Cyber Kill Chain use areas

How Cyber Kill Chain Can Be Useful for a SOC Team? (Part 2)

Installation: At this stage, SOC analysts are advised to deploy a Security Information and Event Management (SIEM) and Host-Based Intrusion Detection System (HIDS) to detect attacks. To deny an attack, Cyber Kill Chain recommends using Two-Factor authentication, strong password, and privilege separation as well as disrupting attack using data execution prevention. If the attackers successfully penetrate corporate critical IT infrastructure, SOC teams must contain them in a timely fashion to mitigate damages. To this end, Cyber Kill Chain recommends employing Inter-Zone Network Intrusion Detection System, App-aware firewall, and trust zones.

Continue reading

The most famous buffer overflow attacks

Buffer Overflow Attack Prevention

Introduction

Buffers are regions of memory storage that temporarily store data while it’s being transferred from one location to another. A buffer overflow, also known as a buffer overrun, takes place when the volume of data is more than the storage capacity of the memory buffer. Resultantly, the program that tries to write the data to the buffer replaces the adjacent memory locations. If a user enters 10 bytes, that is 2 bytes more than the buffer capacity, the buffer overflow occurs. This problem generates a security breach in the system. For example, log-in credentials take 8 bytes in the memory buffer to write username and password.

Continue reading