Every computer, social media platform, or online tool requries some level of authentication. This usually requires a username and password. Correctly managing these credentials can be a defining point in defending yourself from an online attacker. What if I told you that a hand written log of passwords is not the most insecure means of password management? Key requirements of credentials Lets start with the basics. A username is a value that is used to identify a user and a password is a secret that is used to verify a user is who they claim to be.

In this post, we will review the basics of phishing as a part of cybersecurity month. Many organizations, goverments, and infosec companies prepare ways to inform the general public on how to prevent falling victim to these kinds of attacks. Hopefully by the end of this, you will know what phishing is and have a few things to review falling victim to criminals that may be targeting you. What is Phishing?

The month of October is Cybersecurity Awareness Month. The National Cybersecurity Alliance (NCA) has partnered with US government agencies to promote understanding of security topics. Many communities and security companies use this month as an opportunity to reach out to the general public as well. This year, I have partnered with NCA as a awareness champion to promote four topics with my readers. On top of that I will be reposting related threads on Twitter and sharing about additional opportunities that could benefit you.

There’s a sticker on the back of my personal laptop. I don’t recall where I got it from I believe it was an informal sticker exchange at GrrCON a few years ago. It’s a pretty clear message and you can see it here. For anyone who’s trying to watch what they say, lets call it “Patch your stuff”. It’s a simple rule, but an important one we should all follow.

A good friend once mentioned how cool it’d be to practice brute forcing for a website login. I created a simple web page with a login form. Incorrect logins display a red error message while successful logins show the rest of the web page. There’s no database or complex code behind the webpage. It simply hashes the user input and compares it to a stored value. Before we continue, I must make it blatantly obvious that hacking any online service without consent could land you in a lot of trouble.

This is my last post related to HTTP Public Key Pinning (HPKP). This is a post in response to Scott Helme’s latest post about him giving up on HPKP and how my blog is a perfect example of his concerns. In the past I’ve written three articles about the HPKP header: Testing HPKP headers Adding HPKP headers HPKP.. Public Key Pinning? The point of each of these articles are pretty well summed up in their titles.

One of the tools offered by default in Kali and many other hacking related distros is WPscan, a black box WordPress vulnerability scanner. I wanted to learn how to use this tool because it would help with recon on CTF challenges, practice boxes from vulnhub, and even trying to keep my own blog vulnerability free. Disclaimer Before I tell you more about the tool and how it can be used, I have to throw out the usual disclaimer.

Over the last two weeks, I’ve posting a lot about HTTP Public Key Pinning. This will be my last post about it, I want to focus on testing HPKP. If you don’t know what HPKP is, read the first post. To learn how to add those headers, read the second post. I’ve had to spend a lot of time trying to figure out how to properly test these headers. In theory, this is how it should work.

Before we try to add a HPKP header, let’s review from last week. I made a post about what HTTP public key pinning is. It’s a fingerprint that browsers use to compare certificates can warn the user if the certificate is from a different source, even if it’s trusted or from the same server. If that doesn’t make sense, check out the link to the previous post. Public-Key-Pins A Public-Key-Pins header looks like this:

On a project I’m involved with, a scanner has picked up a low issue where the HTTPS is missing HTTP Public Key Pins (HPKPs). If you’re like me, you’re probably thinking what the heck is HPKP? Well, I did a little bit of research and got it working on my personal website, I’ll share my struggles below so you don’t have to follow my footsteps. The Theory Our browser stores a list of places that are accepted TLS/SSL certificate providers.

In my normal fashion, I’m going to start this blog post with a little intro to cover my butt. Recently at work, I’ve been tasked with learning about Transport Layer Security or TLS. This blog post is my own thoughts and is not 100% accurate, but I hope you get the idea as well as I do. What is TLS? Well, as I said above, TLS is Transport Layer Security. It’s the encryption used by clients and servers to encrypt messages sent between the two.

I hope you’ve been enjoying my posts. I know that writing these posts have been a good outlet for all I have learned over the last few years. This website is hosted on a VM, but it’s still a server that’s vulnerable to your every day hacks. For instance, every day someone pings my server, finds the SSH port and attempts to brute force into it. Now while there’s nothing here for them to steal, there’s still 20GB of free internet storage for whatever they want and the only thing stopping that brute force attack is that they can’t guess my password.

Following my post from two weeks ago about Scanning, enumeration is a Network Hackers next step. Enumeration is when you probe services (that was identified from scanning) for vulnerabilities. Now, up to this point we were able to keep a anonymous veil around us. However, enumeration requires active connections or direct queries to your target, which could be logged or capture and then used against you. Typically you are looking for usernames (that you can use for brute force guessing), email addresses (used for phishing attempts), or misconfigured/outdated systems with known vulnerabilities.

One you’ve found a target and it’s time to dig in a little more to find a way in, start with scanning. Try to Follow these steps: Determine if the system alive Try using ping sweeps, nmap offers this with the -sP option ICMP Queries offer a wide range of information about a target Determine which services are running/listening Sending packets to TCP / UDP ports to see what is listening There are a variety of tools, nmap, netcat, and strobe are examples Determine the Operating System Get content info from FTP, HTTP, or others.

Footprinting is gathering information about a target before attempting to hack them. There are a few ways to do it but the important part is getting the right details, What kind of servers are in use, What kind of operating system is in use, What is the deployment and version control systems in place… Things like these will lead you to what vulnerabilities to use to get into the system

This is an article about defending from attacks, but we can use it as the “7 steps of hacking”. This shows the basic categories of where we can exploit vulnerabilities. So use this for ideas as to how you can break into a network but beware because it’s also how people defend against us. EDIT: Don’t get ahead of yourselves, if this looks completely foreign to you, keep working at things that are simpler.

Step 2: Learn the basics Google and the internet is your friend. If you can’t take a class, there is a multitude of online resources you can use. Whether you’re trying to learn programming and use Stackoverflow or you’re learning about basic hacking skills and want to use Hacking Highschool; you really do need to have some understanding of how things work before you try to hack them.