Blog
Featured

Few useful Python library used in Cyber Security 

Author: rishi@globaldigitalsecurity.ca

  1. Scapy: Scapy can be used to capture and manipulate network packets. Here’s an example of how to use Scapy to send an ICMP ping request to a remote host:

Example:

python

from scapy.all import IP, ICMP, sr1

ip = IP(dst=”google.com”)

icmp = ICMP()

ping = ip/icmp

response = sr1(ping, timeout=2)

if response:

print(f”{response.src} is up!”)

else:

print(“No response”)

  1. PyCrypto: PyCrypto provides a collection of cryptographic algorithms for Python. Here’s an example of how to use PyCrypto to encrypt and decrypt a message using the AES algorithm:

Example:

python

from Crypto.Cipher import AES

import base64

key = b’0123456789abcdef’

message = “Hello, world!”

cipher = AES.new(key, AES.MODE_EAX)

ciphertext, tag = cipher.encrypt_and_digest(message.encode())

decoded_ciphertext = base64.b64encode(ciphertext).decode()

print(f”Encoded ciphertext: {decoded_ciphertext}”)

decrypted_ciphertext = cipher.decrypt(ciphertext).decode()

print(f”Decrypted ciphertext: {decrypted_ciphertext}”)

  1. Requests: Requests simplify sending HTTP requests and handling responses. Here’s an example of how to use Requests to download a file from a URL:

Example:

python

import requests

url = “https://example.com/file.txt”

response = requests.get(url)

if response.status_code == 200:

    with open(“file.txt”, “wb”) as f:

        f.write(response.content)

        print(“File downloaded successfully”)

else:

    print(“Error downloading file”)

  1. Nmap: Nmap can be used to discover hosts and services on a network. Here’s an example of how to use Nmap to scan a network for open ports:

Example:

python

import nmap

nm = nmap.PortScanner()

nm.scan(hosts=”192.168.1.0/24″, arguments=”-p 80″)

for host in nm.all_hosts():

    if nm[host][“tcp”][80][“state”] == “open”:

        print(f”Port 80 is open on {host}”)

These are just a few examples of how these libraries can be used for cybersecurity. There are many more use cases for each library, depending on the specific needs of the project.

  1. Paramiko: Here’s an example of how to use Paramiko to remotely execute a command on a network device:

Example:

python

import paramiko

ssh = paramiko.SSHClient()

ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

ssh.connect(hostname=”example.com”, username=”user”, password=”password”)

stdin, stdout, stderr = ssh.exec_command(“show run”)

output = stdout.read().decode()

print(output)

ssh.close()

This example logs into a network device using SSH, executes the “show run” command to retrieve the device’s configuration, and prints the output to the console.

  1. Netifaces: Here’s an example of how to use Netifaces to retrieve the IP address of the default network interface:

Example:

python

import netifaces

iface = netifaces.gateways()[“default”][netifaces.AF_INET][1]

ip_address = netifaces.ifaddresses(iface)[netifaces.AF_INET][0][“addr”]

print(f”IP address: {ip_address}”)

This example retrieves the default gateway for the system and uses the interface associated with that gateway to retrieve the IP address. This information can be useful for identifying the network to which the system is connected.

  1. Python Whois: Here’s an example of how to use Python Whois to retrieve WHOIS information for a domain:

python

from whois import whois

domain = “example.com”

result = whois(domain)

print(result)

This example retrieves WHOIS information for the “example.com” domain and prints the results to the console. This information can be useful for identifying the owner of a domain, as well as any associated contact information or registration details.

  1. OpenSSL: Here’s an example of how to use OpenSSL to encrypt and decrypt data using the AES algorithm:

Example:

python

from OpenSSL.crypto import Cipher, rand_bytes

key = rand_bytes(16)

iv = rand_bytes(16)

plaintext = b”Hello, world!”

encryptor = Cipher(alg=”aes_128_cbc”, key=key, iv=iv, op=1)

ciphertext = encryptor.update(plaintext) + encryptor.final()

decryptor = Cipher(alg=”aes_128_cbc”, key=key, iv=iv, op=0)

decrypted_plaintext = decryptor.update(ciphertext) + decryptor.final()

print(f”Original message: {plaintext}”)

print(f”Encrypted message: {ciphertext}”)

print(f”Decrypted message: {decrypted_plaintext}”)

This example generates a random encryption key and initialization vector (IV), encrypts the plaintext message using the AES algorithm, and then decrypts the ciphertext back to the original plaintext. This can be useful for securely transmitting sensitive data over a network.

  1. Pytesseract: Here’s an example of how to use Pytesseract to extract text from an image:

Example:

python

import pytesseract

from PIL import Image

image = Image.open(“image.png”)

text = pytesseract.image_to_string(image)

print(text)

This example uses Pytesseract to read the text in an image file and print the results to the console. This can be useful for extracting text from images containing important information, such as a screenshot of a configuration page for a network device.

  1.  Beautiful Soup: Here’s an example of how to use Beautiful Soup to extract information from an HTML page:

Example:

import requests

from bs4 import BeautifulSoup

URL = “https://realpython.github.io/fake-jobs/”

page = requests.get(URL)

soup = BeautifulSoup(page.content, “html.parser”)

Featured

Zero-Day Vulnerability 

Author:suhani@globaldgitialsecurity.ca

A security issue that has not yet been disclosed to the vendor or developers is referred to as a zero-day vulnerability. 

A zero-day exploit is created when an attacker successfully exploits a zero-day vulnerability. Since it is exceedingly difficult for developers and security specialists to detect every security vulnerability, attackers anticipate their existence and put a lot of effort into finding security weaknesses. As a result, there is an arms race between the security sector and the attackers.

Zero-day is sometimes known as 0-day. The terms vulnerability, exploit, and attack are frequently used in conjunction with zero-day, and it’s important to know the distinctions between them: –

  • A software vulnerability known as a zero-day vulnerability was found by attackers before the vendor was made aware of it. Zero-day vulnerabilities are unpatched due to vendors’ ignorance, which increases the likelihood of successful assaults.
  • To target systems with a newly discovered vulnerability, hackers utilise a zero-day exploit.
  • A zero-day attack occurs when a system is vulnerable, and a zero-day exploit is used to harm the system or steal data from it.

How to identify zero-day attacks?

It can be difficult to identify zero-day vulnerabilities since they might take many different forms, such as missing data encryption, missing authorizations, flawed algorithms, bugs, issues with password security, etc. Because of the nature of these kinds of vulnerabilities, comprehensive information on zero-day exploits is only accessible once the exploit has been found.

Organizations that are attacked by a zero-day exploit might see unexpected traffic or suspicious scanning activity originating from a client or service. Some of the zero-day detection techniques include:

  • Using existing databases of malware and how they behave as a reference. Although these databases are updated very quickly and can be useful as a reference point, by definition, zero-day exploits are new and unknown. So, there’s a limit to how much an existing database can tell you.
  • Alternatively, some techniques look for zero-day malware characteristics based on how they interact with the target system. Rather than examining the code of incoming files, this technique looks at the interactions they have with existing software and tries to determine if they result from malicious actions.
  • Increasingly, machine learning is used to detect data from previously recorded exploits to establish a baseline for safe system behavior based on data of past and current interactions with the system. The more data, which is available, the more reliable detection becomes.

Who carries out Zero-Day attacks?

Cybercriminals are hackers who typically do it for financial gain.

  • Hacktivists, who are motivated by a political or social cause and want their attacks to be public in order to raise awareness of it.
  • Corporate espionage involves hackers monitoring businesses to learn information about them.
  • Countries or political parties engaging in cyberwarfare by surveillant or assaulting the cyberinfrastructure of another country.

      Who are target for Zero-Day Exploits?

      A zero-day hack can exploit vulnerabilities in a variety of systems, including:

  • Operating systems
  • Web browsers
  • Office applications
  • Open-source components
  • Hardware and firmware
  • Internet of Things (IoT)

Some are Examples of this attacks: –

The following are some current instances of zero-day attacks:

  • Chrome’s zero-day vulnerability in 2021

Google’s Chrome saw numerous zero-day vulnerabilities in 2021, prompting Chrome to provide patches. The web browser’s V8 JavaScript engine has a fault that led to the vulnerability.

  • 2020: Zoom

A vulnerability was found in the popular video conferencing platform. This zero-day attack example involved hackers accessing a user’s PC remotely if they were running an older version of Windows. If the target was an administrator, the hacker could completely take over their machine and access all their file.

  • Apple iOS in 2020

It’s common knowledge that Apple’s iOS is the most secure of the main smartphone operating systems. But in 2020, it was exposed to at least two different sets of iOS zero-day flaws, including one that let hackers remotely compromise iPhones.

Protections: –

It’s crucial for both individuals and enterprises to adhere to cyber security best practices for zero-day protection, as well as to safeguard your computer and data. It consists of:

  • Update all your applications and running systems. This is due to the vendors’ inclusion of security updates to fix recently discovered flaws in fresh releases. Staying current makes you more secure.
  • Apply only necessary software. There are more possible security flaws the more software you have. Utilizing only the programmes you require will lower the danger to your network.
  • Utilize a firewall. When defending your system against zero-day threats, a firewall is necessary. Setting it up to just permit necessary transactions will provide the maximum level of security.
  • Users should receive training within enterprises. Zero-day attacks frequently profit from mistakes made by people. The prevention of zero-day exploits and other cyberthreats can be achieved by instilling in users and workers sound safety and security practices.
  • Use a complete antivirus software package. By blocking both known and new threats, Kaspersky Total Security aids in maintaining the security of your devices.
Social media & sharing icons powered by UltimatelySocial
YouTube
YouTube
LinkedIn
LinkedIn
Share