Networking & Security Archives - Hashtag Technophile

Quantum Key Distribution — Unbreakable encryption for Next-Gen

Leave a Comment / Networking & Security / By Ayyappan

Quantum Key Distribution (QKD) — Unbreakable encryption for Next-Gen network security Will you believe that particles like photons can secure our communications? It might sound like science fiction, but QKD is a reality. It seems almost magical, yet it’s happening right now, promising a future where privacy is guaranteed by the fundamental properties of the universe itself. In this blog, we will explore what and how Quantum Key Distribution works and how BB84 protocol works. But before seeing how quantum key distribution works, to understand the quantum key distribution, I just want you to essentially know about some basic terminologies of quantum physics: Photon — It is a quantum of light. Other than that, in this context of the blog try to remember the property of photons that, the photons are not just particles but also waves which can oscillate. Polarization — It refers to the orientation of the oscillation of a photon’s electromagnetic field. While transmitting a photon, the photon can be polarized to oscillate in a particular direction. Say: Horizontal polarization — the electric field oscillates horizontally. Quantum Key Distribution (QKD) is a method for securely exchanging cryptographic keys between two parties (consider Ramesh and Suresh as the two parties). To explain how QKD works, let me dig into a widely used QKD protocol named as BB84 protocol. As a first part of the operation, Ramesh prepares a sequence of photons, each polarized randomly in one of four possible states: horizontal (0°), vertical (90°), +45°, and -45° and then sends the polarized photons to Suresh over a quantum channel. Suresh randomly selects a basis (either it can be rectangular or diagonal) to measure the incoming photons. Note: Rectangular accepts photons which are polarized both vertically and horizontally, and diagonal basis accepts photons which are polarized +45°, and -45°. After the transmission, Suresh announces the basis he used for each photon over a public channel, without revealing the measurement outcomes. Afterwards, Ramesh compares Suresh’s announced bases with the bases he used to prepare the photons. They discard all measurements where the bases did not match, keeping only those where they did. This forms the raw key. Finally, both Ramesh and Suresh publicly compares their raw key bits to estimate the error rate. If the error rate is high, they might understand that someone might have intercepted in between (may be). However, if the error rate is acceptable they proceed with the key exchange to perform a secured communication. If you think the BB84 protocol is just full of theories, it is not what you think. The BB84 protocol has moved from theoretical concept to practical reality, with successful implementations in various settings Why QKD is so special? — The most notable advantages which forces us to say that as an unbreakable encryption is because of its unconditional security. In addition to that, any attempt to eavesdrop on the quantum channel introduces detectable disturbances. Even if the photons are captured, the photon cloning are not possible which makes the eavesdropper to clone an exact photon. Thus, for these reasons it is prone to say that as unbreakable encryption method serving the future with greater security. In this digital era where security being a concern, QKD makes it a promising solution for protecting sensitive information in an increasingly digital world. If you have read this far, I hope you are finding it useful. If so you can buy me a coffee at https://buymeacoffee.com/ayyappansubramanian For more such articles do subscribe www.hashtagtechnophile.com Follow us on Instagram for quick bites! Make sure you rate or comment this article and if you are finding it more useful do share & subscribe because that encourages me to write more Cheers! Until next time…❤️

Top five Cybersecurity tools that are must to learn

Leave a Comment / Networking & Security / By Ayyappan

Top Five Cybersecurity tools that are must to learn In the rapidly evolving field of cybersecurity, staying current with the latest trends, threats, and technologies is not just beneficial — it’s essential. Not only in the field of cybersecurity, but in general the person who fail to update themselves regularly face significant challenges. Either you are staring your career in cybersecurity or being a cybersecurity enthusiast wanted to upgrade yourself, this article suits you. In this article, we gonna discuss about top five cybersecurity tools that are must to learn as a cybersecurity enthusiast. 1. NMap NMap (Network Mapper) is a versatile open-source network scanning tool used to discover hosts and services on a computer network. It provides detailed information about the network’s topology and can detect various types of devices, operating systems, and services running on the network. 2. Metasploit Metasploit is a powerful penetration testing framework that enables security professionals to find, exploit, and validate vulnerabilities in systems. It provides a suite of tools for developing and executing exploit code against a remote target machine. 3. Wireshark I bet you might definitely came across this tool called Wireshark. It is a widely-used network protocol analyzer that captures and displays data packets traveling through a network in real-time. It helps in troubleshooting network issues, analyzing network performance, and detecting suspicious activities. 4. John The Ripper John the Ripper is a free and versatile password cracking tool used to test the strength of passwords. It supports a wide range of password hash types and includes several cracking modes to uncover weak passwords. 5. Burp Suite Burp Suite is an integrated platform for performing web application security testing. It offers a range of tools for crawling, scanning, and exploiting web application vulnerabilities. This is a very short article just to quote the top five cybersecurity tools that are currently on-demand. Hope you found this useful 🙂 If you read so far, I hope you find this article more informative. For more such articles do subscribe www.hashtagtechnophile.com Follow us on Instagram for quick bites! Make sure you rate or comment this article and if you are finding it more useful do share & subscribe because that encourages me to write more Cheers! Until next time…❤️

MerkSpy Targeting Canada, India and US

Leave a Comment / Networking & Security / By Preethi

MerkSpy Targeting Canada, India and the US FortiGuard Labs recently detected an attack exploiting the CVE-2021-40444 vulnerability in Microsoft MSHTML to deliver a surveillance tool called MerkSpy as part of a campaign primarily targeting users in Canada, India, Poland, and the U.S.. MerkSpy is designed to secretively monitor user activities, capture sensitive information, and establish persistence on compromised systems Source: Fortinet Steps involved in this attack: Step 1: The starting point of the attack chain is a Microsoft Word document that ostensibly contains a job description for a software engineer role. A remote code execution vulnerability in the MSHTML component used by Internet Explorer in Microsoft Office is exploited when the document is opened. This vulnerability is known as CVE-2021-40444. With no more user input required beyond opening the document, this vulnerability enables an attacker to run arbitrary code on a victim’s computer. Using the file “_relsdocument.xml,” the attacker hides the URL. After downloading an HTML file that prepares the system for the upcoming assault phase, it points to hxxp://45[.]89[.]53[.]46/google/olerender[.]html. Step 2: Following a successful exploit, the infected document starts downloading “olerender.html,” the payload, from a remote site. This HTML file has been carefully constructed, with harmless script occupying the beginning to conceal its real purpose. When the attack is run on the victim’s computer, the shellcode and injection procedure are hidden at the end of the file. The OS version of the system is initially checked by “olerender.html”. The embedded “sc_x64” shellcode is extracted if an X64 architecture is identified. Following the extraction of the relevant shellcode and determination of the OS version, “olerender.html” finds and obtains the Windows APIs “VirtualProtect” and “CreateThread.” These features are essential for the subsequent actions: It makes use of “VirtualProtect” to change memory permissions so that the decrypted shellcode can be safely written into memory. The injected shellcode is then executed by “CreateThread,” which prepares the system for downloading and running the next payload from the attacker’s server. This procedure makes sure the malicious code functions without a hitch, which makes it easier to exploit further. Step 3: After the shellcode is installed, it acts as a downloader to start the subsequent attack phase. It connects to the same distant server in order to retrieve a file with the fictitious name “GoogleUpdate.” Even with such a pleasant name, “GoogleUpdate” is anything but. The main malicious payload is contained in this file and is heavily encoded to avoid being discovered by common security tools. The shellcode carefully decodes and gets this payload ready for execution after it has been downloaded successfully. Following the download of “GoogleUpdate,” the file is decoded by the shellcode using an increment value of 0x00890518 and an XOR key of 0x25021420. This decryption procedure is essential because it retrieves the hidden payload that is embedded in the file. The shellcode makes sure that the malicious material stays concealed by using these particular cryptographic approaches, which gives the attacker the ability to successfully carry out their desired actions on the compromised system. Step 4: VMProtect protects the extracted payload. Its main purpose is to invisibly insert the malicious software MerkSpy into essential system operations. Operating surreptitiously within a system, MerkSpy spyware allows it to exfiltrate data to distant servers under the direction of malevolent individuals, watch user actions, and gather sensitive information. By posing as “Google Update” and inserting a registry entry for “GoogleUpdate.exe” in “SoftwareMicrosoftWindowsCurrentVersionRun,” MerkSpy is able to remain persistent. By using this dishonest method, MerkSpy is guaranteed to start up immediately as the device boots up, allowing for ongoing operation and data exfiltration without the user’s awareness or permission. When MerkSpy is installed, it starts the exfiltration process and starts watching over particular targets. These targets include taking screenshots, recording keystrokes, getting Chrome login credentials, and opening the MetaMask plugin. After obtaining this data, MerkSpy transfers the data to the attacker’s server through VMProtect protects the extracted payload. Its main purpose is to invisibly insert the malicious software MerkSpy into essential system operations. Operating surreptitiously within a system, MerkSpy spyware allows it to exfiltrate data to distant servers under the direction of malevolent individuals, watch user actions, and gather sensitive information. By posing as “Google Update” and inserting a registry entry for “GoogleUpdate.exe” in “SoftwareMicrosoftWindowsCurrentVersionRun,” MerkSpy is able to remain persistent. By using this dishonest method, MerkSpy is guaranteed to start up immediately as the device boots up, allowing for ongoing operation and data exfiltration without the user’s awareness or permission. When MerkSpy is installed, it starts the exfiltration process and starts watching over particular targets. These targets include taking screenshots, recording keystrokes, getting Chrome login credentials, and opening the MetaMask plugin. After obtaining this data, MerkSpy transfers the data to the attacker’s server through hxxp://45[.]89[.]53[.]46/google/update[.]php. The POST request indicates that it is a multi-part form-data submission by using a fixed boundary, “————————update request,” and a user agent string of “WINDOWS”. The body of the request is divided into several sections: “id”—Denotes the client ID, which consists of the user’s name and the hostname of the computer. “check”: A flag that indicates the check-in status. “key”: Holds the information that the keystroke logger recorded. This parameter acts as an index for the file being uploaded when uploading a huge file. “fileToUpload[]” – Indicates an uploaded file, like a screenshot or an extracted login. Final Thoughts: Through comprehension of this assault chain’s complexities, businesses can improve their preparedness and implement efficient security mechanisms against these kinds of breaches. If you read so far, I hope you find this article more informative. For more such articles do subscribe www.hashtagtechnophile.com Follow us on Instagram for quick bites! Make sure you rate or comment this article and if you are finding it more useful do share & subscribe because that encourages me to write more Cheers! Until next time…❤️

Nearly, 700,000 OpenSSH servers are vulnerable to RCE?

Leave a Comment / Networking & Security / By Ayyappan

Nearly, 700,000 OpenSSH servers are vulnerable to RCE? – An overview on regreSSHion A new vulnerability named regreSSHion has been discovered in OpenSSH. This new vulnerability allows remote attackers to gain root privilege access on remote servers. The vulnerability which is found recently has been assigned to ID CVE-2024-6387. This vulnerability has the potential to compromise a full system where an attacker can execute arbitrary code with the highest privileges, resulting in complete system takeover. Why this Vulnerability seems to be trending? – OpenSSH is a popular implementation of the SSH (secure shell) protocol, and it is integrated into most Linux distributions and also available in Microsoft OSs. I’m not exaggerating but I would like to mention here that sshd runs on millions of devices which makes the exploitation surface more larger. Researchers say, over 700,000 openSSH servers are vulnerable to this. And this is the reason for this vulnerability to grab attention from all the cybersecurity researchers and enthusiasts. The threat researchers of Qualys also published the technical details of the vulnerability on Monday 1st July 2024 which states that, “We discovered a vulnerability (a signal handler race condition) in OpenSSH’s server (sshd): if a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd’s SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe (for example, syslog()). This race condition affects sshd in its default configuration. On investigation, we realized that this vulnerability is in fact a regression of CVE-2006-5051” Click here to view full technical details published by Qualys Interesting fact: This bug was already fixed by the OpenSSH team in 2006 (refer: CVE-2006-5051). However, the new bug is a regression of the existing bug due to some changes introduced in the code throughout the time. This is the reason to name this vulnerability as regreSSHion. This article is basically to let you know about the cyber trends and attacks that are happening all over the world. However, I would like to add the mitigations suggested by the researchers. The suggested mitigation includes that, if updating immediately isn’t possible, administrators can temporarily reduce the login timeout to zero (set LoginGraceTime=0 in sshd_config). However, developers caution that this change increases the risk of DDoS attacks targeting the SSH server. If you read so far, I hope you find this article more informative. For more such articles do subscribe www.hashtagtechnophile.com Make sure you rate or comment this article and if you are finding it more useful do share & subscribe because that encourages me to write more Cheers! Until next time…❤️

Fundamentals of Security

2 Comments / Networking & Security / By Preethi

Fundamentals of Security Information Security vs. Information Systems Security In the ever-evolving landscape of digital advancements, the terms “information security” and “information systems security” are often used interchangeably. However, a closer look reveals distinct focuses and scopes, each playing a crucial role in the overarching goal of securing sensitive data. Let’s delve into the nuances that differentiate these two critical domains. Information Security: Safeguarding the Spectrum It is an act of protecting information and data from unauthorized access, unlawful alteration and disruption, disclosure and corruption, and destruction. It is about the data that systems are holding, not about the systems themself. (e.g) Personal Data, Medical report, etc. Information Systems Security: Guarding the Technological Infrastructure In contrast, it is an act of protecting the systems that hold and process the critical information and data. (e.g) Computer, Server, Network Device, Smartphone, etc. Pillars of Security Now, let’s explore the foundational pillars of security: confidentiality, integrity, availability, non-repudiation, and authentication. In the beginning, the guiding model of information security was known as the CIA Triad, incorporating Confidentiality, Integrity, and Availability. With the addition of Non-Repudiation and Authentication, it has evolved into the CIANA Pentagon model. Confidentiality It ensures that information is only accessible to those with the appropriate authorization. Integrity Moving on, Integrity ensures that data remains accurate and unaltered, unless modification is required. Availability It ensures that information resources are accessible and functional when needed by authorized users. Non-Repudiation It is guaranteeing that a specific action or event has taken place and cannot be denied by the parties involved. AAAs of Security Authentication – It is a process of verifying the identity of a user or system. Authorization – It determines what actions or resources an authenticated user has permissions to perform. Accounting – The act of tracking the user activities and resource utilization. In conclusion, this exploration serves as a guide to demystify security fundamentals. Understanding the distinctions between information security and information systems security is crucial in fortifying our approach to securing sensitive data in the ever-evolving digital landscape. Will see you in the upcoming article with the detailed content of each pillar of security with examples and various techniques to handle it. To not miss it, do subscribe our newsletter to get notified! Do follow our instagram page : hashtag_technophile Make sure you rate or comment this article and if you are finding it more useful do share it with your friends, because that encourages me to write more! Cheers! Until next time…❤️ QUIZ TIME – Comment down your answer! In CIANA Pentagon model, N stands for?

Demystifying Access Control Matrix (ACM)

Leave a Comment / Networking & Security / By Ayyappan

Access Control Matrix (ACM) Hello Technophiles! Welcoming back to another article. This article deals with the Android OS architecture and its layers. Before getting to know what is access control matrix, let’s answer what is access control? Access control describes who can do what to whom. In order to mathematically represent this, we are using something called Access Control Matrix (ACM) Thus, ACM is nothing but a matrix that describes the rights of subjects over objects. Subjects -> Refers to users Objects -> Refers to files or directories Object set always encloses subject set (i.e every subject is also an object) Now the question arises that why the object set always encloses the subject set? In terms of OS, subjects can access and communicate with other objects. That is the reason we have the subjects on the object’s column as well. Subject = {s1, s2, s3, …} Object = {o1, o2, o3, …} Rights = {r1, r2, r3, …} Interpretation – A {Sij, Oij} = {r1, r2, ….., rn} Now let’s look at the primitive operations that are done in Access Control Matrix (ACM) Create a subject S’ = S U {s}, O = O U {s} where s belongs to S Create an object S’ = S, O = O U {o} where o belongs to O Destroy a subject S’ = S – {s}, O = O – {s}, where s belongs to S Destroy an object S’ = S, O = O- {o} where o belongs O Enter a right a[s,o] = a[s,o] U {r}, where s belongs to S and o belongs to O Delete a right a[s,o] = a[s,o] – {r}, where s belongs to S and o belongs to O The transition in the matrix is cause by commands which are sequence of primitive operations. When transition occurs, the protection state of a system will change. Such a change is modelled as ACM state transition. The rights (example: r1, r2,…) denote the access that is provided to each individual. In addition to that, there are special rights that are used based on the role specified to that subject. One of the notable special rights is Right: Own. The special right own give rights to change all entries in a column where an owner of an object can modify and change the access. Similarly, there are other special rights that are granted based on the access that is required. In simple terms, this is what access control matrix is and its definition. I hope you got the basic understanding of access control matrix and its operation Make sure you rate or comment this article and if you are finding it more useful do share & subscribe because that encourages me to write more Cheers! Until next time…❤️

Exploring the Layers: A Deep Dive into Android OS Architecture

Leave a Comment / Networking & Security / By Ayyappan

Exploring the Layers: A Deep Dive into Android OS Architecture Hello Technophiles! welcoming back to another article! This article deals with the Android OS architecture and its layers. The Android operating system, developed by Google, has evolved significantly since its inception. Android has become the most dominant mobile platform and known worldwide. To understand how Android works, it’s essential to know its architecture, which is designed to be flexible, modular, and highly customizable. In this article, we’ll explore the layers and components that make up the Android OS architecture. 1.Linux Kernel Layer At the core of the Android operating system is the Linux kernel. The Linux kernel provides essential services such as hardware abstraction, memory management, process management, and device driver support. Android builds upon the robust and secure foundation of Linux, making it a stable and reliable platform. Key functions of the Linux kernel layer in Android include: Hardware Abstraction: The kernel abstracts hardware details, allowing Android to work across a wide range of hardware configurations. Memory Management: It manages system memory, ensuring efficient allocation and deallocation of resources. Process Management: The kernel oversees the execution of processes and handles multitasking. Device Drivers: These drivers enable communication between hardware components and the operating system. In addition to the above things, the Hardware Abstraction Layer (HAL) acts as a bridge between the hardware-specific device drivers and the higher-level Android framework. It ensures that the upper layers of the Android stack remain hardware-agnostic, allowing Android to run on various hardware platforms seamlessly. The HAL includes libraries and software components that communicate with hardware devices like cameras, sensors, and audio chips. This layer enables Android to support a wide array of devices with different hardware configurations. 2.Native or C/C++ Libraries and Runtime Above the HAL, Android uses a combination of native libraries and the Android Runtime (ART). Some of the native libraries are Webkit, OpenMaxAL, OpenGL|ES etc. These native libraries provide performance-critical components. Say for instance, WebKit is an open-source browse engine which powers the browser on the android device. Native libraries provide performance-critical components, while ART executes Android applications. The shift from the earlier Dalvik runtime to ART in Android 5.0 brought significant performance improvements, including faster app startup times and smoother animations. 3.Android Framework The Android Framework is a collection of Java classes and libraries that provide the core functionalities and building blocks for Android applications. It consists of various modules, including: – Activity Manager: Manages the lifecycle of Android applications and their components, such as activities and services. – Content Providers: Allow apps to share data and access it securely. They act as a bridge between applications and databases. – Notification Manager: Handles notifications generated by apps and system events. – Location Manager: Enables apps to access location-based services. – Connectivity Manager: Manages network connections, including Wi-Fi and mobile data. The Android Framework also includes the Application Framework, which allows developers to build custom applications using pre-built components. 4.Applications At the top of the Android architecture stack are the applications themselves. These can be pre-installed system apps, such as the phone dialer and messaging app, or third-party apps installed by users from the Google Play Store or other sources. Android apps are written in Java or Kotlin and interact with the Android Framework through APIs. They leverage the framework’s components and services to provide various functionalities to users. Conclusion The Android OS architecture is a well-structured stack of layers, each with its specific functions. From the Linux kernel providing core services to the Application layer hosting user-facing apps, the architecture promotes modularity and flexibility. This flexibility has allowed Android to adapt and thrive on a wide range of devices, from smartphones and tablets to smart TVs, wearables, and more. Understanding the Android OS architecture is crucial for developers and enthusiasts alike, as it provides insights into how the world’s most popular mobile operating system functions at its core. If you have read this far, I hope you are finding it useful. Now it’s your turn, to get a good understanding of this article, just check whether you could able to answer for the following questions. What are the layers of Android Architecture? Which is the core layer in the android architecture? What is activity manager? What is the native library OpenMaxAL? If you can able to answer then you can also try commenting the answers. Make sure you rate or comment this article if you are finding it useful and do share & subscribe because that encourages me to write more Cheers! Until next time…❤