Category: CyberSecurity Page 2 of 3

Cybersecurity is the practice of protecting internet-connected systems, including hardware, software, and data, from attack, damage, or unauthorized access. It encompasses a wide range of technologies, processes, and practices designed to safeguard sensitive information and prevent disruptions to online services.

In the realm of cybersecurity, intrusion detection and prevention systems (IDS/IPS) are paramount in safeguarding against threats that manage to slip past endpoint and perimeter defenses. Among the open source solutions available, Suricata stands out as one of the most widely deployed components in commercial cybersecurity products. However, it is not without limitations. Suricata often triggers false positive alerts, lacks comprehensive protocol and application coverage, and struggles to detect advanced threats that utilize encryption to evade detection. Enter next-generation deep packet inspection (NG DPI) software, a game-changing solution that can fill these gaps and significantly enhance Suricata’s performance.

Recognizing the potential of this powerful combination, leading cybersecurity vendors have begun integrating Suricata with NG DPI to enhance various products, including cloud firewalls (FWaaS), secure web gateways (SWG), next-generation firewalls (NGFW), network detection and response (NDR) platforms, and extended threat detection and response (XDR) platforms.

embedded NG DPI bolsters Suricata by:

Enabling the swift creation of whitelists and blacklists that leverage NG DPI’s expansive protocol coverage, particularly for Cloud, SaaS, IoT, and OT applications and protocols, as well as custom and legacy applications.
Significantly improving Suricata’s ability to detect anomalous and evasive traffic.
Extending Suricata’s threat detection capabilities to encompass fully encrypted environments.
Drastically reducing the prevalence of false-positive alerts generated by Suricata through heightened network visibility and more precise traffic identification.
Streamlining threat analysis and forensics through high-value contextual metadata, thereby reducing the need for full packet capture.

Architecture Overview

Unlocking the Power of NG DPI in Enhancing Suricata Rules When combined with NG DPI, Suricata rules and alerts become more refined and can be tailored to specific customer environments. At a basic level, the expanded protocol and application coverage offered by NG DPI has a profound impact on the efficacy of rules and alerts. For instance, let’s take a closer look at two rules, one with and one without NG DPI’s expanded protocol coverage.

Digging deeper, NG DPI’s unique security metadata provides invaluable insights for rule development, including the detection of:

MITM interception
Complex tunneling
Anonymizers
Non-corp VPNs
DGA
Domain fronting
File type mismatches
Non-standard use of communication channels

The last method is a common tactic employed by advanced persistent threats, making it crucial to examine how integrated NG DPI enhances Suricata’s ability to identify and respond to attacks that utilize this technique.

Detecting Command and Control Attacks Concealed by Common Protocols To evade detection by IDS/IPS systems like Suricata, some command and control (C2C) attacks encapsulate commands within common protocols, communicating via standard assigned ports to blend in with normal traffic. This tactic is recognized in the MITRE ATT&CK framework as a known adversary technique (Technique ID T1071: application layer protocol). The framework suggests several methods for detecting covert C2C attacks. In each case, Suricata complemented by NG DPI proves to be far more effective in detecting this type of attack. Specifically, it enhances Suricata’s ability to detect and respond to the three indicators of potential malware associated with C2C attacks, as detailed in the chart below.

Summary NG DPI presents a significant value-add for cybersecurity vendors and operators of critical networks seeking to bolster the performance of Suricata. By harnessing the

what is arkime (moloch)?

By Hack Zone

On March 29, 2023

In CyberSecurity, Ethical Hacking, Network Security

Arkime, formerly known as Moloch, is a powerful tool for full packet capture and analysis. It offers a wide range of features that make it a must-have tool for network security professionals. Some of the main features of Arkime include:

Packet capture: Arkime can capture all network traffic passing through a particular network interface, allowing security analysts to analyze the traffic and identify potential threats.
Indexing and search: Arkime uses Elasticsearch to store and index captured packets, which makes it easy for analysts to search for specific packets or packets containing specific patterns or keywords.
Web-based user interface: Arkime includes a powerful web-based user interface that allows analysts to search and analyze captured traffic, as well as visualize network traffic data in real-time. The user interface is highly customizable, and analysts can create custom dashboards and visualizations to meet their specific needs.
Advanced analysis capabilities: Arkime can perform advanced network traffic analysis, including protocol decoding, session reassembly, and file carving. This makes it possible for analysts to detect and investigate a wide range of security threats, including malware, phishing attacks, and data exfiltration.
Support for multiple file formats: Arkime can capture and analyze a wide range of network protocols, including TCP, UDP, HTTP, and SSL. It also supports a variety of file formats, including PCAP, JSON, and ASCII.
Scalability: Arkime is designed to be highly scalable, and it can be deployed in large-scale environments. It can handle large amounts of network traffic data, making it suitable for use in high-bandwidth environments.

Overall, Arkime is a comprehensive tool that offers a wide range of features for full packet capture and analysis. Its advanced analysis capabilities, support for multiple file formats, and scalability make it a must-have tool for any organization that needs to monitor and secure its network.

What is Kali Linux Purple?

By Hack Zone

On March 29, 2023

In CyberSecurity, Ethical Hacking, Network Security

Kali Linux 2023.1 is a popular Linux distribution that is used by security professionals and hackers alike to test the security of computer systems and networks. It comes with advanced penetration testing tools and techniques that can help users identify vulnerabilities in their systems.

The new Kali Linux 2023.1 release features a new flavor of the distribution called Kali Linux Purple. This new flavor is focused on purple teaming and defense, rather than just red teaming or offensive security. The Kali Linux Purple distribution aims to provide a security operations center (SOC) all in one great machine.

Kali Linux Purple comes with over a hundred new defensive tools, including Archive for Full Packet Capture, Cyber Chef, Elastic, The Hive, GVM, Malcolm, Suricata, and Zeek. It also includes Cali Autopilot, a tool for automating attacks, and Cali Purple Hub, a platform for the community to share practice packet captures.

To download Kali Linux Purple, you need to create a virtual machine manually from the ISO file which is available for download from the Kali Linux website. The ISO file is about 3.5 GB in size.

The new Kali Linux 2023.1 release features an updated kernel version 6.1.0 and updated desktop environments for XFCE, KDE, and GNOME. It also includes new features and improvements such as new sub-menus for identify, protect, detect, respond and recover.

Kali Linux is an open-source operating system that has been designed to provide users with advanced penetration testing tools and techniques. It is widely used by security professionals and hackers alike to test the security of computer systems and networks.

The new Kali Linux Purple distribution has been specifically designed to help security professionals improve their defensive capabilities by providing them with a range of powerful tools and techniques that can be used to detect and respond to cyber threats.

If you are interested in learning more about Kali Linux or would like to download the latest version of the operating system, you can visit the official Kali Linux website at https://www.kali.org/

MyloBot: The Sophisticated Botnet Affecting Thousands of Systems Worldwide

By Hack Zone

On March 7, 2023

In CyberSecurity, Ethical Hacking, Malware, Network Security, Trojan

BitSight, a cybersecurity company, has revealed that a sophisticated botnet called MyloBot has affected thousands of systems across the globe.

Most of the compromised systems are located in India, the United States, Indonesia, and Iran.

BitSight has also found that MyloBot’s infrastructure is linked to a residential proxy service named BHProxies, implying that the compromised machines are being used by the latter.

The botnet was initially observed in 2017 and was first documented in 2018. It is known for its anti-analysis methods and its ability to act as a downloader.

MyloBot has the potential to download any other type of malware that the attacker wants. It also waits for 14 days before attempting to contact the command-and-control (C2) server to avoid detection.

MyloBot receives instructions from C2 and transforms the infected computer into a proxy. The malware has been observed sending extortion emails from hacked endpoints as part of a financially motivated campaign.

MyloBot continues to evolve over time, and BitSight has been sinkholing the botnet since November 2018.

Instagram has launched a new tool, Instagram.com/hacked, to help users who have been hacked regain control of their accounts. The all-in-one account support page provides help for users who have been hacked, impersonated, or forgotten their passwords. The platform also includes account recovery features, such as the ability to select friends to verify identity. Instagram is also working on preventing account hacking by sending warnings about suspicious accounts. The launch of Instagram.com/hacked is part of the company's efforts to improve its customer service division.

New Instagram Tool Aids Hacked Users in Regaining Account Control

By Hack Zone

On February 6, 2023

In CyberSecurity

Instagram Launches New Tool to Help Hacked Users Regain Account Control

In today’s world, social media has become a crucial part of our daily lives. With over a billion active monthly users, Instagram is one of the most widely used social media platforms. However, for some users, the experience of using Instagram has been tarnished by the painful experience of having their account hacked. In the past, recovering a hacked Instagram account was a daunting task and users often struggled to regain control of their accounts, sometimes even having to pay ransoms to hackers. But now, Instagram has come to the rescue of its users with the launch of a new tool aimed at helping those who have been hacked regain control of their accounts.

Instagram has announced the launch of Instagram.com/hacked, a new all-in-one account support page that allows users to report and try to resolve account access problems. The platform provides help for users who have been hacked, who have had their accounts impersonated, or who have forgotten their passwords. The most significant issue that users face is getting help when their account has been hacked, which has been a long-standing problem that Instagram has finally addressed with this new tool.

Earlier this year, Instagram announced that it was testing account recovery features such as asking friends to vouch for a user in order to regain control of their account. The company has now made this feature available to everyone, and users locked out of their account can now select two friends who can help verify their identity. This feature is a crucial step in making the process of recovering a hacked account much easier and less stressful for users.

In addition to helping users recover their accounts, Instagram is also working on ways to prevent account hacking from happening in the first place. The company says it is sending warnings about suspicious accounts that could be impersonating someone else, which is an important step in ensuring the safety and security of its users.

Instagram’s move to launch a new tool to help hacked users regain control of their accounts is part of the company’s efforts to build out a more robust customer service division aimed at helping users who run into account and moderation issues. It is a positive step towards making the user experience on the platform a better one, and it will no doubt be welcomed by users who have faced the frustration of having their account hacked.

In conclusion, the launch of Instagram.com/hacked is a significant milestone for the platform, and it demonstrates Instagram’s commitment to providing its users with the best possible experience. The new tool provides a one-stop solution for users who have faced account access problems, and it offers peace of mind for users who have faced the frustration of having their account hacked. So, if you’ve been a victim of hacking, head over to Instagram.com/hacked and get started on the road to regaining control of your account.

Category: CyberSecurity Page 2 of 3

“Revitalizing Suricata: Advanced Deep Packet Inspection”

what is arkime (moloch)?

What is Kali Linux Purple?

MyloBot: The Sophisticated Botnet Affecting Thousands of Systems Worldwide

New Instagram Tool Aids Hacked Users in Regaining Account Control