Time for an Autopsy

Exploring this week's events, some useful tools, and two tutorials - right to your inbox! [View this email in your browser]( Brought to you by... Connect. Configure. Control. See how Drata simplifies compliance management. [Drata]( [Drata]( automates evidence collection with 80+ integrations and monitors risk 24/7 for 14+ frameworks. Whether it’s SOC 2, ISO 27001, GDPR, or HIPAA, you can stay compliant without the messy, manual work. Book a demo and see why companies like Notion and Lemonade choose Drata to streamline their compliance programs. Plus, [Packt]( readers get 10% off and waived implementation fees. [REQUEST A DEMO]( SecPro #102: D3FENSE! D3FENSE! D3FENSE! Hello! Sometimes, writing a cybersecurity newsletter can be difficult. The threat landscape is difficult enough to understand when you're on the frontline, so that level of distance that comes with being a commentator is a challenge. "How do I know that I understand the issues as they emerge?" is a question that crosses the _secpro team's collective mind quite often. That's why I thought we'd step back this week, looking at something everyone can use: a warning about an APT, an update on how to implement D3FEND, and a tutorial for improving your ICS skills. Sounds good? Check out what we've got on offer and tell us what you think in survey below! Cheers! [Austin Miller]( Editor in Chief [TAKE THIS WEEK'S SURVEY!]( This week's highlights: - [Kimsuky - Who are they?]( - [D3FEND Top 10 - #9]( - [ThreatGEN Tutorial - Learn ICS skills with Clint!]( - [Learn Ethical Hacking from Scratch]( - [This Week's Survey]( And with that - on with the show! [_secpro]( [Packt _secpro Newsletter]( [The _secpro Website]( Improve you skills through a simulation This week, the _secpro team took some time to catch up with author and ICS expert, Clint Bodungen. Although we're going to keep a few secrets from you, our dear readers, we've decided to share a little treatment from one of Clint's projects - [ThreatGEN](. Want to learn a little bit about how a game can help you improve you skills? [Click the video above]( This Week's Editorial Articles [Kimsuky - Who are they?]( Miss this week's special issue? Don't worry - we've got your back. Check out our deep dive into the Kimsuky APT and how they are causing havoc. [D3FEND Top Ten - #9]( We're bringing you a new top ten - this time, the D3FEND framework! Brought to you by MITRE, this is the counterfoil to ATT&CK and is perfect for blue teams. What's Going on in the World of Security? Since the world of security is always changing, keeping up with blogs, insights, and other updates is almost half the job. That's why we've collected some recent blog posts from our favorite cybersecurity "talking heads" to give you a helping hand. - [Krebs on Security]( - [Interview With a Crypto Scam Investment Spammer]( Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code. - [Bruce Schneier]( - [On The Poisoning of LLMs]( Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. - [Bruce Schneier]( - [Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws]( It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law [up to eight](. No private right of action in any of those, which means it’s up to the states to enforce the laws. - [Troy Hunt]( - [Update 348]( "I feel like the .zip TLD debate is one of those cases where it's very easy for the purest security view to overwhelm the practical human reality. I'm yet to see a single good argument that is likely to have real world consequences as far as phishing goes and whilst I understand the sentiment surrounding the confusion new TLDs with common file types, all "the sky is falling" commentary I've seen is speculative at best." - [Brian Honan]( - [Meta-stasis: Why Was Facebook Fined €1.2 Billion and What Does this Mean for Me?]( Meta’s Facebook has been fined yet again. The Data Protection Commission (DPC) fined the company a staggering €1.2 billion for illegal transfers of data to the US. This decision comes as no surprise; Facebook has been under scrutiny for data protection issues for years. Cybersecurity Fundamentals And we're back with another tutorial from [Learn Ethical Hacking from Scratch]( This time, we're looking at how you can capture handshakes, perfect for starting to launch more sophisticated attacks. [LIKE WHAT YOU SEE? CLICK HERE TO READ MORE]( [Creating a wordlist]( Now that we've captured the handshake, all we need to do is crack the WPA key by creating a wordlist. A wordlist is just a list of words that aircrack-ng is going to go through, trying each one against the handshake until it successfully determines the WPA key. The better your wordlist is, the higher your chances of cracking the WPA key will be. If the password isn't in your wordlist file, you will not be able to determine the WPA key. We're going to use a tool called crunch. It's basically just a script; we specify the characters that we want in the passwords, and it creates all possible combinations of these passwords. The format of the command for using crunch is crunch [min] [max]. The [min] is the minimum number of characters of the password that we want to create, we can say that we want a minimum of four, five, six, and so on. The [max] is the maximum number of characters in the password. We can specify the characters that we want to use in the passwords, so that we can specify abcdefg, all of the lower letters, and then we can write the capital letters; we can put numbers and symbols. The -t option is very useful if we know part of the password; it's a pattern. For example, if we are trying to guess a password and we have seen someone typing the password, we know that it starts with an a and ends with a b, we can use the pattern option and tell crunch to create passwords that always start with a and end with b, and it will put all possible combinations of the characters that we put in the command. Suppose that we're going to create passwords of a minimum of six characters and a maximum of eight characters, and the passwords are going to be combinations of the characters 1, 2, 3, 4, 5, and 6, and symbols. It's going to be stored in a file called wordlist, and the pattern is wordlist file passwords are always going to start with an a, and they're always going to end with a b. All of the passwords that we're going to see in the file are going to start with a and end with b, and they'll have all of the possible combinations of the characters that we specified between the a and the b. Let's just run crunch and create a sample wordlist. We're going to use crunch, and then we're going to make a minimum of 4 and a maximum of 6. We're just going to put 123ab, and store it in sample-wordlist. The crunch is going to create a combination of passwords (a minimum of four characters, a maximum of six characters), and it's going to create all possible combinations of 123ab. It's going to store the combinations in a file called sample-wordlist. The command will be as follows: crunch 4 6 123ab -o sample-wordlist Following is the output of the preceding: We can read by running cat sample-wordlist, and we can see all of the passwords that are stored in the file as shown in the following screenshot: We can see all of the passwords that crunch created for us. The bigger the password that we put and the more characters that we include, the more passwords we can make, and the more space they're going to take up. Let's take a look at the pattern option. We'll go to crunch, using a minimum of 5 and a maximum of 5, so all passwords will be five characters long, and then we will put the characters, which are 123ab (like before), and we will add the -t option, which is the pattern option. Then, we will say that the password starts with an a and ends with a b, and we want all possible combinations of the characters between a and b. Then, we're going to specify the output file -o; let's call it pattern-wordlist. Following is the command: crunch 5 5 123ab -t a@@@b -o pattern-wordlist The output will be as follows: It creates 125 passwords; let's take a look at them. As we can see in the following screenshot, they always start with an a and always end with a b: We can use crunch to create your wordlist, and in the next section, we're going to use the wordlist and the handshake file to determine the actual WPA key. That's all for this week! See you next time! Have You Tried..? So many tools, so little time to try them. Here are ten tools for System Dependency Mapping - some free, some paid. Tell us what you think is the best! [SolarWinds Server & Application Monitor]( [Dynatrace]( [Device42]( [Retrace]( [ManageEngine Applications Manager]( [Datadog]( [Extrahop]( [AppDynamics]( [Prometheus]( [Pinpoint]( [FORWARDED THIS EMAIL? SIGN UP HERE]( [NOT FOR YOU? UNSUBSCRIBE HERE]( Copyright © 2023 Packt Publishing, All rights reserved. As a GDPR-compliant company, we want you to know why you’re getting this email. The _secpro team, as a part of Packt Publishing, believes that you have a legitimate interest in our newsletter and the products associated with it. Our research shows that you opted-in for communication with Packt Publishing in the past and we think that your previous interest warrants our appropriate communication. If you do not feel that you should have received this or are no longer interested in _secpro, you can opt out of our emails using the unsubscribe link below. Our mailing address is: Packt Publishing Livery Place, 35 Livery StreetBirmingham, West Midlands, B3 2PB United Kingdom [Add us to your address book]( Want to change how you receive these emails? You can [update your preferences]( or [unsubscribe from this list](.