Demetrius Fluker

Malware, short for "malicious software," refers to any software intentionally designed to cause harm to computers, networks, or data. Over the years, both traditional and new types of malware have evolved significantly, with each type employing different techniques to compromise systems. Here's a detailed look at traditional and new types of malware, including rootkits, trojans, and viruses, and their impact on cyberspace. Traditional Types of Malware: Viruses : Definition : A virus is a type of malware that attaches itself to legitimate programs or files and spreads by infecting other software or files when executed. It often requires user action to spread, such as running an infected program or opening an infected document. Impact : Early viruses were relatively simple, primarily focusing on causing disruption (e.g., corrupting files or slowing down systems). However, modern viruses can exfiltrate data, destroy information, and install backdoors. Example : The ILOVEYOU ...

  July 2024 Breach Report: Major Breaches from June 1. Snowflake Data Breach Date : June 2024 Impact : Ticketmaster and several other organizations utilizing Snowflake's cloud infrastructure suffered a significant breach. Data Leaked : Sensitive customer data, including names, email addresses, payment card information, and transaction details. Ticketmaster confirmed that many of its customer records were exposed. Resolution : The breach was linked to a misconfiguration in Snowflake's infrastructure, allowing unauthorized access. Snowflake and impacted organizations quickly patched the misconfiguration, but the breach led to a broader review of cloud storage security practices​ ( Check Point Research ) . 2. Truist Bank Breach Date : June 13, 2024 Impact : The breach at Truist Bank was claimed by the ransomware group Sp1d3r, which accessed sensitive information from over 65,000 employees. Data Leaked : Personal employee data, including names, contact information, and internal co...

  Essential tools for penetration testing fall into several categories, each serving specific functions in assessing and exploiting vulnerabilities. Here’s a breakdown of some commonly used tools: Network Scanning and Discovery Nmap: A powerful open-source tool for network discovery and security auditing. It helps in identifying hosts, services, and open ports. Netcat: Known as the "Swiss army knife" for networking, it reads and writes data across network connections using the TCP/IP protocol. Exploitation Frameworks Metasploit Framework: One of the most popular tools for developing and executing exploits against vulnerable systems. It provides a large database of exploit code. BeEF (Browser Exploitation Framework): Focuses on web browser vulnerabilities to test and exploit flaws through browsers. Vulnerability Scanning Nessus: A comprehensive vulnerability scanner that helps identify weaknesses in servers, databases, and other systems. OpenVAS: An open-source vulnerabi...

  Performing a web application penetration test (pentest) involves a systematic approach to identify and exploit security vulnerabilities in a web application. The goal is to uncover weaknesses that could be exploited by malicious actors and provide recommendations to fix these vulnerabilities. Here’s an in-depth guide on how to perform a web application pentest: Step 1: Planning and Preparation a. Define Scope and Objectives What to do : Identify the scope of the pentest. This includes the target application, specific URLs, APIs, and any other components involved in the web application. Clearly define the objectives, such as testing for OWASP Top Ten vulnerabilities or business logic flaws. Why it’s important : A well-defined scope ensures that both the pentester and the client understand the boundaries of the test, minimizing the risk of unauthorized access to out-of-scope systems. b. Gather Necessary Permissions What to do : Obtain written authorization from the owner of the web...

   TOP Encryption Standards:  1. Advanced Encryption Standard (AES) Details : AES is a symmetric encryption algorithm widely used for securing data. It supports key lengths of 128, 192, and 256 bits. Use Cases : Commonly used for data encryption across a variety of applications, including file encryption, VPNs, SSL/TLS, and wireless security (WPA2). Strength : Known for its security and speed. AES-256 is considered very secure for sensitive data protection. 2. RSA (Rivest-Shamir-Adleman) Details : RSA is an asymmetric encryption algorithm used primarily for secure data transmission. It relies on the difficulty of factoring large prime numbers. Use Cases : Frequently used in digital signatures, SSL/TLS certificates, and secure email protocols (like PGP). Strength : RSA with key lengths of 2048 or 4096 bits is considered secure, though it is slower than symmetric encryption algorithms like AES. 3. Elliptic Curve Cryptography (ECC) Details : ECC is a public key encryption te...

  The guidelines presented focus on maintaining a robust, secure software development lifecycle (SDLC) with an emphasis on the following areas: Documented Development Practices : Ensure the organization has secure, standardized development processes, including validation of input, encryption, and data exchange. Use of Approved Software Components : Approve and regularly update third-party libraries and modules. Ensure they are supported by vendors and aligned with the organization's security standards. Environment Segregation : Separate development and production environments with strict access controls, ensuring sensitive data is protected. Secure Error Handling : Ensure proper error handling and output processing for all software applications. Automated Code Scanning : Regularly scan custom-developed code for potential weaknesses using automated tools. Penetration Testing and Issue Tracking : Regularly perform penetration testing and track any discovered security weaknesses, prio...

Protecting your Network is not easy Here are sample vendors I've used to help protect my network: Maintain an asset inventory of all authorized network devices : Vendor Example : ServiceNow (for IT Asset Management) or Cisco Prime Infrastructure (for network device management). Ensure a hardening standard for all network devices based on vendor and type : Vendor Example : CIS (Center for Internet Security) or Tenable (provides hardening guidelines and vulnerability management). Keep an authorized list of access control rules for each network device : Vendor Example : Cisco Identity Services Engine (ISE) or Palo Alto Networks (for centralized policy management). Regularly compare network device firmware and configurations to the baseline and alert on discrepancies : Vendor Example : SolarWinds Network Configuration Manager (NCM) or Tufin (for network configuration auditing and alerts). Ensure network devices run the latest security updates and firmware from vendors : Vendor ...

Here is a summary of the Internal Network Protection  Port Level Authentication (802.1x) : Implement on all network switches to ensure only authorized devices connect to the wired network. Require machine certificates for authentication. Virtual Local Area Networks (VLANs) : Create and document VLANs for logical groupings: Endpoint workstations (including privileged accounts). Server systems. Network device management interfaces. Information Flow and Access Control : Document and approve data flows between internal systems and third-party/cloud systems. Enforce Access Control Lists (ACLs) between all VLANs. Workstation Communication : Disable workstation-to-workstation communication within dedicated VLANs for workstations. Wireless Access Points (WAPs) : Maintain an inventory of authorized WAPs (internal and guest). Regularly scan wired networks to ensure only authorized WAPs are connected. Regularly scan physical locations to ensure only authorized WAPs are present. Remove unautho...

  Information Security and Access Control Policy 1. User Identity and Authentication Management 1.1 Identity Database Systems Management Maintain an inventory of each identity database system used to authenticate users, both onsite and third-party managed, ensuring all systems are accounted for and secured. Regularly evaluate the number of identity database systems in use and minimize their quantity wherever possible to reduce risk. 1.2 User Account Inventory and Management Maintain an up-to-date inventory of all user accounts across all identity databases, ensuring that only authorized users have access to critical systems. Regularly review user accounts to ensure the legitimacy of the accounts and that unauthorized identities do not exist. 1.3 Multi-Factor Authentication (MFA) Require MFA for all users accessing the organization’s information systems, adding an additional layer of security to user authentication. 1.4 Credential Security Ensure all authentication systems store cre...

The U.S. National Institute of Standards and Technology (NIST) has formalized the world’s first post-quantum cryptography standards to protect against future quantum threats. These standards include three algorithms designed for secure communications and digital signatures, preparing organizations for a post-quantum world where traditional encryption could be vulnerable. Experts urge immediate integration to prevent "harvest now, decrypt later" attacks. The transition is seen as a critical and significant step in modernizing cybersecurity across industries. Implementing NIST's post-quantum cryptography standards involves several key steps: Assess Current Systems : Evaluate your existing cryptographic infrastructure to identify areas where post-quantum algorithms need to be integrated. Start Transitioning : Begin using the new standards (FIPS 203, 204, 205) alongside existing cryptographic methods to allow for a smooth transition. Ensure Cryptographic Agility : Design syst...

Business Information Security Officer's Point of View and Internal Auditing Best practices Internal Audit (IA) professionals serve a high profile set of stakeholders that include senior management, the board of directors, and external auditors. These stakeholders expect that IA not only demonstrate a broad and deep knowledge of the organization and the risks that it faces, but also that IA teams remain dynamic and flexible in the face of changing business conditions, coordinate effectively with other risk and assurance functions, and remain independent and objective while demonstrating a high level of professional proficiency. Internal auditors also have a requirement to work offline on a laptop. Manage your complete audit lifecycle on one platform, from audit planning to  execution and wrap-up. Govern audit-related activities, such as reporting to management and the audit committee. Integrate with other risk and control functions. Use a consistent, standards-driven, risk-based aud...