Industrial Problems need Industrial Solutions

Plus news, articles, breakdowns, and a few other little insights for you... [View this email in your browser]( SecPro #103: Industrial Problems need Industrial Solutions. Hello! Watching the threat landscape can quickly become a soul-destroying job. How on earth can we keep ahead of threat actors when we need to be perfect and they only need to find one slip-up? The day-to-day workflow of the secpro is always sitting in the shadow of the "what if I messed something up?" In that way, cybersecurity gets all the usual blame that an IT team does, but turned up to 11. Not only are we the first line of defense, but we're also the first point of failure when everything goes wrong. Hardly seems fair, right? Why would anyone want to work in cybersecurity, knowing about that kind of pressure? Although we can't magic the problem away, we can point you in the right direction. Check out this week's articles - a breakdown on how to test out your ICS systems and a throwback to when we discussed precisely what was wrong with containerisation! Cheers! [Austin Miller]( Editor in Chief [TAKE THIS WEEK'S SURVEY!]( This week's highlights: - [How to Pentest ICS Environments]( - [The Problem with Docker and Kubernetes]( - [D3FEND Top 10 - #8]( - [ThreatGEN Tutorial - Learn ICS skills with Clint!]( - [Learn Ethical Hacking from Scratch]( - [This Week's Survey]( And with that - on with the show! [_secpro]( [Packt _secpro Newsletter]( [The _secpro Website]( Improve you skills through a simulation This week, the _secpro team took some time to catch up with author and ICS expert, Clint Bodungen. Although we're going to keep a few secrets from you, our dear readers, we've decided to share a little treatment from one of Clint's projects - [ThreatGEN](. Want to learn a little bit about how a game can help you improve you skills? [Click the video above]( This Week's Editorial Articles [How to Pentest ICS Environments]( ICS environments are easy targets for attackers. By design, an ICS is meant to be open in nature, easily accessible to the people working with them, and leave little in the way of barriers for systems to interconnect. [The Problem with Docker and Kubernetes]( The advantages of using containers are clear, but have you thought about the disadvantages of containerization? [D3FEND Top Ten - #8]( We're bringing you a new top ten - this time, the D3FEND framework! Brought to you by MITRE, this is the counterfoil to ATT&CK and is perfect for blue teams. What's Going on in the World of Security? Since the world of security is always changing, keeping up with blogs, insights, and other updates is almost half the job. That's why we've collected some recent blog posts from our favorite cybersecurity "talking heads" to give you a helping hand. - [Krebs on Security]( - [Ask Fitis, the Bear: Real Crooks Sign Their Malware]( Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. - [Bruce Schneier]( - [On the Catastrophic Risk of AI]( Earlier this week, I signed on to a short group statement, coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.” BBC: “Artificial intelligence could lead to extinction, experts warn.” Other headlines are similar. - [Troy Hunt]( - [Update 34]( "This week's update is dominated by my experience with "Lena", the scammer from Gumtree who tried to fleece my wife of $800. There's a blow-by-blow rundown of how it all happened in this video and it's fascinating to think that these things can actually be successful given all the red flags." - [Brian Honan]( - [DPO Dues: How to Meet Your Privacy Compliance Requirements]( The EU General Data Protection Regulation brought the role of Data Protection Officer (DPO) to the fore. (Due credit to Germany which originally introduced the concept as far back as 2001.) The European Data Protection Board (EDPB) recently announced plans to start enforcing the role more closely, so, as the fifth anniversary of the GDPR was upon us last week, let’s take a closer look at the DPO. Cybersecurity Fundamentals And we're back with another tutorial from [Learn Ethical Hacking from Scratch]( This time, we're looking at how you can capture handshakes, perfect for starting to launch more sophisticated attacks. [LIKE WHAT YOU SEE? CLICK HERE TO READ MORE]( [Wordlist cracking]( Here's something short and sweet to finish off our Now that we've captured the handshake from our target AP and we have a wordlist ready to use, we can use aircrack-ng to crack the key for the target AP. The aircrack-ng is going to go through the wordlist file, combine each password with the name of our target AP, and create a Pairwise Master Key (PMK). The PMK is created by using an algorithm called the PBKDF2, it's not like just combining the password and the BSSID; it's encrypting them in a certain way, and it compares the PMK to the handshake. If the PMK was valid, then the password that was used is the password for the target AP; if it wasn't valid, then aircrack-ng tries the next password. We use aircrack-ng, the name of the file that contains the handshake, test-handshake-01.cap, and -w and the name of the wordlist, wordlist. The command is as follows: aircrack-ng test-handshake-01.cap -w wordlist Now we are going to hit Enter, and aircrack-ng is going to go through the list; it will try all of the passwords, and will combine each password with the name of the target AP to create a PMK, then compare the PMK to the handshake. If the PMK is valid, then the password that was used to create the PMK is the password for the target AP; if the PMK is not valid, then it's just going to try the next password. As we can see, in the following screenshot, the key was found: It is the most basic way of using a wordlist: it took 42 seconds to crack the password. The speed depends on how quick the processor is, and whether we have any processes running that are making our computer a bit slower. That's all for this week! See you next time! [FORWARDED THIS EMAIL? SIGN UP HERE]( [NOT FOR YOU? UNSUBSCRIBE HERE]( Copyright © 2023 Packt Publishing, All rights reserved. As a GDPR-compliant company, we want you to know why you’re getting this email. The _secpro team, as a part of Packt Publishing, believes that you have a legitimate interest in our newsletter and the products associated with it. Our research shows that you opted-in for communication with Packt Publishing in the past and we think that your previous interest warrants our appropriate communication. If you do not feel that you should have received this or are no longer interested in _secpro, you can opt out of our emails using the unsubscribe link below. Our mailing address is: Packt Publishing Livery Place, 35 Livery StreetBirmingham, West Midlands, B3 2PB United Kingdom [Add us to your address book]( Want to change how you receive these emails? You can [update your preferences]( or [unsubscribe from this list](.