What I Learned This Week In Cyber 6/16/22
This week has been quite exciting in terms of what the concepts explored. Here is a highlight of some the concepts I delved into:
XSS- Cross Site Scripting
There are two types of XSS attacks- reflected and stored.
Reflected XSS- An user inadvertently clicks on an URL of a vulnerable website with malicious parameters specified by a threat actor. A request is then sent from the browser to the web server. The server, following the request, provides a response with the parameters in mind, and once the browser receives the response, it executes the malicious code. Sensitive information that is used to authenticate users, such as cookies, are then sent to the adversary. The opponent can now authenticate as if it were the user itself.
Stored XSS- A vulnerable website allows for users to potentially submit information to the website, such as comments. The threat actor takes advantages of that and instead of submitting a comment, submits valid, malicious syntax. This code then gets stored in the web server. Now, whenever a new visitor visits the website and requests the data that is stored in the database, the malicious code will run. The implications are clear- the threat actor can potentially steal the authentication information from the user as well as personal information that could be linked to the account.
XSRF(Cross Site Request Forgery)- A user is logged into his/her bank account in one tab. Somehow, the user decides to click on an URL link that has certain parameters. These parameters make a request to instruct the bank to transfer x amount of money to y account. Since the user is authenticated on the other tab, the transaction is validated.
SQL Injection- An attack where instead of submitting credentials to an input box, the threat actor actually writes valid syntax that interacts with the SQL database code itself, allowing him/her to modify or view the contents of the database. For instance, instead of inputting a valid username in the input box, the adversary types in ‘ or 1=1. This in turn causes the database to select user blank or always authenticate the request since one will always equal one. The threat actor can then add extra syntax to follow up, such as PRINT @@variable, will can return the information stored in the database.
STIG Viewer- A great tool to assess the potential vulnerabilities in your system. It also provides you with clear instructions as to how you can remediate them.
Snort- A very robust IDS (Intrusion Detection System) that can act as an IPS (Intrusion Prevention System) depending on the rules configured. You can configure Snort so that whenever a specific condition is met (say, ICMP is sent from any IP address from the external network to any IP address in the internal network), Snort sends a customized message alerting you of the occurrence. I do plan on making an article explaining how to install and configure it in the future.
These were the most interesting topics that I learned this week. Hope you learned something new as well and I will see you next time.
