SecurityResearch-101

Introduction to digital wallets  Digital wallet, also referred as "e-Wallet" allows people to perform electronic transactions without the need to have physical cards. Not only does it allows to perform payment and transactions, but also is handy to store other identity documents such as loyalty card(s) within the wallet. It also eliminates the need to carry multiple physical cards. Now as we have understood in simple words the meaning of digital wallets let us understand how do digital wallet transactions work. Steps of a digital wallet transaction being performed To use a digital wallet, the user needs to open the wallet application on mobile. To do this users can either use facial recognition, fingerprint identification, or PIN codes (based on the phone model and the configuration) Post unlocking the application, the user next selects the stored payment method for use, as digital wallets allows to store multiple cards There can be two type of transactions for digital wallet

TLDR:  Threat intelligence is on way to becoming a must-have capability for every organization. This will not only help protect the firm but also keep them aware of constant threats and the plan to safeguard against those. Threat intelligence overview: As defined by Gartner, threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard. This curated information helps a firm to make better decisions about how to defend ourselves and our business, from cyber-based threats. Threat intelligence can help identify and analyze different cyber threats relevant to your organization  The best approach is to use specialized threat intelligence tools to capture and digest feeds and thereafter analyze them via existing knowledge to know if a threat is real and the applicable acti

Introduction Network forensics in a nutshell is the combined activities regarding capturing, recording, and analyzing network packets in order to determine the source of attacks. Steps of network forensic examinations ·         Identification ·         Preservation ·         Collection ·         Examination ·         Analysis ·         Presentation ·         Incident Response Types of analysis performed on network level: ·         Data-link and physical layer (Ethernet) Methods are achieved with eavesdropping bitstreams on the Ethernet layer of the OSI model. Monitoring tools or network sniffers such as Wireshark or Tcpdump are used. These help to capture traffic data from a network card interface configured in promiscuous mode. ·         Transport and network layer (TCP/IP) Network layer provides router information from routing table present as well as log evidence. These help a great deal in providing information on compromised packets, identifying sources

What is a data diode? A data diode is hardware device that is often called a "unidirectional security gateway". It is placed between two networks with different levels of security and controls the flow of information in a safe, one-way transfer of data between segmented networks. In terms of security, network data flowing through data diodes makes it impossible for an insecure or hostile network to imbibe malware or access the system. Data diodes allows data processing in real time to information management systems protecting valuable information and network infrastructure from theft, destruction, tampering, and human error, mitigating potential loss of thousands of dollars and countless hours of work. Data diode design maintains physical and electrical separation of source and destination networks, establishing a non-routable, completely closed one-way data transfer between networks eliminating external points of entry to the sending system, preventing intruders and contagio

Many people use the terms - compromise assessment and threat hunting interchangeably. For the same, well to clear it out both are different! How and in what sense, let's take a dig at: A compromise assessment is a high-level review of the organization that does not rely on a limited scope to find out if they are compromised.  Performing such assessment helps establish that if a baseline is enough apart from highlighting the risks associated with a compromise not being effectively communicated to senior/executive leadership within your organization. Coming to threat hunting , this is a more mature assessment targeted to identify objectives such as (espionage, pivoting, data exfiltration, etc.) targeting your organization. source- https://www.crowdstrike.com/cybersecurity-101/threat-hunting/ Where Does Threat Hunting Fit? Threat hunting is highly complementary to the standard process of incident detection, response, and remediation. As security technologies analyze the raw data to

Beginning with Kubernetes Hacking into - Part 1 Introduction: Hi Readers, the world of virtualization is still in a starting stage and combined with the flavor of security, it’s a very interesting thing to learn and work with. As first part of the series we will focus on a very new concept of Virtualization which centers on Kubernetes. Let’s start from the very basics. Kubernetes is a powerful open source tool developed by Google. It helps us to utilize “micro-services” or better say “containerized” applications across distributed cluster of “nodes”. The beauty of Kubernetes lies in its highly resilient infrastructure with almost zero downtime apart from its immense deployment capabilities as well as offering a host of other features along with it. In a nutshell, the main objective of Kubernetes is to obscure the complexity of managing multiple containers by introducing REST based Web services in its backend. Kubernetes’s portability factor is another add-on. You can run i