Newsletter #13 - June 4, 2024

SecureMyKnowledge

Author

Aseem Shrey
June 04, 2024

SecureMyKnowledge

Hello there! 👋 
So now that you got the fundamentals down and other basics of Cyber Security, you might be itching to try out what you’ve learned but where do you try it?

Whether you're a seasoned IT professional or aspiring tech enthusiast, having a home lab can be an invaluable tool for learning, experimentation, and building your skillset. It provides a safe and controlled environment to practice, test configurations, and explore new technologies without risking your personal data or disrupting your daily workflow.

This 5 minute read will equip you with the knowledge and give you an idea to create your own secure and effective home lab.

So, are you ready to dive in? Let's get started!

🧑‍🏭 Jobs & Internships

  1. Jio is seeking a Technical Individual Contributor for application security assessments (web/mobile apps, APIs, cloud, IoT, thick client), penetration testing, secure code reviews, and DevSecOps automation. Requires 3+ years in app security, proficiency in relevant frameworks/tools, excellent communication, BE/B.Tech/MCA degree. Preferred certifications: CEH, LPT, ECSA, OSWE, EWPT, OSCP.

  2. Deloitte is looking for VAPT Professionals to lead Cyber Security Assessment projects, perform penetration testing, secure code reviews, and network security architecture reviews. Requires B.Tech/MCA, 3+ years in cybersecurity, proficiency in security tools (Kali Linux, Nessus), scripting (Python, Shell), and knowledge of encryption, PKI, and data protection technologies.

  3. The Walt Disney Company needs a Cyber Security Engineer to maintain enterprise-wide information security, identify risks, lead incident responses, and mentor staff. Requires 5-10 years' experience, CISSP, Microsoft Azure Security AZ-500, knowledge of vulnerability scanning, penetration testing, and Microsoft cloud security solutions. Excellent communication, analytical skills, and ability to manage multiple projects.

  4. Oracle is hiring Penetration Testers to conduct penetration testing, research attack methods, develop automation scripts, and secure Oracle SaaS applications. Requires 5-10 years' experience, TS/SCI clearance, proficiency in Linux, Python, Bash, BurpSuite, Nessus, Metasploit, relevant certifications (OSCP, CISSP), and familiarity with CVEs. Work part-time in SCIF locations.

  5. Digital Ocean needs a Senior Penetration Tester to lead internal ethical hacking function, perform penetration testing, manage bug bounty program, and cultivate security culture. Requires 5+ years' experience, expertise in web app and network pen testing, familiarity with various vulnerability frameworks, and ability to partner with engineering teams.

🔏 Last Week in Cyber Security

Join our Discord to get more news in the Security Domain. 🛡️

BBC Pension Scheme Data Breach Exposes Personal Information
The BBC is notifying over 25,000 current and former employees after a data breach compromised their personal information, including names, dates of birth, and National Insurance numbers. The breach did not affect financial details or pension portal access. The BBC is offering credit monitoring and is investigating the incident.

Okta Warns Customers of Credential Stuffing Attacks Targeting CIC Cross-Origin Authentication
Okta identified credential stuffing attacks targeting the cross-origin authentication feature of their Customer Identity Cloud (CIC). In these attacks, attackers bombard login pages with username and password combinations stolen from previous data breaches. Okta has informed potentially affected customers and recommends reviewing tenant logs for suspicious activity. To mitigate future attacks, Okta advises using passwordless authentication or implementing strong password policies with multi-factor authentication (MFA). This is the second time in two months Okta has warned customers about credential stuffing attacks.

Hacker Helps Recover Lost $3 Million in Bitcoin Using Flaw in Old Password Manager
A crypto owner lost access to $3 million in Bitcoin due to a corrupted file containing the password. A famed hacker, initially hesitant, eventually helped recover the funds by exploiting a flaw in the password manager used to generate the password. This flaw allowed them to guess the password by narrowing down the timeframe it was created. The password manager has since fixed the flaw, but users who haven't changed their passwords may still be vulnerable.

Setting Up a Secure Home Environment for Practice:

Before we delve into the specifics of setting up your home lab environment, it's crucial to establish a strong security foundation. Here, we'll discuss three key principles that will create a safe and controlled space for your practice:

  1. Dedicate Hardware: While it's possible to create a virtual lab using software like VirtualBox (which we'll discuss shortly), having dedicated hardware for your home lab can provide better performance and flexibility.

  2. Network Segmentation: Consider setting up a separate network or VLAN for your lab environment to isolate it from your primary network and minimize the risk of accidental exposure to vulnerabilities or attacks.

  3. Backup and Restore: Implement regular backups of your lab environment to safeguard against data loss or system corruption. Having a reliable backup solution in place ensures you can quickly restore your lab to a known good state if needed.

CSI BEST PRACTICES FOR SECURING YOUR HOME NETWORK

Here’s a reading on CSI’s best practices for securing your home network.

Virtualization Software for Creating Test Environments:

Now that we've established a secure foundation for your home lab, let's explore the tools that will bring your practice environments to life: virtualization software. These programs allow you to create virtual machines (VMs) on your existing computer, essentially simulating separate computers with their own operating systems and software. This provides a safe and efficient way to test various configurations and applications without affecting your main system.

What is a Virtual Machine?

In its simplest form, a virtual machine, or VM, is a digitized version of a physical computer. Virtual machines can run programs and operating systems, store data, connect to networks, and do other computing functions. However, a VM uses entirely virtual resources instead of physical components. 

These are some of the Virtualization Softwares that you can use:

  1. VirtualBox: A free and open-source virtualization platform that allows you to create and run virtual machines (VMs) on your computer. With VirtualBox, you can set up multiple VMs to simulate different operating systems, network configurations, and software environments for testing purposes.

  2. VMware Workstation Player: Another popular option for virtualization, VMware Workstation Player offers features like snapshotting, which allows you to capture the current state of a VM and revert to it later if necessary.

  3. Hyper-V: If you're using Windows 10 Pro or Enterprise, you can leverage Hyper-V, Microsoft's native hypervisor, to create and manage virtual machines on your system. Hyper-V provides robust performance and integration with Windows environments.

Free Security Tools for Practicing Skills:

  1. Metasploit Framework: An open-source penetration testing platform that enables you to discover, exploit, and validate vulnerabilities in networks and systems. Metasploit offers a range of modules for various stages of the penetration testing process.

  2. Wireshark: A widely-used network protocol analyzer that allows you to capture and inspect network traffic in real-time. Wireshark helps you understand network protocols, troubleshoot connectivity issues, and analyze security incidents.

  3. Nmap: A powerful network scanning tool that allows you to discover hosts and services on a network, identify open ports, and detect potential security vulnerabilities. Nmap is commonly used for network reconnaissance and security assessments.

Try this quiz to see how much you know about Cyber Security!

Cybersecurity Basics Quiz

As a small business owner, you understand the importance of cybersecurity, but you may not know where to begin. Let’s start with cybersecurity basics.

Building your own home lab can create a safe and controlled environment for practicing cybersecurity skills, experimenting with tools, and gaining hands-on experience. Whether you're a beginner looking to explore the basics or an experienced professional seeking to refine your techniques, a home lab can be an invaluable resource on your cybersecurity journey.

This wraps up our SecureMyKnowledge for this week and we hope to bring you more useful information in the following weeks! ✋😁 

Reply

or to participate.