Malcom: https://github.com/idaholab/Malcolm
EmberOT OT PCAP Analyzer: https://www.emberot.com/ot-pcap-analyzer
Industrial Control Systems Network Protocol Parsers (ICSNPP): https://github.com/cisagov/ICSNPP
RunZero Community Edition: https://www.runzero.com/pricing/
Network Miner (supports Modbus, IEC-104, and hardware from ABB, Allen-Bradley, Modicon, Moxa, Phoenix Contact and Siemens): https://www.netresec.com/?page=Networkminer
GRASSMARLIN: https://github.com/nsacyber/GRASSMARLIN
Identity thieves can do a lot with your identity. Here are some different freezes you can apply to protect yourself from fraud. The best part? Freezes don’t cost a thing.
Click each link to go to the relevant “freeze your credit/information” page.
| Equifax | One of the three major credit bureaus |
| Experian | One of the three major credit bureaus |
| TransUnion | One of the three major credit bureaus |
| Innovis | Another credit bureau |
| Bank Security Freeze | Identity thieves can open fraudulent bank accounts. A bank security freeze prevents this. |
| Utilities Security Freeze (NCTUE) | Identity thieves can open utility accounts in your name, leaving you with the bill |
| Employment Data Freeze (E-Verify) | Identity thieves can obtain employment with your ID, leaving you to pay the taxes |
| Employment Data Freeze (Equifax) | Second database used for employment |
| Child Credit Freezes | Identity thieves may apply for credit using children’s identities because they are rarely monitored |
| Tax ID PIN | Identity thieves can file your taxes for you, and get your refund. An Identity Protection PIN (IP PIN) helps prevent this. |
Additional Resources: https://www.consumerlawfirm.com/credit-reporting-agencies.htm
I’m studying for a Master of Science in Information Security Engineering. Upon digging into packet headers, I realize that, while many “cheat sheets” exist to break down various packet headers, I can’t find any that I really like.
So, I made my own TCP/IP packet breakdown.
I hope it helps you in your quest to better understand TCP/IP.
So, you’re going to Defcon!
If you plan on using your laptop while you’re there, in addition to a number of other safety measures, I recommend forgetting all wifi networks before you go.
Why?
Because your internet-addicted laptop will be beaconing out for familiar access points all the while you’re there, and miscreants and evil-doers can use this to their advantage to trick your device into connecting to their not-so-innocent WiFi access points.
Here’s how it works.
When your laptop (or phone, for that matter) is not connected to WiFi, it’s constantly looking for a known access point (such as the one in your basement or at your mom’s house) to connect to. It does this by sending out a beacon once every 30 seconds or so, saying, “Hey, FBISurveillanceVan, are you there?” When you’re at home and your wireless router hears this, it responds, “Yes, I’m here! Let’s connect!” Your device then connects to your access point, and – viola, you have internet.
Now, normally this is all fine and well. However, troublemakers can configure a malicious access point to respond to any beacon, claiming to be the access point in question. Your device will then connect to it, allowing the attacker to hijack your connection and do malicious things, such as spying on your network traffic (or even injecting some of their own).
Now, manually forgetting all 50+ saved networks on your laptop will be time-consuming and annoying, but what will be even more annoying is having to reconnect to all of your favorite hotspots when you return home.
To solve this problem, I created a PowerShell script that you can use to back up, forget, and restore all WiFi networks saved on your laptop (Windows only – sorry, Mac users).
You can find it on my GitHub here.
It’s pretty self-explanatory; run it with -Backup to back up all your saved networks, use -Wipe to forget all saved networks, and then use -Restore to restore all your previously backed-up networks after you return home.
Problem, solved.
If you encounter any problems or have any feedback regarding the script, leave a comment and let me know!
Note: I received inspiration for this blog post while taking SEC530 from SANS Technology Institute; I describe this class as a comprehensive “Cyber Defense 101” class where you learn about everything you need to know to be a good cyber defender. It’s one of the more difficult classes I’ve taken so far due to the vast array of topics discussed; however, it’s also very well organized, which makes it more digestible. I recommend this class for anyone who is serious about becoming a cyber defender.
TL;DR: Check out my script on GitHub here.
On occasion, you may find the need to backup, restore, or transfer saved wireless networks from one Windows device to another. Whether you’ve gotten a new laptop that needs to be reconnected to your favorite hotspots or you simply want to back up your saved networks in case of need, this can be done with tools built right into Windows using a series of simple commands.
The first thing you’ll want to do is create a new folder to keep the backup files organized in as each network will be backed up to its own file. For example, you may want to create a backup folder on your desktop, like so:
mkdir C:\Users\%username%\Desktop\WifiBackupTo back up a single network to a file, run the following command, replacing “FBISurveillanceVan” with the name of your WiFi network:
netsh wlan export profile "FBISurveillanceVan" key=clear folder="C:\Users\%username%\Desktop\WifiBackup"Or, to back up all saved networks on your device, use this command:
netsh wlan export profile key=clear folder="C:\Users\%username%\Desktop\WifiBackup"Restoring WiFi networks to a device which have been backed up in this manner can be restored using the following command, again replacing “FBISurveillanceVan” with the name of your WiFi network:
netsh wlan add profile filename="C:\Users\%username%\Desktop\WifiBackup\Wi-Fi-FBISurveillanceVan.xml" user=currentUnfortunately, if you have multiple backups you need to restore, they must be restored one at a time and cannot all be restored with a single command. Thankfully, a few lines of code and a simple loop can fix this problem for us.
To restore multiple WiFi networks at once, open a PowerShell window and run the following command:
$DesktopPath = [System.Environment]::GetFolderPath([System.Environment+SpecialFolder]::Desktop)
$Files = Get-ChildItem "$DesktopPath\WifiBackup"
foreach ($File in $Files){
netsh wlan add profile filename="$($File.fullname)" user=current
}While this method works, it’s still just a tad bit too manual for me, which is why I created a Manage-WiFiNetworks.ps1 script, available on my GitHub. Using this script, you can simply specify the -Backup parameter to backup all networks, and the -Restore parameter to restore previously backed-up networks.
Additionally, if you want to forget all saved networks (such as before going to Defcon), you can do so with the -Wipe parameter (just be sure to back them up first.)
for i in {1..1024}; do nc localhost $i -zv; done 2>&1 | grep Connected | sed 's/.:(.)./\1/g'
$ for i in {1..1024}; do nc localhost $i -zv; done 2>&1 | grep Connected | sed 's/.:(.)./\1/g'
22
80
443
Create a DR/BCP Plan and test it annually, including a test of your backups/restore
Create a scheduled access and privileged audit of all your critical systems every 3 or 6 months, so making sure all leavers are disabled and there are no extra admins etc
Have a solid asset database for physical assets and who owns them, serial number etc Asset list for servers including how they are backed up, physical/vm, what they are used for, services they run, are they critical etc
Digital asset list for all of the software programs that your users use, including who has admin, the type of data that they hold, if it is critical to the business etc
Make sure your user base takes cyber awareness training
Create a daily checklist of things to be checked like admin logs, alerts, emerging threats, backups, and create an escalation process. Audit to make sure it is getting done regularly.
Create a change management system
Setup a base policy set like acceptable use, BYOD, Password policy, Information Technology policy (goes over guidelines for your IT team), remote work, physical security, clear desk policy, employee handbook etc
Document physical security at your location/s for deliveries, guests, cameras, card pass logging etc
Document and check your onboarding and offboarding processes Work with HR to make sure all employees get a contract, are background checked, get trained and get a handbook etc
Get a copy of all client contracts and make sure you are compliant
Create a checklist and/or questionnaire for security reviews of vendors and new tech
Create an objectives and measures for your IT organization with 8 or so KPIs like vulnerabilities remediated in X amount of time, users with x% of phishing messages, Help Desk responding in X amount of time etc. Then measure it regularly and have a meeting with management to review every 6 months
Get a solid vulnerability remediation and management plan in place
MFA EVERYWHERE
Local Admin NOWHERE
Disk encryption EVERYWHERE
Phishing tests for all employees
Work out how to protect corporate email on BYOD phones
Talk to senior management about risk and document where they find the biggest risks to the business. Take steps to mitigate and track progress regularly
Create a “continual improvement log” that tracks security items you run across or think of and track them to remediation
Run incident response exercises with your team, so pretending something happened and see how they react etc.
Inventory all your critical business assets in a spreadsheet (i.e., what makes the money come in)
Identify what data you rely on to do business, tag them to specific systems in this spreadsheet
Work to get backups of the critical data and systems, ideally somewhere that isn’t directly networked (read: accessible to ransomware or bad actors)
Implement MFA on all remote access (email, VPN, server administration, whatever)
Make sure everyone is using passwords (kinda default with the “MFA” suggestion)
Get endpoint protection in place; anything is better than nothing, but any of the best ones are a little pricy but definitely worth it because, as a small business, your users will destroy you.
Try and get a vulnerability scan (free ones exist) and use your existing free-hand knowledge to scan ports and services to identify potential openings/risks.
Sources:
This post may contain affiliate links and I may earn a small commission if you make purchases using links on this page at no additional cost to you. I only endorse products that I love and/or use myself.
USB Data Blockers are a must if you regularly charge your phone using a public USB charging port.
USB charging stations can be modified to contain malicious hardware that can be used to hack into your phone when you plug into it. This type of attack is known as “Juice Jacking”. USB Data Blockers prevent any kind of data transfer from occurring while allowing the device to charge, preventing this kind of attack.
Here are some recommended USB data blockers that you can use to protect your device while away from home.
| This 4-pack includes both regular USB-A and USB-A to USB-C data blockers. Made of Aluminum, these ones should be more durable than plastic data blockers. | |
|
If you find yourself using USB-C charging ports, you’ll want to grab this version instead. |
|
| Here’s another solid option for a regular USB-A datablocker that has a high rating and great reviews. |
When away from home, it’s especially important to use a privacy VPN when connecting to WiFi. Most privacy VPN services only cost a few dollars a month, are easy to use on your laptop or smartphone, and provide a reasonable level of security when connecting to unknown WiFi networks. Here are a few VPN services that I recommend.
Recommended VPNs:
Keep reading for a description of each of these services.
NordVPN is one of the biggest names in the world of privacy VPNs. They’re a trustworthy company and have an easy-to-use app for both desktop and mobile devices. I’ve been using them for several years, and they are my VPN provider of choice. Their subscription is very affordable at just a few dollars a month. You can get a discounted rate using this link.
In addition to being extremely affordable, Surfshark also lets you use your account on an unlimited number of devices, whereas most providers limit you to 5-10 devices per account. They have multiple subscription lengths available, including monthly and annual options. You can use this link to get a discount.
Proton VPN, owned by Proton (also known for their Proton Mail email service) is a very security-conscious company that offers private email service in addition to their privacy VPN. They are definitely a company that I would trust, and I recommend their services. You can check out their VPN options here.
ExpressVPN is another well-known privacy VPN provider. They consistently receive high customer satisfaction ratings and are a reputable option. You can check out their services here.
If for some reason you don’t like any of the above options, there are alternatives available. Here’s a list of some of the other options I’m aware of.
With the ever increasing volume of data breaches, having unique, secure passwords is more important than ever. Here you’ll find my list of recommended password managers that you can use to securely store your passwords.
Recommended Password Managers: