Sunday roundup for the week ending the 16th of July 2017. Please contact me if you would like to be featured on security-sleuth.com.Read More
It’s been a while since I have put together an original post the main reason for this is I have been feeding my desire to keep learning and growing. Good news for all of you I have spent on my time embedded in some InfoSec focussed learning. So now it’s time to share a few of the things I learnt with you all!
In a nutshell: I previously Interviewed the man behind this course Mike Hicks here. This would have to be one of the best courses on teaching secure coding available on the web instead of teaching concepts with some very small examples this course goes miles further by allowing you to reverse engineer and exploit code which isn’t written securely. Not only do you look at C code, you also delve into all of the common Software security issues like SQL injection and fuzz testing this course will definitely take your coding and security skills to the next level.
Find out more: https://www.coursera.org/course/softwaresec
In a nutshell: This course is comprised of many units although it’s not a security focused course it’s an interesting dynamic the lecturer has some professional developers come in and teach swift and the guys are fantastic and give some really good practical examples of using swift code.
I primarily took this because I was interested in learning Swift and running through some Fuzz testing with Swift code – eventually I will post something on this.
Also in light of recent events this week (a 1 million dollar iOS exploit bounty being claimed) the more you know about securing your iOS apps the better.
Find out more: https://www.coursera.org/specializations/app-development
Malicious software and its underground economy
In a nutshell: This course is a slightly different take on Computer Security instead of giving you a walkthrough on how to design and build systems it looks at Malicious software and tries to define its intents and how the people behind malware a) try to profit from it and b) how to determine how much they actually made from malware. The course also gives a great rundown of IDA Pro and how to use it effectively when analysing malware and other software.
Find out more: https://www.coursera.org/course/malsoftware
IT Masters Forensics short course
In a nutshell: This is a bit sized forensics course taken from one of the popular information security masters programs by Charles Sturt University in Australia. The course spans 5 weeks where the lecturer a renowned Forensics Expert goes through the basics of Computer Forensics Investigations and touched not only on the technical aspect but a lot the Legal and administrative aspects – highly recommend this to anybody who is thinking about a career in computer forensics.
The Complete Hacking Course: Go from Beginner to Advanced!
In a nutshell: If you’re looking to start a career in penetration testing this is the ultimate starting place. The course contains over 100 lectures covering multiple aspects of penetration testing not only will you delve into subjects like programming but it will walk you through pretty much every facet of penetration testing weather its cracking wifi or performing DOS attacks. This course will give you everything you need to start you on the path to being a security expert.
Find out more: https://www.udemy.com/penetration-testing/
As always please let me know if found this article useful or if you didn't, Don’t forget to like this post or leave a comment below to let me know another area you would be interested in reading about. Thanks for your continued support! Until next time!
In my last post which you can read here I used a tool called veil to bypass the antivirus on a test machine and create a backdoor from which I could remotely issue commands to that machine. Unfortunately, many people will add this incident into their lists of why antivirus doesn’t provide any value anymore, some will even argue that antivirus never added any value in the first place and that we should probably boycott the use of antivirus or at the very least distance ourselves from it. I am not one of those people.
The misconceptions: Where they come from
To uneducated users, Antivirus is marketed and sold as a silver bullet solution to any computer security issues, as sad as I am to say this is not true. Antivirus is only one piece of a security solution. Unfortunately nobody ever told the antivirus marketing departments because they keep publishing ads like the one below, which don’t help to erase this misconception that end users have developed about Antivirus:
One of the problems the Industry has which is evident in the video above is that due to the highly technical nature of how virus and antivirus solutions work, there is an over reliance on metaphors to convey “how it works” while most complex fields also have this problem they are not marketed anything like Antivirus is. What these metaphors do is create a perception that Antivirus is omnipotent at eliminating security threats, after some experience and research users find out that this is not the case and a select few start to condemn antivirus as vapourware.
How it is sold: Antivirus
Bruce Schneier has spoken about trust v fear based selling within the Information Security, He proposes that the information security business should aim to sell products and services based on trust rather than fear, while some companies do sell goods and services based on trust there is still an overwhelmingly high proportion of organisations which sell their products on fear.
I don’t want to pin the blame on organisations for using fear based selling. Recent current events make it impossible to sell products on a trust basis but these same recent current events make it very easy to sell to users based on fear. It’s likely that these same events will have a major measurable impact for years to come.
In any case I believe we should look at promoting and educating the public about the more integrated and interesting Information security picture. When I say this I am talking about the range of security tools and how they work some examples are (please note however, some of these are enterprise tools and there’s a good chance you won’t need them on your personal devices):
- Mail filters
- Parental controls
- Identity management systems
- Privileged identity management systems
- Container based
- Rootkit protection
- Secure coding
- Memory protection
- Hardware protection
- Application architecture
- Regular updates and bug fixes
- Good old fashion suspicion and common sense
Why we shouldn't boycott antivirus and why it still matters: Antivirus
Why shouldn't we boycott antivirus? Two simple reasons. Reason one, it actually helps us. While new malware is being created at an astounding rate antivirus firms are also working on signatures and behavioural based techniques to identify all of the new malware out there so that they can help incorporate that into their products, while the odds are stacked against them they are continually working on improving their products, for you their customer.
While this does sound a little reactive rather than proactive most antivirus products will detect hundreds of thousands of threats while there is an unknown yet considerably larger number of malware out there why would you not let antivirus take care of these for you.
A lot of the colleagues I have worked with prefer to use virtual machines to run suspicious programs and files, opposed to antivirus, while this is a good practice it’s also good to do this with antivirus because there is a range of sophisticated malware out there which can detect whether it’s being run on a virtual machine or a physical machine and respond accordingly. This malware is called blue pill malware aptly named after the sequence in the matrix where Morpheus offers Neo the blue pill (accepting the illusion) or the red pill (facing the hard truth).
Blue pill malware is just one example but ultimately what I would like readers to take away from this post is that antivirus is just one tool for fighting against cyber criminals, just like firewalls are another and just like sandboxing and containers are another, we should use all of these tools (or as many as possible) in unison to fend off cyber threats, as I mentioned earlier Antivirus is useful but it is being marketed as the tool for everything not just one tool in an extremely large set of tools. This marketing decision does take away from antivirus as its inflated potency is unable to live up to reality and this makes people understandably upset.
Reason two, we shouldn’t boycott antivirus or the industry because of how much the AV industry contributes to InfoSec in general. What I mean by the previous statement is look at how much the antivirus industry gives back to InfoSec, below is a breakdown of some of the many contributions the AV industry has either directly or directly made to InfoSec:
- First off small improvements are being reintegrated into the antivirus analysis process by researchers ever day (i.e. every enhancement these companies make to their internal processes and procedures helps you).
- The Industry hires a lot of talented and smart people to look at attempting to solve some of the bigger and more threatening issues in the industry. The ways much of this is done is through the research papers that published by researches working on them for Antivirus companies.
- In addition to research papers antivirus companies and threat researchers are as part of their work developing products and solutions to other security problems, many of these are passed to you, the customer where appropriate.
- Antivirus firms are often the only ones looking into assisting dissidents which have been infected by advanced or undetected malware which may have been created and sent to them by nation states. In today’s world this is not something that tech companies are going out of their way to do, in many cases they may be working against their own governments.
- Antivirus companies have lent resources and people to help break down cybercrime rings, Symantec has been extensively referenced in a number of academic papers and articles where a combination of law enforcement personnel and academics have infiltrated and taken down botnets. You can read one here from just two days ago
I rewrote this post a number of times because I felt important information was missing, while I still feel that to some degree here, I feel this version of the post best articulates why antivirus is still useful and can provide you with a measurable level of protection for your devices. I would like to stress that when I say this Antivirus is not a silver bullet for security issues but I think in the future as we get closer to a silver bullet the Antivirus products you use and the work done by AV companies will be a big part of that silver bullet.
As always please let me know if found this article useful or if you didn’t, leave a comment below to let me know another area you would be interested in reading posts about.