January 2021
All about hacking and cyber security I present ways of hacking over all platforms also trending news & info bugbounty tutorial for penetration testers

What is Zero Day Exploit Meaning or Definition?

 A zero-day attack refers to a hole in software that is unknown to the vendor the security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it and the exploit is called a zero-day Exploit.

 

What is Zero Day Attack, Exploit and Vulnerability

You have taken great care to secure your network but even with responsible and sustained investments in your defenses you're still at risk attackers can bypass your security through an uncharted software vulnerability a loophole revealed only by the persistent probing of a determined hacker this is how a network is breached this is how valuable data is stolen this is zero day and the exploit used for this is Zero day Exploit.

zero day is a software vulnerability that is previously unknown and unpatched and therefore can be exploited by a threat actor to gain entry to a target network.

Zero day Exploit meaning in simple term

Think of a zero day as an unlocked house that the owner thinks is locked but a thief discovers is unlocked the thief can break in undetected and steal things from the house that may not be noticed until days later when the damage is already done and the thief is long gone without leaving traces as he only knows how he found that technique.

(I think you all got it now... :))

Now Let me take you to Journey of Zero day Exploit...

 

How Zero Day Exploits get created and reach to its Destination.

A hacker finds a zero day through hours, weeks, or months of painstaking effort he scours through lines of code probing applications and operating systems to find some weakness, some flaw.

 Hacker methodically barrages the target application with an array of reverse engineering tools and techniques forcing the software to reveal a small crack in the defenses that provides them a way to secretly execute code.

 with this vulnerability, in hand the hacker has a choice to help the software vendor by providing them information about the vulnerability (Ethical Hacking or Bug Bounty) or sell it to a broker a black-market vendor of zero-day exploits.

 The broker compiles an inventory of zero days to build his reputation on the darknet with one goal selling his exploits at the highest price.

 the broker lists these zero days on secret forums he acts as a matchmaker between exploit and attacker.

 the attacker needs an exploit that augments their existing tools and techniques, use reconnaissance data to select the zero day exploit that is most likely to compromise their target because zero day exploits are previously unknown they provide an element of surprise the attacker incorporates the zero day exploit into their customized attack and once the perfect storm program process and payload is concocted the attack is launched in a network.

Effects of Zero Day Exploits and Vulnerabilities

 

Effects of Zero Day Exploits and Vulnerabilities

Zero day exploit attacks are the most disastrous when it comes to hacking attacks found because it also depends on the vendor or software engineers to write a fix in a timely manner and the world to implement those patches the term apparently originated in the days of digital building boards.

 When it referred to the number of days since a new software program had been released to the public in information security terms day zero is the day on which the interested party presumably the vendor of the targeted system learns of the vulnerability leading to the vulnerability being called a zero day.

 Fewer the days since day zero the higher the chances no fix or mitigation has been developed even after a fix is developed the fewer the days since day zero the higher is the probability that an attack against that afflicted software will be successful because not every user of that software will have applied effects for zero-day exploits unless the vulnerability is inadvertently fixed.

 

 For example by an unrelated update that happens to also obviate the need for a fix specific to the vulnerability the probability that a user has applied a vendor-supplied patch that fixes the problem is less so the exploit will remain available.

 

 Zero day attacks are a severe threat although they sound the same they are different zero day vulnerability is when software has a flaw known to the developer but the developer does not yet have a patch ready to be released and the rest of the world to apply it in a timely manner.

 A zero day exploit is packaged as malware which can create damage and are often highly successful until they become widely known and either the software is patched or other security measures are put into place to successfully identify and block the exploit or often get ignored by a lot of vendors which results in a huge breach.

 

Zero Day Exploit Examples

 So basically zero day attacks are often found in secrecy it exists in published programming code of any form of service that is online that has not been reviewed from an offensive perspective it exists in many vendors hardware manufacturer as we have seen in the past with companies like Cisco, Microsoft, VPN services(NordVPN), collaborative applications(Slack) content management systems (WordPress) has been found through history within hardware software and has affected the top vendors and companies across the world.

But the most known zero day exploit example I want to share in detail is Stuxnet.

 

Stuxnet is specially designed to Exploit PLC (Programmable Logic Controllers) released back in 2008 but found in 2010.

 Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and damaging infrastructure. According to a November 2013 report from businessinsider.com, Stuxnet was responsible for destroying one-fifth of Iran’s nuclear centrifuges by causing them to spin out of control.

 The worm exploits four, zero-day flaws that are present in some SCADA systems. In the case of Stuxnet, the worm targets systems using the Microsoft Windows operating system and networks, then it begins searching for Siemens Step7 software. If it is able to find the proper vulnerabilities in a given system, then it carries out its exploits.(Clever huh...)

 Stuxnet is typically introduced into a system via an infected USB flash drive and then propagates throughout the network.

 

 However, with the growing attachment to networked infrastructure and the “internet of things,” there are more access points for individuals who are interested in gaining control of SCADA systems by using worms and viruses like Stuxnet.

 A good mission-critical operator should be able to run security maintenance and apply best practices to make sure SCADA systems are not compromised.

Prevention of Zero day Attacks, Exploits, and Vulnerability

 to prevent such attacks mitigating the risks you need to be faster and one step ahead having more red team-oriented employees simulating such tests a team that would purposely invest their knowledge and time from the offensive side to find them before attackers do and if such team cannot exist outsourcing such services externally will put you in a position to act in a time frame that would minimize the impact or prevent it ahead.



  companies should look into more data analysts of their equipment and software used to prevent such attacks they would look into access control reports heuristics analysis reports market for zero-day exploits software-defined protection solutions they should look into more Linux-oriented people with offensive security backgrounds.

 

Requesting more penetration testing services, code reviewing, hiring more security researchers to work along with the other side focusing on such tasks with more IoT devices on the rise 7G around the corner connecting remotely to the cloud using VPN services work from home introduced which will change the ecosystem more devices more software will exist especially when it deals with robotics space and medical equipment. 

 

How Zero Day Attacks and Exploits are Found Now...

 Using AI protection can detect the intrusion block, the attacker, and alert system administrators of the attempted breach that enable the responders to freeze and rewind time isolating the packet capture from the earliest moments of the attack.

 two-way sharing with the dynamic threat intelligence cloud enables to analyze of the attack.

 

 The zero day discovery team reverse engineers the incident to break down the intricacies of the exploit using threat intelligence gathered by AI devices and drawing upon years of in-depth knowledge and specialized techniques it will find the key exploit and determine if this particular combination of tactics is a zero day.

 if a zero-day is discovered they notify the vendor of the vulnerable software and works with them to create a Zero day Exploit patch.

 

 


All about hacking and cyber security I present ways of hacking over all platforms also trending news & info bugbounty tutorial for penetration testers

 Today we're gonna find out what is a social engineer. So let's get right into it,  So what is social engineering? And How Pro Social Engineers do that.


Who are Social Engineers and what is social engineering attack

A Social engineer is someone who persuades another person to either disclose confidential information or perhaps provide access to restricted areas, such as a company server room by pretending to be someone they're not. And this act called Social engineering.

This is how social engineering defines or social engineering Definition.

How Social Engineering Done by Pro Social Engineers



    Well, a social engineer might pretend to be from a maintenance company, or here to deliver a package, or they may pretend to be the CEO's new assistant, so they're pretending to be someone who would normally have access to the information or locations that they're looking for. 


    There are many different ways to conduct different types of social engineering. Let's imagine an attacker who wants to gain physical access to a server that's located in a corporate office building, the attacker might pretend to be from the company's internet provider, and tell the receptionist at the front desk that they need access to the server room to replace the modem. 


    They could also pose as the maintenance manager of an office and request access to a restricted area under the disguise that something like the heating or cooling system needs to be repaired. But social engineering doesn't always have to be in person. 


    Sometimes social engineers will call employees pretending to be from the help desk and request remote access, or call someone pretending to be a bank employee asking for account information. 


    But probably the most common type of social engineering that we see is email phishing or sending an email pretending to be from a trusted source.


     You can see examples of social engineering  For instance, in the popular television show, Mr. Robot in season one, Episode Five the main character Elliott uses social engineering tactics to gain unauthorized access to the steal backup facility.

    • Social engineering attacks rely on which of the following?

     Let's look at a few reasons why social engineering works as well as it does

    • Trusting to anyone

     The first reason is simple. We as humans tend to have a trusting nature. We don't want to believe that everyone is out to harm us. If someone calls or approaches us claiming that they want to help, our instinct is to take them at face value. This doesn't always mean we will fall for these tricks. But when paired with other tactics on this list, it certainly makes social engineering more effective. 

    • Urgency

     we have urgency. humans tend to throw caution to the wind when faced with urgency. This is probably the number one reason why phishing campaigns from so-called executives are effective. When a high-level executive in the company tells you they need something done immediately. You tend to just do it. And this is because you don't want to let them down. Even if the request seems odd.

     I can't tell you how many times in my career, I've seen financial teams set up wire transfers, because the CFO told them to do it immediately, only to later find out it wasn't the CFO at all.

    • Fear

     Along with urgency comes fear. When you're afraid of failing someone important or losing your data, you may not think your actions all the way through fear affects our mind in an interesting way, and we're more likely to make a mistake.  

    fear of having the company find out that they got a virus to impair judgment, embarrassed and feared being reprimanded for it. This lowered people's judgment and in the end, they ended up allowing themself and the company's computer to become a victim to a social engineering attack. 

    • Ignorance

    Finally, and in my opinion, the most obvious reason is simply ignorance. A lack of understanding is the most dangerous thing. Perhaps you aren't someone who would fall for a scam. But what about your elderly grandparents? If someone who isn't extremely familiar with how the technology works, or familiar with these types of scams receives a call like this, they might not even think twice before doing whatever they're asked. 


    Now that we've discussed the human elements that make social engineering so successful, let's look at some of the factors that leave companies vulnerable to social engineering attacks.

    •  lacked security policies

     First up, we have lacked security policies, or in some cases, no security policies at all. There should always be some policy in place that makes users aware of what information they're allowed to share via email or over the phone. If there's a policy in place that states that the help desk will never ask for your password via phone or email, then the end-user might think twice when they get this request from a social engineer.


    • Poor permission regulation

     Another factor is poor permission regulation. The more information a user has access to the more information that the company risks losing if that user is a target of a breach. Not all users in the company should have access to sensitive data. It's best to practice the concept of least privilege and only have access to a resource to those users who will absolutely need it.

    • Minimal to no security Awareness Training.

     Last but certainly not least, minimal to no security awareness training. How can a company get upset with their employees for clicking on a phishing email when they've never been told what one looks like? We discussed that ignorance and a lack of understanding is a huge reason why show social engineering attacks are so successful.

     If companies are able to roll out a successful security awareness training program, their employees are much more likely to spot a scam before those who have never attended a security training at all. security awareness training can vary from company to company, but it's usually a combination of online learning modules and phishing tests in which a company will send phishing emails on purpose to gauge their employee's awareness. 


    • Social Engineering Phases

     I should point out that not all social engineering attacks will go through all of these phases. Sometimes social engineering attacks aren't targeted. They just send a bunch of phishing emails to a lot of people. But this article is going to cover the phases of a targeted and focused social engineering attack.

     There are four main phases of targeted social engineering attacks. So we'll look at each one of them.

    • Recon and Information Gathering

    So the first thing that an attacker will need to do when carrying out a social engineering attack is to research their target company. This is just like the first step of the cyber kill Chain you need to do your recon. The more information that you have about the company, the better prepared, you'll be to fool them into giving you the information that you need. There are many different ways to do recon on a target company.

     The first and easiest way is to look through the company's website. The website will provide an overview of the company and if they have any blogs, they might have posted about recent events, promotions, or things of that nature. And this can all be really helpful information to a social engineer. by searching for the company's name online, you might be able to find them mentioned on local news sites or in press releases.

     Sometimes when companies have large events or a new CEO or president is starting it ends up in the media. Employment websites and job postings can also be a treasure trove of information to a social engineer. organizations may not always send out emails to the entire staff when a new hire is starting.

     So a social engineer could potentially go into a company pretending to be a new employee there, and the company's receptionist might be none the wiser and let them right in through the front door.

     like dumpster diving, Dumpster diving is exactly what it sounds like. Organizations there are a lot of documents away and if there isn't a shredding policy in place, you'd be surprised at the type of information you can find just due to what people will carelessly throw away. 

    • Choosing an employee at the target organization

    Once the research aspect is complete, the social engineer will choose an employee to target specifically, while it is possible to simply target the entire organization and send out emails to the full mailing list. Any experienced social engineer knows that they'll be much more successful if they choose one or two people to target.

     When it comes to cybersecurity humans are always the weakest link. Sometimes targeting a new employee of the company can be helpful. They may not know every single person in the company so it might not faze them when they don't recognize your name or face.


     Another target could be a disgruntled employee, they are already at the end of the road with their company and they just simply don't care what happens. careless employees are social engineer's best friend. These types of employees are not going to do extra work to follow protocol, they will always choose the easiest solution. 

    Whenever possible, social engineers will choose a target that either has access to what they want or has direct access to someone who does. Social engineers don't want to try to go through 10 people to get to their goal, the least amount of people they have to trick the easier their job is.

    • Gaining the trust of that person

    Once the social engineer has chosen an employee to target the next step is to gain the trust of that person and build a relationship with them. social engineering really depends on the victim trusting the social engineer completely. If there is a hint of doubt, the attack might not be successful.

     In order to gain the trust of the employee, the social engineer might provide fake credentials. Through research done in phase one, they might have been able to see what an employee badge looks like and forge a recreation of one themselves.

     knowing a lot about the company and recent events or functions helps to clear any doubt that the target might have about whether or not the social engineer can be trusted. This is why it's really important for social engineers to do extremely thorough research on the organization as a whole.

     Before beginning their attack, the more that the social engineer knows the higher likelihood of them succeeding in gaining people's trust. Finally, social engineers will always have to be confident. When people sound like they know what they're talking about. Others tend to believe them. 

    Even if it goes against their better judgment. The moment a social engineer starts to sound unsure of themselves, the trust they built will be completely shattered. Once the social engineer builds trust or a relationship with the target employee,

    • Exploit the weakest link

      This is the final step for the social engineer as this is when they are going to try and gain access to what they were looking for. One thing a social engineer could be looking to gain is access to a particular restricted area. They could exploit their target by telling them that they normally have access there but they left their keys at home. If the target trusts the social engineer enough, they might help them out.

    Some Social Engineering Attack Example

    Another scenario is someone posing as an employee who just started the company. Perhaps they're trying to access a door With a key code, they could pretend they forgot the passcode since their first day and the target might actually be willing to give it to them.


     Perhaps the social engineer's goal is to get a piece of malware installed on the network, they could tell the target they are trying to get a file off of the USB drive to open but it's not showing up when they plug it in, they'll ask the target to plug it into their machine and see if they can open it. However, when the trusting target clicks on the file from the USB, they are unknowingly infected with malware.


     Another scenario could be that the social engineers' one and only goal is to simply gather Intel that isn't publicly available. It could be a case of corporate espionage, the social engineer could be trying to steal intellectual property or trade secrets. If they befriend the right target in the organization, that person might tell them all about how the company is run and how the products are, and how the products are produced.


     Just a quick recap, the four phases of social engineering that we discussed in this Article are phase one researching your target organization. Phase Two, choosing an employee at the target organization, phase three, gaining the trust of that employee, and phase four exploiting that employee's trust.


    • Social Engineering Techniques

     social engineering techniques, there are tons of techniques that social engineers use, and we're going to cover a lot of them in this article. So in order to make things a little bit easier, I've broken them up into different categories, social engineering attacks that occur in person, social engineering attacks that occur via computer, and finally social engineering attacks that occur over the phone.

    Top Social Engineering Techniques


    • In-person social engineering

     Let's begin with in-person social engineering. When I talk about in-person social engineering attacks, I'm referring to any attack that isn't done over the phone or using a computer. This type of social engineering can't be done by an attacker who is sitting in their home, they have to go out and actively attempt their techniques on a person. Here are some techniques I consider to be in-person social engineering, eavesdropping, shoulder surfing, dumpster diving, tailgating, piggybacking, and finally impersonation.


    • Eavesdropping

     Eavesdropping is a social engineering technique in which the attacker will attempt to listen in on private conversations to gain information.

     An example of eavesdropping would be listening in while a helpdesk technician reads off a password to a user that had forgotten it.

     Well, Eavesdropping can be as simple as being in the right place at the right time to listen to a conversation. Some attackers will take it one step further by creating their own listening devices. 


    • Shoulder Surfing

    Shoulder Surfing is similar to eavesdropping, but instead of gathering information with their ears, attackers try to gather information with their eyes.

    Shoulder Surfing is the act of spying on an unknowing user while they're entering private information

    One example of shoulder surfing would be an attacker watching a user type their username and password into their computer. While Another example would be watching a person type in their pin number into a banking system or ATM.


    • Dumpster Diving

     Dumpster diving is a social engineering technique in which the attacker will find personal information about an individual or organization in their trash. 

    People are often careless in terms of what they throw away and even junk mail could be potentially useful to an attacker.

     Imagine an office worker who throws away an old list of user phone numbers because they received an updated list. Although the list they threw away might not be entirely accurate anymore, it's found has some phone numbers that are still relevant. If a social engineer finds us in the trash, they now have a semi-complete list of users and their phone numbers. This can be very useful to a social engineer.


    • Piggybacking

     When you hear the word piggyback, you might think of someone riding on another person's back. However, in terms of cybersecurity piggybacking means something else.

     piggybacking is a social engineering technique in which the social engineer has tricked their target into allowing them to use or piggyback so to use or speak onto their credentials.

     In this example

    imagine a social engineer trying to gain access to a locked building. When a person comes over Along with a valid badge that grants them access to the building. The social engineer might say something along the lines of 

    ' I forgot my badge. Do you mind letting me in ' 

    and they're speaking to the good nature and people and a lot of folks will help them out.


    • Tailgating

     tailgating is somewhat similar to piggybacking, so it's easy to confuse the two. But in a tailgating situation, the social engineer follows after the target without speaking to them

    Let's imagine a scenario in which a social engineer is carrying a large box. There may or may not be anything in the box, but to everyone else, it looks like they have their hands full. In order to be polite, the target may hold the door open for them. Or perhaps they don't even hold the door open for them, but they're probably not going to pay any mind if the social engineer sticks his foot out and keeps it open.

     The main difference between piggybacking and tailgating is that in piggybacking, the social engineer has the person's consent to follow them in or use their credentials. In a tailgating scenario, the user did not give the social engineer explicit consent to enter the building.

     If it's hard to remember, just think of it this way. When more than one person tailgates a car, it's done without consent. When a person gives another person a piggyback ride, though, it's something that's typically agreed on by both parties. 


    • Impersonation

    And the last in-person social engineering technique that I'm going to cover also happens to be the most common in-person social engineering attack.

     Impersonation is exactly what it sounds like the social engineer is pretending to be someone they are not in order to gain access to something they should not have access to.

     The person may pretend to be from the company's telecommunication provider requesting access to the server room, or the social engineer might pretend to be a potential client asking for a tour of the facility.

     Either way, impersonation is a very popular and very effective technique used by social engineers. And impersonation isn't technically just an in-person technique. impersonation is used in all of the categories it's used in person. over the phone on the computer by email, impersonation is really the bread and butter of social engineers. 


    • Phone and Mobile Social Engineering

    So that brings us into our next category, which is phone and mobile. These are attacks that are done either with a landline or through a cell phone. This category includes things like vishing, and smishing.


    • Vishing

     Vishing stands for voice phishing, and it's the process of trying to trick a user into disclosing personal information over the phone.

     You hear this all the time on the news channels regularly talk about individuals who have received a phone call from people claiming to be with the IRS. Those people end up sharing all their information. And next thing you know, they have their identity stolen or elderly people who receive a phone call saying that their grandson is in jail and they have to send bond money.

     These are all examples of vishing attacks. vishing attacks occur when a social engineer calls a user and pretends to be someone else in order to steal their private information or to steal their money. 


    • Smishing

    Smishing, on the other hand, is very similar except that it occurs using text messages. Have you ever received a text message that you just didn't think was legitimate?

     I once received a text message asking me to log into my Amazon account using a link in the text message to check the status of an order. Lucky for me, I was able to spot the fake message right away. I knew I didn't have any packages coming from Amazon at the time. And even if I had I probably would have checked it by logging into my account from the computer and not using that text message link. 

    But let's say for the sake of examples that I did click on that link in the text message. Most likely it would have taken me to a site that looked like Amazon was actually a fake created by the attacker. After I enter my login credentials, I might be redirected to Amazon but it would be too late. The attacker would already have my username and password. This is an example of SMS phishing, also known as smishing.


    • Computer-based social engineering attacks

    And the last category of social engineering attacks that we're going to talk about in this Article, are computer-based social engineering attacks. Obviously, computer-based social engineering attacks are going to be any of those social engineering attacks that initiate from a computer.

     So this includes things such as pop-up messages, spam, spamming, and phishing. Pop Up messages from the web browser are a really easy and common way for social engineers to trick users into calling them and giving them personal information.

     I honestly cannot tell you the number of times in my career, I have received a frantic call from an end-user panicking because they believe they've gotten infected with malware. I'll log into their computer remotely to see a giant frightening message plastered across the web browser, you have a virus, it will say the exact wording of the pop up might vary every time but the core of it stays the same. 

    This computer has been infected with malware, and the only way to resolve it is to call this number. Now 99.9% of the time messages like this are not actual viruses. Instead, when a user accidentally navigates to the wrong URL or allowed to get notifications from an untrusted source, they get that scary popup.

     The purpose isn't to infect the user with malware at all. It's to get the user scared enough to call the number listed. Once the user calls the number, then the attacker on the other end works to take advantage of them.

     However, in every case that I've personally seen a pop-up like that, go into the task manager and ending the task fixes it immediately or disable the notification in the browser that causing that popups can work also. But it's not always meant to be frightening. 

    Sometimes users will receive a message saying they won something like an iPad. And they'll have to call a number email or click something that fits into the pop-up social engineering category as well

    as instant messaging scams are messages that are received through some type of instant messaging platform. This could be Gmail, chat service, Skype, or even Facebook Messenger.

     Have you ever received one of those Facebook messages from a friend that says "hey man, I saw this video of you, I can't believe this is you" with a link video from some weird source If you don't click on it, you may find out later that your friend's account was compromised and started out sending out all these spam messages.

     If you do click on it, well, then you might be the one sending out spam next. This is also considered a type of social engineering attack. So it's always best that if something looks suspicious, just don't click on it, and maybe call that friend and double-check with them actually meant to send that to you.


    • Phishing

     And that brings us to our final type of social engineering attack that we're going to talk about, and that is phishing. And I know that you all already know what phishing is. 

    It's the act of sending emails that appear to come from a trusted source in order to convince a user to disclose information. 

    Phishing is becoming such a huge problem in our world today, it seems like every single day, thousands of getting sent phishing emails. 

    So I will Cover How to do Phishing Attacks and Prevention in another Article.