National Cyber Strategy of the U.S. of America

I read the Department of Defense (DoD) Cyber Strategy of the United States of America last week and this week I’ve been reading the National Cyber Strategy of the United States. Why? I think reading Cyber Strategies is the best way to understand and learn how to write a Cyber Strategy. This is obvious! In addition, reading Cyber Strategies, we can find out what are the security risks of the States or what they are worrying about. For instance, the DoD Cyber Strategy speaks about the competition with China and Russia as well as the malicious cyber activities of North Korea and Iran. Another example is the Cybersecurity Strategy of the EU which highlight the security risk of depending excessively on ICT produced outside the EU.

The first pillar of the National Cyber Strategy of the U.S. is about protecting the American People, the Homeland, and the American Way of Life. How is the government going to do this? Securing Federal Networks and Information, Securing Critical Infrastructure, Combating Cybercrime and Improving Incident Reporting. The government has written many priority actions in the first pillar such as improving federal supply chain risk management which is interesting to exclude risky vendors, products and services.

Promote American Prosperity is the second pillar of the National Cyber Strategy. The government wants to foster a vibrant and resilient digital economy. They also want to foster and protect United States ingenuity. Finally, the government wants to develop a superior cybersecurity workforce, which is aligned with the DoD Cyber Strategy of the U.S. I would like to highlight the priority action of maintaining United States leadership in emerging technologies, which means most ICT are produced in the EEUU and they want to maintain this leadership. Another interesting priority action is about updating mechanism to review foreign investment and operation in the United States where they want to know who and what foreign companies invest in the United States.

The third pillar is about preserving peace through strength. Peace and Strength in the same sentence. Interesting!! The aim is enhancing cyber stability through norms of responsible state behaviour as well as attributing and deterring unacceptable behaviour in cyberspace. The priority actions in the third pillar talk about information campaigns and non-state propaganda and disinformation. Do you remember the Cambridge Analytica consulting firm and the Trump campaign? Yes, this is to fight against online malign influences.

Advance American Influence is the last pillar of the Cyber Strategy. The government will promote an open, interoperable, reliable, and secure Internet as well as they’ll build international cyber capacity. It seems they are interested in protecting and promoting Internet freedom, me too, but I think they are especially interested in market opportunities for technological American firms because why they don’t also promote free trade? why there are a chaotic trade war?

Regards my friends. Keep reading. Keep learning!!

DoD Cyber Strategy of the U.S. of America

I’ve been reading the Department of Defense (DoD) Cyber Strategy of the United States of America this week. This new strategy seems more offensive than the last one because the Trump administration “will employ offensive cyber capabilities and innovative concepts” as well as they “must ensure the U.S. military’s ability to fight and win wars in any domain, including cyberspace”. However, the devil is in the details, of course. And the strategy includes no much details.

The first line of effort is to build a more lethal Joint Force which means accelerating cyber capabilities development and innovating to foster agility. In addition, the Department will use automation and data analysis tools to improve effectiveness with the aim of operating at machine speed and analysing large-scale of data to identify quickly malicious cyber activities. It’s interesting as well how they are also willing to employ commercial-off-the-shelf (COTS) cyber capabilities to optimized cyber operations.

The second line of effort is to compete and deter in cyberspace which means deterring malicious cyber activities and persistently fighting malicious cyber activity in day-to-day competition. The Department will also increase the resilience of U.S. critical infrastructure working with other agencies and the private sector and sharing information with them. It’s important to highlight most critical infrastructure is managed by the private sector thus sharing information is mandatory for protecting the country.

The third line of effort is to strengthen alliances and attract new partnerships for building trusted private sector partnerships and making international partnerships with the goal of getting advanced cyber capabilities. In addition, the Department wants to reinforce norms of responsible State behaviour in cyberspace to improve behaviour in cyberspace such as including prohibitions against damaging civilian critical infrastructure during peacetime.

Another line of effort is to reform the Department for incorporating cyber awareness into DoD institutional culture because leaders and their staffs should know about security risks as well as they should be able to identify opportunities to gain advantages. The Department will also increase cybersecurity accountability into the private sector and personnel so that each person is accountable for their cybersecurity practices and choices. This line of effort also seeks material solutions that are affordable, flexible, and robust which will be got from COTS. What’s more, the Department wants to expand crowd-sourced vulnerability identification with hack-a-thons and bug-bounties to identify and mitigate vulnerabilities.

Finally, the last line of effort is for cultivating talent. The aim of this line is to enhance the Nation’s cyber talent and sustain a ready cyber workforce. This is going to be done with education, training and awareness as well as with the use of the Reserve Components. Moreover, software and hardware expertise will be in the core of DoD competencies as well as establishing a cyber top talent management program will be one of the main objectives of the DoD.

This is a summary of the Department of Defense Cyber Security. Five lines of effort to compete, deter, and win in the cyberspace domain.

Regards my friends. Keep reading. Keep learning!!

Crowd Counting Researches

I’m not a research but I like reading papers to know and learn about new technologies and trends because many papers later on are useful in the future. For instance, I read about Notos, which is a dynamic reputation system; Pleiades, which is a DGA malware detection system, and Phoenix, which is another DGA botnets searching system. These papers helped me to understand how Domain Generation Algorithms work and, therefore, helped me to win the ISACA Challenge in 2015. Today, I want to write about some papers I’ve been reading about Crowd Counting.

I knew a little bit about crowd counting using computer-vision techniques which is useful to know how many people are in the area. However, after reading more about crowd counting, I’ve realised that crowd counting is interesting for many other applications. For instance, crowd counting can be used in smart buildings to optimize the energy consumption based on the number of people in the building or crowd counting can also be used by retailers for better plan their business by assessing which parts of the store get more visitors. In addition, crowd counting is not only investigated from computer-vision but also from environmental science communities and wireless networking.

I didn’t know environmental science communities also studied about crowd counting. They utilize the characteristics of the area of interest such as temperature, concentration of carbon dioxide, lighting, relative humidity, motion, acoustics, etc to identify the number of people in the area. It’s interesting. However, it requires installing specialized sensors such as gas detection sensors, ambient sensors or CO₂ sensors, which are expensive. In addition, it requires access to the area of interest.

Wireless networking is another technique to identify the number of people in the area where radio frequency (RF) signals can penetrate through objects, such as walls, that combined with wireless devices, such as WiFi routers, provide a great potential for imaging, tracking, and occupancy estimation. There are two methods using RF signals, which are the device-based active methods and the device-free passive methods.

The device-based active methods rely on pedestrians to carry smartphones. For instance, device-based active methods can use GPS or Bluetooth to assess crowd density. It’s interesting how some researches are based in the walking speed of pedestrians to know the crowd density. However, the device-free passive methods don’t require people to carry any device. Instead, device-free methods rely on the interaction of the wireless signals with the people in the area of interest. It’s interesting how these methods can count people through walls using WiFi.

Crowd Counting Through Walls Using WiFi

Once I read the first paper “Crowd Counting Through Walls Using WiFi”, I wanted to know and learn more and more. After reading this paper, I also read “Occupancy Detection Through An Extensive Environmental Sensor Network In An Open-Plan Office Building”, “Indoor Occupancy Estimation From Carbon Dioxide Concentration”, “Bluetooth Based Collaborative Crowd Density Estimation with Mobile Phones” and “Probing Crowd Density Through Smartphones In City-Scale Mass Gatherings”. It’s been interesting, it’s been funny reading about Crowd Counting Researches.

Regards my friends. Keep studying. Keep reading!

Linux Privilege Escalation Example

Privilege escalation is when someone exploits an error, design failure or application configuration, into an operating system or application. Privilege escalation is used to get administrative access into operating systems and applications by malicious users. Most systems have two types of user profiles: users which configure the system with administrator privilege and users which use the system without administrator privilege. Therefore, privilege escalation exploits are used by attackers to get superuser privileges into systems.

There are many web pages out there where we can find privilege escalation exploits which can be used to get into operating systems and applications. Most of them take advantage of bugs and vulnerabilities. One of them, which have many exploits and I like it, is the Exploits Database by Offensive Security where we can search exploits and shellcodes by CVE and platforms. In addition, we can even download the vulnerable application and information to learn how to get into the system.

I’ve uploaded to my YouTube channel a new video where we can watch how to get root access in a Linux machine with a local privilege escalation exploit, which I’ve downloaded from www.exploit-db.com. This exploit takes advantage of a vulnerability in Linux Kernel 2.6.39 < 3.2.2. On the other hand, we can also watch how to get remote root access abusing the weak service permission configuration on Linux. As we can watch, privilege escalation is got through bugs and vulnerabilities but also through misconfiguration.

Regards my friends. Keep studying. Keep testing!!

Linux Buffer Overflow Example

I uploaded a video and I wrote about Windows Buffer Overflow Example two weeks ago. I learnt a lot with this example but I wanted to study about Linux Buffer Overflow as well. Therefore, I’ve been testing with the crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow these days. I installed a Kali Linux 32 bits with the crossfire server, which is an online computer game, and thanks to the edb debugger and python scripts, I’ve been able to learn how to exploit a Linux Buffer Overflow vulnerability. You can check in the next video.

Firstly, I’ve started the virtual machine with the NX protection disabled (noexec=off) and I’ve executed the crossfire server, which listens in the 13327 TCP port. I’ve also tested a simple python script to send 4379 ‘A’s to the vulnerable service. We can see how the program crashes and ESP register contains many ‘A’s or ‘41’ in hex. However, we have to find the specific EIP memory location thus I’ve created a unique string which is sent to the vulnerable server through the malicious script. After I’ve controlled the EIP register, I have to know where I’m going to save the shellcode. Following the EIP register, only 7 bytes are left thus shellcode can’t be saved there. As a result, I’ve pointed to the EAX register where the shellcode is going to be located. The next challenge is to locate a JMP ESP instruction into the memory to insert it into the EIP register. Finally, I’ve created a payload with the msfvenom tool to add it into the script, which give us a Linux remote reverse shell.

Regards my friends. This is another amazing demo to know how Buffer Overflow works. I recommend you do it by yourself.