#attacksurface
Text
Cybersecurity Attack Surface Layers: A Multifaceted Threat
Applications Based Attack Surface
Reducing the attack surface, identifying and countering cyberthreats, and recovering from an assault throughout the infrastructure—edge, core, and cloud—are the first three key practice areas to be prioritized in order to advance cybersecurity and Zero Trust maturity. In order to improve your security posture, this blog article will concentrate on decreasing the attack surface, which is an essential part of cybersecurity.
Any region inside an environment that a cyber attacker may target or exploit is referred to as the attack surface. These points may include improper setups, insufficient authentication procedures, unpatched systems, high user rights, exposed network ports, inadequate physical protection, and more.
Across cybersecurity, reducing the attack surface refers to decreasing possible ports of entry and vulnerability that an attacker may use to breach a system, network, or organization across a variety of domains, such as the edge, the core, or the cloud. By lowering the attack surface, firms may innovate and prosper while simultaneously giving bad actors less opportunity to carry out effective assaults.
Organizations use a variety of techniques and tactics to lessen the attack surface, such as:
Put the Zero Trust principles into practice: The idea behind Zero Trust security is that businesses shouldn’t blindly trust anything that’s attempting to access their systems from the inside or the outside. Instead, they should make sure that everything is legitimate before allowing access. By implementing technologies like multi-factor authentication (MFA), identity and access management (IAM), micro-segmentation, and security analytics, to mention a few, organizations may realize a Zero Trust model.
Regularly patch and update: It is possible to mitigate known vulnerabilities and reduce the chance of exploitation by keeping operating systems, software, and applications updated with the most recent security updates.
Make sure the setting is safe: In order to minimize the attack surface, systems, networks, and devices must be appropriately configured using security best practices, such as turning down superfluous services, creating strong passwords, and enforcing access limits.
Put the least privilege principle into practice: Restrict user and system accounts to the minimal amount of access required to carry out their duties. This strategy lessens the possibility of an attacker getting access without authorization.
Segment your network: By isolating important assets and restricting access across various network segments, segmenting a network into zones or segments with varying security levels helps contain an attack and stops a cyber threat from moving laterally.
Assure the security of the application: In order to defend against frequent application-level assaults and minimize the attack surface of online applications, safe development methods, frequent security testing, code reviews, and the use of web application firewalls (WAFs) are recommended.
Apply ML and AI: Use these tools to proactively find and fix vulnerabilities so that the attack surface is considerably reduced. Businesses may expand their security capabilities with the use of AI/ML technologies.
Collaborate with vendors that uphold a safe supply chain: With infrastructure and devices that are created, produced, and supplied with security in mind, you can guarantee a reliable base. Suppliers that provide a safe development lifecycle, a secure supply chain, and thorough threat modeling help you stay ahead of potential attackers.
Inform users and raise awareness: By teaching staff members and users how to identify and report possible security risks, phishing scams, and social engineering techniques, the likelihood of successful attacks that take use of user weaknesses is reduced.
Make use of partnerships and skilled professional services: Knowledge and solutions that may not be accessible internally can be brought in by working with skilled and experienced cybersecurity service providers and establishing alliances with business and technological partners. An organization’s entire security posture may benefit from this.
With the assistance of seasoned services or partners, you may uncover opportunities for improvement within your attack surface by conducting frequent audits, penetration tests, and vulnerability assessments in addition to starting with an assessment. It’s critical to keep in mind that maintaining cybersecurity is a continuous effort, since cyber threats continue to change. Furthermore, cybersecurity is crucial for businesses hoping to develop a strong, profitable, and inventive company. Through the proactive use of these measures, businesses may successfully decrease the attack surface, therefore mitigating risks and increasing the difficulty with which attackers can exploit vulnerabilities. This improves the defensive posture against both new and evolving threats. You may improve your cybersecurity maturity by decreasing your attack surface.
Read more on Govindhtech.com
0 notes
Link
#vulnerability#Hacker#OSINT#Bugbounty#Exploit#Malware#PenetrationTesting#Vulnerabilities#AttackSurface#ThreatIntelligence#Pentest#CVE#VAPT#CyberSecurity#Bughunter#Hacking#Enumeration#RedTeam
1 note
·
View note
Text
Molly McGhee’s “Jonathan Abernathy You Are Kind”
Jonathan Abernathy You Are Kind is Molly McGhee's debut novel: a dreamlike tale of a public-private partnership that hires the terminally endebted to invade the dreams of white-collar professionals and harvest the anxieties that prevent them from being fully productive members of the American corporate workforce:
https://www.penguinrandomhouse.com/books/734829/jonathan-abernathy-you-are-kind-by-molly-mcghee/
Though this is McGhee's first novel, she's already well known in literary circles. Her career has included stints at McSweeney's, where she worked on my book Information Doesn't Want To Be Free:
https://store.mcsweeneys.net/products/information-doesn-t-want-to-be-free
And then at Tor Books, where she worked on my book Attack Surface:
https://us.macmillan.com/books/9781250757531/attacksurface
But though McGhee is a shrewd and skilled editor, I think of her first and foremost as a writer, thanks to stunning essays like "America's Dead Souls," a 2021 Paris Review piece that described the experience of multigenerational debt in America in incandescent, pitiless prose:
https://www.theparisreview.org/blog/2021/05/17/americas-dead-souls/
McGhee's piece struck at the heart of something profoundly wrong in American society – the dual nature of debt, which represents a source of freedom for the wealthy, and bondage for workers:
https://pluralistic.net/2021/05/19/zombie-debt/#damnation
When billionaire mass-murderers like the Sacklers amass tens of billions of liabilities stemming from their role in deliberately starting the opioid crisis, the courts step in to relieve them of their obligations, allowing them to keep their blood-money:
https://pluralistic.net/2023/08/11/justice-delayed/#justice-redeemed
And when Silicon Valley Bank collapses due to mismanagement by ultra-wealthy financiers, the public purse yawns open and billions flow out to ensure that the wealthiest investors in the country stay whole:
https://pluralistic.net/2023/03/18/2-billion-here-2-billion-there/#socialism-for-the-rich
When predatory payday lenders target working people and force them into bankruptcy with four-digit APRs, the government intervenes…to save the lenders and keep workers on the hook:
https://pluralistic.net/2022/01/29/planned-obsolescence/#academic-fraud
"Debtor vs creditor" is the oldest class division we have. The Bronze Age custom of jubilee – the periodic cancellation of all debts – wasn't some weird peccadillo. It was essential public policy, and without jubilee, the hereditary creditor class became the arbiter of all social priorities, destabilizing great nations and even empires by directing production to suit their parochial needs. Societies that didn't practice jubilee (or halted it) collapsed:
https://pluralistic.net/2022/07/08/jubilant/#construire-des-passerelles
Today's workers are debt burdened at scales and in ways that defy comprehension, the numbers are so brain-breakingly large. Students who take out modest loans and pay them off several times over remain indebted decades later, with outstanding balances that vastly outstrip the principle:
https://pluralistic.net/2020/12/04/kawaski-trawick/#strike-debt
Workers who quit dead-end jobs are billed for five-figure "training repayment" bills that haunt them to the end of days:
https://pluralistic.net/2022/08/04/its-a-trap/#a-little-on-the-nose
Hospitals sue indigent patients at scale, siccing debt-collectors on people who can't pay – and were entitled to free care to begin with:
https://armandalegshow.com/episode/when-hospitals-sue-patients-part-2/
And debt collectors are drawn from the same social ranks as the debtors, barely trained and unsupervised, engaging in lawless, constant harassment of the debtor class:
https://pluralistic.net/2023/08/12/do-not-pay/#fair-debt-collection-practices-act
McGhee's "American Dead Souls" crystallized all of this vast injustice into a single, beautiful essay – and then McGhee crystallized things further by posting a public resignation letter enumerating the poor pay and working conditions in New York publishing, triggering mass, industry-wide resignations by similarly situated junior editorial staff:
https://electricliterature.com/molly-mcghee-jonathan-abernathy-you-are-kind-interview-debut-novel-book-debt/
Thus we arrive at McGhee's debut: a novel written by someone with a track record for gorgeous, brutally insightful prose; incisive analysis of the class war raging in the embers of capitalism's American Dream; and consequential labor organizing against the precarity and exploitation of young workers. As you might expect, it's fantastic.
Jonathan Abernathy is a 25 year old, debt haunted, desperately lonely man. An orphan with a mountain of college debt, Abernathy lives in a terrible basement apartment whose rent is just beyond his means. The only thing that propels him out of bed and into the world are his affirmations:
Jonathan Abernathy you are kind
You are well respected and valued by your community
People, including your family, love you
That these are all easily discerned lies is beside the point. Whatever gets you through the night.
We meet Jonathan as he is applying for a job that he was recruited for in a dream. As instructed in his dream, he presents himself at a shabby strip-mall office where an acerbic functionary behind scratched plexiglass takes his application and informs him that he is up for a gig run jointly by the US State Department and a consortium of large corporate employers. If he is accepted, all of his student debt repayments will be paused and he will no longer face wage garnishment. What's more, he'll be doing the job in his sleep, which means he'll be able to get a day job and pull a double income – what's not to like?
Jonathan's job is to enter the dreams of sleeping middle-management types in America's largest firms – but not just any dreams, their nightmares. Once he has entered their nightmare, Jonathan is charged with identifying the source of their anxiety and summoning a more senior operative who will suck up and whisk away that nagging spectre, thus rendering the worker a more productive component of their corporate structure.
But of course, there's more to it. As Jonathan works through his sleeping hours, he is deprived of his own dreams. Then there's the question of where those captive anxieties are ending up, and how they're being processed, and what new products can be made from refined nightmares. While Jonathan himself is pulling ever so slightly out of his economic quagmire, the people around him are still struggling.
McGhee braids together three strands: the palpable misery of being Jonathan (a proxy for all of us), the rising terror of the true nature of his employment, and beautifully turned absurdist touches that are laugh-aloud funny. This could be a mere novel of ennui and misery but it's not – it's a novel of hilarity and fear and misery, all mixed together in a glorious and terrible concoction that is not like anything else you've ever read.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2024/01/08/capitalist-surrealism/#productivity-hacks
#pluralistic#books#reviews#science fiction#molly mcghee#debt#graeber#capitalist realism#capitalist surrealism#dreams#gift guide
78 notes
·
View notes
Text
[Media] A Few Ways to Get TrustedInstaller Privileges
A Few Ways to Get TrustedInstaller Privileges
GetTrustedInstaller
Make an executable run with TrustedInstaller permissions under SYSTEM account.
https://github.com/rara64/GetTrustedInstaller
NtObjectManager
This module adds a provider and cmdlets to access the NT object manager namespace.
Example. Apply TrustedInstaller impersonation token to the current PowerShell process:
Install-Module -Name NtObjectManager -Confirm:$false
Restart-Service TrustedInstaller
$procId = (Get-Process TrustedInstaller).Id
$token = Get-NtTokenFromProcess -ProcessId $procId
$current = Get-NtThread -Current -PseudoHandle
$ctx = $current.Impersonate($token)
$impToken = Get-NtToken -Impersonation
$impToken.Groups
https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/tree/main/NtObjectManager
#localsystem #trustedinstaller
0 notes
Photo
Reposify's Research Uncovers Critical Exposures and Vulnerabilities in the Attack Surfaces of the World's Leading Gaming Companies #InformationTechnology #AttackSurface #ExposedAssetDiscovery #GamingIndustry #NetworkVisibility #RiskAssessment #ShadowIT #ePRNews @Reposify
https://eprnews.com/reposifys-research-uncovers-critical-exposures-and-vulnerabilities-in-the-attack-surfaces-of-the-worlds-leading-gaming-companies-2-467344/
#InformationTechnology#AttackSurface#ExposedAssetDiscovery#GamingIndustry#NetworkVisibility#RiskAssessment#ShadowIT#ePRNews#Reposify
0 notes
Text
Sigurlx - A Web Application Attack Surface Mapping Tool
Sigurlx - A Web Application Attack Surface Mapping Tool #Application #Attack #AttackSurface #BugbountyTool #Mapping
sigurlx a web application attack surface mapping tool, it does …:
Categorize URLs URLs’ categories:
> endpoint
> js {js}
> style {css}
> data {json|xml|csv}
> archive {zip|tar|tar.gz}
> doc {pdf|xlsx|doc|docx|txt}
> media {jpg|jpeg|png|ico|svg|gif|webp|mp3|mp4|woff|woff2|ttf|eot|tif|tiff}
Next, probe HTTP requests to the URLs for status_code, content_type, e.t.c
Next, for every URL of category…
View On WordPress
#Application#Attack#Attack Surface#Bugbounty Tool#Mapping#Multiple Probers#Reconnaissance#Risks Associated#Sigurlx#surface#tool#web
4 notes
·
View notes
Photo
Sigurlx – A Web Application Attack Surface Mapping Tool | MrHacker.Co #application #attack #attacksurface #bugbountytool #mapping #hacker #hacking #cybersecurity #hackers #linux #ethicalhacking #programming #security #mrhacker
0 notes
Text
Today's Update
Click on the link to read the latest Cutting Edge Trading and DroidsDirect Android Daily News! https://t.co/Qx7hPyyeNt #android #attacksurface #cybersecurity
— Cutting Edge Trading (@CuttingEdgeTrad) May 21, 2020
via Twitter https://twitter.com/CuttingEdgeTrad
May 21, 2020 at 12:23PM
0 notes
Link
#vulnerability#AssetDiscovery#ThreatHunting#Exploit#Scanner#Hacking#OSINT#Bugbounty#APT#AttackSurface#PenetrationTesting#BountyHunters#Lateralmovement#VAPT
3 notes
·
View notes
Text
Belarusian dictator pwned by "cyber-partisans"
Belarus is “Europe’s last Soviet dictatorship,” a country ruled by Alexander Lukashenko, an absurd authoritarian caricature who once had a one-armed man arrested for clapping:
https://loweringthebar.net/2013/01/one-armed-man-arrested-for-clapping.html
Lukashenko’s brutality is absurd, but it’s no joke. Belarus has a terrible human rights record: it’s a corrupt land of secret disappearances and torture (it’s also my heritage: my grandfather was born in Nowy Swerzne, Belarus).
Lukashenko is a clown, but he possesses the administrative competence to avail himself of high-tech surveillance — a decade ago, he was already using mobile carriers’ records to obtain lists of every person who attended anti-government demonstrations.
https://charter97.org/en/news/2011/1/12/35161/
But as the saying goes “any weapon you don’t know how to use is your enemy’s.” Lukashenko’s regime is highly digitized — and badly secured. Earlier this year, hacktivists called the Belarusian Cyber Partisans announced that they’d obtained a huge trove of government docs.
The trove includes the identities of police informants, government officials’ personal information (including spies), recordings from the state’s widespread wiretapping program, and footage from security cameras and drones.
Now, these documents are starting to trickle out. As Ryan Gallagher reports for Bloomberg, the authorities are starting to freak. The head of the Belarusian KGB made a special TV broadcast to blame the breach on foreign spies.
https://www.bloomberg.com/news/articles/2021-08-24/belarus-hackers-seek-to-overthrow-local-government
The leaks expose Lukashenko officials to liability in the International Criminal Court when and if the regime finally falls. The leaks are being promoted by BYPOL, a dissident group of former Belarusian cops who resigned en masse after last year’s rigged election.
They’re especially incensed to learn that Lukashenko’s spies were wiretapping cops (including senior cops), and planning violent suppression of peaceful protesters — actions that made the cops look particularly bad.
While there are parallels between the Cyber Partisans and other hacktivist groups like Anonymous, Gabriella Coleman (who literally wrote the book on political hacktivism) told Gallagher that this represents a new level of hacktivist activity.
https://www.spectator.co.uk/books/9373852/the-anonymous-ghost-in-the-machine/
Gallagher spoke to a Cyber Partisans spokesperson who claimed the group’s membership was 15 people: 304 intrusion specialists with the rest serving as data-analysts. The members are said to work in Belarus’s tech industry.
There’s lots more to come in this breach — they have 1–2 million minutes of wiretap audio alone.
Lukashenko’s hold on power has never been more fragile. Even by low global standards, his government seriously bungled covid respnse.
Last year’s protests over obviously rigged elections saw massive waves of protest that only swelled in the face of brutal repression and mass arrests. Senior military officers publicly burned their uniforms in protest.
https://pluralistic.net/2020/08/14/shock-doctrine/#walkaway
Dozens of riot cops dropped their shields and switched sides, embracing protesters as brothers.
https://www.cnn.com/2020/08/14/europe/belarus-protests-riot-police-intl/index.html
Coleman told Gallagher that she had never seen hacktivists operating as skilfully as the Cyber Partisans “except in the movies.” It’s true that Belarus’s indomitable and creative opposition seem to be ripped from fiction.
Last year, I wrote that the protests bore a resemblance to the climax of my 2017 novel Walkaway.
https://craphound.com/category/walkaway/
The current breach triggered lots of email from people who say it reminds them of the plot of my 2020 novel Attack Surface:
https://craphound.com/attacksurface/
But I didn’t “predict” this — instead, I observed the same tactics being used by other opposition movements as the Cyber Patriots, and, like them, thought about how they might evolve.
Just as my 2008 novel Little Brother was inspired by the whistleblower Mark Klein, who revealed the NSA’s mass surveillance program — official lies about this also inspired Snowden’s decision to reveal more NSA secrets.
I didn’t “predict” Snowden — instead, we were both paying attention to the same underlying phenomena. And while it’s easy to get discouraged about the ways that tech is used as a force for oppression and control, examples like this remind us of its liberatory potential.
The mission of technological self-determination isn’t motivated by blind faith that more tech leads to more human rights — rather, it’s the dual understanding that unless we seize the means of computation tech will be a terrible force for oppression.
But that also, wrestling control over the technology that enables us to form groups and coordinate their actions has powerful potential for human thriving. This isn’t crude optimism, rather, its motto is, “This will all be so great…if we don’t screw it up.”
50 notes
·
View notes
Text
Cracking the Lens Targeting HTTPs Hidden AttackSurface
SNPX.com : http://dlvr.it/PZ650J
0 notes
Link
#threat detection#OffensiveSecurity#RedTeam#BlueTeam#OSINT#AttackSurface#Phishing#PostExploitation#Exploit#ThreatDetection
1 note
·
View note
Link
#vulnerabilities#Subdomain#Enumeration#OSINT#AttackSurface#CyberSecurity#VAPT#sub3suite#BugBounty#Hacking#InformationGathering
0 notes
Link
#zeroday#Exploitation#Windows#Microsoft#Shellcode#Rootkits#KernelExploit#Vulnerability#CVE#Pwn2Own#AttackSurface#Hacking#Bugbounty#Fuzzing#BlackHat
0 notes
Link
0 notes
Last Seen Blogs
