Dear PenTest Readers,
In the current issue our contributors have brought to the table a lot of diverse and interesting content.
To start with, Krishna Raj introduces you to the realm of healthcare cybersecurity. You will learn about the challenges for healthcare information security, the most relevant types of threats, and the compliance aspects in this crucial industry. Considering the fact that in the time of COVID-19 pandemic healthcare facilities are experiencing probably the most important battle so far, the understanding of the role of cybersecurity is definitely a must.
For those of you who are most interested in post-exploitation scenarios, we have something special. Johann Rehberger describes the Shadowbunny technique. The fact that there is now evidence that adversaries use this technique for ransomware deployment means more light has to be put on it. A great read for every offensive security professional indeed!
Staford Titus prepared something awesome for all CTF enthusiasts. If you are one, his article will present you with the knowledge on how to build a CTF by yourself! Next, Fran Ramirez and Pablo Gonzalez Perez bring in the follow-up to their article about HomePwn, which has been published in one of our issues earlier this year. This time they present the auditing replay BLE attacks with HomePwn.
Special thanks to all contributors, reviewers, and proofreaders involved in the creation of this edition.
Without further ado,
PenTest Magazine’s Editorial Team
Table of Contents
by Krishna Raj
To maintain strong relationships between patients and healthcare organizations, they should follow the security measures based on HIPAA compliance standards and their best practices to provide effective cyber security privacy. Patient data has been shared with trust and they think the data is safe. Following proper cyber security practices will definitely increase the belief of patients that their information is safe. Vulnerability assessments should be performed periodically, which leads to a safe security environment. Not only that, healthcare industry patients also responsibility to safeguard their personal information and providing it electronically.
Shadowbunny - Leveraging Virtual Machines to Persist and Evade Detections
by Johann Rehberger
The Shadowbunny technique is a post-exploitation scenario. This means that an adversary has compromised a target and has administrative access. There is no vulnerability, per se, in any information described in this article. The fact that there is now evidence that adversaries use this technique for ransomware deployment means more light has to be put on this technique.
Build Your Own CTF Competition
by Staford Titus
Gaming is a universal culture embraced by myriads of people. The preceding statement does hold water even in the world of hackers where wargames are cybersecurity challenges in which the competitors must exploit or defend vulnerabilities in systems or applications. Ensuing the wargames are the CTF challenges or Capture The Flag challenges. CTFs mentioned here are quite different from traditional outdoor CTFs, though the base idea of capturing the flags is the same. These CTFs are built to provide hackers and security-enthusiasts the joy of breaking into systems while also learning new techniques and concepts, all within a controlled environment. Hence CTFs are considered to be cool, but what could be cooler? Building one!!! Hence, this article covers a documented approach to building your own CTF competition.
Auditing Replay BLE Attacks with HomePWN (Smartlocks)
by Pablo Gonzalez Perez and Fran Ramirez
The key point of this tool is to assist in discovering all the services and technologies that may exist within a home or a business. In this way we can identify those devices that could be a potential risk to the integrity of our architecture. Many current devices use BLE, and HomePWN has included a specific module for this technology. To carry out this proof of concept, we have simulated one of the most widely used devices: smartlocks.
How to Enable a Cyber Safe Framework During COVID - 19 Pandemic [FULL ARTICLE AVAILABLE IN THE FREE PREVIEW VERSION]
by Hariharann R
There are lots of websites and applications with the name of Coronavirus, which is getting registered on daily basis in this pandemic period. But many were found to be not genuine. Malicious vectors have created such applications to make people fall into their trap. Also, some applications are extremely dangerous as they might have a logic bomb or ransomware. Furthermore, this could affect other people in the network if they connect. Also, there are many mobile applications in rounds that trick the users and steal their personal data and PII (Personally Identifiable Information).
by Saeed Dehqan
Splunk and Security
by Ravi Teja
How do our users ‘use’ Splunk? It typically starts with searching to troubleshoot issues or investigate incidents. Users then ‘add knowledge’ or meaning to their data, making it more useful. Then they start seeing the power of Splunk and automate monitoring for specific conditions, threats, etc. Then they start using powerful reporting and charting tools to analyze their data for all manner of things. Machine data is a categorical record of all behavior – machines, servers, networks, users, customers! Splunk can be used to pull meaning and intelligence from this operational data.
Types of Vulnerabilities
by Azza Nafti
Many vulnerabilities are widespread around the world. The vulnerability of a computer system that some smart internet users can outsmart occurs when a web application does not properly protect sensitive data. This article presents the most common vulnerabilities and provides tips on how to fix the original issues and tackle attacks aimed at exploiting these vulnerabilities.
[HTB]: OpenAdmin Walkthrough
by Nikhil Karpe
CTF challenges keep things interesting and are helpful to sharpen your skills. Hackers will hack because that’s how they learn new things and get experience in a particular domain. This is also what makes CTFs so thrilling: you can spend your time breaking into things and win points for it! Hack The Box (HTB) is an online platform allowing you to test your penetration testing skills and allows like-minded technology folk to broaden their understanding of security.
Internet of Medical Things
by Mohan Krishna Kagita
Internet of Medical Things, or IoMT, is increasing the accuracy, reliability and the production capability of electronic devices by playing a very important part in the industry of healthcare. The available medical resources and services related to healthcare are working to get interconnected with each other in the digital healthcare system by the contribution of the researchers. Sensors, wearable devices, medical devices and clinical devices all connect with each other to form an ecosystem of IoT of Medical Things. The different applications of healthcare are enabled by IoMT in order to lower healthcare costs, to give the medical responses on time and help increase the quality of medical treatment. The healthcare industry is transformed by the Internet Medical of Things as it delivers the targeted and personalized medicine and it also seamlessly enables the communication of medical data. Devices used in the medical field and their applications are connected to the systems of healthcare of information technology with the help of digital world.