|eForensics Magazine 2021 01 Cloud Universe PREVIEW.pdf|
Welcome to the New Year, I hope it started well for you! Do you know that saying: "New Year, New Me"? You know what, eForensics Magazine has fulfilled that promise and prepared a completely new issue filled with knowledge and useful tools!
In this issue, we will plunge into the depths of the cloud and debunk the common myth that “nobody understands the cloud”! Our great authors have prepared texts on cloud security and how to use it in investigations. But that's not all, in the latest magazine you will also find articles on data security and typical ways of exploitation by intrusive PowerShell. Don't hesitate for a moment and reach for the newest issue of eForensics Magazine!
Check out our Table of Contents below for more information about each article (we included short leads for you).
We hope that you enjoy reading this issue! As always, huge thanks to all the authors, reviewers, to our amazing proofreaders, and of course you, our readers, for staying with us! :)
Have a nice read!
and the eForensics Magazine Editorial Team
TABLE OF CONTENTS
Leakage of Data During Pandemic Times
by Mohith S Yadav
Computerized crime is crime that uses cutting-edge developments for the commission of an offence, synchronized with enrolling and correspondence progresses. The current duplicating techniques towards web activity usage achieve making abuse, shortcoming making a sensible way of moving private information to present an offence through criminal conduct. The action incorporates attacking data systems, burglary, and adolescent sexual amusement developed pictures, web trade blackmail, or web bargain deception. The association in malevolent web works out, for instance, disease, worm, and outcast abuse like phishing, email stunts. The broad approach of the framework, like the web at all levels, needs to recover from completing criminal conduct wherever on over the world to stop. Framework security controls are still used to forestall software engineers' passage into frameworks that consolidate a firewall, virtual private plans, and encryption estimations. Out of these, the virtual personal framework expects a vital capacity in shielding developers from getting to the techniques.
Cloudy with a chance of Data Breach
by Alexandra Hurtado
The cloud is it. Organizations are moving to it, collecting from it, or outsourcing some component of their business in it. With the exponential agility, resiliency, and cost reduction benefits it can yield, it is no wonder companies are embracing this change far better than even five years ago. There was time that this change was so unimaginable, that organizations avoided it like the plague due to the immense lift and shift of infrastructure built on years and years of investments and integrations. But now is the time, and the journey is disruptive in its tracks on the way to a new era of modern transformation. It is moving very quickly with no signs of slowing down. Gardner predicts that by 2024, more than 45% of IT spending on system infrastructure, infrastructure software, application software and business process outsourcing will shift from traditional solutions to cloud (Gartner, 2020). From a cybersecurity perspective however, how do we manage security not only during this transformational evolution to the cloud but also when you fully operationalize in it?
While the benefits may appear smart, when you start to let cloud providers take on oversight of the critical systems you once managed from concept to grave, you no longer have the full flexibility to undertake it end-to-end. This responsibility becomes shared and at the schedule and security risk of your vendor, which exposes many operational limitations. While vendors may promise the world to deliver smart solutions, intuitive interfaces, and even dedicated account management teams to service your security team, “Moore’s revenge is still upon us” (Pesce, 2018).
The Cloud Security Universe: A meaning sequel
by Roland Gharfine
The universe of Cloud security is, however, as unforgiving as it is full of riches. This is a fundamental and absolutely necessary area to master if your new colony in the Cloud is to have any chance of succeeding. I have already given some simple recommendations for an actual configuration in part 1, but let’s do a deep dive into some advanced concepts, shall we?
Chief among those concepts is the use of directory servers, and the extremely useful even if somewhat complicated idea of identity federation.
Typical Ways of Exploitation by Intrusive PowerShell
by Paulo Pereira, PhD
This article compiles some topics on using PowerShell in cyber attack situations. This is not a new topic and it has been debated for years. But in the face of different forms of attacks, there are at least some that, when using PowerShell as their main driver, end up delineating a pattern that can be found in many attacked targets.
How To Use Cloud Services To Know What’s Happening To Your Data
by Michal Zdunowski
Have you ever wondered how much data we create on a daily basis? The fact is that the number is growing exponentially. Most of that data is created, processed and stored in the cloud. There is a probability that some of that data might be even legally protected. But do you know what’s happening to the data you create? Let’s see if we can use the cloud to know what exactly is in that data and what in the world is happening to it.
Cloud Incident Response Investigation
by Paulo Pereira, PhD
There are many relations with security of a cloud infrastructure. A cloud can be as pure as an ultramarine blue, but nowadays, it would be as expensive as this paint was in the 16th century, so the cloud added services, infrastructure tools and became a hybrid instance. The more hybrid a cloud is, the more likely it is to attack. In other words, a cloud with numerous instances can pose a risk of instance spoofing (malicious instances). A malicious instance is an application that gives us an impression of a moment, the light of that moment that will never come back, just like a scene from an impressionist painting, which, certainly, is a brilliant and never malicious work. In other words, a DLL that is injected by an evil code and then leverages a payload and infects your cloud instance, as Dridex in the Dropbox example.
Static Malware Analysis
by Ranjitha R
There is so much cool stuff on the Internet, like Facebook, YouTube, WhatsApp, and Instagram, and it is great to get work done. But, there’s also bad stuff, like viruses, worms, adware, ransomware, spyware, and stegomalware, collectively called MALWARE, i.e., malicious software as classified in Fig. (1). The malware resides mostly on insecure websites, in email attachments, unauthorized ads, or browser add-ons. It shows its presence inside auto run CDs, USB drives, PDF files, and so on. Once we open a wrong file or website the malware in it starts residing in our computers. Once it enters the computer it corrupt files and starts spreading to other computers.
PowerShell as an instrument of Deception in Cyberwarfare
by Rhonda Johnson
With an ever-changing threat landscape, it is imperative that forensic investigators stay aware of the latest trends in cyber-attacks, as these challenges will be immediately felt in the digital forensics field. One recent trend in malware development, the emergence of fileless malware, also known as Advanced Volatile Threats (AVTs), uses legitimate software tools like PowerShell to execute malicious payloads that evade detection from signature anti-virus programs. Examples include Powerliks, Kovter, Powersnif, and POSHSPY. The following article will explore how cybercriminals weaponize PowerShell as an instrument of deception in the realm of cyberwarfare.
The 5 PowerShell Commands for Computer Forensics
by Cordny Nederkoorn
Computer forensics is not an easy job. Because IT is very dynamic, you have to update your skills regularly. New operating systems, software, patches, it’s a daily job to keep up.
That does not mean you can not rely on basic skills. One of these is mastering computer languages like Python and C/C++. Great skills to have as a computer forensics engineer.
But did you know there is another computer language you need to be aware of?
It’s PowerShell. What is it, why should I know it and where should I start?
Exclusive interview with Dennis Chow!
"There is a balance that has to be struck between trying to compromise and evade security controls as deeply rooted in our targets as possible, but also be able to know when to stop, report our findings, and focus on other finding areas. My senior testers would love to spend an extra 40-120 hours to get that “last mile” that they wanted to do; but we must work efficiently and maximize what we’re provided in the SOW."