60 Sec Cyber Brief

This week I wanted to cover a powerful tool that assists in web application security. Burp Suite is a well-known tool developed by PortSwigger. Burp Suite is an integrated platform used to test web application security by using a variety of different features it provides.  One of these features Burp Suite has is an intercepting proxy that allows you to inspect and modify traffic between the browser and the server at each step. Scanner allows you to automatically detect certain vulnerabilities like SQL injection and cross-site scripting. Intruder automates custom attacks to test certain security parameters, generally passwords. Repeater allows for manual modification and replaying of edited requests for more in-depth testing.

All in all Burp Suite provides a simplified way and process for identifying and discovering vulnerabilities. It has a very user-friendly interface that assists in applying all the different features and makes it easy to learn. It also allows for user consummation that allows users to create custom rules and integrate third-party extensions. It is one of the most renowned tools in cyber security and brings an active and engaging community along with it. Burp Suite I is something I highly recommend to those striving to develop their cyber security skills to get their hands on. Not only will you become more proficient in the tool itself, but it will also teach you about how web applications and servers work.

Source:

After a big weekend of football and turkey, I couldn’t help but think about the immense effort behind getting NFL games on our screens—and how cybersecurity plays a pivotal role in making it all happen. This year, the NFL partnered with Cisco to ensure a cyber-protected Super Bowl. As the most-watched annual sporting event in the U.S., the Super Bowl has been classified as a SEAR 1 event by the Department of Homeland Security—putting it on par with presidential inaugurations regarding security measures.

The Super Bowl is a cultural phenomenon that attracts global attention, making it a prime target for cyber and physical threats. Tomás Maldonado, the NFL’s Chief Information Security Officer, highlighted the importance of addressing this nature of threats. Every potential vulnerability is meticulously scrutinized, from the stadium to surrounding hotels, airports, and businesses. Preparation for the Super Bowl begins a staggering 12 to 18 months in advance. During this time, the NFL and its partners conduct tabletop simulations, site visits, assessments, and testing to identify vulnerabilities. Federal and local agencies partner with the NFL to develop a robust intelligence threat model and ensure seamless communication in case of an incident.

During the actual event of the Super Bowl, a mobile security operations center is deployed at the stadium to address real-time threats. It monitors and responds to anomalies by using advanced systems and applications.  

Obviously, besides just cyber security, there are many different plans and communications with local and federal agencies for such an event as the super bowl for fans to have a happy experience and not worry about their safety.

Source:

This week, I wanted to talk about a platform called TryHackMe. TryHackMe is one of the many cybersecurity training platforms on the market today. I'm specifically talking about this one because I have been using It for almost a year. It has taught me the basics in certain cybersecurity areas while also diving into more advanced techniques. The platform allows users of any level to learn and practice cybersecurity techniques.

The platform keeps you engaged by establishing a gamified structure. You have “Rooms” and different challenges; as you complete them, you earn points, badges, and ranks as you advance. It also provides a wide range of topics both developer-created and community-created, which offers a wide range of teaching methods as well as challenges. One of my favorite features that TryHackMe offers is its hands-on labs. I think many times when learning cybersecurity, we learn about the concept of things but never actually see it let alone do it. TryHackMe’s labs allow for hands-on tutorials, practice tasks, and challenges all through their own virtual machines and network to keep you safe while you practice. There are also competitive capture-the-flag competitions that allow the cyber community to collaborate and challenge each other. A big feature is they also offer CompTIA tracks to help you learn the material for the test. I came across TryHackMe after I took my first CompTIA test, but it has helped me solidify the things I learned during CompTIA learning and practice some of the techniques I learned. I think TryHackMe is a very good platform for anyone trying to get ahead of the game in their learning roadmap, keep their cyber skills sharp, or just try to learn some new skills. Full access is very affordable, and I think worth the cost.

Source:

I will continue talking about cyber tools from last week by covering some password auditing tools this week. I have used these tools before, but not extensively, and I still have much to learn and experience with different practical settings.

The first tool I will cover is John the Ripper. John the Ripper is an open-source password security auditing and password recovery tool. It was originally designed for UNIX systems but has been updated to encompass many different platforms and hash types. It has a few different modes but the most 2 notable is wordlist mode which allows it to test passwords against a word list, iterating through the list. The other remarkable feature is an incremental mode which brute forces with all possible combinations of a set parameter. You can do both of these modes with the addition of different hash and salt combinations.

The other tool I would like to mention is Hashcat. Hashcat claims it is the world's fastest password recovery tool. It leverages the power of modern GPUs to accurate the password-cracking tasks. Just like John the Ripper, Hashcat also has many different types of modes/attacks. Such as discretionary, mask, hybrid, and rule-based attacks.

Sources:

This week I wanted to talk about some basic tools that every cyber professional should be familiar with and using. I’ll be discussing the tool Nmap also known as Network Mapper. Nmap is an open-source Linux command line network scanning tool for network exploration, host discovery, and security auditing.  Nmap allows users to scan the network and discover everything connected to said network and also a wide variety of information about what’s connected, including services each host is operating and ports. A Red Hat Blog states, “It also offers a wide variety of scan types, including Proxy (bounce attack), Reverse-ident, ICMP (ping sweep), FIN, ACK sweep, Xmas, SYN sweep, IP Protocol, and Null scan.” The following is a simple example of using Nmap within a Linux terminal.

nmap -sS -p 1-1000 -T4 -v 192.168.1.1

Nmap: This is the command to run Nmap, which is a network scanning tool used for discovering hosts and services on a computer network.

-sS: This option tells Nmap to perform an SYN scan, one of the most popular and stealthy methods for discovering open ports. This type of scan only sends a SYN (synchronize) packet to the target port and waits for a response, allowing it to quickly determine if the port is open, closed, or filtered. It's often called a "half-open" scan because it doesn't complete the full handshake.

-p 1-1000: This specifies the range of ports to scan. In this case, ports 1 through 1000 will be scanned. This is useful if you focus only on the most common ports or specific port ranges, rather than scanning all 65535 possible ports.

-T4: This option sets the timing template for the scan. The value T4 is an "Aggressive" scan, meaning it will increase the speed of the scan, making it faster but more detectable. It optimizes the scan by adjusting timeouts, retries, and parallelism to speed things up without overwhelming the target.

-v: This stands for verbose mode. It provides more detailed output during the scan, including information about the scanning process, the number of probes sent, and responses received.

192.168.1.1: This is the IP address of the target host. It tells Nmap where to perform the scan. In this example, it scans a host with the IP address 192.168.1.1.

Following is an example of what an output with the previous Nmap command might generate.

Sources:

This week I wanted to write about a software application that I am looking to do some more practice with. This application is called Atomic Red Team. Atomic Red Team is a free open-source tool that allows users to simulate different adversary techniques and attacks. It's built upon the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework. Which is a globally accessible knowledge base of adversary tactics and techniques based on real-world case studies and statistics. With the MITRE ATT&CK, the Atomic Red Team can replicate specific tactics and methods used by real-world threats.

When employing Atomic Red Team, the user can customize the solution depending on their needs. If the user is employing it to test its large-scale organization enterprise or to test their home network, the Atomic Red Team is able to adapt and scale according to the users’ desired environment, platforms, or systems. It also allows for some great post-simulation analysis. Because Atomic Red Team uses the MITRE ATT&CK mapping, every test it conducts maps to a specific technique that users can learn to better defend against.

I'm still yet to dip my toes into using Atomic Red Team but I'm excited to do so. I envision it is not only a great learning technique in the aspect of learning different adversary techniques but also a great learning technique in how to identify and defend against said adversary techniques.

Sources:

This week I wanted to talk about a recent event that likely affected all of us. I'm sure many of us heard of the event that happened in July where many Microsoft Windows devices were experiencing “The Blue Screen of Death.” Many thought it was just a widespread Microsoft Windows failure, but it was actually with one of their cyber security providers, CrowdStrike. Because of a flawed update to the CrowdStrike application Falcon, many industries faced some serious charges, such as airports, banks, and healthcare systems. Falcon is CrowdStrike’s endpoint detection and response platform and when the update was sent out it sent Windows machines running Falcon into an endless reboot cycle, leading to the revered “blue screen of death.” According to CrowdStrike, the fact that triggered the outage was in a channel file. “Which is stored in C:\Windows\System32\drivers\CrowdStrike\” with a filename beginning “C-00000291-” and ending “.sys”. Channel File 291 passes information to the Falcon sensor about how to evaluate “named pipe” execution, which Windows systems use for intersystem or interprocess communication. These commands are not inherently malicious but can be misused.” The endless cycle of rebooting was caused by a logic error where the problematic content was loaded into the channel file which resulted in an out-of-bounds memory read triggered an exception. The exception was unable to be handled gracefully and resulted in the Windows OS crashing and rebooting. Because this update was a part of CrowdStrike’s rapid response content program, the organization decided it was to go through less rigorous testing than other updates to Falcon’s software agents.

Following the initial incident, CrowdStrike did end up reporting on the testing lapse that led to the flawed update being passed and pushed to customers. They ended up blaming a gap in the company's testing software that caused its validator tool to miss a flaw in the effective channel file content update.

Overall CrowdStrike and Microsoft are not bad companies. They do practice good security practices and procedures. I do think this event was a good insight into how much we rely on the digital realm in our everyday lives and not only how easy it is to take It away, but also how much of our lives are affected by the absence of it.

Sources:

This week I wanted to shed some light on a seemingly unfamiliar tach amongst the general populace. If are into the tech world and have been around microcomputers like the Raspberry Pi then you’ve probably heard of this device, the ESP32. The ESP32 technically isn’t a device, it’s a chip, specifically a low-cost system on a chip (SoC). It provides Wi-Fi and sometimes both, depending on the model, to embedded devices, or IoT devices.

The ESP32 has many common uses, some of these include smart home applications like connecting light switches, thermostats, plugins, and other appliances. It is also used for remote monitoring sensors. With this, you can monitor temperature, humidity, motion, and other statistics of a room or area and send it over the cloud for real-time analysis. My grandpa has one employed just for this same reason and can adjust the temperature and fans of a room depending on the readings he receives.

Now while there are many more common daily life implementations of the ESP32 I think many people think of it for its network penetration capabilities. The ESP32 can conduct Wi-Fi sniffing which captures and analyzes Wi-Fi traffic in transit. With the correct firmware attached, the ESP32 can log unencrypted traffic and identify active devices within a limited range.  ESP32 can also enact Wi-Fi jamming and when paired with its ability to act as a WAP, you now could have users logging into your Wi-Fi instead of the café’s.

This piece of hardware is going to be my next tech project and I'm excited to see what I can learn from it and do with it. I think this will open many doors in the aspect of learning new hands-on material with networks and devices as well as IoT devices.

Sources:

This week I got the pleasure of meeting the white house’s NSA director as he met with my school’s college of science department. It was very brief but a very informative and cool experience. One thing he did point out was the reports the NSA puts out, specifically one about Software Memory Safety. After reading this report some of the most notable takeaways I learned are, how critical memory safety is for modern software security. The report emphasizes that many vulnerabilities stem from memory management issues, such as buffer overflows and memory leaks, which can be exploited by malicious actors. The report goes on to say how we commonly use C and C++ as they provide a lot of freedom and flexibility in memory management, but they rely much on the programmer to perform the needed checks on memory references. Which in turn, can lead to simple mistakes and exploitable memory-based vulnerabilities. They go on to recommend using a memory-safe language, when possible, like Rust, Java, C#, Go, Ruby, and Python to name a few can significantly reduce these memory risks. NSA states, “Memory is managed automatically as part of the computer language; it does not rely on the programmer adding code to implement memory protections. The language institutes automatic protections using a combination of compile-time and runtime checks. These inherent language features protect the programmer from introducing memory management mistakes unintentionally.”

 Another key point was the role of testing—tools like static and dynamic analysis can help detect memory issues early in the development process. If stuck using a non-memory-safe language, this mechanism can help harden these languages. Static analysis examines the source of the code to find potential issues. It allows all the code to be analyzed and can be used throughout the development process. However, static analysis can be prone to generate false positives by identifying potential issues incorrectly. Dynamic analysis examines code while it is in execution. Dynamic analysis has much fewer false positives than static analysis but has to have a running application. This means most of the issues might not be identified until late in the development cycle. Both have their place in the testing cycle but exceed if employed correctly.

Source:

This week I'm going to talk about more ways to keep yourself anonymous and protected while surfing your greasy tech fingers through the cyberspace. The application I will be discussing is Tor. I briefly described Tor during my description of the Beryl travel router.

Tor, also known as the onion router, is a valuable tool that enables anonymous communication across cyberspace, making it harder for external and third-party entities to track you. It’s a free, open-source software that enables anonymity by concealing users' identities and locations. It was originally developed by the U.S. Navy to protect sensitive government communications but now has become a widely used application by all sorts of individuals. Its name, “The Onion Router,” comes from the layered structure of the encryption process. It directs internet traffic through a global network of volunteer servers called nodes. Each time it goes through one of these nodes it adds a layer of encryption to your traffic. By routing your traffic through multiple random relays, TOR ensures that no single relay can link the request to your IP address and destination. You create layers of encryption on your traffic, layers like an onion.

When people hear about Tor, they generally think of Dark Web access. The Dark Web is often associated with illegal activities as its rumors and stories of illegal activities. However, it also serves as a platform for privacy-conscious users and communities to engage anonymously. Tor is also often associated with the Dark Web because it is one of the most common ways to access .onion websites.

 While the Dark Web is a reason people use the Tor network, it's not the only reason. Individuals also use it for freedom of speech and to evade censorship. Journalists, activists, whistle-blowers, and those in countries with heavy censorship on media all benefit from Tor and its ability to keep anonymous.

I hope this clears up any preconceived notions or fears of what Tor is and that anyone can use it. But be warned you need to enter Tor with a good sense of patience as the multiple encryptions come with a drawback, your browsing experience will be significantly delayed.

Sources:

This week I wanted to move away from my everyday applications and dive into a useful open-source cyber threat-hunting tool called Zeek. Formerly known as “Bro”, Zeek is a passive, open-source network traffic analyzer. It has a few different ways users can utilize its capabilities; many operators use it for either network security monitoring or threat hunting and incidence response. A notable feature of Zeek that differentiates it from other network traffic analyzers is it is designed for commodity hardware whereas other applications may require very specific hardware. It's also designed to be scalable and clusterable. This means Zeek can efficiently handle increasing workloads and can be distributed across multiple machines (deployed in a clustered setup) to improve performance and reliability.

Zeek works by capturing and analyzing detailed metadata about network connections rather than focusing on packet content. It monitors traffic happening at the application layer, looking at data such as HTTP requests and DNS queries. Zeek does a very good job at detecting advanced persistent threats, and other sophisticated attacks and malware that require subtle communication patterns that are made to stealthily infiltrate your network. By analyzing the metadata, Zeek can spot anomalies from the baseline traffic that traditional signature-based systems might miss.

Not only is Zeek an open-source tool that allows it to be freely available, but it also has a very active and growing community of security professionals and researchers. This community consistently contributes to new updates, patches, scripts, and threat intelligence to keep the Zeek framework effective and up to date with intel on new emerging threats. I'm still learning new things about Zeek and its abilities and highly encourage anyone pursuing cybersecurity skills to check it out.

Over the last few weeks, I have made posts about different software I have implemented to make my cyber life more secure, efficient, and personal. This week I will cover the most recent piece of hardware I have added to my arsenal. The Beryl AX is a pocket-sized Wifi-6 travel router. Now why would you need a travel router and what does it do?

The Beryl AX provides multiple functions to keep you secure with high-speed internet on the go. It provides enhanced security on public networks, reliable internet performance, multiple device connections, customization with different internet sources, and most importantly it’s portable. On top of all this, it doesn’t break the bank in terms of cost.

(Picture for size reference)

Focusing on its travel application, it allows you to create a secure connection between your devices and any public network you would like to use. It does this by coming with a personal firewall, VPN services, and its ability to isolate your devices away from the public network and keep them on your private network that Beryl establishes. It also can boost weak Wi-Fi signals from a public Wi-Fi source, such as a hotel or café Wi-Fi. This, with its Wi-Fi 6 technology allows for faster and better-performing signals that would generally be pretty poor. Beryl’s UI is also extremely user-friendly and easy to navigate with many built-in features like adding Tor capabilities and even adding Tailscale (I wrote about Tailscale previously if you don’t know what it is). The GL.iNeT is still updating the Beryl and their other devices with new and improved capabilities. My first big experience with Beryl will be coming up soon when I travel to Bangkok for a vacation.

Source:

As promised, I will talk about the software Tailscale this week. This do-it-yourself VPN allows you to create a mesh network of all your devices in a simple accessible and user-friendly manner. It’s a modern VPN solution focuses on making secure and private networking as easy as possible. It uses peer to peer, or decentralization, model meaning devices are connected without passing through a central VPN network. It’s like a co-op grocery store but for devices. This means that each device that has Tailscale and is on your tailnet can talk to each other directly no matter where they are in the world. This allows for a wide plethora of different applications.

One common application and one that I use as well is establishing a Network Attached Storage (NAS) on your tailnet. A NAS is a device or system that stores data and allows people to access this data over the network. It’s much like the cloud in a sense, but I have the physical server with me, and in my case, have control over how it works, can upgrade it, and change its configuration. With a NAS onboard the tailnet and the ability to talk between devices on the tailnet, I have just established my cloud. Wherever I am, as long as I’m on my tailnet with the device I’m using and my NAS is up, I can access it.

In addition to its other many customizable features, it also can use devices as exit nodes. In my case this allows me to have my Raspberry Pi on my tailnet use it as an exit node and reap the benefits of the Pi-hole application that’s established on it. If you don’t know what Pi-hole is, I made a post about it previously. So not only can I now access my storage system anywhere, but I can also have DNS blocking anywhere.

There are so many more applications I’m yet to discover with Tailscale and it’s a very much growing software. They are constantly updating it, adding new features, and combining it with different hardware and software. I encourage you to check it and establish it on a few of your devices.

Sources:

This week I wanted to discuss another useful software piece and a beginner project for any aspiring Raspberry Pi users. The software for discussion is called The Pi-hole. Pi-hole is a lightweight, robust, scalable, open-source network-wide ad blocker that functions as a DNS sinkhole, blocking advertisements and other unwanted content at the DNS level. It was my first project when getting a Raspberry PI and I have learned and am continuing to learn much through it. It generally runs on devices like the Raspberry Pi (hence the name) because it is so lightweight but can be run on other Linux-based systems. Pi hole intercepts DNS queries from devices on your network and checks them against the preloaded blocklist that you have uploaded to Pi-hole’s interface. If the DNS matches one on the blocklist, Pi-hole then prevents the request from reaching the ad server. This ability to block DNS from the network is beneficial because you can have all your devices on your network run through Pi-hole blocking telemetry and ads without installing any extra software or browser extensions on the individual devices. All it requires is simple DNS and IP server assignment on your devices or using virtual network software such as Tailscale (which I will cover next week). This will route your DNS queries through the Pi-hole and allow it to be filtered as such. Another notable feature of Pi-hole is it's all self-hosted and customizable. It's not hosted by your ISP or controlled by them but controlled by you. You have the power to change how strict or lenient your block list is. This allows you to implement certain parental controls if need be times Pi-hole will run or not run, or for what devices it will run or won't run. Even if you don’t regularly use Pi-hole or have a Raspberry Pi, I think it’s a great project for those wanting to better understand networks and devices.

Sources:

Have you ever traveled and succumbed to using a public computer that could be compromised and could potentially steal your data? Or even want to increase your privacy and anonymity against surveillance? The Tails operating system covers this. After doing some Tor browser surfing, I recently discovered Tails and decided to dig deeper into it and play around with it as I am always looking for new tools and protection measures, I can learn and use. Tails, or “The Amnesic Incognito Live System", is a security-focused Debian-based Linux distribution that connects to the internet only through the Tor network. works by routing internet traffic through a series of volunteer-operated servers called nodes or relays. Each user's data is encrypted multiple times and then sent through a randomly selected path of these nodes before reaching its final destination. At each node, one layer of encryption is removed, revealing only the next node in the path, like peeling layers of an onion, hence its logo and nickname.

Tail's most notable feature is its ability to boot from a USB or CD to turn any computer into a temporary” secure” machine by creating an almost ghost-like presence on the machine. When using Tails nothing is written to the hard disk and only runs from the memory on the computer. On top of this, Tails will actually overwrite the memory when exiting to prevent any cold boot attacks. Meaning, that once you shut down the OS all of your actions and information will be erased from memory. This is much more secure than just using incognito mode in your browser because that information could still be retrieved using computer forensics measures. Despite all this, Tails is not a hundred percent secure. There is still room for vulnerabilities like everything in the cyber realm and you do have the ability to sore data on the portable device to transfer between sessions and it is automatically encrypted, but this can be another vulnerability.

Fun fact: Tails it was used by Edward Snowden the ex-N NSA employee who leaked government secrets.

Sources:

As the digital landscape grows in size and complexity so does the amount of its inhabitants. To safely traverse this plain and avoid it becoming the Wild West and a realm of chaos, we must implement Ethics. Cybersecurity Ethics is a way for cybersecurity professionals to identify the type of online behavior and actions that could harm individuals and organizations. It addresses the issues related to privacy confidentiality, integrity, responsibility, transparency, fairness, legal compliance, non-malfeasance, and informed consent. Implementing cybersecurity ethics by cybersecurity professionals is essential for maintaining trust in the systems we use and the cyber realm we surf upon. Sources:

https://www.augusta.edu/online/blog/cybersecurity-ethics