#cybersecurity
Businesses of all sizes are dependent on cybersecurity. This means that defense strategies and cybersecurity attack plans are essential. It is important to understand how to deal with a cyber threat when it happens, but proactive measures to prevent cybersecurity attacks are just as important.
Cybersecurity Threat Analysis
You must fully understand all the threats that you might face in order to take proactive cybersecurity precautions. To get a better understanding of the top cyber vulnerabilities, you need to conduct a thorough threat analysis. It is important to determine how common cybersecurity attacks are based on your industry, geographic location, and other relevant exposure data. You need to identify where your defenses are the weakest and the area where with the most coverage. You will also need to develop a defense strategy.
Your team should be educated
Education of your employees and team is one of the most important proactive cybersecurity steps you can take. Forbes says, “Focus on your employees.” The first line of defense will be your employees. If they have no idea how the should respond in a manner that can be considered as cybersecurity-conscious, then your company is at risk. It will be difficult for your company to defend itself against cybercriminals using various threats to your data if your employees don’t have the right education.
Every member of your organization should be aware of the most common cyberthreats your company may face and what they can do to prevent them. Make sure they are aware of:
Once your team has become aware of the most serious cybersecurity threats, give them all possible tools to stop them. Make sure to update your software, patch up the systems and improve your firewall systems.
Threat Hunting
After identifying possible threats as well as equipping your team with the tools to fight them, proactive cybersecurity measures that include actively searching for potential threats before they happen.
You can identify malicious actors that might be lurking in your system and trying to compromise it. An experienced team will examine your data and other digital assets in order to identify cyber threats that may have escaped regular perimeter defenses (like the attentive and alert employees).
Penetration Testing
Penetration testing is a great proactive cybersecurity measure. This involves hiring skilled hackers who are vetted to attempt to breach your company’s security measures.
This is because if friendly hackers can penetrate your defenses, then surely malicious ones can too. A penetration test can be compared to a preventative visit to a dentist. It can detect weak points in your security network and pinpoint them. But it also strengthens the overall network security.
Get help
If this all seems overwhelming, it is time to consider proactive cybersecurity measures-calling the cavalry. You can relieve your IT team and improve your company’s security by enlisting the assistance of experts at each stage.
Our team of cybersecurity professionals will begin taking proactive steps to protect your organization. SpartanTec, Inc. can help you learn more about our Threat Monitoring, Response, and Detection services.
SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
http://manageditserviceswilmington.com
Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston
Cybersecurity issues will be a growing threat to businesses in the future, despite numerous technological advancements. As more people started working remotely, the COVID-19 pandemic caused a spike in cybersecurity issues. Its subsequent financial recession has made it difficult for companies to implement and maintain satisfactory cybersecurity practices.
Many organizations’ data is still unprotected, which makes them vulnerable to data breaches and cyberattacks.
cybersecurity awareness training programs are essential in today’s workplace, both at the office and at home. Learn seven essential ways to improve the effectiveness of your employee program.
A recent Stanford University study found that human error is the greatest threat to cybersecurity. According to this study, 88 percent of data breaches were caused by employee errors. The study found that younger employees are more likely to be phished and to admit to making mistakes than older employees.
A study by IBM that examined thousands of customers across 130 countries found that human error was a significant contributor to 95 percent of all breaches. In other words, 19 of the 20 breaches that were analyzed in this IBM study could have been prevented if human error was not present. These results show that even the most advanced technical security measures are not stronger or more resilient than those who apply them. The first step to protecting your company against cyber threats is understanding the importance of human error. A proactive approach is essential to successfully reduce risk in the future.
7 essential steps to cybersecurity awareness training
#1. Cybersecurity education for employees is ongoing
Your employees will be more successful in protecting your company and assets from phishing, malware, or other threats if they are more aware of them. By investing in cyber literacy, your employees will be more aware of the importance and motivated to do a better job.
Cyber security awareness training is not enough to raise awareness. Top-performing cybersecurity awareness programs use a variety of scenarios to help employees understand what they need to be aware of and why. These programs don’t come on a one-and-done basis. They are held regularly, while continually incorporating new and relevant knowledge.
Is your IT staff qualified to provide on-going awareness training? Are the up-to-date with the current threats that could affect your company? SpartanTec in Wilmington can provide co-managed services that work with your team to ensure the highest quality training and protection for your network.
#2. A hands-on approach in learning
Your employees are only as effective as the practices taught to them about cybersecurity awareness when they actually put them into practice. Your cybersecurity awareness program must go beyond mere training to ensure that your employees are able to prevent attacks such as phishing emails.
Training is not enough. A plan must be in place to follow-up and ensure the practices are being followed.
Instead, make sure that your employees learn the knowledge you impart through your training program. Employees will learn the most from that knowledge when they put it into practice. SpartanTec uses a hands-on approach combined procedural learning with highly relevant, contextual and immediate feedback. All parties involved will gain a better understanding of the subject and form memories that can change their habits or eliminate mistakes.
#3. Targeted Groups Based on Risks
Cyberattacks can be more dangerous to certain employees than to others. Statistics show that less than 20% of employees are responsible for the majority of human error-induced losses.
You can get a better understanding of your risk groups by micro-segmentation. These insights will help you to:
- You will be better able to understand the different levels of risk that employees invite into your organization.
- You can identify more specific actions based on each employee and the associated risks.
- Supervise groups of employees to make monitoring more cost-effective, as opposed to individual workers, and still protect their privacy.
#4. The Predictive Analytics
Predictive analytics takes your targeted persona groups up to the next level. Analytics allows you to identify high-risk individuals and monitor them for potential threats using specific markers. This will allow you to identify and monitor high-risk individuals before they become threats. You can then take preventive action.
Machine learning advances allow you to use data to create predictive behavior that will optimize the learning experience for your employees. For improved performance, you can provide extensive cybersecurity awareness employee training that includes contextual delivery during regular intervals.
#5. Real-time feedback
Real-time feedback, as we have mentioned, is an effective way to engage employees. It allows them to internalize and recall why they are doing, what they can change, and helps them avoid making mistakes.
By providing feedback, you show your employees the security gap that exists between them and the organization–evidence of their need for security training in the first place. Employees will quickly understand what happened and how to avoid similar mistakes in the future when they receive real-time feedback on security incidents.
This “nibble-sized” approach allows employees to take advantage of learning opportunities that are relevant to their daily lives. They can quickly identify the training they need and then engage with it when it is most important.
#6. Change in Culture
A deeper approach to cybersecurity awareness training will eliminate the co-opting and negligence that can lead to human error. It encourages cultural change by addressing employee attitudes and beliefs head-on.
This is a highly personal task that addresses the motivations for malicious behavior and how employees see them. Instead of employees just going through their daily routines, you foster an environment of employee engagement. Using a third-party such as SpartanTec to provide the training eliminates bias and takes away any perceived personal agenda.
Continuously delivering the awareness “bites” will help transform your organization’s cybersecurity culture. These “bites” should be:
- engaging
- easy to use
- seamless integration into the daily work routines of your employees.
An interactive and informative email newsletter on cybersecurity can be used to provide employees with relevant information and quiz them about it, reinforcing their knowledge at regular intervals. These newsletters can be automatically deployed and tracked online to see how successful your cultural revolution is.
#7. Scientific training method
For long-term, optimal results, you should adopt a scientific training methodology. This method combines learning expertise, data science and automation to make security awareness training simple and efficient for businesses. This platform leverages your data to maximize the learning experience for each employee every day.
You can use a scientific training platform to:
- To improve employee performance, analyze the data.
- To keep it top-of-mind, you must provide continuous learning that is not boring.
- To optimize contextual delivery, you can achieve effective performance.
- To create strong cognitive patterns, use diverse stimuli that are relevant and applicable.
- To make learning relevant and memorable, engage in just-in time learning.
- Training at flexible intervals is possible that can be adjusted to each employee’s learning curve.
This combination of tips will give you complete security awareness.
Final thoughts
These seven principles will help you reduce the number of malicious attacks that are caused by employee error. This will increase employee engagement and empower them to protect your valuable assets and your bottom line.
SpartanTec, Inc. is here to help you develop a compressive training plan. We can drastically cut down on the human error factor and keep your company data secure.
SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://manageditserviceswilmington.com
Serving Lake Forest, Fairlawn, Winter Park, Woodburn, Brookfield, Leland, Myrtle Grove, Murraysville, Ocean View, Kirkl
Firewalls are an essential part of network security. They filter outgoing and incoming traffic using a set user-defined rules. This allows legitimate communications to flow freely while protecting against unauthorized access. Many companies are now exposed due to the complexity of firewall management.
Today’s firewall in Wilmington NC has more security features than ever before to combat sophisticated threats. This means that firewalls must be configured carefully, monitored continuously, and updated regularly. The management requirements for industrial operations that have more than a few firewalls can quickly become overwhelming.
One problem is that firewall interfaces are often complex and not intuitive. This increases the risk of making mistakes that could have serious consequences. Gartner analysts estimate that up to 91% of firewall breaches are due to misconfigurations, rather than technical flaws.
Access to the right expertise
Most companies should consider outsourcing their management to qualified managed service providers, given the critical role firewalls play for network security. However, not all managed services providers are equal. Only a provider who is skilled in firewall configuration and policy design can provide the level of monitoring and management that you need to ensure your firewalls are properly updated and patched.
A managed firewall service is provided by a dedicated team that handles all aspects of operation and maintenance. A managed firewall service may be the responsibility for in-house IT personnel. A managed firewall can be outsourced to third parties for smaller and mid-sized businesses. Managed firewalls don’t necessarily need an IT support specialist technician to install. However, using a service provider like SpartanTec in Wilmington NC can ensure your firewalls are installed correctly. We can then handle technical issues, such as errors, crashes, and failures remotely.
A security assessment is the first step to implementing a managed firewall. This will determine the business’s security needs. After the assessment has been completed, the firewall is constructed and installed using the most advanced technology. All areas of the firewall are managed by offsite analysts, which includes software updates and troubleshooting.
Firewall Management Benefits
Managed firewall services offer many benefits that will ensure you have the best cybersecurity situation possible. There are many financial benefits, including reduced downtime and higher productivity. A service provider can provide around-the-clock support by highly qualified professionals with knowledge and experience that is difficult or expensive to maintain in-house. You should also consider:
Network reliability and uptime increase
Employees are more productive when there are no downtimes or unexpected security breaches. Firewalls not only block access to unwelcome webpages but also prevent access to unsaved web applications like file sharing and video streaming.
Expertise and Knowledge
It takes a lot of knowledge to properly maintain and upgrade firewalls. It can be costly to build the right team of experts. However, this doesn’t mean that you can’t have the experts you need to maintain your firewalls in a productive manner. You can have access to an extensive range of expertise 24 hours a days, 7 days a week through a firewall management service. All this without having to hire someone with basic knowledge or a team of your own.
Disaster Recovery
Are you ready to deal with any kind of disaster? Your company’s performance will be affected if it takes longer to restore normal operations. Let professionals handle everything. Firewall management can help you identify problems and recover from the disaster as quickly as possible.
Compliance/Regulation / Product Certificate
To determine which policies should be protected, a managed firewall service provider will listen carefully to your requirements and specifications. A managed firewall service provider will also take care of any newer software or tools. They will install the necessary updates and backup your existing software to increase the security of your firewall. You won’t be notified as fast or know which updates to install if you try to do it yourself.
Reduce the risk of security breaches affecting business operations
Managed firewall services can be used to prevent breaches in many different ways. Technology updates and additions are evaluated independently and firewall settings are adjusted accordingly to minimize the impact on your company’s security posture and compliance.
A managed firewall service ensures that rules are constantly reviewed and updated in response to new cybersecurity threats. Furthermore, dedicated monitoring and management ensures maximum system uptime and maximizes system performance while protecting websites, applications and databases as well as servers and other endpoints.
Call SpartanTec, Inc. now if you need help in boosting your cybersecurity measures using managed firewall services.
SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://manageditserviceswilmington.com
Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston
Electronic storage of sensitive data is essential for any business. It doesn’t matter if you store confidential financial documents or customer information, it is vital that you protect this data from theft and loss. Although it may seem daunting, there are some cybersecurity best practices that can help.
Cybersecurity Tips: Prepare for Viruses and Their Aftermath
We would love to be able build secure systems that are 100% secure, without the risk of data breaches or viruses. Even with the best cyber security practices, there is still the possibility of a system being infected. Although no one can provide complete protection, it is possible to reduce your risk and make the virus aftermath more manageable while minimizing the damage.
Antivirus software can help you detect and prevent viruses from getting too close to your computer. You should also be prepared in case a virus strikes. A cloud backup service is the best way to make sure your data remains safe and secure in case of a virus.
You can easily restore your system by storing data off-site with a trusted cloud backup service. Then you can retrieve any files that are not altered from the cloud. It’s a great tool to keep in your pocket for quick recovery after an attack.
1.Select the Right Cloud Backup Service
Cloud backup services can be a great option for your cyber security toolkit. A cloud backup will allow you to retrieve your data in case of a virus causing it to become unreadable. Not all cloud backup services are the same. Make sure you have unlimited versions of your files in order to fully protect your data from viruses and other malicious activities.
Cloud backup providers typically only provide 30 days worth of version histories. However, viruses and other malicious activity often go unnoticed within that timeframe. It’s usually too late by the time they are discovered. You should aim to have unlimited version history, or at least 60-days of cloud backup.
When choosing a backup service, be sure to check out the company’s security standards. Make sure that they provide end-to-end encryption. This will make your data impossible to read as it moves between the cloud and back. You should also consider the physical security of data centers. This applies to servers located in buildings that are:
- Alarm systems
- Armed guards
- Biometric scanners
- Server cabinets locked
- Backup generators
2. You must ensure that your staff is properly trained
Even if everything is perfect, a single mistake by an employee could put all your data at risk. It is vital that all your users are educated about cyber security. Including:
- Selecting a smart password
- How to identify phishing emails
- Avoid dangerous applications
- Use personal devices only for work
- Be mindful of confidential information
It will be worth the extra effort to train and educate your employees about the best cyber security practices. This will help you and your customers save a lot of money and time down the line.
3. Make sure your software is up-to-date
The best practice when it comes to cybersecurity in Wilmington NC is the easiest. Make sure your software is up-to-date Hackers are a constant breed, and even the most advanced security software can be hacked. There are always vulnerabilities that can be exploited to expose your data. These threats are usually eliminated by patches. These updates are usually released as soon as possible. Make sure you check your computers regularly for them.
4. Use access controls
It’s not necessary to grant every employee access to all areas of your system. Your data is at great risk, either accidentally or through malicious intent. Access controls can be used to control who has access to which parts of your system. This will protect sensitive and confidential information from being abused and unauthorized access.
5. It doesn’t matter what industry it is, data security should be a top priority.
Cybercriminals aren’t afraid to take on new challenges, and your business shouldn’t be either. While good cyber security practices such as access control, employee training, software upgrades, and preparedness are important to mitigate risks, you should also use a cloud backup service if your data is to be protected. This is the best way to make sure your data is always safe and accessible in case of a breach.
Call SpartanTec, Inc. now if you need help in protecting your business, network, or information from cyberthreats.
SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
http://manageditserviceswilmington.com
Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston
It’s common for companies to have teams that focus on protecting their company from external threats. If you take a closer look, you may find that the threat to your cybersecurity is coming from within.
According threat behavior research, 60% of data breaches are caused by employees. Are you concerned? You should be. Insider threats can be the most serious threat to your company.
Security teams might overlook something very obvious, such as a threat that is closer to their network or a trusted employee. This person could be the greatest cyberthreat to your company’s security.
What are the motives for the insider threat to your company? What could drive an insider to cause havoc within your company? Here are the things you should be looking for.
Cybersecurity threats from within your company
A few internal threats are not malicious
Human error and negligence are the most common causes of data breaches. A CERT Insider Threat database contains more than 1000 incidents in which insiders have harmed their company or stolen sensitive information. They may also have changed or deleted data to pose a threat to the employee’s identity or for financial gain.
Only 33 of these incidents involved disgruntled employees. Cyberattacks that involve insiders using staff credentials can have a serious impact. The most frequent cybersecurity incidents are data copy, data deletion, and blocked access to system.
The risk of an orphaned account
Many companies don’t decommission privileged users when they move on to another job or leave the company. These accounts are also known as “orphaned” and are an open door for malicious actors by accessing sensitive information. It is not as simple as it appears to get rid of lost and forgotten accounts. Accounts can easily fall through the cracks, especially with so many applications and identity directories to manage. These problems can be solved by IT services.
Data loss and damage
Some cases involving data deletion in CERT databases involved deleting source code or deleting records that were critical to the company’s clients.
Exploited Vulnerabilities
Managed IT services providers say IT security problems can lead to data breaches if they are not addressed. The CERT database lists a variety of incidents in which data was stolen, copied or used maliciously due to unresolved weaknesses in the system. If you suspect your data has been compromised, it is tie to call SpartanTec in Wilmington.
Unsecure passwords are one of the greatest threats to your company’s IT security. It doesn’t matter if it is a weak, outdated, generic, shared, or common password.
Accident or Mistake
Even the well-intentioned and most earnest user can accidentally click on a malicious file or link. Phishing attacks are becoming more sophisticated.
They can appear to be legitimate emails from well-known sources or colleagues, sharing a link to a word file or invoice for download. This link could contain ransomware or a crypto virus that could cause data loss, freeze or damage your IT infrastructure.
Cybersecurity doesn’t have to be frightening. SpartanTec, Inc. can help you secure your network with our managed IT services.
SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
http://manageditserviceswilmington.com
Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston
Local areas Lake Forest, Fairlawn, Winter Park, Woodburn, Brookfield, Leland, Myrtle Grove, Murraysville, Ocean View, Kirkland
European and US IT security teams should be aware of the possibility that cyberthreat from Russia could target their systems over the next weeks. However, this is not the time to panic. Instead, a rational and level-headed response should prevail.
This is what cyber community analysts and pros have concluded in response to the escalation of tensions between Russia and the US over Ukraine and the very real possibility of an outbreak of war in Eastern Europe. Any such incident will undoubtedly draw in allies of NATO.
This comes just a few days after the US Department of Homeland Security (DHS), warned law enforcement agencies across America of the potential for destructive cyberattacks from Russia-backed advanced persistent threats (APT) actors.
Russian Cyberthreat: A lot of caution
Cybereason’s director of IT security strategy, Ken Westin, stated that the likelihood of a Russian cyberattack right now is low. However, if an agency like the DHS knew of a threat but failed to notify people it could face a backlash. This is why there is a need for a lot of caution.
However, Westin said that the uncertainty surrounding the intentions and capabilities Russia’s offensive cyber team was making it stressful for everyone.
It is better to be safe than sorry in this world of constant cyberattacks and zero-day exploits. It’s better to assume that you are a target than to have strategies in place to match the capabilities of your adversaries. Resilience means being able to plan and exercise your capabilities in order to minimize all possible risks.
New rules
Cyberwarfare is a topic that has been discussed for many years. Many security experts agree that the West has been engaged in a low-level war with Russia for some time. However, escalating the Ukraine crisis into open conflict (a “kinetic war”) accompanied by cyberattacks of this magnitude would be a global first.
The DHS warns that there is a possibility that the threat profile has changed, and organizations should be ready for any changes in the types or attack they see.
Organizations should not be surprised by this alert and asked what they could do differently. An alert like this does not magically eliminate the obstacles to organizations implementing security controls. Cyber security requires constant defense. A DHS alert doesn’t add staff or budget for most companies.
Roger Grimes, a defense evangelist at KnowBe4, stated that he believed it was “fairly normal” for cyber attacks and kinetic battles to be accompanied by them, but that it was possible to target entities other than the government or government-linked contractors or suppliers was likely new.
He said that Russia had made this equation much more complicated in the last year. “Nation-state attack are on the rise and targeting organizations without any direct government affiliation. Everybody seems to be a fair target these day.” This includes small and medium sized businesses.
Grimes believed that the current state of affairs was a major moment of change in the world. He suggested that this could be permanent, even without any kind of Geneva Convention-style agreement for the control of such activities.
He stated, “Right now it is doing whatever you want with almost no impunity, with low risks.” “We live in a dangerous and risky period because no one can predict what the reaction will be if either side goes too far.
Click here for a FREE EXECUTIVE REPORT
The Cyber Security Crisis: Urgent And Critical Protections. We Are Urging All Clients To Have In Place NOW To Protect Their Bank Accounts, Client Data, Confidential Information And Reputation From being hacked.
Call SpartanTec, Inc. in Wilmington NC today for a complete assessment of your cybersecurity readiness. Being alert is here to stay. Your company’s data needs to be secure.
SpartanTec, Inc.
Wilmington, NC 28412
(910) 218-9255
https://manageditserviceswilmington.com
Local areas served: Lake Forest, Fairlawn, Winter Park, Woodburn, Brookfield, Leland, Myrtle Grove, Murraysville, Ocean View, Kirkland
Also Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston
We’ve hosted an internal Security Capture the Flag (CTF) event for four years in a row now, with each year getting better than the last!
The event
Previously, we were only open to Tumblr employees. This year we decided to extend an invite out to the other teams housed under our parent company, Oath.
All participants had a three hour window to hack, a buffet of tacos, beer, and wine to dive into, and a stack of prizes for the top four players (see Prizes below for details)!
Challenges were available Jeopardy-style, broken down by category. We had eight fun categories to select from:
- Auth Bypass (authn|authz)
- Cross Site Request Forgery (CSRF)
- Cross Site Scripting (XSS)
- Crypto
- Forensics
- Reverse Engineering
- SQL Injection (SQLi)
- XML Injection(+XXE)
We also sprinkled a few “inside joke” Easter eggs around the system that awarded bonus points to anyone that discovered them! For example, if they attempted to find a hole in the CTF system itself and navigated to /wp-admin
, we’d give them a flag on a prank WordPress page; or perhaps testing to find XSS with a <marquee>
tag — only the greatest of all XSS tags!
While the Security Team walked around and helped out, we also setup a mini lockpick village just because.
Solving challenges & scoring points
To complete a challenge, the player had to achieve the goal within one of the listed categories.
In XSS challenges, the player would need to cause the browser to create an alert dialog (e.g. alert()
).
Conversely, in SQL Injection challenges the player would need to read the flag
column from the flags
table in that challenge’s database.
When the player successfully solved the challenge they were awarded with a flag, each in the format ofTumblr{s0mE_cHalL3nGe_j0kE-abcdef012}
. That last piece is a unique hash for the user, per challenge, so that they couldn’t directly share their flag. They can help others — even provide the solution — but they can’t simply give away their flag.
Each challenge, when solved, is worth a certain number of points based on the challenge’s difficulty and whether or not the player used the challenge’s hints.
There were 3800 points available, though no player was able to break 1000!
At the end, we locked the leaderboard and announced the winners.
Prizes
We awarded the top four players based on their ranking on the leaderboard. First place got first dibs from the list. Second place gets to select theirs from the remaining lot, and so on.
Up for grabs this year:
- Hak5 Elite Field Kit
- Proxmark3 RDV2 Kit
- Samsung Chromebook Plus
- Lockpick set and a “how to” manual
Challenge snapshot
Throughout the eight categories we had a total of 46 challenges. We wanted to have a wide range of challenges that welcomed players of all backgrounds and experience levels.
The goal for XSS challenges was to get an alert dialog to appear. The player is presented with a vulnerable web page and they needed to determine where the vulnerability is and how to exploit it. Example:
These challenge levels ranged everywhere between simple non-sanitized output to DOM reflectiontoCSPbypasses.
One fo the more unique challenges to develop was SQL Injection. These offered players the ability to put their SQL skills to the test with a variety of basic input injection, blind injection, and filter bypassing challenges.
In at least one of the SQLi challenges, players had to inject into an INSERT
statement. When creating challenges like this, special care had to be taken to give players the full capabilities of MySQL but also prevent them from revealing the flag to other players — it’s a tricky thing making vulnerabilities secure!
The infrastructure
A frequent question I receive when I talk about deving on the CTF is “are you using CTFd?” Short answer? Nope! A slightly less short answer is that CTFd wasn’t out when we started this =P.
The framework we’re using is called “Security Training Grounds” and it’s a custom-written project using PHP, PhantomJS, and MySQL (with HTML + JavaScript too, of course), running in Amazon Web Services.
An advantage of writing this in-house was that it gave us the ability to create a dynamic and robust system that has endless capabilities.
PHP + MySQL
The website was created from scratch, written in PHP with a little bit of jQuery + Bootstrap on the frontend and MySQL as the database.
The big thing here are the challenges themselves. Each challenge is hosted on its own subdomain. This enables us to provide live and interactive challenges like XSS or SQLi while still providing support static challenge types like Crypto or Reverse Engineering.
We accomplished this by allowing dynamic hostnames on the webserver and defining a subdomain hostname for each challenge that’s stored in MySQL. When a web request comes in, the app checks whether it’s a subdomain or not. If so, it hits the database to determine what to display.
For most challenges, we were able to handle all of the dynamic pieces directly in PHP. For some, such as the C or Java reverse engineering challenges, we did need to shell out to gcc
orjavac
to build the custom binaries for each user.
PhantomJS
A difficulty for XSS and CSRF challenges is determining whether or not the participant successfully exploited the system. Surely we don’t want to manually confirm for each flag, and attempting to pattern-match on their input would be crazy.
Our solution: execute what the player submits!
This is my own little baby, a piece of the system I’m so excited by. See, what better way to test XSS than to actually test XSS. As mentioned in the “Challenge snapshot” section above, when a player is working on a XSS challenge, they are given a website that has a XSS vulnerability. Their goal is to make an alert dialog appear. This is key and the requirement of the XSS framework itself.
On the client, we use this fancy little snippet:
var ctf_alert = alert; alert = function(msg) { ctf_phantomjs_alert_test(document.location, msg); };
This overrides the window’s actual alert()
function and lets us put some processing logic in the middle. The logic is to take a snapshot of the current page - the URL, query string, POST parameters, the cookies and then pass the full snapshot to a backend PhantomJS service (via a PHP proxy, to help prevent tampering).
The PhantomJS service replicates that entire request and loads the target web page. If the page invokes an alert()
call, which we catch via PhantomJS’s onAlert
, then we return with a “success” and the PHP proxy will return the user’s flag. Our alert()
overriding logic will then replace whatever message the user attempted to display and display their flag instead. Fancy af.
CSRF has a similar setup, except the player needs to submit their full CSRF payload:
After submitting the payload to the PHP proxy, we pass the payload to PhantomJS. This executes the payload in the context of an empty web page. If the PhantomJS worker successfully falls victim to the targeted action, the PHP proxy will return a flag to the user!
Open source
The framework code, as-is, is still relatively hacky and written with internal dependencies. We do believe in OSS though! We expect a near-future initiative to rewrite portions of it so we can release it for others to use for their CTF events, too.
Wanna Play?
Quick, come apply so you can participate in the next one: https://www.tumblr.com/jobs
7 Services You Need To Outsource
7 Services You Need To Outsource
7 Services You Need To Outsource To Grow Your Business in 2021. Have you ever thought about outsourcing? Do you think it’s a cost you don’t need? Or can’t afford? Think again, if you want to grow your business in 2021.
In the USA, the percentage of businesses failing within their first 2 years is as high as 20% – and this percentage is much higher accounting for those businesses that fail within…
here’s the story. i know expressvpn has been recommended in some ☠️ how-to posts but it is not trustworthy. the parent company, kape technologies, not only used to distribute malate but has ties to multiple state surveillance agencies. and be careful where you look for info about good vpns, because kape technologies owns a bunch of “vpn review” sites too
In case anyone can’t read the article for whatever reasons, the VPNs acquired are:
ExpressVPN
Private Internet Access
Zenmate
CyberGhost
And the VPN review sites they purchased are:
vpnMentor
Wizcase
So if you use any of those, time to look for other options.
From anti-virus to zero-day, NordVPN highlights cybersec lingo we should all know
From anti-virus to zero-day, NordVPN highlights cybersec lingo we should all know
After many years of covering cybersecurity news there is one thing that is painfully clear – cybersecurity is complex to the point where any conversation about it results in lost stares and confusion.
As much as you or a family might hate cybersecurity, there are certain phrases one should know and understand if you intend on being online in the 2020s.
To that end NordVPN has created…