Book Review : Hands-on Red Team Tactics

By Posted on 0 Comments7min read116 views

Hands-on red team tactics

Book Details:

The red teaming concept has existed since the 6th century BCE when the ancient military genius Sun Tzu stated that “…one who knows the enemy and knows himself will not be endangered in a hundred engagements.”.  Today, red teaming concepts continue to evolve to fit the needs of the organization.  Although the current style of red teaming in the military, and business organizations around the world may differ slightly, they are increasingly finding success implementing plans formed by the structured and iterative processes introduced by adequately educated and trained red teamers.

A red teamer possesses the intellectual courage to challenge assumptions, mitigate cultural and cognitive biases, and counter groupthink. The execution of the modern day red teaming process originated in the U.S. Military during the 1960s during the height of the Cold War with the Soviet Union. The term “red team” emerged from game-theory approaches applied to war-gaming and scenario simulations designed to evaluate strategic decisions. Red teamers possess the ability to think holistically about issues or problems and analyze them from the perspectives of one’s organization, clients, competitors, and business executives. 

In the current world of bug bounty hunters and traditional penetration testers, I am happy that authors have tried to change and challenge traditional approaches, redefined methodologies and the most important instead of writing of conventional techniques, they have tried to put together some new content and procedures which are knowledge empowering to the reader. 

 

Summary

There are a total of 13 chapters in the book which are as following

  1. Red-Teaming and Pentesting
  2. Pentesting 2018
  3. Foreplay-Metasploit Basics
  4. Getting Started with Cobalt Strike
  5. ./ReverseShell
  6. Pivoting
  7. Age of Empire – The Beginning
  8. Age of Empire – Owning Domain Controllers
  9. Cobalt Strike – Red Team Operations
  10. C2 – Master of Puppets
  11. Obfuscating C2s – Introducing Redirectors
  12. Achieving Persistence
  13. Data Exfiltration

Keeping the context of the readers clear and precise to the point, I would begin with each item and maintain a streamlined summary version of each of the elements covered in the book.

Chapter 1: Red-Teaming & Pentesting

The books start with a short crisp and precise introduction of penetration testing. The section talks about OWASP, OSSTMM, ISSAF and PTES then goes into details of PTES then the books explain you the difference between traditional PT and red team exercise. How Red Team Methodologies are different and what is different in the red team approach.

Chapter 2: Pentesting 2018

Unlike the title suggests this chapters primarily focuses on the use of two tools which are MSFvenom Payload Creator (MSFPC) and Koadic. I liked the author has gone into details of both tools starting from where to download to have examples on how to use them in a very descriptive flow. 

Chapter 3: Foreplay – Metasploit Basics

This chapter starts with information on Metasploit then goes into details about commands and features it offers, then the chapter moves to more information on settings up Armigate and Team Server and how to connect it with Slack and end on a note on how to use Cortana scripts with Armitage.

Chapter 4: Getting Started with Cobalt Strike

Like the chapter’s name suggests this chapter talks about Cobalt Strike starting from what is required to set it to explanation and use of different buttons present on its user interface and how to generator payloads and connect with team servers. The first part of the chapters contains a nice note on how to plan red team activity. However, I believe that note would have been delivered better with chapter 2. The chapter ends with a note on how to secure your team server.

Chapter 5: ./ReverseShell

This chapter is very focused on multiple techniques on reverse shell connection, goes deep into details of using tools like netcat, ncat, socat, cryptcat and powercat then has examples of getting reverse shell connections using payloads such as reverse_tcp, reverse_tcp_rc4 and reverse_https. The chapter talks about using ngrok for getting the connection from a system behind NAT, and the chapter ends with a cheat sheet on the reverse shell.

Chapter 6: Pivoting

This chapter talks about different pivoting techniques. The chapter starts with port-forwarding and pivoting via SSH, Meterpreter port forwarding, Pivoting via Armitage and ends with a short note on multi-level pivoting. 

Chapter 7: Age of Empire – The Beginning

This chapter covers a very famous and powerful post-exploitation framework – Empire. The chapter starts with an excellent tutorial on how to set up the empire and then explains some of the primary usages along with examples of post-exploitation basics on Windows, Linux and OSx then the chapter has a nice note on popping Meterpreter session and setting up slack alerts with Empire.

Chapter 8: Age of Empire – Owning Domain Controllers

This chapter is a continuation of the previous chapter on empire as the last chapter primarily focuses Empire basics and getting access to systems this chapter focuses on gaining access to the Domain Controller apart from this chapter also has information on automating AD exploitation and Empire GUI web interface.

Chapter 9: Cobalt Strike – Red Team Operations

This is chapter is in continuation of chapter 4 on Cobalt Strike. This chapter goes more into details of Cobalt Strike explains it’s different features such listeners and it’s types and usage, beacons and their functions with its examples, a walkthrough on beacon menu and beacon console and finally pivoting using Cobalt Strike. The chapter ends on a note on aggressor scripts.

Chapter 10: C2 – Master of Puppets

This chapter provides information on C2 servers and how they help in red team operations. After a brief note on the introduction to C2 the chapter covers a detailed tutorial on using cloud services such as Dropbox, OneDrive as C2 servers then how to set up covert C2 channels

Chapter 11: C2s – Introducing Redirectors

This chapter is in continuation of the previous chapter and focuses on obfuscating and hiding C2 server from the network and blue team. This chapter introduces the concept of redirectors, obfuscating C2 securely, types of redirectors such as short-term and long-term redirectors, different methods such as dump pipe redirection, Filtration/smart redirection and domain fronting.

Chapter 12: Achieving Persistence

This chapter covers a brief detail on achieving persistence once a target has been infiltrated and what is the role of persistence in a typical Red Team exercise. The chapter covers different types of persistence and how to achieve them via Armitage, Empire on Windows OSX and Linux and Cobalt Strike with Aggressor Scripts.

Chapter 13: Data Exfiltration

This last chapter of the books contains a piece of brief information on data extraction and why it is needed in an exercise and then moves to explain techniques using tools like ncat, OpenSSL, PowerShell, DNS, Dropbox and Empire and the chapter has a tutorial on CloakyFactory tool which primarily helps in bypassing DLP solutions. 

Final Notes: Above I have tried to give a short idea about all the chapters of the book. The use of step-on-step approach makes it very comfortable for the readers to go along the book and reproduce the same steps in his/her system provided all the steps were followed exactly as the author had described in this book.

Tips

  • The Book is amazingly priced and has brief content.
  • The Book primary focus is for newcomers who want to learn about Red Team Operations as well as it is equally benefitted for pen-testers as it contains various new methods on infiltration.
  • The Book is self-paced and dedicated across different streams of exploitation – app, network, systems.
  • The Book can be used as a reference guide for red teamer and study guide for newcomers
  • At some places, I have observed there is a gap in flow, however as per technicality of content that is understandable

Rating

  • For Content, I would rate it 8/10
  • For Grammar, I would rate it 7.5/10
  • For Technicality, I would rate it 8.5/10
  • For Deliverance of the subject, I would rate it 7.8/10

Overall Rating: 8/10 as per the subject, material delivered, proof-reading, self-pacing and technicality on the subject covered. The evaluation depends on personal perspective and the readers choice in the matter.

Recommendation

This final section personally I think is opinion based and technically driven. The author has taken his dedication and passion level to the next stage in drafting the book, and it can be seen by efforts he has had to put when developing the material itself.

I recommend this book to each and everyone InfoSec enthusiast and professional; after reading this book you will have a clear understanding of Red Team Operation and how they are different from your typical VAPT (For God Sake, Just end the flight VAPT != Red Team Assessment)

I thank you for reading the review on “Hands-on Red Team Tactics”, It’s been kind of interesting to deliver a review of someone’s work. The security community wouldn’t be so far as it’s now if it wasn’t for people like Himanshu Sharma & Harpreet Singh who have been contributing their time and investing their focus in different digital security research in the midst of forest daylight through the trees. I hope this post has delivered unbiased review and would put my efforts across to make things higher quality.

Disclaimer: The authors of the books are my old friends and one of the author is my coworker, However, I have tried my best to be as unbiased as I can be.

Share

Cyber Security, DFIR & SOC Interview Questions [Update 2020]

Cyber Security is an exciting field, and every next person wants to explore this domain and make a career in it. Still, the problem is they have no idea how to get in and even if they do, They don’t have any idea on what type of questions they might face in an interview.

A few years back @Miss_Malware asked for everyone’s favourites security analyst and DFIR interview question that gave me an idea to compile a list of questions which are asked in every interview one way or another. What follows is a list of questions which you may face in an interview.

All These questions have compiled with the help of @Miss_Malware's twitter thread, contribution from friends and very intelligent internet searches :P, All the relevent sources (Read those I remember) have been mentioned at end of the post. 

GENERAL

  • What is DNS and at what port does it run?
  • Differentiate between TCP & UDP?
  • How does HTTP handle state?
  • Does TLS use symmetric or asymmetric encryption?
  • What is a three-way handshake?
  • What is “Risk”? What is “Risk Management”?
  • Which leg of the CIA triad is the most Important?
  • What do you understand by Risk, Vulnerability & Threat in a network?
  • What is the difference between policies, processes and guidelines?
  • As a Pen-tester, is being a 1337 hax0r or doing a good job more important to you?
  • Describe the SHA-1 hash.
  • How would you explain to a business user why we are not giving them local admin to their machine?
  • What is MD5 checksum?
  • Answer true or false and explain your answer: “Two-factor authentication protects against session hijacking.”
  • Walk me through if you are a threat actor, how would you compromise an organisation in all three domains (Physical, Digital, and Human).
  • Name 3 Internet protocols which use TCP, name three which use UDP, Name 2, which use neither and what port they run on.
  • If I am on my laptop, here inside my company, and I have just plugged in my network cable. How many packets must leave my NIC to complete a traceroute to twitter.com?
  • What’s the difference between encoding, encryption, and hashing?
  • Can you describe rainbow tables?
  • If you had to both encrypt and compress data during transmission, which would you do first, and why?
  • In public-key cryptography, you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which purpose?
  • What are the advantages offered by bug bounty programs over regular testing practices?
  • Who’s more dangerous to an organisation, insiders or outsiders?
  • Who do you look up to within the field of Information Security? Why?
  • You just stepped on to the elevator with your CEO. They ask you how secure we are? What do you say?
  • You have an unlimited budget and resources. Please draw the most secure corporate network for my organisation. It must have specific components including but not limited to: the Internet, one user subnet, at least one Active Directory server, one web server (with backend database) on the Internet, one Human Resources server, WiFi for your users, a VPN, etc.

VULNERABILITY ASSESSMENT AND PENETRATION TESTING

  • What is Cross-Site Request Forgery?
  • In what category XXE falls?
  • How can SQL Injection lead to remote code execution?
  • What is the most significant security issue is with microservices and APIs?
  • What is the difference between VA(Vulnerability Assessment) and PT(Penetration Testing)?
  • What is the difference between HIDS and NIDS?
  • I have a /24 subnet of hosts on the Internet that I would like you to pen-test. Take me through, in detail, all the steps that you will go through in this assessment.
  • On assessment, you have just compromised a Mac OS X laptop inside a corporate user subnet. Your goal is to infiltrate Active Directory hashes from the AD servers. How do you accomplish this?
  • What kind of attack is ARP Spoofing considered, and how could you leverage it on a penetration test?
  • What are some common ways that TLS is attacked, and what are some ways it’s been attacked in the past?
  • During the penetration test, you find an instance of Outlook Web Access belonging to the client. Describe how you would attack this?
  • You are performing an onsite penetration test. You do not want to perform any active scanning. How would you gather credentials?
  • How would you target a database that you know lies behind a jump server with an unknown IP address?
  • Describe the last program or script that you wrote. What problem did it solve?
  • What kind of attacks are you vulnerable to when you are using weak ciphers?
  • Which department in an organisation is more likely to get attacked first?
  • What is some of the low-hanging fruit you go after as a pen-tester?
  • Describe three of the most common ways an external attacker today might attempt to gain access to a network.
  • On what port does ping run?
  • What are the common vulnerabilities in Enterprise WiFi network?
  • How would you bypass a network IDS?
  • What are some parts of the HTTP header and why is this important as a security analyst?
  • Suppose you have physical access to a machine on a corporate domain that you are testing. It is connected to their You do not have credentials for the domain or local computer. You also have your laptop. How would you begin testing?
  • What is the purpose of the same-origin policy in relation to the document object model?
  • You are launching a Metasploit reverse https meterpreter payload against a host that is vulnerable to your attack, but once you type “exploit” nothing happens after it launches the attack, how would you debug this (or what would you change to get your meterpreter session?)

Digital Forensics and Incident Response

  • What is the primary reason to not upload targeted malware to VT?
  • What DFIR evidence do you gather first, and why?
  • Why is DNS monitoring essential?
  • Assume a user forwards you a suspected phishing email. How do you respond and handle it?
  • Excluding atomic IoCs, provide three examples of how you would detect evil in the network.
  • What percentage of malware in the wild do you think AV can detect?
  • Explain to me why you need to consider scope in the “identification” stage of IR.
  • What is the primary problem with bash history as a forensic artefact, and name one way to partially recreate this data during an investigation
  • How will you identify a malicious file without executing it?
  • How will you unpack malware? Moreover, in how many ways?
  • How will malware try to evade analysis? What are the ways?
  • Given a binary, how would you say it has been packed, and how would you figure out which packer was used?
  • Name at least three diff vulnerability scanners and patterns to identify them.
  • How would you validate a false positive?
  • How would you validate a false negative
  • How would you design and execute an incident response plan?
  • What ares the differences between FAT32 and NTFS?
  • Describe how the TCP handshake works?
  • What’s the difference between an IDS and an IPS? Give examples of each.
  • Name four types of DNS records and what they signify.
  • What sorts of anomalies would you look for to identify a compromised system?
  • You get a report that your company’s LAMP website may be being DDoSed. How do you investigate?
  • What are different ways to find out actual date of file creation from a disk image and how you can be sure that the date is correct?
  • Explain the difference between local and network authentication and walk me through the authentication process?
  • What will be your primary data sources for detecting botnet activity?
  • What is a disadvantage of signature-based malware detection?
  • An incident has been reported that an enterprise host was identified communicating with a known malicious external host. The incident responders have already blocked the communication and have requested the disk for forensic investigation. You are the forensic analyst on duty when the disk arrives. How will you begin the investigation?

Malware Analysis, Exploit Writing and Cryptography

  • How would you bypass ASLR?
  • How would you bypass SafeSEH?
  • Explain the behaviour and your analysis methodology of any new APT
  • What is DEP? How can it be bypassed?
  • Explain a PE file.
  • How does keylogging work?
  • What is code injection?
  • What are the APIs used by malware to connect to the server?
  • How can you unpack a malware and in how many ways?
  • In what way malware tries to evade analysis?
  • Explain the Anti-Debugging techniques employed by macro malware.
  • What are different types of breakpoints, what is their use and when to use those breakpoints?
  • Describe what Buffer overflow is and how you would test for it?
  • Describe what SEH is and how you exploit it?
  • Describe how debugger modules and plugins can speed up initial exploit development?
  • How does interrupts work in a debugger? What are the Opcodes for that?
  • What are salted hashes?
  • How do UAF exploits work?
  • Differentiate between symmetric and asymmetric encryption?
  • In public-key cryptography, which key is used for what function (think the public/private & encryption/signing)?
  • Which of this algorithm is better than others and why – AES-128, AES-196 and AES-256?
  • What is the difference between CBC mode and EBC mode of encryption?
  • What is a Windows Portable Executable?
  • What is the ESP register used for in the Intel x86–32 architecture?
  • During the execution of a piece of malware in a segregated virtual lab environment, the sample was observed making an HTTP GET request for a text file. Because the lab is separated from the Internet, the sample did not receive the text file. What would you do to move the investigation forward?

Security Operation Center (SOC) and Blue Team  

  • What is the Blue Team, and what purpose does it serve?
  • Let say, we ask you to implement a new SIEM, what will be your approach?
  • What are the essential components of Security Operation Center?
  • Given an HTTP traffic log between a machine on your network and a 3rd party website (e.g. Google), what would the source and destination ports look like?
  • What are the fundamentals of SOC?
  • What is SIEM, and what does it do?
  • SOC analysts are required to collect information from multiple sources, how can you determine which information is relevant?
  • What is the difference between Cyber Threat and Cyber Attack?
  • What is IOC and IOA, what is the difference between them?
  • Define the concepts of handling alerts, analysing alerts and triaging alerts?
  • What is the need of Threat Intelligence in Security Operation Center?
  • Does only setting up SIEM solutions completes the SOC?
  • What are measures to evaluate SOC maturity?
  • Describe the importance of Playbooks and Workflows in SOC.
  • How often should you perform Patch management?
  • Why is DNS monitoring necessary?
  • What sorts of anomalies would you look for to identify a compromised system?
  • What are security risks associated with BYOD environment?
  • How can you detect SQL injection? What is the most common SQL injection tool?
  • How would you identify a CSRF Attack?

Free free to contact me if you have any comments on the questions, or if you have ideas for additions.

Sources: @MissMalware, Himanshu Khokhar, Ravi KiranDaniel Miessler

Share

Low-Cost Honeypots as Enterprise Defense Mechanism

By Posted on 0 Comments8min read93 views

Since the launch of Fred Cohens’ Deception Toolkit in 1998 (First publically released Honeypot), Honeypots has been a proven useful method for attack detection and analysis. As these honeypots are complex in installation and require high maintenance, they are yet to get their proper place in enterprise security suits. However, the honeypot technology has been seeing rapid growth, and soon it will be held among various business threat detect security tools. There are two types of Honeypot deployments

  1. Internal Honeypots (Behind Firewall)
  2. External Honeypots (Outside Firewall)

Both deployment methods have their benefits such as follows

Internal Honeypots: These honeypots run behind the firewall as part of the internal network and work as a low noise IDS. These are very useful in detecting any compromised hosts, malicious users.

External Honeypots: You can deploy these honeypots in two types

Local External Honeypots: They are outside firewall but part of your IP space. This deployment helps your get idea of who is attacking you and assist you in filter attack traffic from legitimate traffic.

Global External Honeypots: They run over public clouds or VPSes and used by the organisations to make threat feeds and reputation engine for IP addresses.

The Low Cost and Low Maintenance Solution: Honeypots are part of natural enterprise security solution because of the hardware cost involved and high maintenance, but in the era of cost-effective open source hardware this problem can be solved easily with Raspberry Pi boards.

The Raspberry Pi is a credit sized single-board computer developed by Raspberry Pi Foundation. With the initial intention of promoting the teaching of basic computer science in school, this ARM Linux box would be one of the suitable candidates for deploying honeypot sensors. Low cost, low power consumption. It could turn into a powerful honeypot or attack detector.

One can easily install honeypots variant of his choice on the raspberry pi boards I will be adding some links in references for the same but if one is not looking forward to putting extra effort, he can directly Honeepi – A Customised Raspbian based honeypot sensor pre-loaded with different honeypots. The fourth release of honeepi comes pre-installed with honeypot packages like Dionaea, Cowrie, Conpot, Glastopf and classic honeypots like honeyd, Amun that run on Raspberry Pi 3 Model B. It also comes loaded with ntop, snort and remote pcap to allow network monitoring and capturing of pcap for further analysis.

Process for Settings up Sensors.

Pre-Requirements:        

  1. Raspberry Pi (3 Model B preferred)
  2. SD Card (32 GB preferred)
  3. SD Card reader
  4. Keyboard and Network Connectivity

Downloading Honeepi: You can download honeepi from the URL below.

https://sourceforge.net/projects/honeeepi/

Simple Installation

You should be able to use the Honeeepi image easily. The installation process is similar to the typical raw images (e.g. Raspbian), I am currently using Windows Operating System so I will be following method for same however one can easily search methods for other operating systesm.

  1. Insert your microSD card into your card reader and find out its drive letter in Windows Explorer
  2. Download SDFormatter (https://www.sdcard.org/downloads/formatter_4/) application and format your memory card with it, Don’t forget to turn on Auto Size Adjustment Option.
  3. Unzip the file you downloaded and extract image to a folder
  4. Download Win32DiskImager (https://sourceforge.net/projects/win32diskimager/) ,
  5. Unzip the downloaded file and run the utility file.
  6. Select the image file you downloaded.
  7. Choose the drive of your SD card in the ‘Device’ drop-down. Make sure you choose the correct one. Otherwise, you risk damaging the data on your hard drive.
  8. Select ‘Write’ and wait for the process to finish. That is it!
  9. Now you can plug the SD card into your Raspberry Pi’s slot.

Now power up the board and connect it to a wired network. The honeeepi image is started with ‘DHCP’ and ‘sshd’ as default. Now locate Honeepi Network address in your DHCP list and ssh to it using following credentials.

SSH Port for Honeepi version 2016.10 is TCP/9002 and for the rest versions TCP/22

Default login: pi

Password: honeeepi

Now you can need to sudo raspi-config and expand the file system, post this run apt-get update / apt-get upgrade (Hope you are familiar with this)

Running Honeypots

Now here we will talk about running pre-installed honeypots, some of their description and suggestion on how to run them.

  1. Conpot: Conpot is a low interactive server side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of standard industrial control protocols, it created the basics to build your system, capable of emulating complex infrastructures to convince an adversary that he just found a massive industrial complex. To improve the deceptive capabilities, it also provided the possibility to serve a custom human-machine interface to increase the honeypots attack surface. The response times of the services can be artificially delayed to mimic the behaviour of a system under constant load. Because it is providing complete stacks of the protocols, Conpot can be accessed with productive HMI’s or extended with real hardware. Conpot is developed under the umbrella of the Honeynet Project and on the shoulders of a couple of massive giants.

Starting up conpot

  • Login as pi

         cd /honeeepi/conpot

  • To start for Siemens S7-200 (start as background)
    sudo conpot –template default &
  • start kamstrup_382 (smart meter) (start as background)
    sudo conpot –template kamstrup_382 & (new)
  • start ipmi (start as background)
    sudo conpot –template ipmi &
  • start proxy (start as background)
    sudo conpot –template proxy &
  • tart Guardian AST tank monitoring system
    sudo conpot –template guardian_ast &
  1. Dionaea: Dionaeawas developed by Markus Koetter as a low-interaction honeypot is meant to be nepenthes successor. It emulates vulnerable systems with services often targeted by attackers such as HTTP, FTP, SSH, SMB, etc. It is written in C but uses Python to emulate various protocols to entice attackers.  It uses Libemu to detect shellcode and can alert us of the shellcode and capture it. Dionaea sends real-time notification of attacks via XMPP and then logs the information into a SQLite database.

Starting up Dionaea

  • Login as pi
  • cd /honeeepi/dionaea-honeypot
    • sudo ./start.sh & 
  • To start OS fingerprinting (start as background)
    • sudo ./start-p0f.sh &
  1. Glastopf: Glastopf is a minimalistic web server emulator written in Python by Lucas Rist a.k.a glaslos. The honeypot tool collects information about web application-based attacks like for example remote file inclusionSQL injection, and local file inclusion

Starting up Dionaea

  • Login as pi
  • sudo glastopf-runner &
  1. Cowrie: Cowrie is a Kippo based SSH/Telnet honeypot system written by Michel Oosterhof that is designed to not only log brute-force attempts against an ssh server but to “record” the entire shell session of an attacker. It creates a “fake” server that will be used to lure attackers to attempt access. The functionality of Cowrie extends far beyond what is described here  I encourage you to visit the Cowrie repository on Github in the meantime to read about all that it can do.

Setting up Cowrie

  • Edit your ssh to different port number
    • sudo vi /etc/ssh/sshd_config
  • Edit SSH port to other port of your choice (make sure use different port from honeypot services)
    • Port 22 <—–change port number ensure it does not clashes with other honeypot services
  • restart SSH
    • sudo /etc/init.d/ssh restart
    • sudo su cowrie
  • cd /honeeepi/cowrie
    • ./start.sh (script start process as background)

Running Network Monitoring:

Ntop (Start as background): ntop is computer software that probes a computer network to show network use in a way similar to what the program top does for processes. In interactive mode, it displays the network status on the user’s terminal. In Web mode, it acts as a web server, creating an HTML dump of the network status. It supports a NetFlowsFlow emitter-collector, a Hypertext Transfer Protocol (HTTP) based client interface for creating ntop-centric monitoring applications, and RRDtool (RRD) for persistently storing traffic statistics.

  • Login as pi
  • cd /opt/ntop-5.0.1
  • sudo ntop &
  • The first-time startup will prompt for admin user password
  • go to browser access, http://IPaddress of honeeepi:3000/

Remote Packet Capture (rpcapd): The Remote Capture Protocol (RPCAP) can work in two modes:

Passive Mode (default): the client (e.g. a network sniffer) connects to the remote daemon, it sends them the appropriate commands, and it starts the capture.

Active Mode: the remote daemon try to establish a connection to the client (e.g. the network sniffer); then, the client sends the appropriate commands to the daemon, and it starts the capture. This name is because the daemon becomes active instead of waiting for new connections.

The Active Mode is useful in case the remote daemon is behind a firewall, and it cannot receive connections from the external world. In this case, the daemon can be configured to establish the connection to a given host, which will have been configured to wait for that connection. After establishing the connection, the protocol continues its job in almost the same way in both Active and Passive Mode.

  • Login as pi
  • sudo passwd root -> set root password
  • cd /opt/rpcapd
  • sudo start.sh (script start process as background)
  • Configure remote capture using Wireshark

Analysing Honeypot Logs: – Once all honeypots are active, they generate massive log files and analysis of these records can be easily done using ELK. All you need to do is get all logs files to your ELK machines and use logstash conf file to push them to ElasticSearch, and You can view them quickly in Kibana.

Logstash.conf:

# Input section

input {

# Conpot

  file {

    path => ["file_path/conpot.json"]

    codec => json

    type => "ConPot"

  }

# Cowrie

  file {

    path => ["file_path/cowrie.json"]

    codec => json

    type => "Cowrie"

  }

# Dionaea

  file {

    path => ["file_path/dionaea.json"]

    codec => json

    type => "Dionaea"

  }

# Glastopf

  file {

    path => file_path/glastopf.log"]

    type => "Glastopf"

  }

}

 

# Filter Section

filter {

# Conpot

  if [type] == "ConPot" {

    date {

      match => [ "timestamp", "ISO8601" ]

    }

  }

# Cowrie

  if [type] == "Cowrie" {

    date {

      match => [ "timestamp", "ISO8601" ]

    }

    mutate {

      rename => {

        "dst_port" => "dest_port"

        "dst_ip" => "dest_ip"

      }

    }

  }

# Dionaea

  if [type] == "Dionaea" {

    date {

      match => [ "timestamp", "ISO8601" ]

    }

    mutate {

      rename => {

        "dst_port" => "dest_port"

        "dst_ip" => "dest_ip"

        "[credentials][password]" => "login"

      }

      remove_field => "[credentials]"

    }

  }

# Glastopf

  if [type] == "Glastopf" {

    grok {

      match => [ "message", "\A%{TIMESTAMP_ISO8601}%{SPACE}%{NOTSPACE}%{SPACE}%{IP:src_ip}%{SPACE}%{WORD}%{SPACE}%{URIPROTO:http_method}%{SPACE}%{NOTSPACE:http_uri}%{SPACE}%{NOTSPACE}%{SPACE}%{HOSTNAME}:%{NUMBER:dest_port:integer}" ]

    }

    date {

      match => [ "timestamp", "ISO8601" ]

    }

  }

 

# Add geo coordinates / ASN info

  if [src_ip]  {

    geoip {

      source => "src_ip"

      target => "geoip"

      database => "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-geoip-2.0.7/vendor/GeoLiteCity-2013-01-18.dat"

      add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]

      add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]

    }

    mutate {

      convert => [ "[geoip][coordinates]", "float" ]

    }

    geoip {

      source => "src_ip"

      target => "geoip"

      database => "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-geoip-2.0.7/vendor/GeoIPASNum-2014-02-12.dat"

      add_field => [ "[geoip][full]", "%{[geoip][number]} %{[geoip][asn]}" ]

    }

  }

# In some rare conditions dest_port, src_port is indexed as string, forcing integer for now

  if [dest_port] {

    mutate {

        convert => { "dest_port" => "integer" }

    }

  }

  if [src_port] {

    mutate {

        convert => { "src_port" => "integer" }

    }

  }

}

# Output section

output {

  elasticsearch {

    hosts => ["localhost:9200"]

  }

}

 

Resource and References:

– Conpot (http://conpot.org/)
– Dionaea (https://github.com/gento/dionaea, with IoT honeypot feature – Internet of Things)
– Glastopf (http://glastopf.org/)
– Cowrie (https://github.com/micheloosterhof/cowrie)
– Kippo (https://github.com/desaster/kippo)
– Honeyd (https://github.com/DataSoft/Honeyd)
– amun (http://amunhoney.sourceforge.net/)

– Snort (https://www.snort.org/)
– ntop (http://www.ntop.org/)
– Remote packet capture (https://github.com/frgtn/rpcapd-linux)

– HoneyNet Project (https://www.honeynet.org)

– Honeepi Wiki (https://redmine.honeynet.org/projects/honeeepi)

– Indian HoneyNet Project (https://honeynet.org.in)

Share

Digital Forensics and Incident Response (DFIR) using Docker

By Posted on 0 Comments5min read123 views

Docker and DFIR

With the increasing popularity of container virtualization technology Now it has become imperative for forensics professionals to implement “Docker” technology in Digital Forensics and Incident Response operations to reduce a headache reconfiguring set up every time for different cases and increase productivity,

One aspect of the using Docker for DFIR operations is providing Docker images of favourite tools, with the goal of allowing investigators and handlers to conveniently utilise difficult-to-install applications without having to take a headache to install and configuring them again and again. Such images could be compared to lightweight virtual machines; though they do not offer the same level of isolation as real VMs, they provide a container within which the application can be encapsulated along with its dependencies, so before starting the topic itself first let’s talk about what is Docker?

Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package. By doing so, thanks to the container, the developer can rest assured that the application will run on any other Linux machine regardless of any customised settings that machine might have that could differ from the machine used for writing and testing the code.

In a way, Docker is a bit like a virtual machine. However, unlike a virtual machine, rather than creating a whole virtual operating system, Docker allows applications to use the same Linux kernel as the system that they are running on and only requires applications be shipped with things not already running on the host computer. That gives a significant performance boost and reduces the size of the application, and importantly, Docker is open source so anyone can contribute to Docker and extend it to meet their needs if he or she need additional features that aren’t available out of the box.

Why we need Docker in DFIR?

Application distributed as a Docker image incorporates all the dependencies and configuration necessary for it to run, eliminating the need for end-users to install packages and troubleshoot dependencies

Investigators & Incident Handlers are required to rebuild their personal toolbox investigation after investigation for improved performance. There are plenty of tools that are developed and shared by the community to address specific cases. Most of those tools can be executed stand-alone, sometimes require dependencies with libraries or another software framework. These are perfect candidates to be implemented in a container so that investigators and incident handlers will not have to install and configures tools again and again; they can always reuse once created and correctly configured Docker Image without any wastage of time for installation configuration again and again.

Before using Docker application first, we must know that how to Install Docker in any system, Docker is a cross-platform application can be used on Linux and Windows; However, in this article, I will be covering that how one can install Docker on an Arch Linux Environment system.

We can easily install Docker by using the following command

$ sudo pacman -S docker is all that is needed.

Then there is a systemd service unit created for Docker. To start the Docker service, we can use the following command:

$ sudo systemctl start docker

To start Docker on system boot:

$ sudo systemctl enable docker

Now we are all set to use Docker on our Arch Linux System; Now We can make application and tools on Docker to carry out our operations; here I will be discussing few applications and tools commonly used by professionals around the world.

The following list contains standard applications that all investigators & incident handlers should already know. I am only concentrating on their “docker” version. For performance reasons, I recommend you to download all images using command “docker pull <imagename>“ to your local storage. This process will speed up the container startup and allows you to work offline. I also presume that files to be analysed are stored in /files directory path.

  1. PEScanner

PEScanner is a tool to perform static analysis of Microsoft Portable Executable files.

Command:

$ docker run --rm -it -v /files:/home/nonroot/workdir remnux/pescanner pescanner <malicious.exe>

  1. JSDetox

JSDetox is a JavaScript malware analysis tool. With the growing number of malicious .js files spread by phishing and ransomware campaign. This one is a must at the moment.

Command:

$ docker run --rm -p 3000:3000 remnux/jsdetox

Then point your browser to http://<docker-server>:3000

  1. SpiderMonkey

Another JavaScript analyser, SpiderMonkey, developed by Mozilla, helps to analyse malicious scripts.

Command:

$ docker run --rm -it -v /files:/source nacyot/javascript-spidermonkey:latest js <malicious.js>

  1. VirusTotal

Just a command line VirusTotal API client.

Command:

$ docker run --rm -it malice/virustotal --api <api_key> lookup <hash>

$ docker run --rm -it malice/virustotal --api <api_key> scan <malicious_file>

  1. Malcom

Malcom is a tool which analysis network communications using graphical representations of network traffic and cross-reference them with public IoC sources.

Command:

$ docker run -p 8080:8080 -d --name malcom tomchop/malcom-automatic

  1. FIR

FIR stands for “Fast Incident Response” and is developed by the Société Générale CERT. There is no public build, but a Docker file is available on the FIR GitHub repository.

Command:

$ wget https://github.com/certsocietegenerale/FIR/blob/master/docker/Dockerfile

$ docker build -t fir .

$ docker run -it -p 8000:8000 fir

Then point your browser to http://<docker-server>:8000

  1. ClamAV

Not the best antivirus but always nice to quickly scan a suspicious system.

Command:

$ docker run --name=clamav -v /files:/malware:ro malice/clamav update

$ docker restart clamav

$ docker exec -it clamav /malware/<suspicious_file>

  1. YARA

YARA is another must have application. It helps to classify files based on patterns.

Command:

$ docker run -it -v /evidences:/malware:ro \ -v /rules:/rules:ro blacktop/yara <suspicious_file>

  1. Dradis

Dradis is a tool that is focussing more on pen testers, but it can be useful to collect and exchange information between incident handlers working on the same case.

Command:

$ docker run -d -p 3000:3000 raesene/auto_docker_dradis bundle exec rails server

  1. Volatility

Last but not the least Volatility, everyone’s favourite memory forensics framework has a docker image which is created and maintained by SANS Remnux team.

Command:

docker run --rm -it -v ~/memdumps:/home/nonroot/memdumps remnux/volatility bash

Using Docker for DFIR reduces a headache for investigators and incident handlers to reinstalling or reconfiguring applications as per their need again and again for each system they can always create Docker images and reuse them to save time and energy. However, I accept from the security point of view of containers. They are not bullet-proof: Container evasion is always possible, and they share the same kernel.

Sources: Docker, Rootshell Blog, ISSA Toolsmith Research Paper.

 

Share

Follow KITTEN to avoid your next cyber security incident

By Posted on 0 Comments3min read68 views

This pic of the kitten looks cute & cuddly but can you imagine a funny cat picture can destroy your data?

Life of Information Security Analysts and Engineers was hell last year, given last year what we have in Internet Security; Rise of Ransomware, Inside Threats, Heartbleed, DirtyCOW and so on. Security Engineers, Analysts and Auditors work so hard to secure organisation; They try to test each and every system on the network, share best practices, share newsletters for do’s and don’t; despite all these efforts, people do some silly thing by ignoring the common sense.

Let’s dissect some of those bad choices, with the help of our little kitten friend

K is for Kiosk Charging

We have all seen those charging stations at conferences, airports and even on aeroplanes, enticing you just to plug in and relax while devices charge. In the old days, power and data flowed through separate cables, but modern mobile devices require that both charging and data flow through a single cord. Without seeing what’s on the other end of that charging kiosk, plugging your phone in can mean that you are allowing access to the data on your phone and possibly even the injection of malicious code, which is known as juice jacking.

To protect yourself, carry a USB charger and plug into an electrical outlet, invest in a USB prophylactic that will allow power flow but block data flow or charge only through a power bank.

I is for Installing Patches Late

Nearly 75 percent of cyber attacks use publicly known vulnerabilities in commercial software, but only about 10 percent of organisations have the capacity to apply patches on the same day they are released. Do your best to be part of that 10 percent, for catnip’s sake!

T is for Thoughtless Clicking

There are many wonders to behold on the Internet. Whether it is an email with a link proclaiming “cutest kitten picture ever!” or a click-bait headline on social media, think before clicking.

Do you know the sender of the email? Is the destination site or publication a reputable one? At best, you have wasted time clicking through to another weird corner of the Internet, and at worst, you are clicking through to a malware host for a drive-by download. Think before you click.

T is for Third-Party Access to Personal Data

Do you know why that game app needs access to your contacts? Alternatively, why that navigation app wants access to your health data? Be mindful of the permissions you grant to apps on your mobile devices and what data they may be sharing on your behalf. If you are suspicious of an application and its need for permissions, compare it to others in the same category to see if there’s consistency for a particular permit type or if it is an indicator of data gathering for potentially illicit purposes.

E is for Egregious Password Practices

Password hygiene continued to be problematic and was one of the key factors cited in the X-Force Threat Intelligence Quarterly as contributing to insider threats. Whether it is multi-user accounts, easy passwords or passwords that never expire, this lack of accountability on user provisioning and privileges is leaving significant holes in corporate networks.

Even with adequate termination procedures, having shared admin accounts or unexpired passwords leaves doors open to disgruntled ex-employees if they take advantage of remote administration tools like LogMeIn or TeamViewer before their departure.

N is for ‘Not Me’ Thinking

There’s a certain haughtiness that an information security analyst and others in the industry can adopt in thinking that they are too well-versed in security practices to ever be the victim of an attack. Social engineering has evolved to such levels of sophistication that even the most seasoned practitioner can fell for it.

No universal security karma prevents those of us in this industry from being infected; It is just your common sense and active that can reduce the risk or avoid any major incident if you are lucky.

Source: Security Intelligence

 

Share

Book Review : Mastering Metasploit Edition 1 & 2

By Posted on 0 Comments6min read51 views


Mastering Metasploit

Book Details:

  • Author: Nipun Jaswal
  • ISBN: 9781782162223 (Edition 1), 9781786463166 (Edition 2)
  • Publisher: PacktPub

In the crowded world of books on Metasploit; I find this book unique as most of them focus on “How to use Metasploit” but this book gives you an understanding and encouragement towards how you can port your exploit to Metasploit. I have bought hardcopy edition 1  just after launch and got it signed from Nipun Jaswal. For the 2nd edition, I have bought the e-book from PacktPub using my Packt credits given to me as the honorarium for reviewing other books for them, and I am waiting for my signed copy of edition 2 (Nipun are you reading this?). In the current world of bug bounty hunters, the methodological penetration testing is somewhere getting lost, and after reading both editions, I was happy that author has also tried to take each and every perspective while writing chapters.  A lot of efforts are put together to make this fantastic guide for the amateur seasoned Metasploit user who could benefit with a vast support of striking images and test cases. Now I would like to take a stop here and provide at a glance overview of “Mastering Metasploit.”

Summery

Both editions of book contain ten chapters which are following

Version 1

1: Approaching a Penetration Test Using Metasploit
2: Reinventing Metasploit
3: The Exploit Formulation Process
4: Porting Exploits
5: Offstage Access to Testing Services
6: Virtual Test Grounds and Staging
7: Sophisticated Client-side Attacks
8: The Social Engineering Toolkit
9: Speeding Up Penetration Testing
10: Visualizing with Armitage

Version 2

1: Approaching a Penetration Test Using Metasploit
2: Reinventing Metasploit
3: The Exploit Formulation Process
4: Porting Exploits
5: Testing Services with Metasploit
6: Virtual Test Grounds and Staging
7: Client-side Exploitation
8: Metasploit Extended
9: Speeding up Penetration Testing
10: Visualizing with Armitage

Where both have ten chapters; Edition one is more of introductory towards some and edition two covers more of in-depth details about the topics. Keeping the context of the readers clear and precise to the point, I would begin with each item and maintain a streamlined summary version of each of the elements covered in the book.

Chapter 1: Approaching a Penetration Test using Metasploit

This particular chapter in both books has the introduction of Metasploit and procedure to set up testing lab environment wherein edition 2. The author has gone into more in-depth about the tools and also covered benefits of Metasploit and have also discussed a methodology to pentest an unknown network and how to exploit publically know vulnerability such as VSFTPD 2.3.4 backdoor and HFS 2.3 RCE.

Chapter 2: Reinventing Metasploit

This chapter in both books contains information about Ruby the heart of Metasploit, gives an idea on how you can make your custom modules for Metasploit. The chapter also has information about making meterpreter scripts then it moves to the concept of working with RailGun which allows you to make calls to Windows API(s) without compiling your own DDL.

Chapter 3: The Exploit Formulation Process

This chapters starts with the concept of assembly language and states the importance EIP & ESP registers and NOP & JMP while writing an exploit. The section also contains brief details about Stack, SEH based buffer overflow attacks & how to bypass DEP in Metasploit modules and what are protection mechanism against them.

Chapter 4: Porting Exploits

This is one of the core chapters in the book. In this chapter, readers get ample amount of information that how one can port exploits written in different programming languages like Python and Perl also web-based exploits into Metasploit modules.

Chapter 5: Testing Service with Metasploit

It starts with Introduction with SCADA and how to exploit them and secure them after this chapter moves towards database exploitation right from basics like fingerprinting. The chapter also has details about how one could test VOIP services by scanning the network for VOIP clients and spoofing VOIP calls as well.

Chapter 6: Virtual Test Grounds and Staging

In this section, The author covers a vast number of subjects like how to efficiently perform black box testing, white box testing & grey box testing on the target under the scope. How to format reports and use leading industry directly from the Metasploit console and use it as a single point of testing for a complete penetration.

Chapter 7: Client-side attacks

In this section, Variety of techniques that can help us attack client-based systems is explained like browser-based exploitation and its variants, exploiting Windows-based systems using Arduino and creating file formate-based exploits. Using Metasploit with DNS-spoofing attack vectors and exploiting Linux-based clients and Android devices.

Chapter 8: This is the chapter which is different in both editions. In version 1 it is about the Social Engineering Toolkit and explains a brief detail about it and in edition 2 it is about Metasploit for post-exploitable scenarios and using it’s extended features.

Chapter 9: Speeding up Penetration Testing

Throughout this chapter, Author focused on faster penetration testing with automated approaches. He explained about various techniques to improve the testing of databases, speeding up exploitation with db_autopwn and pushm, popm, loadpath, reload and edit commands. He also explains about creating resource scripts and making use of AutoRunScript and about setting global variables, automating payload generation, and exploit handler setup using SET.

Chapter 10: Visualizing with Armitage

In this chapter, Author gave a good look at Armitage and its various features. He kicked off by looking at the interface and building up workspaces.he also explained how to exploit a host with Armitage using remote as well as client-side exploitation and post-exploitation. Furthermore, he jumped into Cortana, using it to control Metasploit. He also created post-exploitation scripts, custom menus, and interfaces as well.

Final Notes: Above I have tried to give a short idea about all the chapters in the both editions of the book. The use of step-on-step approach makes it very comfortable for the readers to go along the book and reproduce the same steps in his/her system provided all the steps were followed exactly as the author had described in this book.

Tips

  • The Book is amazingly priced and has a brief content.
  • The Book has been a great benefit to previous buyers.
  • The Book primary focus is for pen-testers and equally beneficial to bug-hunters.
  • The Book is self-paced and dedicated across different streams of exploitation – app, network, system;
  • The Books has a huge exploit writing section for beneficiaries discussed above.
  • The Book can be used as a reference guide for newcomers to Penetration Testing.

Rating

  • For Content, I would rate it 9/10
  • For Grammar, I would rate it 8/10
  • For Technicality, I would rate it 9/10
  • For Deliverance of the subject, I would rate it 8/10

Overall Rating: 8.5/10 as per the subject, material delivered, proof-reading, self-pacing and technicality on the subject covered. The evaluation depends on personal perspective and the readers choice in the matter.

Recommendation

This final section covers any preliminary core concepts you would require to get into this book for a hands-on experience and advice which personally I think is opinion based and technical driven. The author has taken his dedication and passion level to the next stage in drafting the book, and it can be seen by efforts he has had to put when developing the material itself.

I recommend this book to each and everyone InfoSec enthusiast and professional; after reading this book you will have a clear understanding of Metasploit and Penetration Testing skills will be improved.

I thank you for reading the review on “Mastering Metasploit”, It’s been kind of interesting to deliver a review of someone’s work who has made through his efforts right across the desk and gave them in a fashion. The security community wouldn’t be so far as it’s now if it wasn’t for people like Nipun Jaswal who have been contributing their time and investing their focus in different digital security research in the midst of forest daylight through the trees. I hope this post has delivered unbiased review and would put my efforts across to make things higher quality.

Share

Engineers : Face of unemployment in India

By Posted on 1 Comment7min read64 views

Engineering

Engineering; A degree every K-12 student studying science dreams to have without giving a second thought about understanding whether they have the potential to be a good engineer; this is the sole reason that we are churning out around 1.5 million engineering graduates every year and only 20% of them are employable. One of the major problems with fresh graduates is their insufficient understanding of basic concepts and the lack of in-depth understanding of technical information. People often argue that we are making more engineers than there are jobs in Industry but what I have found on ground that there are enough jobs available but candidates lack required skills for the jobs. In my personal experience recently I had interviewed around 200 candidates for the job of python developer and only 3 were able to pass basics programming test containing questions like making a CSV parser. Most of the candidates I come across are engineering graduates; they are not engineers, they just crammed the contents that was in the book, have no practical knowledge, know absolutely nothing more than definitions and will put their life on line to argue rather than seeing what is true by practically doing it.

Shivam Saluja CEO of BaseZap, a Web Hosting Company says “When we go for hiring engineers we find that most of them don’t have hands-On experience of solving the problems they are going to face, because they haven’t faced any. In short words they don’t have any practical exposure.”

The IT services industry is not growing at the same pace as before and the growth of entry-level jobs is diminishing. Companies are now looking for hiring candidates who already have decent expertise in programming. Secondly, IT services companies today realize that within two years of the job, the candidate will have to communicate with international customers. As these trends catch up across industry, the employability for IT services sector, which is the largest hirer in engineering, will diminish further. To remain competitive in the job market, colleges and students need to have a fresh focus towards programming and English (both written and spoken).

According to the HRD ministry in July 2016, India has 6,214 engineering and technology institutions which are enrolling 2.9 million students. Around 1.5 million engineers are released into the job market every year. But the dismal state of higher education in India ensures that they simply do not have adequate skills to be employed.

Where being an engineer was once used to be a matter of respect now is in such shambolic and deteriorating condition that Indian Engineering graduates are applying for jobs of peon :/ what makes me more worried that eligibility criteria for this job was just class 5th. If we look at India employability report by Aspiring Mind, a research firm; we can clearly come to a conclusion that condition of technical education in India is abysmal. As per the report the employability of candidates for IT Industry related role lies between 3-10%. So now the questions what exactly we are doing wrong?

Here with help of a few good friend I have tried compiling a list of things which I think need serious improvement.

Outdated Syllabus and Learning Culture: Whatever the reasons might be for the poor show, I believe it is sad that India’s best universities are nowhere in the Top 100 in the world. The best India could do as of now: The Indian Institute of Science (IISC) in Bengaluru is at 152 and the Indian Institute of Technology (IIT)-Delhi is at 185 in the QS World University Rankings.

Indian curriculum is behind times as far programming languages are concerned. Where Institutes like MIT have replaced C with Python for teaching computer concepts we are still stick to C and Turbo C++ compiler as standard which is dead from a long time. Apart from it; students lack logical thinking ability to solve complex problems. The course contents do not focus on areas which will actually help in the job industry after employment. There is a big gap between what the market needs and what Indian education equips its future employees with. Despite exponential changes in science and technology round the world, the syllabus is hardly ever updated. The traditional education sector in India has not evolved at the same pace as the industry. The expectations that the companies have from their candidates and the skills that engineering graduates bring in, do not match

Theory vs Practical: Most Indian engineering graduates, fail when they are expected to apply basic principles to solve real-world problems. With neither the requisite analytical skills nor a commendable command of the domain, they flounder. They need “specific” training. That’s an expense that not everyone in the industry wants to incur. Most of the engineering colleges never think of providing a quality time on PRACTICAL approach for students. Hands On experience & Real time applications is something not seen in most of the engineering colleges. Universities need to bridge this gap and soon. For instance, they can encourage participation in coding challenges that companies like HackerEarth and CodeChef conduct and introduce IT engineering students to competitive programming or hackathons.

Lack of Quality Teachers: As there are more than 6000+ colleges granting engineering degrees one point is clear that There are not enough quality teachers for all of these educational institutes. After multinational companies, the IT big shots of India, and the smaller engineering companies have had their pick, many from the remaining engineering graduates go on to get a PhD and join as faculty at engineering institutes. Thus, unlike other parts of the world, the Indian faculty is not comprised of the very best of the industries who have the skills to create brilliant students. Most educated engineers join teaching as a profession not because of passion, but because they have to earn a livelihood. The few good professors prefer administrative positions because of lower intellectual demands coupled with higher pay packages.

Lack of innovation and research: Students need to be motivated enough to innovate or think for themselves. As the new HRD minister Prakash Javadekar recently said, “Why do we lack innovation in India? Because, we don’t allow questioning. We don’t promote inquisitiveness. If a child asks questions in school, he is asked to sit down. This should not go on. We need to promote inquisitiveness, children should ask questions.” Students must be given the space and scope to think and innovate, to question and come up with solutions. This applies to both school education and higher education. Such are Indian students trained right from their primary education that they never learn to question or innovate. Rote learning instils in students a sort of complacency for more than 12 years of education and they are unable to make the shift from un-questioning learners to innovators in the job market.

Lack of skill-based education: Skill-based education is another immediate need. Engineering students need to have hands-on training on the basis of the problems they are likely to encounter in the real world.  While the vast numbers of engineering students in the country study their textbooks, give their exams and collect their degrees, it is only when they encounter the real world problems do they realise their shortfall. By then, they have to take extra time in order to skill themselves or suffer unemployment.

Lack of exposure: Given that the end goal of technical education is a placement in a college, the amount of exposure given to students about the industry is also very little. It is not until the final year of their college that they begin to understand what the industry really wants. An early exposure to industry can give students an idea of what is relevant in the industry, which they can learn in their own time.

Lack of Career Counselling: Most people who score high in 12th take up engineering as a career, without realizing that good marks do not equal engineering aptitude. Due to this, many of such students are unable to “get” the concepts or secure a job. Over the years, the lucrative opportunities that a professional life in the technology industry has provided, has made engineering sciences the de-facto choice for graduate studies. Whether or not the student has the aptitude for the stream is not taken into account, resulting in uninterested engineering candidates, who haven’t taken to their subjects as much as they should have, making them irrelevant to the industry.

Lack of Proper Language skills: The Aspiring Mind Employability reports attributes the lack of English communicative skills, which they found in 73.63 per cent of candidates, and low analytical and quantitative skills, which they discovered in 57.96 per cent of candidates to be other main reasons for unemployment. Even the IT sector requires employers who are fluent and well versed in English, as within around two years of experience on the job, they would have to communicate with international customers. Thus, if the quality of engineering graduates do not improve, IT sector hiring will also go down.

Lack of Soft Skills: Soft skills have become very important in the present job industry, but they are routinely ignored in educational institutes. This is perhaps the trickiest issue. The lack of ability of the individual to deliver his views effectively at the interview leads to rejection of even the most brilliant candidate. This is because training institutes do not make an effort to ensure that the candidates develop their skills in a wholesome manner which can contribute towards client-handling and team communication skills.

Incapability to learn major subject in the respective stream: Most of the students who choose their stream as Computer science engineering will find it difficult to write a simple program. Student has to do 2 projects and submit in the final year semester. Instead of doing these projects on their own, they buy the project from coaching institutions submit it in the college.

I am sure you can think of so many more reasons why our engineering graduates are feeling the pinch of rising unemployment more than ever. These problems have been around for a while now and if they still haven’t changed, I don’t expect them to change either.

Note: This article is a result of a proper internet search and inputs from some my friends from academia and industry.
Sources: – HackerEarthIndia TodayQuoraQuora.

Share

Free Basics and Internet.org : The Mohini Trap by Facebook

3355da5f-2072-4e0c-aad0-7a555fca4a0c

The Facebook CEO Mr. Zuckerberg wants to create a better, more open and connected world for his new born daughter,  but in India he is facing a huge problem in achieving his goals because about 1 year ago when he launched internet.org and many netizens protested against it as it was against net neutrality. After this type of shocking response their marketing team derived a new way to make their boss happy and renamed it to “Free Basics” as they thought we Indians will never say  NO to something which is free. Well last week after a very huge debate on internet TRAI asked reliance to cease Internet.org services till any further decision.

Now, Facebook is aggressively marketing Free Basics to get it accepted by India’s Telecom regulator. They are publishing full page newspaper ads, TV ads roadside banners, even moving ads  and online ads. They stooped so low from their standards and started sending constant notifications to all their Indian Users to click a button which will send a mail to TRAI saying that you support ‘Free basics’.  They make their ads look like they are doing a favour for India through ‘Free basics’ and our evil government is stopping their good efforts. And, if you do not accept their nagging notifications, then they make it look like you are a bad person who doesn’t support ‘digital equality’ showing the list of your friends who support it. Here in fun fact ‘Digital Equality’ is a term coined by Facebook to confuse everyone that it is related is Net Neutrality.

Now coming to the point what exactly is free basics or internet.org? In my perception i think of Free Basics as Mohini Avatar of this digital generation and it is treating us (Indians) as Asuras (Daemons). Mr. Zuckerberg is acting as medium of communication to this Mohini Avatar is constantly telling everyone that Free Basics (Internet.org) is going to provide access to basics services like health, education, jobs and local government information and till date they brought billion people online by offering these services in Africa, Latin America and Asia. Similarly like Mohini told Devs and Asuras that she will distribute Amrita equally and everyone knows what happened there Smile with tongue out. By his words it looks like it’s going to change the world but Facebook is playing with us same as Mohini played with Asuras (Daemons).

What Facebook wants is our less fortunate brothers and sisters should be able to poke each other and play Candy Crush, but not be able to look up a fact on Google, or learn something on Khan Academy or sell their produce on a commodity market or even search for a job on Naukri.

1. Facebook Proxy Server: This is a serious privacy concern. Whatever you do on this platform will be known by Facebook. All traffic is routed to Facebook server before it gets forwarded to websites that integrate with this platform. Facebook can read your emails, userIds, passwords, messages, sites you browse, what you buy, what you read and every minute detail.

2. Easy for mass surveillance: All users data will be going over to Facebook servers. It becomes single point of integration for government to do mass surveillance. Even if you are not doing anything wrong, you are still going to be watched – all time.

3. No Google search: Bing is the only option for search. Users miss out the best search engine that opens up world. As I understand, if Facebook free basics only allow the websites that have been integrated, Bing search result will only show results from those websites. People will never ever will be able to search and get relevant content available widely. Instead of moving forward quickly, users may be locked 20 years back behind the world.

4. No video – No youtube: Think of a poor kid sitting in ruler area of country with access to Khan Academy videos think of his growth, Video is one of the best learning medium as it breaks the language barrier, but in Free Basics Videos are not available at all, presumably to conserve bandwidth so it can be retained for more important things like villagers sending each other Candy Crush requests.

5. Facebook’s approval for integration: Every website that needs to be part of free basics needs to submit their details to Facebook. Facebook may deny websites on various grounds. Imagine every website in world needs to submit to Facebook for approval? Facebook will be the bottleneck for website developers and for users too. Facebook can easily use free basics to create a false environment around you to believe in and trust that this is what Internet is. Building boundaries around Internet is like locking users in their house or town and believing it as world. Here are limited set of websites available for free basics user.

6. No Bank website Integration:  Indian government is promoting bank account for every Indian. People would like to transact and see check bank balance. Best medium to do this is using phone, however there is no bank or any secure service available on free basics. With Facebook-proxy service, I hope no bank will step to integrates with free basics and provide insecure access to bank account. Platform is so insecure to build any meaningful functionality use of it.

7. No other IM apart from Facebook messenger: Only facebook messenger available for chat. Zero competition for facebook.

8. Tight Integration requirements for website developers: To comply with free basics, websites that integrates with facebook has to follow below norms. This limits any website to integrate with free basics easily. Huge set of modifications are required which in turn takes development and testing cycles for companies to provide free service to Indian users – I bet, small and medium level companies will even think of supporting and maintaining their websites for this.

Net Neutrality – No way: Looking at all the above technical details, there is no thought given to Net neutrality by facebook. It’s purely facebook centric strategy to gain users and own their data.

Look at the above technical details and relate them to Mohini Avatar and what it did to Asuras, It cheated them by giving false visuals and tried to gain there attention then caused them to kill themselves, She even convinced Bhasmasura to set himself on fire that exactly what Facebook is doing giving false visuals about internet.org and telling us that our friends are supporting we should support it too. (Setting Ourselves on Fire)

India is the epicentre in the digital “Imperial Race” to get next 1 billion users on mobile, the only place left to get them is India, as other place China has successfully retained it’s strategic control and protected it’s future wealth by blocking Facebook, Google and many such services since very beginning. China also gave timely support to build it’s own local alternatives and is engaging with rest of the technology world at it’s own terms. India can not do the same because in our 70 years of freedom we totally ignored our primary education system because of which large swathe of our country is still riddled in caste, superstitions and religious insularity. We also forgot to build our own base for scientific discoveries and inventions.

In their ads, they’ve been claiming they want to bring “digital equality” when they’re actually bringing digital slavery or digital apartheid to our poor.

Facebook says it is doing this out of some charitable aim to get more of India online. (As though spending a large portion of your India revenues on full page ads pushing a so-called charity is apparently charity.) It’s obviously business.

Dear Mr. Zuckerberg i love your idea of data for charity, but if you really mean to do charity then offer something that is the entire internet to people, not just your chosen sites. Like say 500mb a month free to every Indian”. You can, but no, you won’t do that. You want use our government’s bandwidth to get our poor using Facebook with no other real option in sight.

So let’s sum it up.

Yes, as Internet Right Activist i am against Facebook’s attempt to disconnect Indians from the full internet. Yes, I am opposed to the digital apartheid they want to bring about, giving the poor only Facebook but denying them other sites.

And yes, I’ll be happy if they just gave data free, without terms and conditions – after all, it’s our wireless network they want to offer their service on. It has to work for us the people of India, not just for the owner of Facebook.

There are many other reasons why Facebook Free Basics Digital Apartheid is bad. It’s bad for entrepreneurs – your business can’t be discovered by these new potential users on the internet till you advertise on Facebook. The same goes for big businesses.

Also, if Facebook is allowed to get away with this then every other company will offer it’s own “free Basics” with other sites and we will grow up as a fractured country, unable to speak with each other because we are all on different, unconnected micro-networks.

I am happy to support any effort that brings the full and unfettered internet to as many Indians as possible, as cheaply as possible. This is not that effort.

And in Real world there is no such thing as free lunch.

Free Basic means ‘Free Basic users for Facebook’ and NOT ‘Free Basic Internet for poor’ and If you dictate what the poor should get, you take away their rights to choose what they think is best for them.

So if you don’t want to fall in trap of this Mohini Avatar visit http://www.savetheinternet.in and send an e-mail to TRAI saying not to approve FREE BASICS.

Source:  Quora, Mahesh Murthy LinkedIN

Share

Boost Your Confidence like Tony Stark

By Posted on 1 Comment7min read49 views

While Batman and Spiderman hide behind a mask, Iron Man wants the world to know that Tony Stark is the man in the suit. He’s a character who the world can relate because he’s not the perfect character as many Super Heroes are depicted. He has his flaws like the average person yet has built an empire that reflects his personality and passion for his craft.

When it comes to Tony Stark, the man oozes with the combination of many traits that result in a great leader. Self confidence is one trait that Iron Man has that can be seen throughout every scene. His self-confidence is the difference between his sense of being unstoppable and the being scared out of your wits in the face of controversy. The way Tony Stark carries himself has a direct impact on how we as the viewers perceive him. Whether it’s his dress, his demeanour or his witty comebacks – Our perception is his reality (in a fictional sense).

Here are a few things that you can do to start building your self confidence to the level of Tony Stark. Some of this may sound robotic but it’s quite the opposite, take these tips and inject them with your personality, your style and your voice. At the end of the day to be self confident you have to be comfortable with who you are and who you are trying or striving to become.

Tip #1: Talk Slower

Many people rush their words because they don’t want someone to have enough time to judge their thoughts. They think that the faster they talk the faster they will be able to connect with the person or the crowd they are talking to. They hope that by keeping the crowd on the edge of their seat with their speedy insights and thoughts they will be able to keep their interest. In reality however, it simply gives the perception of nervousness.

Three words: Slow. It. Down. When you talk slower, you will appear to be more smooth with your conversations. Think about Tony Stark in conversations, he embraces what many would call an awkward silence and strategically injects his presentations and speech with dramatic pauses.

Tip #2: Control Your Reactions

A lot of people allow their emotions to get the better of them in high stake situations. Rather than making sudden and instant decisions, control your reactions and make the appropriate decisions later if necessary. Most importantly, never let your emotions get the best of you and make you do something that you will regret later on. Controlling the way you react to situations is a difficult task and requires some inner conversations and habit building.

You must identify the smallest things such as the right times to laugh, the right times to frown and even the right times to walk away. It’s the combination of having complete control over your mind to ensure that your body acts and behaves in the way you know is strategically appropriate. This may sound very calculated and trivial but it’s important. You must control your nervous chuckle, your fidgeting and if necessary, get professional help for your nervous stutter. To ooze confidence you must have complete control over your body, mind and spirit.

Tip #3: Think of Dying

The more you think about loss of lifestyle, the more you think about how useful your some time to energy is on this world. When you identify and accept the idea that daily could very well be your last should be enough time you recognize it’s a chance to really like yourself and do what exactly is best for you. Upon considering loss of lifestyle you begin to do factors that you truly want to do and take threats that you would not take if you considered that you had permanently to decide. Death is the biggest indication for each and everyone of us to get out and actually stay. Do something value doing and stay a lifestyle value residing.
As you begin pursuing a desire and begin doing more of what you want and less of what community desires of you – The more assured you will become. You will understand that the only distinction between you and anyone else is what you have done and what you are going to do. Everyone has the same quantity of time in a day, everyone has the same quantity of times weekly. It’s how you use those time and times that will illustrate and figure out what kind of heritage you keep behind. If you endeavour to keep a heritage, you will most certainly be assured. Positive about yourself and assured in your objective of making a heritage. Know Your.Do something worth doing and live a life worth living. Steve Paul Jobs may have put its best

Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because almost everything — all external expectations, all pride, all fear of embarrassment or failure – these things just fall away in the face of death, leaving only what is truly important. Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose. You are already naked. There is no reason not to follow your heart.

Tip #4: Identify Your Strengths and Weaknesses

Self Awareness | How to Build ConfidenceSelf Awareness is not only a key to success but it’s also the key to confidence. If you don’t know what you’re bad at, you can’t truly understand what you’re actually good at. More than anything, it’s important to identify what you’re good and bad at and what you hate or enjoy doing. If you’re horrible at public speaking but love doing it – This is one of those weaknesses you should strive to improve. If you’re horrible at content marketing or the understanding the art of the hustle and have no interest in it what-so-ever, then don’t focus on it. Focus on things that you’re either interested in or already good at. Ignore the things that will not contribute to getting you where you want to be and focus on those things that will. This is a chart that really frames up what you should and shouldn’t be focusing on.

Tip #5: Embrace Praise & Criticism

This one is difficult but something that those who are successful have perfected. While it’s easy to embrace praise and support it’s much more difficult to deal with criticism. Both have their complexities which result in or give the perception of a lack of self-confidence. When someone gives you praise it’s easy to dismiss the compliment and not take it as something sincere or meaningful. It’s easy (and wrong) to discredit the positive but hang onto every single word when someone expresses something negative. We assume that the person expressing the compliment was simply being nice or that they are inexperienced and didn’t notice all the mistakes. Sure, sometimes this can be true but for the most part it’s not. In fact, for the most part you deserve the praise you receive and need to embrace it.

Embrace negativity as well. The biggest issue with negative feedback is that it’s often difficult to differentiate between constructive criticism (the good stuff) and destructive criticism (the haters). Once you can identify the difference you will notice the benefits of both. Constructive criticism is great for actually making improvements to yourself or your business. Some constructive criticism is extremely valuable while others are simply one persons opinion. The destructive criticism has no value and is simply someone who doesn’t want to see you succeed or is being negative. Instead of watching what they say, count how many of them you have. I haven’t done the statistical analysis yet but I have a feeling the more successful you are – The more haters you have (tweet this idea).

Tip #6: Dress to Impress

Clothes may not make the man but they most certainly play a role in how you feel. A lot of people when they first start their career are strapped for cash and don’t have the budget to pay for the nicest clothes. I understand this and have been in that situation before. That said, I’m here to tell you that the way you dress and your appearance can take you a long way. Even if you’re going to an Ugly Christmas Sweater party you can set yourself a part by rocking just the right cardigan or pullover. Never under estimate the importance of style.

If you’ve watched Iron Man you will notice that Tony Stark is typically wearing a stylish suit, an iron suit or a designer t-shirt. Now, I’m not saying you have to throw all your graphic tees in the garbage or your favourite baseball cap in the dump. All I’m saying is that it’s important to dress to impress and understand the ROI of dressing well. Not only will it improve the way people perceive you, it will also make you feel better about yourself. Create your own style. Be comfortable but don’t dress like you just rolled out of bed. At a certain stage, it’s time to stop shopping at Hollister and time to start wearing something that screams confidence and not “I did a Keg Stand last night.”

Wrap Up

So there you have it, if you can exercise these tips you will be six steps closer to creating your very own Stark Industries. Yet we can’t forget the most important part of this entire puzzle. Tony Stark is confident because he has the resume to back it up. It’s great to be confident in yourself but you must also put in the hours to become a true expert in your craft.

Understand your industry, understand your role and understand what you’re looking to become. At the end of the day, developing self-confidence can help lead you into a role of great power, but as Uncle Ben said, with great power comes great responsibility. Oops 

Source: Shubham’s Blog , Ross Simmonds

Share