SecurityResearch-101

1.     Introduction to zero trust: A more and more raging buzz word in the world of information security, Zero Trust Architecture refers to the “defense in depth” approach of implementing security concepts removing the process of automatically trusting actors and devices integrated in network. Zero trust architecture provides a thorough end to end approach to enterprise resource and data security controls interwoven around identity (person and nonperson entities), credentials, access management, operations, endpoints, hosting environments, and the interconnecting infrastructure. Zero trust leads to ultimately verifying every single component trying to connect to the system before granting access. Relying on fine grained methods such as micro-segmentation and granular perimeter enforcement based on users, zero trust helps to control security over controls such as trusting a user, machine or application for gaining access to a part of the enterprise network. Zero Trust leverage

As all say, the basics are what takes you ahead! For being a hacker (a real one) 1. Learn to program Learning to make your own tools is a must for a hacker, start with learning C/ Python. Upon advancing get hands dirty with Ruby/ Perl. These will help you make scripts to automate attacks and create tools. Reason:  Being a hacker means building your own tools to automate attacks, fuzz through input fields, and create tools customized for different environments according to the scenario. Once you are adept at this, learn at least one server-side language ( preferably PHP, otherwise JSP/ ASP) At a glance, the languages you need to be good at least in basics: 1) C Programming (for low-level attacks such as buffer overflow/ memory attacks) 2) Java Programming ( helps code quickly tools for security testing) 3) Powershell ( much needed for exploitation on Windows and Red Teaming attacks) 4) Python ( a much hand scripting language needed for automating scripts/ writing explo

WPA2 Krack in a nutshell While its raging all over , lets see in what the finding is all about? KRACK (Key Reinstallation Attack) is a replay attack discovered in 2016 by Belgian researchers Mathy Vanhoef and Frank Piessens. The details were published in October 2017. 1. Where exactly is KRACK exploiting wireless networks? WPA2 protocol offers a "four-way handshake." In simple words, the 4-way handshake determines whether a user attempting to join a network and the access point offering the network have matching credentials. By repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake, an attacker can gradually match encrypted packets seen before and learn the full keychain used to encrypt the traffic. 2. How does it become vulnerable? The four-way handshake generates a new encryption key ( the third communication in the four way handshake) 3. Enter the "Key Reinstallation Attack" At this juncture, a hacker can tamper/