Posted on

5 Threat Intelligence Trends

We’re living in a world where technology advances at a breathtaking pace, and cybercriminals are always looking for the latest ways to target organizations and individuals alike. In such a turbulent digital transformation, security experts need to keep up with the latest trends and address the latest potential threats in innovative ways.

The world of cyber security is an incredibly fast-moving sector, with both security providers and hackers trying to constantly outsmart each other. Simply put, it’s a constant cycle of coming up with new attack strategies and threats while trying to find new and innovative ways to combat them or eradicate them before they gain more ground.

Posted on

Understand the Powerful ROP Attack From Zero!

What Is ROP?

First, let's describe a gadget. A gadget is a sequence of assembly code that ends with a jump instruction: for example, pop rax; ret;. Jump instructions include ret, jmp, call, etc. If you use the last jump instruction of each gadget to execute many gadgets one by one, that’s return-oriented programming (ROP): gadget1 -(jump)> gadget2 -(jump)> gadget3 -(jump)>… Gadgets extensively exist in the vulnerable binary executable. You need to scan the binary executable, find its gadgets, exploit a vulnerability to execute some useful gadgets, and eventually finish your attack.

Implement a Real ROP Attack

Environment

Download the necessary files from here. Bug is the vulnerable binary executable. exploit_gen.c generates a binary data file called “exploit." The data file is the input of bug. exploit_gen.c may not be able to exploit the bug on your machine. Follow the steps in the next section. Do your experiments and modify exploit_gen.c.

Posted on

Incident Response Requires a New AppSec Model

Incident response found its way into our technological vernacular back in 1988 when the first internet worm — dubbed “The Morris Worm” — was released. In response, the Computer Emergency Response Team/ Coordination Center (CERT/CC) by DARPA was formed.

The goal of this nascent organization was to provide a central hub for communicating and coordinating a response to security incidents. In a nutshell, the goal of incident response is to quickly contain and mitigate an incident, with an impetus to limit damage while reducing recovery time and costs.

Posted on

Threat Hunting – A Cybersecurity Paradigm Shift

The internet has become a utility as essential as electricity and water for organizations worldwide. But it’s also an unparalleled security threat, an inviting doorway for global criminal networks.

Malicious hackers still seem to have the upper hand even with billions spent on cybersecurity and a high level of awareness of the growing danger. The 2019 Hiscox Cyber Readiness Report found that 61% of firms reported a “cyber incident,” which stands as an increase from 45% from the previous year. The median loss also increased from $229,000 to $369,000, not counting brand damage.1

Posted on

4 Chatbots Security Measures You Absolutely Need to Consider

It will come as no surprise that chatbots are everywhere and they are here to stay! In fact, 80 percent of companies want to have some type of chatbot implemented by 2020.

Chatbots are our friendly assistants that make life easier by helping us book flights, appointments, shop, get answers to our questions, etc. They also allow companies to lower the cost in customer service and have their customer support agents attending to more complex situations.