Cyber Security

Computer security, cybersecurity or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

02. Scanning | CEH Short Notes

02. Scanning | CEH Short Notes

September 4, 2024 Note: CEH v12 & v11 exams are literally the same Continue reading on Medium » Article posted by: https://medium.com/@umair-villanio/02-scanning-ceh-short-notes-47900fe741fc?source=rss——cehv12-5 ——————————————————————————————————————– Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 Maharashtra, India Contact us – https://www.infocerts.com

01. Reconnaissance | CEH Short Notes

August 30, 2024 Summary of CEH Reconnaissance Module. Just what you need to know for the Exam. Continue reading on Medium » Article posted by: https://medium.com/@umair-villanio/01-reconnaissance-ceh-short-notes-d44e81a33a30?source=rss——cehv12-5 ——————————————————————————————————————– Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 Maharashtra, India Contact us – https://www.infocerts.com

Money Box| VulnHub Walkthrough by Krish Sheth.

Money Box| VulnHub Walkthrough by Krish Sheth.

August 24, 2024 In this walkthrough, we’ll tackle the MoneyBox machine from Offensive Security’s Proving Grounds. This medium-difficulty machine is a… Continue reading on Medium » Article posted by: https://medium.com/@krishsheth23/money-box-vulnhub-walkthrough-by-krish-sheth-eac85efa3c17?source=rss——cehv12-5 ——————————————————————————————————————– Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 Maharashtra, India Contact us – https://www.infocerts.com

Introducing TAXII 2.1 and a fond farewell to the TAXII 2.0 Server

As mentioned in our 2024 Roadmap and the v15 release blog, we’re excited to introduce our new TAXII server and the latest addition to the ATT&CK Workbench software suite: the MITRE ATT&CK Workbench TAXII 2.1 Server. We’ve open-sourced the TAXII 2.1 code on GitHub, allowing you to set up your own servers within your organization and contribute to its improvement.

While you’re diving into the new 2.1 server, don’t forget: our TAXII 2.0 server is retiring on December 18.

To continue receiving updated ATT&CK data, you’ll need to migrate from cti-taxii.mitre.org to attack-taxii.mitre.org. However, this migration may involve more than just a URL change. Given the transition from STIX 2.0 to STIX 2.1, the complexity of your migration will depend on how deeply your applications are integrated with STIX 2.0. We recommend assessing the impact on your systems and planning your migration accordingly.

Getting Started with TAXII 2.1

Ready to explore the MITRE ATT&CK Workbench TAXII 2.1 server?

Why TAXII 2.1?

We know the ATT&CK community has relied on our public TAXII 2.0 server, but it had issues like frequent outages. The TAXII 2.1 server addresses these problems with a more reliable and smooth experience. It’s built for scalability and stress-tested with real-world benchmarks from TAXII 2.0, ensuring you’re less likely to face major outages. Additionally, the new server introduces pagination, which was missing in TAXII 2.0. This means you can fetch smaller chunks of data instead of the entire ~20 MB STIX collection, speeding up the process and reducing data transfer costs.

A critical update to note is that our TAXII 2.1 server will exclusively host STIX 2.1 content moving forward. This change is part of our long-term strategy to shift away from STIX 2.0, aligning with the latest standards.

The new TAXII 2.1 server is also more powerful and capable than the previous version. We designed it to smoothly integrate with Workbench, making CTI management as seamless as possible. If you’re already using the ATT&CK Workbench in your CTI workflows, you can easily edit and maintain CTI data without needing additional tools. The TAXII 2.1 server integrates with the ATT&CK Workbench software suite, and can automatically synch with the Workbench REST API (the Workbench “back end”).

Workbench users can add objects, STIX collections, and bundles, and the TAXII 2.1 server will automatically make them available via its REST API. You don’t need to change your editor workflows — just bring the TAXII 2.1 server online in your Workbench container stack, and it will sync every 30 minutes by default (administrators can adjust this if needed). TAXII 2.1 is also optional, and you can continue using Workbench as usual without it.

Of note, the TAXII 2.1 specification outlines two “sharing models” for TAXII server implementations:

  • The Collection model, where the TAXII server allows producers to host a set of CTI data that can be requested by consumers: TAXII Clients and Servers exchange information in a request-response model.
  • The Channel model, where the TAXII server uses the publish-subscribe pattern to allow producers to push data to many consumers and consumers to receive data from many producers.

Given that Channels are still loosely defined in the TAXII specification, we decided to only implement the Collections model outlined in the TAXII 2.1 specification. However, we are open to adding support for a pub-sub model in future releases.

A Brief Guide to Accessing Threat Intelligence Data

With the new TAXII 2.1 server, you can still access your cyber threat intel in STIX format through the publicly accessible REST API, just like its predecessor (cti-taxii.mitre.org) that’s been around for over 6 years. Even though this server has some sophisticated functionality, querying it is actually pretty simple. This following guide will show you the basics and help you easily get the threat intelligence data you need.

With TAXII 2.1 running on a RESTful API model and using standard HTTP requests, you can connect to the server using any HTTP client you like. This includes popular tools like curl, wget, httpie, or Postman. This flexibility allows you to seamlessly integrate TAXII 2.1 queries into your existing workflows and tools.

Let’s dive into how to structure these requests and interpret the responses.

Importantly, all TAXII 2.1 requests require a special Accept header:

GET /taxii2/ HTTP/1.1 Accept: application/taxii+json;version=2.1 Host: attack-taxii.mitre.org

Here is an example of setting the Accept header using the curl tool:

curl --request GET 
--url https://attack-taxii.mitre.org/taxii2/
--header ‘Accept: application/taxii+json;version=2.1’

The request above sends a request to the TAXII server’s Discovery endpoint, which returns a list of available API roots that the TAXII server offers. Each API Root is the “root” URL of that particular instance of the TAXII API. Our TAXII server only hosts one API Root, which we can see clearly from the response body:

{ 
"title": "MITRE ATT&CK TAXII 2.1",
"description": "This API Root contains TAXII 2.1 REST API endpoints that serve MITRE ATT&CK STIX 2.1 data",
"default": "api/v21",
"api_roots": [
"api/v21"
]
}

Great! Now that we have the API Root, let’s see if we can query for a list of available TAXII Collections:

curl --request GET   
--url https://attack-taxii.mitre.org/api/v21/collections/
--header 'Accept: application/taxii+json;version=2.1'

The response should look something like the following:

{
“collections”: [
{
“id”: “x-mitre-collection — 1f5f1533-f617–4ca8–9ab4–6a02367fa019”,
“title”: “Enterprise ATT&CK”,
“description”: “ATT&CK for Enterprise provides a knowledge base of real-world adversary behavior targeting traditional enterprise networks. ATT&CK for Enterprise covers the following platforms: Windows, macOS, Linux, PRE, Office 365, Google Workspace, IaaS, Network, and Containers.”,
“canRead”: true,
“canWrite”: false,
“mediaTypes”: [
“application/taxii+json;version=2.1”,
“application/taxii+json”
]
},
{
id”: “x-mitre-collection — 90c00720–636b-4485-b342–8751d232bf09”,
“title”: “ICS ATT&CK”,

},
{
“id”: “x-mitre-collection — dac0d2d7–8653–445c-9bff-82f934c1e858”,
“title”: “Mobile ATT&CK”,

}
]
}

The response lists three objects that match the main ATT&CK domains: Enterprise, Mobile, and ICS. Of note, TAXII Collections and STIX Collections are different concepts — with TAXII Collections operating as versatile containers for CTI objects. For our MITRE ATT&CK TAXII server, we’ve mapped each TAXII Collection directly to an ATT&CK domain. This means querying a TAXII Collection from our server provides data from just one domain, simplifying the user experience and aligning with the ATT&CK framework. While this mapping isn’t required by the TAXII protocol and other servers may organize collections differently, we chose this method to make our server more intuitive for the ATT&CK community.

Now that we have our API Root and the available TAXII Collections, we’re ready to retrieve some CTI objects:

curl --request GET 
--url 'https://attack-taxii.mitre.org/api/v21/collections/x-mitre-collection--dac0d2d7-8653-445c-9bff-82f934c1e858/objects?limit=100'
--header ‘Accept: application/taxii+json;version=2.1’

This request sends a request for the first 100 objects from the Enterprise ATT&CK collection. The response should look something like this:

{
“more”: true,
“next”: “1”,
“objects”: [←100 →]
}

If the ‘more’ property is set to true and the ‘next’ property is populated, then the client can paginate through the remaining records using the ‘next’ URL parameter along with the same original query options. So, we can request the second page of 100 objects by simply adding the ‘next=1’ query parameter to the original request:

curl --request GET   
--url 'https://attack-taxii.mitre.org/api/v21/collections/x-mitre-collection--dac0d2d7-8653-445c-9bff-82f934c1e858/objects?limit=100&next=1'
--header 'Accept: application/taxii+json;version=2.1'

What’s Next for ATT&CK Workbench TAXII 2.1

We believe the release of the MITRE ATT&CK Workbench TAXII 2.1 server is a big step forward for threat intelligence sharing — and we have even more exciting integrations on our roadmap to make the TAXII experience even smoother:

  • Workbench UI indicators that signal whether an object or collection is actively being shared through TAXII;
  • Workbench UI toggles that allow users to pause (or enable) the sharing objects and collections with TAXII;
  • Workbench role-based access controls (RBAC) for TAXII administration.

Stay tuned for more updates and enhancements as we continue to evolve our tools!

©2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24–00195–2.


Introducing TAXII 2.1 and a fond farewell to the TAXII 2.0 Server was originally published in MITRE ATT&CK® on Medium, where people are continuing the conversation by highlighting and responding to this story.

Ethical Hacking: The Conscience of the Digital Age

August 21, 2024 In an era dominated by digital transformation, where the lines between the physical and virtual realms are increasingly blurred, the… Continue reading on Medium » Article posted by: https://medium.com/@community.vahid/ethical-hacking-the-conscience-of-the-digital-age-4fbcbf422826?source=rss——cehv12-5 ——————————————————————————————————————– Infocerts, 5B 306 Riverside Greens, Panvel, Raigad 410206 Maharashtra, India Contact us – https://www.infocerts.com

Cryptographic Basic Concepts Knowing the Cryptographic Concepts

August 6, 2024 Here’s a presentation in English on the content of Cryptographic Basic Concepts: Knowing the Cryptographic Concepts: Cryptographic Basic Concepts: Knowing the Cryptographic Concepts This module explores the fundamental principles of cryptography, a cornerstone of modern information security. It covers the following key areas: Introduction to Cryptography: Definition and importance in cybersecurity Historical …

Cryptographic Basic Concepts Knowing the Cryptographic Concepts Read More »

CEH MASTER Module 13 Web Application Attacks

August 6, 2024 Module 13 – Web Application Attacks Topics in This Chapter: GUI Web Hacking URL-Based Attacks Common Web Application Vulnerabilities Web Application Attack Tools Google Hacking Methods to Enhance Web Security Web Password Cracking Techniques Web applications are programs that run on web servers like http://vncert.gov.v/ and are categorized by their functions such …

CEH MASTER Module 13 Web Application Attacks Read More »

Cryptographic Basic Concepts Using Steganography

August 6, 2024 Cryptographic Basic Concepts Using Steganography Cryptographic Basic Concepts Using Steganography: Security+ Practice Lab This lab introduces fundamental cryptographic concepts through the lens of steganography, a technique for hiding information within other non-secret data. Participants will explore key principles of information security, including confidentiality, integrity, and authentication, while learning how to conceal messages …

Cryptographic Basic Concepts Using Steganography Read More »

CEH MASTER Chapter 2 Footprinting & Reconnaissance

August 6, 2024 FOOTPRINTINGInformation Gathering Process Competitive IntelligenceNslookup and DNSstuffFinding the Target’s IP AddressDNS RecordsTracerouteEmail TrackingWhat is a Web Spider?RECONNAISSANCE Information Gathering Process FOOTPRINTING The first step in the attack process is gathering information about the target from publicly available data on the internet. This can be done using online applications like Whois, Domain Check …

CEH MASTER Chapter 2 Footprinting & Reconnaissance Read More »

CompTIA Pentest+ (PT0-002) – Lesson 16: Performing Post-Exploitation Pivoting and System Penetration

August 6, 2024 CompTIA Pentest+ (PT0-002) – Lesson 16: Performing Post-Exploitation Pivoting and System Penetration Guide on Performing Post-Exploitation Pivoting and System Penetration Objectives: When given a scenario, research attack vectors and perform network attacks. When given a scenario, perform post-exploitation techniques. Explain the use cases of the following tools in the phases of a …

CompTIA Pentest+ (PT0-002) – Lesson 16: Performing Post-Exploitation Pivoting and System Penetration Read More »

Open Whatsapp chat
Whatsapp Us
Chat with us for faster replies.