VPN: Tunneling and Security Services
Reply
Tag Archives: Security
Security Controls
DoD 8570 Approved Baseline Certifications
It seems that CEH, CISSP, and CISM are one of the most cost-benefit combinations for security professionals to invest. (Please be reminded that the table lists only part of the DoD 8570 Approved Baseline Certifications.)
- https://www.sans.org/dodd-8570/
- https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/857001m.pdf
ISC2 member counts
The latest InfoSec professionals statistics according to the ISC2 member counts as of Dec 31, 2018.
- Compared with the number as of June 1st, 2018, CISSP increases by 3 in Taiwan, while CCSP, CSSLP and ISSEP increase by 1 respectively. Wentz Wu is one of the increases.
- There is a decrease of CISSP in Korea, ISSEP in India, ISSMP in Singapre and Hong Kong.
- The CCSP certification grows fast.
Bruce Passed ISACA CGEIT Exam on 26th November
After studying for 35 hours within 12 days (from 2018/11/15 to 2018/11/26), I cleared the ISACA CGEIT (Certified in the Governance of Enterprise IT) exam today. Because of distractions, I spent only 35 hours in a period of 12 days.
I used the following study materials:
For experienced managers, MBAs or entrepreneurs, I believe it won’t take you too much time to study these two.
This exam is one of my favorites. Even though it is not as well-known as CISA or CISSP, it really helps. I highly recommend CISSPs sit for this exam if management position is one of your career choices.
I’ve achieved my annual goals as the following:
- Milestone #1: PMI + CISSP
- 2018/04/09 ACP
- 2018/04/27 PBA
- 2018/06/19 CISSP
- 2018/07/10 RMP
- Milestone #2: ISACA
- 2018/07/24 CISM
- 2018/08/13 CRISC
- 2018/08/28 CISA
- Milestone #3: ISC2
- 2018/09/07 CCSP (originally scheduled on 2018/09/14)
- 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
- 2018/09/25 CISSP-ISSEP (bonus)
- Milestone #4: EC-Council
- 2018/10/09 CEH (originally scheduled on 2018/10/15)
- 2018/10/12 ECSA (originally scheduled on 2018/10/29)
- Bonus Exams: scrum.org
- 2018/10/21, PSM I
- 2018/10/23, ISO 27001 LA
- 2018/10/27, PSPO I
- 2018/10/28, PSD
- Final Optimization
- 2018/11/06 CISSP-ISSMP
- 2018/11/14 CISSP-ISSAP
- 2018/11/26 CGEIT
Bruce Passed ISC2 CISSP-ISSAP Exam on 14th November
It’s a lovely afternoon and peaceful moment to enjoy the view looking out through the floor-to-ceiling window from the office.
When the ISSAP score report disclosed “Congratulations!”, my goal has been achieved pursuing the planned certifications from ISC2. I spent around 4 months in total studying intensively and finally passed the six ISC2 exams: CISSP, CCSP, CSSLP, CISSP-ISSEP, CISSP-ISSMP, and CISSP-ISSAP.
After studying for 40 hours within 8 days (from 2018/11/06 to 2018/11/13), I cleared the ISC2 CISSP-ISSAP (Information Systems Security Architecture Professional) exam today. This exam is one of the 3 CISSP concentrations. I would say the level of difficulty would be ISSAP < ISSMP < ISSEP.
The ISACA CGEIT is the last mile for me to declare success achieving my annual goal.
My plan of the year is revised as follows:
- Milestone #1: PMI + CISSP
- 2018/04/09 ACP
- 2018/04/27 PBA
- 2018/06/19 CISSP
- 2018/07/10 RMP
- Milestone #2: ISACA
- 2018/07/24 CISM
- 2018/08/13 CRISC
- 2018/08/28 CISA
- Milestone #3: ISC2
- 2018/09/07 CCSP (originally scheduled on 2018/09/14)
- 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
- 2018/09/25 CISSP-ISSEP (bonus)
- Milestone #4: EC-Council
- 2018/10/09 CEH (originally scheduled on 2018/10/15)
- 2018/10/12 ECSA (originally scheduled on 2018/10/29)
- Bonus Exams: scrum.org
- 2018/10/21, PSM I
- 2018/10/23, ISO 27001 LA
- 2018/10/27, PSPO I
- 2018/10/28, PSD
- Final Optimization
- 2018/11/06 CISSP-ISSMP
- 2018/11/14 CISSP-ISSAP
- 2018/11/30 CGEIT (projected)
Addon, 2019/12/10:
When I passed the ISSAP exam, I was really excited as all my annual objectives were achieved and I didn’t note down the materials I used.
The following are the materials I used:
- CISSP-ISSAP exam outline
- All the CBKs I have (CBKs of CCSP, CSSLP, CISSP, ISSMP, ISSAP, and ISSEP-old version)
- NIST SP 800 series
- ISSAP CBK Suggested References (I bought as many as I can).
I didn’t use any test engine but the practice questions in the CBKs.
Bruce Passed ISC2 CISSP-ISSMP Exam on 6th November
After studying for 40 hours within 8 days (from 2018/10/29 to 2018/11/05), I cleared the ISC2 CISSP-ISSMP (Information Systems Security Management Professional) exam today. This exam is one of the 3 CISSP concentrations. As its name denotes, this exam is all about basic management concepts and the difficulty level is not that high as far as an experienced CISSP is concerned.
My original plan of the year for learning and growth is scheduled to be completed by the end of October with one month buffer (November as the worst case). Since my goals are achieved ahead of the schedule, I decide to do more as final optimization using the one-month buffer, that is, the month of November.
My plan of the year is revised as follows:
- Milestone #1: PMI + CISSP
- 2018/04/09 ACP
- 2018/04/27 PBA
- 2018/06/19 CISSP
- 2018/07/10 RMP
- Milestone #2: ISACA
- 2018/07/24 CISM
- 2018/08/13 CRISC
- 2018/08/28 CISA
- Milestone #3: ISC2
- 2018/09/07 CCSP (originally scheduled on 2018/09/14)
- 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
- 2018/09/25 CISSP-ISSEP (bonus)
- Milestone #4: EC-Council
- 2018/10/09 CEH (originally scheduled on 2018/10/15)
- 2018/10/12 ECSA (originally scheduled on 2018/10/29)
- Bonus Exams: scrum.org
- 2018/10/21, PSM I
- 2018/10/23, ISO 27001 LA
- 2018/10/27, PSPO I
- 2018/10/28, PSD
- Final Optimization
- 2018/11/06 CISSP-ISSMP
Bruce Passed EC-Council ECSA v10 Exam on 12th October
I enrolled in the official ECSA v10 course from EC-Council on 4th Aug, attended the class delivered by Melvin Sandro from Sep 26 to Sep 30, and passed the ECSA exam today. The course ware, iLabs modules, and iWeek class are awesome. I am willing to recommend the official course before you sit for this exam.
The scope of ECSA is highly overlapped with the one of CEH. However, ECSA emphasizes the project management of penetration testing, the EC-Council LPT methodology, and specific penetration testing scenarios.
If you are a CEH already, I don’t think ECSA adds much value while OSCP, CEH (Practical), or ECSA (Practical) certification would be a better choice. ECSA, EC-Council Certified Security Analyst, as it literally denotes gives people positive image or impression compared with the CEH, Certified Ethical Hacker. Most people feel better or safer when they come across a Security Analyst than a Hacker. Of course, this is just my guess why EC-Council promotes the ECSA certification.
My milestones are updated as follows:
- Milestone #1: PMI + CISSP
- 2018/04/09 ACP
- 2018/04/27 PBA
- 2018/06/19 CISSP
- 2018/07/10 RMP
- Milestone #2: ISACA
- 2018/07/24 CISM
- 2018/08/13 CRISC
- 2018/08/28 CISA
- Milestone #3: ISC2
- 2018/09/07 CCSP (originally scheduled on 2018/09/14)
- 2018/09/13 CSSLP (originally scheduled on 2018/09/28)
- 2018/09/25 CISSP-ISSEP (bonus)
- Milestone #4: EC-Council
- 2018/10/09 CEH (originally scheduled on 2018/10/15)
- 2018/10/12 ECSA (originally scheduled on 2018/10/29)
It’s about time to get some more bonus exams and than declare a success to achieving my annual goals!
Notes:
Open-Source Intelligence (OSINT)
- OSINT through World Wide Web
- Find Domain and Sub-domains of the target
- nmap –script dns-brute sample-domain.com
- https://www.netcraft.com
- Information gathering using theharvester and Sublist3r
- Find the Similar or Parallel Domain Names
- urlcrazy
- Refine Your Web Searches using Advanced Operators
- Web/Image/Groups/Directory/News/Product Search
- site:microsoft.com -site:www.microsoft.com
- Google Hacking Database (GHDB)
- Footprint the Target using Shodan
- Find the Geographic Location of a Company
- nmap -sn –script ip-geolocation-* http://www.microsoft.com
- List Employees and their Email Addresses
- Identify the Key Email Addresses through Email Harvesting
- theharvester (apt install theharvester)
- https://www.phishingfrenzy.com
- List Key Personnel of the Company
- Use People Search Online Services to Collect the Information
- Browse Social Network Websites to Find Information about the Company and Employees
- Use the Web Investigation Tools to Extract Sensitive Data about the Company
- Identify the Type of Network Devices used in Organization
- Job Search Engines
- Look for the Sensitive Information in Email Headers
- Look for Valuable Information in the NNTP USENET Newsgroups
- Find Domain and Sub-domains of the target
- OSINT through Website Analysis
- https://builtwith.com
- https://archive.org
- Website-Watcher (https://www.aignes.com)
- https://www.ultratools.com/whois
- https://www.yougetsignal.com/
- nslookup
- dnsrecon
- dnsenum
- dig
- Network Diagram
- traceroute
- nmap –traceroute –script traceroute-geolocation sample-domain.com
- OSINT through DNS Interrogation
- whois (apt install whois)
- nmap -sn –script whois-* sample-domain.com
- Automating your OSINT Effort using Tools/Frameworks/Scripts
ECSA Notes
- A modus operandi (often shortened to M.O.) is someone’s habits of working, particularly in the context of business or criminal investigations, but also more generally. It is a Latin phrase, approximately translated as mode of operating.
- Rules of Behavior
- Penetration testing “Rules of Behavior” is a penetration testing agreement that outlines the framework for external and internal penetration testing.
- Prior to testing, this agreement is signed by representatives from both the target organization and the penetration testing organization to ensure a common understanding of the limitations, constraints, liabilities and indemnification concerns.
- Release and Authorization Form
- In addition to the “Rules of Behavior”, a “Release and Authorization Form” may be required that states the penetration testing will be held harmless and not criminally liable for unintentional interruptions and loss or damage to equipment.
- Get-Out-of-Jail-Free Card
- an element that helps people to emerge from an undesirable situation.
- The agreement outlines the types of activities to be performed and indemnifies the tester against any loss or damage that may result from the testing.
- entails a legal agreement signed by an authorized representative of the organization.
- a part of the penetration testing contract and should include an incident response plan and appropriate customer contact that can be alerted should an issue arise.
- Negligence Claim
- Negligence is a tort and actionable in the civil courts. Essentially, negligence is typically the failure to act with due care causing harm to someone else. Harm can include personal injury, damage to property, and economic loss.
- To succeed in a claim for negligence, the claimant must satisfy the following requirements on the balance of probabilities:1. The defendant owed a duty of care to the claimant;
2. The defendant breached that duty of care;
3. The defendant’s breach of the duty of care caused damage or harm to the claimant;
4. The harm caused was not too remote.If a claimant can satisfy these requirements, they will have a valid claim. If proceedings are formally issued, the defense will either admit liability, or defend the claim.
- Waivers/Exemptions
- A waiver is the voluntary relinquishment or surrender of some known right or privilege. Sometimes, the elements of “voluntary” and “known” are established by a legal fiction. Other names for wavers are exculpatory clauses, releases, or hold harmless clauses.
- An example of a written waiver is a disclaimer, which becomes a waiver when accepted.
- Legal Fiction
- One example of a legal fiction occurs in adoption. The new birth certificate of the adopted child is a legal fiction.
- One example of a legal fiction occurs in adoption. Once an order or judgment of adoption (or similar decree from a court) is entered, one or both biological (or natural) parents becomes a legal stranger to the child, legally no longer related to the child and with no rights related to him or her. Conversely, the adoptive parents are legally considered to be the parents of the adopted child; a new birth certificate reflecting this is issued. The new birth certificate is a legal fiction.
- Tautology
- the saying of the same thing twice over in different words, generally considered to be a fault of style (e.g. they arrived one after the other in succession).
- SELECT * FROM users WHERE name = ” OR ‘1’=’1′;
- Types of SQL Injection
- Intrusion detection system evasion techniques
- TCP Port Scanning: TTL < 64 or WINDOW size > 0 => Open Port
- Stealth Port: A “Stealth” port is one that completely ignores and simply “drops” any incoming packets without telling the sender whether the port is “Open” or “Closed” for business.
- Wireshark: Follow Streams
- Follow TCP Stream: gzip content not decoded
- Follow HTTP Stream: gzip content decoded
- LAN Manager
- ssl-enum-ciphers
- ON-DEMAND SECURITY AUDITS AND VULNERABILITY MANAGEMENT
- Fuzzing
- Tutorial: Simple WEP Crack
- Aireplay-ng
- The classic ARP request replay attack is the most effective way to generate new initialization vectors (IVs), and works very reliably.
- This attack, when successful, can decrypt a WEP data packet without knowing the key.
- This attack, when successful, can obtain 1500 bytes of PRGA (pseudo random generation algorithm). This attack does not recover the WEP key itself, but merely obtains the PRGA.
- The Hirte attack is a client attack which can use any IP or ARP packet. It extends the Cafe Latte attack by allowing any packet to be used and not be limited to client ARP packets.
- Aireplay-ng
- Toil and Strife