Security information and event management, or “SIEM,” is a tool that assimilates all of your log data to give you an all-encompassing overview of the activity on your network. SIEM tools watch over your network and help you stop trouble in its tracks. Whether your organization has 200 or 20,000 employees, SIEM software can be a vital part of any company’s cybersecurity posture.
As a cybersecurity engineer and an unapologetically enthusiastic “web guy,” I have both a personal and professional interest in finding new exploitation methods. Recently, I found an interesting and creative way to control a browser by exploiting a cross-site scripting (XSS) vulnerability. I learn by doing, so as soon as I had the idea, I tried executing the concept to see if it would work in practice. Without spoiling too much, I was very pleased with the results! This attack uses nothing more than Netcat and some clever XSS injection code. For those unfamiliar with Netcat, it’s a networking utility that reads and writes data across network connections.
In today’s fast-paced and remote workforce, establishing a secure remote connection is critical to conduct safe and efficient remote work. Securing this connection can be as simple as creating a jump box to access a network or device. This method allows for secure external access to internal resources without using custom firewall rules. Although there are several ways to initiate this connection, the one we’ll discuss here uses a reverse SSH tunnel through a jump box. The reverse connection process is more secure than the standard connection process, and it is the preferred option for connecting to sensitive remote devices.
Technical Innovation Increases Cybersecurity Risk
New technologies help revolutionize all industries and the way they conduct business. Simultaneously, it increases blind spots that commonly open the door for exploitation by cybercriminals. As technical innovation rises exponentially, so too will the associated cybersecurity risk. New applications of AI are emerging on both the offensive and defensive side of the coin. AI can be trained to detect sophisticated threats and other anomalous activities, which help reduce the time from infection to detection; however, attackers will also continue to leverage this to their advantage. There are other examples: 5G, the continued fracturing of the xAAS into smaller and smaller constellations of services, and the embedding of increasingly complex technology into the human body. These innovations all create cybersecurity risks that will need to be addressed.
Your first day at a new internship can seem intimidating. For most of us, it’s our first look into the professional world. Although you learn important concepts in school, the experience you gain in a professional setting is much more valuable; especially in the cybersecurity industry. 60 days into my cybersecurity internship at ProCircular, the team has taught me much more than I’ve learned on my own. Before my time on ProCircular’s red team, I was only able to learn about cybersecurity concepts through internet resources, such as TryHackMe, and different books I found online. The opportunity to be an intern has enabled me to grow my skills and knowledge through hands-on experience with real companies around the country. Practicing vulnerability assessments and social engineering in an environment where it is legal is, by far, a great improvement compared to assessing my own home network. It’s exciting to see the different services that real companies have and the different ways those real companies try to secure them. It’s a much more engaging and volatile environment than what you get in online learning.