, keeping your software and OS updated, and not clicking suspicious links or opening strange emails. This will help prevent your system from unknowingly becoming part of a botnet, and will keep you safer online. Stay informed, and stay vigilant!

Is Cybersecurity a Good Career Field?

A career in cybersecurity can be very lucrative. (Photo credit: Max Duzij)

A career in cybersecurity can be very lucrative. (Photo credit: Max Duzij)

There are many possible IT career paths, and cybersecurity can be a great choice for some. If you like problem solving, consider yourself to be a fast learner, and are passionate about defending against cybercrime, than a career in cybersecurity may be right for you. Here are just a few potential jobs in the cybersecurity field:

Entry Level:

  • IT Technician / Help Desk

  • Network Engineer

  • Junior Security Analyst

  • Junior Penetration Tester

  • Systems Administrator

Mid-Level:

  • Security Technician

  • Security Analyst

  • Penetration Tester

  • Incident Responder

Advanced:

  • Cybersecurity Architect

  • Cybersecurity Engineer

  • Chief Information Security Officer

  • Cybersecurity Manager

This list is definitely not exhaustive, and there is some overlap between job titles and what the actual job entails depending on who you speak to. When job searching, it is also worth noting that there is no standard for whether these jobs are called cybersecurity, cyber security, IT security, etc. It is recommended to tailor your resume to fit whatever terminology the current job description is using; this helps you not get filtered out by an automated system looking for keywords that may or may not be on your resume. Again, the job description for that particular listing is your best resource when choosing your words carefully.

How to get started

To get your first job in cybersecurity, start by looking at your current background. Do you already have a degree or work experience in IT? Do you have a degree in an unrelated field? Some jobs are looking for a 4-year degree, and some are not. Certifications are a great first step, whether or not you have a degree. Many professionals recommend the CompTIA Network+ and Security+ as some of the first certifications to get to jumpstart any IT career.

It is also important to get hands on experience. Start using programs like Nmap to see how network connections work. Download a virtual machine and install an operating system that you might be less familiar with, such as a Linux distribution. Volunteer at a local small company to help them with tech support and troubleshooting. Watch some videos about bash scripting or Python and teach yourself some basic coding. Do anything that you can to add relevant skills and experience to your resume!

A degree in IT can help, but it is not required for all jobs. What you know and what you can do is more important than what school you did or didn’t go to. Don’t forget about soft skills: being able to communicate professionally is key to any interview and any successful career.

If you are passionate about technology and willing to do the work to learn the skills you need, a career in cybersecurity can be a great fit. Good luck!