[{"content":"","date":null,"permalink":"https://jhuk.tech/categories/","section":"Categories","summary":"","title":"Categories"},{"content":"","date":null,"permalink":"https://jhuk.tech/","section":"Jhuk Tech News","summary":"","title":"Jhuk Tech News"},{"content":"","date":null,"permalink":"https://jhuk.tech/posts/","section":"Posts","summary":"","title":"Posts"},{"content":"In the field of Cybersecurity and DevOps, there is no substitute for hands-on experience with cloud infrastructure. To further my own practice, I have recently started diving into the Microsoft Azure ecosystem. It’s an excellent sandbox for learning with $100 in credits and 750 hours of B1s compute, you have exactly what you need to keep a single VM instance running 24/7 while you experiment.\nFor this project, I set out to deploy a custom Nginx web server on a Linux VM. Here is a breakdown of the configuration and the logic behind my deployment.\nInfrastructure \u0026amp; The \u0026ldquo;Front Door\u0026rdquo; #I began by provisioning a Virtual Machine running Ubuntu 24.04 LTS. In the Azure portal, this requires coordinating several moving parts—the VNet, the Public IP, and the storage disk—all housed within a dedicated resource group.\nNote on Security: One of the most critical steps was manually configuring the Network Security Group (NSG). Following the principle of least privilege, I restricted ingress traffic to only allow my local machine’s public IP address. I explicitly opened:\nPort 22 for SSH management. Port 80/443 to facilitate standard web traffic. Terminal Access \u0026amp; Server Configuration #Once the infrastructure was live, I established a secure connection from my local terminal using an SSH private key. My goal was to transform this blank-slate Ubuntu instance into a functional web server.\nAfter a quick sudo apt install nginx, the service was live on the file system. To personalize the landing page, I used vim to modify the index file located at /var/www/html/index.nginx-debian.html. It was a great way to verify that my changes were being rendered correctly in real-time.\nVerification: \u0026ldquo;Hello LinkedIn World!\u0026rdquo; #The final test was hitting the VM’s public IP (172.206.56.201) from an incognito browser window. Seeing the custom \u0026ldquo;Hello LinkedIn World!\u0026rdquo; message render successfully confirmed that the NSG rules, the virtual network, and the Nginx service were all communicating as intended.\nThe Roadmap Ahead #This deployment serves as a foundational step for more complex configurations. My next objectives involve:\nConfiguring Nginx as a Reverse Proxy. Hardening the environment using Azure VNets and Entra ID (IAM). Transitioning from VM-based installs to Docker images and containerization. I will continue documenting the next phase of my learning journey as I continue to build out my DevOps and cloud security toolkit.\n","date":"5 March 2026","permalink":"https://jhuk.tech/2026/03/05/using-azure-infrastructure-to-deploy-ubuntu-vm-and-nginx-web-server-with-nsg-firewall-rules/","section":"Posts","summary":"\u003cp\u003eIn the field of Cybersecurity and DevOps, there is no substitute for hands-on experience with cloud infrastructure. To further my own practice, I have recently started diving into the \u003cstrong\u003eMicrosoft Azure ecosystem\u003c/strong\u003e. It’s an excellent sandbox for learning with $100 in credits and 750 hours of B1s compute, you have exactly what you need to keep a single VM instance running 24/7 while you experiment.\u003c/p\u003e\n\u003cp\u003eFor this project, I set out to deploy a custom Nginx web server on a Linux VM. Here is a breakdown of the configuration and the logic behind my deployment.\u003c/p\u003e","title":"Using Azure infrastructure to deploy Ubuntu VM and Nginx web server with NSG firewall rules"},{"content":"","date":null,"permalink":"https://jhuk.tech/categories/writeup/","section":"Categories","summary":"","title":"Writeup"},{"content":"","date":null,"permalink":"https://jhuk.tech/categories/python/","section":"Categories","summary":"","title":"Python"},{"content":"","date":null,"permalink":"https://jhuk.tech/categories/scripting/","section":"Categories","summary":"","title":"Scripting"},{"content":"I use Python locally within Visual Studio Code to call a public API. The goal of this exercise is not only to make a successful HTTP request, but also to understand the individual parts of a small Python script that interacts with a real internet service.\nA good beginner API for this type of project is the GitHub REST API. This API is useful because it allows new developers to practice with real-world data while learning concepts that commonly appear in professional software development. These concepts include HTTP status codes, JSON responses, environment variables, API tokens, error handling, and storing project dependencies in a local virtual environment.\nFor a first test, we can call GitHub’s public user endpoint for the well-known octocat account. This particular request does not require an API token because it is requesting public information.\nAlthough this script is short, it introduces several important ideas. The requests.get(url) line sends an HTTP GET request to the GitHub API. The response from the server is stored in the response variable. This response contains the status code, headers, and body returned by the server.\nThe line response.raise_for_status() acts as a safety check. If the API returns a successful status code, such as 200 OK, the program continues. If the API returns an error code, such as 404 Not Found, 401 Unauthorized, or 500 Internal Server Error, Python raises an exception. This helps prevent the script from continuing as if the API request succeeded when it actually failed.\nThe line data = response.json() converts the JSON response body into a Python object. In this example, GitHub returns information that resembles a dictionary. After the JSON is parsed, individual fields can be accessed with keys such as data[\u0026quot;login\u0026quot;] or data[\u0026quot;public_repos\u0026quot;].\nIt is also important to avoid uploading local secrets or unnecessary files to a public GitHub repository. A beginner Python project should include a .gitignore file in the root of the project folder. This file tells Git which files and folders should remain local.\n.venv/ .env __pycache__/ The .venv/ folder should remain on the local machine because it contains the virtual environment. The .env file should also remain local because it may contain API keys or tokens. The __pycache__/ folder is automatically created by Python and does not need to be committed to source control. The .gitignore file itself should be committed to the public repository.\n","date":"24 February 2026","permalink":"https://jhuk.tech/2026/02/24/using-python-to-call-public-github-api-and-convert-json-into-dictionary-object/","section":"Posts","summary":"\u003cp\u003eI use Python locally within Visual Studio Code to call a public API. The goal of this exercise is not only to make a successful HTTP request, but also to understand the individual parts of a small Python script that interacts with a real internet service.\u003c/p\u003e\n\u003cp\u003eA good beginner API for this type of project is the GitHub REST API. This API is useful because it allows new developers to practice with real-world data while learning concepts that commonly appear in professional software development. These concepts include HTTP status codes, JSON responses, environment variables, API tokens, error handling, and storing project dependencies in a local virtual environment.\u003c/p\u003e","title":"Using Python to call public GitHub API and convert JSON into Dictionary object"},{"content":"All modern websites consist of at least 3 fundamental components: HTML, CSS, and JavaScript. HTML creates structure, CSS is used for styling, and JavaScript enables interactive user experiences through manipulation of the DOM (Document Object Model). JavaScript however, can also be used by malicious actors to access sensitive information on the client-side. One major category of web application vulnerabilities is known as cross-site scripting (XSS). This vulnerability occurs precisely due to any malicious user\u0026rsquo;s ability to inject JS code into a vulnerable website. If proper security controls are not implemented, this vulnerability makes it possible for an attacker to read and steal an end-user\u0026rsquo;s cookies and session information that otherwise should be private and confidential.\nAccording to the OWASP Top 10, cross-site scripting (XSS) is one of most pervasive vulnerabilities affecting web applications in 2023. Similar to many other categories of web application vulnerabilities, XSS fundamentally stems from design choices made by website software developers to freely accept processing of user input without validation or sanitization checks. If a web application accepts user input (instead of exclusively accepting Javascript that was intended and specified by the website\u0026rsquo;s developer, perhaps by specifying the Content-Security-Policy HTTP header), then various fields and/or URL parameters on that webpage are almost definitely vulnerable to XSS.\nReflected XSS\nWhen an input field on a website accepts Javascript in a submission box (such as a search field), the web application passes that code to the backend server in a standard HTTP request, which then renders that payload in the user\u0026rsquo;s browser. This classification of XSS is categorized as \u0026ldquo;reflected.\u0026rdquo; This makes sense because the web server immediately \u0026ldquo;reflects\u0026rdquo; the input Javascript back into the user\u0026rsquo;s browser if the web application conducts no filtering of user input.\nFor example, if a penetration tester inputs into a insecure web application\u0026rsquo;s search field, and the client browser immediately returns a dialog box with the content \u0026ldquo;1\u0026rdquo;, then that web application is definitely vulnerable to reflected XSS.\nStored XSS\nWhen a website accepts user input in a long-term data format (such as in blog comments, forum posts, or logging agents) that data/text/code continues to persist in the web application\u0026rsquo;s backend database. This issue is especially problematic if the web application conducts no escaping/filtering of that text, which can permit processing/execution of that input as functional Javascript code in the client\u0026rsquo;s browser.\nSince the injected code has now become persistent in the web application (which is different from the reflected case), this classification of XSS is considered \u0026ldquo;stored.\u0026rdquo; The danger here is that the stored payload will be activated each time the browser loads the webpage, even for new/other users who browse the webpage.\nDOM-based XSS\nThere is a 3rd classification of malicious Javascript web application vulnerabilities called DOM-based XSS that requires a subtle, yet important distinction to understand. In both Reflected and Stored XSS, the attacker\u0026rsquo;s payload causes a (temporary or permanent - respectively) change in the HTTP response delivered by the web server to the client\u0026rsquo;s browser. However, in DOM-based XSS the focus lies exclusively on the client side. According to OWASP, the XSS attack payload modifies the client\u0026rsquo;s DOM environment such that the Javascript code runs on the client-side in an unexpected manner.\nIn the examples I have seen, DOM-based XSS exploitation occurs when an attacker manipulates a URI parameter to create an unexpected or seemingly benign DOM object on the client-side when rendered by the client\u0026rsquo;s browser at runtime. When this tactic is combined with social engineering to get an unknowing user to submit a manipulated URL in their local browser, the attacker may obtain access to the victim\u0026rsquo;s cookies - which then opens the victim up to any number of session hijacking and authentication bypass vulnerabilities.\nSources -\nhttps://owasp.org/www-community/attacks/DOM_Based_XSS\n","date":"14 August 2023","permalink":"https://jhuk.tech/2023/08/14/cross-site-scripting-xss-variants-and-examples/","section":"Posts","summary":"\u003cp\u003eAll modern websites consist of at least 3 fundamental components: HTML, CSS, and JavaScript. HTML creates structure, CSS is used for styling, and JavaScript enables interactive user experiences through manipulation of the DOM (Document Object Model). JavaScript however, can also be used by malicious actors to access sensitive information on the client-side. One major category of web application vulnerabilities is known as cross-site scripting (XSS). This vulnerability occurs precisely due to any malicious user\u0026rsquo;s ability to inject JS code into a vulnerable website. If proper security controls are not implemented, this vulnerability makes it possible for an attacker to read and steal an end-user\u0026rsquo;s cookies and session information that otherwise should be private and confidential.\u003c/p\u003e","title":"Cross-Site Scripting (XSS) Variants and Examples"},{"content":"","date":null,"permalink":"https://jhuk.tech/categories/burp-suite/","section":"Categories","summary":"","title":"Burp Suite"},{"content":"In this lab exploring HTML forms-based authentication, I use Burp Suite to fuzz a username of interest to discover a valid password combination. \u0026ldquo;Fuzzing\u0026rdquo; in the context of web application security means any automated attempt to inject a large number variables into any field that accepts user input. The tester then monitors the application for unexpected behavior or unusual results that may indicate the presence of a vulnerability. Possibilities for fuzzing input ranges from common usernames, passwords, URLs, sensitive data patterns, executable shell commands and SQLi payloads. SecLists is a well-known repository that maintains wordlists for each of these mentioned categories. The choice of which wordlist to use depends on the context of the input field and what category of vulnerability the tester suspects may exist within the application.\nOnce Burp has been properly configured to proxy traffic from and back-to Firefox (as I described in the post from last week), we can initiate the process to seed Burp with an HTTP request that can be manipulated. First, turn on the proxy and navigate to the website we are interested in testing. In this example, I will be using a deliberately weak and insecure web login portal that has been set up by the SANS Institute instructors for SEC542 - (https://sec542.org/form/).\nIn the example above, I input \u0026ldquo;testinguser\u0026rdquo; for the username and \u0026ldquo;badpass\u0026rdquo; for the password. Then I clicked on the \u0026ldquo;Login\u0026rdquo; button, which sends this data to the backend web server in an HTTP request.\nSwitching over to Burp Suite and navigating to Proxy \u0026gt; HTTP history, we find the username and password was sent as a POST request sending the data in the body field below the header values. Right-clicking on line 94 and selecting \u0026ldquo;Send to Intruder\u0026rdquo; readies this HTTP request for fuzzing.\nBurp will automatically select several parameter fields that it detects as possible inputs for fuzzing. However, in this lab we are given a specific username to crack which is \u0026ldquo;adent\u0026rdquo;, so we can clear the selector symbols, and then specify \u0026ldquo;badpass\u0026rdquo; as the single payload position to fuzz in the body of the POST request.\nNext, we navigate to the \u0026ldquo;Payloads\u0026rdquo; tab, and then load a wordlist of the top 1000 most common passwords into Burp. This will fuzz the \u0026ldquo;pass\u0026rdquo; parameter in the HTTP request with all of the values contained in the wordlist one-by-one. The username parameter will remain \u0026ldquo;adent\u0026rdquo; in each of these fuzzing attempts since only 1 payload position is being specified to Burp.\nIn less than 10 seconds, Burp quickly returns a table of all 1000 attack results. Clearly, this web login form does not specify a maximum number of login attempts or require a session time-out between failed attempts since Burp was able to fuzz the vulnerable login form to completion. This example demonstrates the value of implementing security control best practices, since a better designed web application would have substantially hindered the hypothetical attacker - although that is a lesson for a different day.\nOnce the Burp Intruder results have been completed, how can we tell which fuzzed password attempt was the correct combination? Remember, one of the intents behind fuzzing is to elicit behavior from the web application that is unusual or unexpected.\nGiven that failed login attempts are likely to return exactly the same webpage with a short statement that the credentials were incorrect, it makes sense that the content length of the server\u0026rsquo;s response would be the same size for failed logins. Sorting the table by decreasing length however, reveals one payload that returns a unique response from the server that is significantly larger. This characteristic of increased content length matches a real-world example of a valid login because there is likely to be some type of additional business functionality that a successfully authenticated user would have access to, thereby increasing the size of the webpage returned by the server. Returning to the original login page and manually testing the combination \u0026ldquo;adent:dragon\u0026rdquo; in the login form confirms this result.\n","date":"25 July 2023","permalink":"https://jhuk.tech/2023/07/25/fuzzing-forms-based-authentication-reveals-working-username-and-password/","section":"Posts","summary":"\u003cp\u003eIn this lab exploring HTML forms-based authentication, I use Burp Suite to fuzz a username of interest to discover a valid password combination. \u0026ldquo;Fuzzing\u0026rdquo; in the context of web application security means any automated attempt to inject a large number variables into any field that accepts user input. The tester then monitors the application for unexpected behavior or unusual results that may indicate the presence of a vulnerability. Possibilities for fuzzing input ranges from common usernames, passwords, URLs, sensitive data patterns, executable shell commands and SQLi payloads. \u003ca href=\"https://github.com/danielmiessler/SecLists\" target=\"_blank\" rel=\"noreferrer\"\u003eSecLists is a well-known repository\u003c/a\u003e that maintains wordlists for each of these mentioned categories. The choice of which wordlist to use depends on the context of the input field and what category of vulnerability the tester suspects may exist within the application.\u003c/p\u003e","title":"Fuzzing Forms-Based Authentication Reveals Working Username and Password"},{"content":"An interception proxy is a must-have tool in any web application penetration tester\u0026rsquo;s arsenal. In brief, an interception proxy is an application downloaded on a host computer and sits in-between a client browser and the remote web server. This specialized tool is purpose-built to intercept HTTP requests that are initiated from the client browser before the message is delivered to the remote web server. The tool can manipulate certain elements of the request such as session cookies or parameter values. The application proxy also handles the HTTP response in-reverse, meaning the tool can examine the raw data contained in the server\u0026rsquo;s response before the content is ultimately rendered by the client browser.\nThis diagram illustrates how the ZAP interception proxy is logically positioned \u0026ldquo;in-between\u0026rdquo; the client browser (Firefox) and the remote web server.\nTwo of the most popular interception proxies are Burp Suite and ZAP. They are published by PortSwigger and OWASP respectively. In this post, I will walk through the process of ensuring that both of these tools are configured correctly before any deep security testing can occur.\nOnce Burp Suite has been installed, go to the \u0026ldquo;Proxy\u0026rdquo; tab, and then the \u0026ldquo;Options\u0026rdquo; sub-tab. Add an item to the \u0026ldquo;Proxy Listeners\u0026rdquo; table and make sure the \u0026ldquo;Interface\u0026rdquo; is set to localhost 127.0.0.1:8080. This IP address specifies to Burp Suite that we want it to listen for any/all traffic occurring on the same client operating system/host computer that is using port number 8080.\nThen, we need to make sure that the web browser itself is also configured to send network traffic through the application proxy tool by specifying the same port number. You can configure this manually, (as demonstrated in the screenshot below) by going to the \u0026ldquo;Settings\u0026rdquo; tab within Firefox, going to \u0026ldquo;Network Settings\u0026rdquo; and then supplying the desired configuration in the \u0026ldquo;Manual proxy\u0026rdquo; section.\nHowever, it is much more convenient to utilize a web browser extension like SwitchyOmega or FoxyProxy to handle this manual configuration through the single click of a button (instead of having to navigate to the settings console every time we want to switch between proxying traffic to Burp Suite and using a direct connection to the remote web server).\nProxy extensions expand the default functionality of web browsers. In this case, SwitchyOmega routes traffic requests to Burp Suite using port 8080, instead of making the request to the end-server directly.\nThe ZAP interception proxy application is published and maintained by OWASP. It has a very similar feature set, however the exact local proxy settings are located in a slightly different area.\nGo to Tools \u0026gt; Options \u0026gt; Local Proxies. Then, we see a similar menu as the \u0026ldquo;Proxy Listeners\u0026rdquo; tab in Burp Suite. In this case, \u0026ldquo;localhost\u0026rdquo; is written in text instead of \u0026ldquo;127.0.0.1\u0026rdquo; and we are using port 8081 since 8080 is already being occupied by Burp Suite. Once these settings have been configured in the proxy application as described in this post, we have successfully \u0026ldquo;man-in-the-middled\u0026rdquo; the network traffic out-bound from, and in-bound to, the client web browser using either Burp Suite or ZAP.\nNow, we are ready to begin testing web applications for OWASP Top 10 vulnerabilities like XSS, CSRF, SQL injection!\n","date":"11 July 2023","permalink":"https://jhuk.tech/2023/07/11/burp-suite-and-owasp-zap-interception-proxy-configuration/","section":"Posts","summary":"\u003cp\u003eAn interception proxy is a must-have tool in any web application penetration tester\u0026rsquo;s arsenal. In brief, an interception proxy is an application downloaded on a host computer and sits in-between a client browser and the remote web server. This specialized tool is purpose-built to intercept HTTP requests that are initiated from the client browser \u003cstrong\u003ebefore\u003c/strong\u003e the message is delivered to the remote web server. The tool can manipulate certain elements of the request such as session cookies or parameter values. The application proxy \u003cem\u003ealso\u003c/em\u003e handles the HTTP response \u003cstrong\u003ein-reverse\u003c/strong\u003e, meaning the tool can examine the raw data contained in the server\u0026rsquo;s response before the content is ultimately rendered by the client browser.\u003c/p\u003e","title":"Burp Suite and OWASP ZAP Interception Proxy Configuration"},{"content":"","date":null,"permalink":"https://jhuk.tech/categories/ctf/","section":"Categories","summary":"","title":"CTF"},{"content":"","date":null,"permalink":"https://jhuk.tech/categories/zap/","section":"Categories","summary":"","title":"ZAP"},{"content":"In the world of digital forensics, we can envision data as belonging to two distinct categories. Those categories are either volatile, or non-volatile states of data (Mohanta, 2020). Volatile data includes random-access memory (RAM) that depends on a running power supply, whereas read-only memory (ROM) or data that is written to a hard disk is considered non-volatile. The readable contents of non-volatile data do not change upon power interruption. The industry standard open source tool I will explore this week to conduct memory forensics on traditional desktop endpoints has aptly been named Volatility.\nAnalysis of volatile memory helps to corroborate a unifying story regarding what processes and applications were forensically determined to be running at the time of image collection. This high-quality information often incudes data about active processes, executed applications, established network connections, registry hives, and web page artifacts (Scaldaferri, 2022). Two particularly helpful commands included within Volatility are \u0026ldquo;apihooks\u0026rdquo; and \u0026ldquo;netscan.\u0026rdquo; According to Cynet.com, Windows API hooking makes operating system services (like filesystem, processes, threads, networking) available to software applications that request these OS services. Unfortunately, malware applications also leverage the same WinAPI implementation to extend functionality for malicious functions (instead of legitimate purposes like debugging. (Grinberg, 2022).\nLast, I have included an example screenshot of the netscan command used within Volatility (Mohanta, 2020). The command-line output yields substantial evidentiary information from the archived memory image. This evidence includes foreign IP addresses the host computer has visited, which TCP connections were established, and what process/PID/application was associated with that IP address (at the time of memory collection).\nReferences - Grinberg, S. (2022, February 1). API Hooking - Tales from a Hacker’s Hook Book. Cynet. https://www.cynet.com/attack-techniques-hands-on/api-hooking/\nMohanta, A., \u0026amp; Saldanha, A. (2020). Memory Forensics with Volatility. In Malware Analysis and Detection Engineering (pp. 433-476). Apress, Berkeley, CA. https://link.springer.com/chapter/10.1007/978-1-4842-6193-4_14\nScaldaferri, G. (2022). Memory and Mobile Device Forensics (Week 5 Powerpoint). University of Maryland, Baltimore County.\n","date":"6 March 2022","permalink":"https://jhuk.tech/2022/03/06/memory-forensics-and-the-volatility-framework/","section":"Posts","summary":"\u003cp\u003eIn the world of digital forensics, we can envision data as belonging to two distinct categories. Those categories are either volatile, or non-volatile states of data (Mohanta, 2020). Volatile data includes random-access memory (RAM) that depends on a running power supply, whereas read-only memory (ROM) or data that is written to a hard disk is considered non-volatile. The readable contents of non-volatile data do not change upon power interruption. The industry standard open source tool I will explore this week to conduct memory forensics on traditional desktop endpoints has aptly been named Volatility.\u003c/p\u003e","title":"Introduction to Memory Forensics and the Volatility Framework"},{"content":"","date":null,"permalink":"https://jhuk.tech/categories/research/","section":"Categories","summary":"","title":"Research"},{"content":"It is difficult to ignore how the internet has now made it possible to cause harm in a digital environment (McGovern, 2018). According to Western interpretations of proper jurisprudence and social contract theory, individuals gain safety from legal protections that otherwise would not exist without government regulation, surveillance, intervention, and punishment. In the United States of America, the Constitution and Bill of Rights have served as ethical architecture and scaffolding in the physical world reasonably well since their ratification in 1788. However, due to the unrelenting nature of change, new technologies have since emerged that now question how legal standards such as the First Amendment and a Right to Privacy ought to apply in the modern world. Today, societies must respond and equip themselves with new laws and regulations that better anticipate cyber threats in-advance and proactively take steps to defend against criminal behavior in a challenging and constantly evolving online environment.\nIn this term paper, I outline the steps I would take to tackle the cybersecurity issue of ransomware as a newly appointed member of Congress representing my home state of Maryland. In the first section, I assess the current threat landscape and start by defining the scope of the cybersecurity issue by illustrating the large attack surface that schools, hospitals, and local government IT systems collectively represent due to their lack of security hardening controls. In the second section, I explain the need for new legislation that more-directly instructs businesses on how they can better prepare adequate cyber defenses in-advance. Further, I specify that any state agency, unit of local government, or public authority ought to be prohibited from paying a ransom due to documented case law that illustrates criminals have not provided a decryption key, even upon fulfilling payment in cryptocurrency. National Ink and Stitch v. State Auto Property and Casualty Insurance Company signed in 2020 provides evidence to support my claim that victims should not trust criminals in what they promise (National, 2020). In the final section, I discuss simple solutions that effectively mitigate against the threat of ransomware, primarily by requiring businesses and government agencies to regularly backup essential data required for skeleton operations. I conclude by proposing legislation that incentivizes more robust cyber defense programs ahead of cyber compromise, and also legislation that mandates basic information technology workforce training in phishing campaigns with annual continuing education requirements given that the shifting landscape of cybersecurity threats will always continue to evolve.\nRansomware hit an incredibly diverse array of American businesses in 2021, as demonstrated by the high-profile ransomware compromises of 3 entirely separate economic sectors (all in one calendar year). Those were fuel gas distributor Colonial Pipeline, meat producer JBS, and software distribution company Kaseya (Miller, 2021). There are many reasons for the increase in frequency of ransomware in particular as a preferred means of cyber attack. The relatively low-risk of attribution in the digital space combined with the high-yield of payment via an obfuscated payment mechanism like bitcoin provides ample reason for the increasing popularity of ransomware as an attack vector amongst criminals. According to a survey conducted by Osterman Research, from June 2015 to June 2016, 79 percent of business organizations in the United States suffered at least one ransomware attack and 22 percent sustained more than twenty (Richardson, 2017). In addition, research from this group indicates that the top four industries attacked by ransomware in order were 1.) Healthcare, 2.) Financial services, 3.) Manufacturing, and 4.) Government. New and ongoing legal battles such as the class action lawsuit drawn by Barry Graham et al. v. Universal Health Services in which the plaintiffs claim UHS failed to protect their protected health information (PHI) highlights the enduring nature of repercussions that arise due to ransomware incidents, even long after the initial point of compromise (Barry, 2021). In a worrying new trend, criminals have also started to develop specialized attack tools, techniques, and procedures that target “high-value” organizations such as government bodies in a focused effort colloquially known as “big-game hunting.”\nAccording to Atapour et al., the number of attacks on government agencies \u0026ldquo;tripled\u0026rdquo; between 2015 to 2016, and has been growing steadily ever since (Atapour, 2019). The authors of this paper highlight the perception that local agencies typically have significant budgets available to them combined with poorly trained technical staff. Since many functions performed by the government are highly-critical and time-sensitive (such as 24x7 police, water, or energy requirements), this unique combination of exploitable features makes local governments even more attractive as targets for ransomware criminals. For this reason, it has now become mandatory that government authorities at the federal, state, and local level are using robust risk mitigation strategies that specifically integrate ransomware into their cyber threat models, control mechanisms, and incident response policies, which I move to discuss in the next section of this paper.\nThe sensationalization of ransomware as an undefeatable attack method that can be leveraged only by extremely sophisticated attackers and requires equally complicated response tools – is a myth perpetuated by mainstream media. As plainly noted by security researchers Richardson and North, “if the data is backed up, there is no need to pay a ransom to get the data back. Instead, it can be recovered from the backups” (Richardson, 2017). The de-mysticism of information technology and accurate high-level understanding by senior management of the end goals ransomware attackers intend to cause are crucial to limiting the damage that can be caused by ransomware attacks. Furthermore, the ethical issues surrounding the dilemma regarding whether or not to pay the ransom leans strongly toward universal prohibition of making a ransom payment to attackers. There are myriad reasons not to pay, but I have synthesized the ethical arguments into two main points. First, and perhaps most obviously, there is no guarantee that paying for an decryption key will actually result in production of a functioning key that successfully decrypts the locked files. In this case, the money paid is wasted and does not contribute an organizational benefit. Next as a second ethical consideration, paying the criminal only validates, legitimizes, and perpetuates the illegal business of ransomware by contributing to its success as a source of revenue for any criminal organization that utilizes it as an cyber attack method. This second result is also not beneficial for the victim who paid, nor for society as a whole because ransomware activity perpetuates harm to more downstream targets. Therefore, enforced prohibition against paying the ransom minimizes harm considered more broadly and ought to be the default selection when developing a response plan to attacks.\nNext, examination of case law reveals the exploitative nature of the criminal who engages in ransomware production and distribution, as indicated in National Ink and Stitch v. State Auto Property and Casualty Insurance Company. According to the evidence presented in this case, even after the plaintiff issued initial cryptocurrency payment, the attacker then demanded further payment and still refused to release the software and data. As the plaintiff explained in their testimony, “we got the ‘executable file’, but now we needed to pay more bitcoin if we wanted the ‘configuration file” (National, 2020). Clearly, this case reveals the mentality that criminal attackers will extort their victims for as much money as they are under-informed enough to pay. In order to dis-incentivize the entire financial ecosystem from a top-down approach, it becomes mandatory for government to impose universal prohibitions against paying a ransom for any reason in order to cut-off this lucrative source of funds to exploitative criminal entities. Instead, these would-be ransomware payments should instead finance legislative solutions that more effectively mitigate the risk of ransomware, which I move to discuss in the final section of my paper.\nNon-technical individuals with low-security awareness are those employees who are most likely to fall victim to ransomware attacks. They are frequently targeted as the initial access points into government and business organizations since they are also most likely to succumb to phishing attacks that can now more easily take place in a remote, distributed workforce environment. As recommended by cybersecurity expert Ross Brewer, managing director of LogRhythm, “user awareness training is an effective means to teach people to avoid falling victim to phishing email messages that plant malware in the first place. End users need to know what to expect and what to look for in their email messages to avoid infection” (Brewer, 2016). This includes an expressed written policy that instructs employees to never give out administrative credentials to a 3rd party. Although this recommendation seems obvious, the effectiveness of simulating a phishing campaign in a controlled space with a mindful objective of employee education (instead of punishment) should not be underestimated as an effective risk mitigation strategy. Similarly obvious, but also often neglected as an effective risk mitigation security control, is the formalization of IT security processes into written organizational policy with buy-in from senior management. It is essential to ensure that organizational policies “have teeth” and promote “the right tone” regarding acceptable use within a work environment in order to drive any effective business processes (Green, 2022).\nFinally, as mentioned previously in this paper, a robust backup and archiving schedule largely neutralizes the threat that ransomware can potentially pose to any government body (Richardson, 2017). Therefore, legislation that incentivizes IT system hardening across the board and also requires scheduled backup procedures in a manner that can be audited by an external organization will only help to reduce the attack surface that otherwise would be accessible to ransomware criminals.\nAlthough the reality of working in cybersecurity is often not as glamorous as depicted on television, many actionable steps can be taken by security professionals leading federal, state, and local government agencies that will help to mitigate the damages of a ransomware attack. Two of the most effective security controls specifically addressing ransomware have been discussed extensively in this paper. They are 1.) Establishing phishing awareness security training programs across all internal operations teams, and 2.) Ensuring the existence and restorability of backups containing all essential business data required to operate at a minimum skeleton function. Legal regulations that codify these two information security controls are badly needed and it would be my goal as a newly appointed member of Congress to establish these rules as fundamental requirements for every government agency. Without adequate written policies that establish prohibition of ransom payment in connection with cybersecurity breaches, cyber criminal behavior will only continue to proliferate online.\nReferences —\nAtapour-Abarghouei, A., Bonner, S., \u0026amp; McGough, A. S. (2019, November). Volenti non fit injuria: Ransomware and its victims. NASA/ADS. Retrieved from https://ui.adsabs.harvard.edu/abs/2019arXiv191108364A/abstract.\nBarry K. Graham, et al. v. Universal Health Service, Inc., Civil Action No. 20-5375. (May 17, 2021). Retrieved from https://scholar.google.com/scholar_case?case=5633761338621740526.\nBrewer, R. (2016, September 28). Ransomware attacks: Detection, prevention and cure. Network Security. Retrieved December 12, 2021, from https://www.sciencedirect.com/science/article/pii/S1353485816300861.\nMcGovern, B. (2018, November 17). Michelle Carter found guilty in landmark texting suicide case. Boston Herald. Retrieved December 12, 2021, from https://www.bostonherald.com/2017/06/16/michelle-carter-found-guilty-in-landmark-texting-suicide-case/.\nMiller, M. (2021, December 10). Officials press for actionable recommendations from New Cyber Advisory Committee. The Hill. Retrieved from https://thehill.com/policy/cybersecurity/585387-officials-press-for-actionable-recommendations-from-new-cyber-advisory.\nMohurle, S., \u0026amp; Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal of Advanced Research in Computer Science. Retrieved from https://sbgsmedia.in/2018/05/10/2261f190e292ad93d6887198d7050dec.pdf.\nNational Ink and Stitch, LLC, Plaintiff, v. State Auto Property and Casualty Insurance Company, Defendant, Civil Case No. SAG-18-2138. (January 23, 2020). Retrieved from https://scholar.google.com/scholar_case?case=8430864325697222171\nRashid, F. (2016, March 14). 4 reasons not to pay up in a ransomware attack. CSO Online. Retrieved from https://www.csoonline.com/article/3043936/4-reasons-not-to-pay-up-in-a-ransomware-attack.html.\nRichardson, R., \u0026amp; North, M. (2017, January 1). Ransomware: Evolution, mitigation and prevention. Kennesaw State University. Retrieved from https://digitalcommons.kennesaw.edu/cgi/viewcontent.cgi?article=5312\u0026context=facpubs.\n","date":"20 February 2022","permalink":"https://jhuk.tech/2022/02/20/law-and-policy-recommendations-for-ransomware-term-paper/","section":"Posts","summary":"\u003cp\u003eIt is difficult to ignore how the internet has now made it possible to cause harm in a digital environment (McGovern, 2018). According to Western interpretations of proper jurisprudence and social contract theory, individuals gain safety from legal protections that otherwise would not exist without government regulation, surveillance, intervention, and punishment. In the United States of America, the Constitution and Bill of Rights have served as ethical architecture and scaffolding in the physical world reasonably well since their ratification in 1788. However, due to the unrelenting nature of change, new technologies have since emerged that now question how legal standards such as the First Amendment and a Right to Privacy ought to apply in the modern world. Today, societies must respond and equip themselves with new laws and regulations that better anticipate cyber threats in-advance and proactively take steps to defend against criminal behavior in a challenging and constantly evolving online environment.\u003c/p\u003e","title":"Law and Policy Recommendations for Ransomware in the United States - Term Paper"},{"content":"","date":null,"permalink":"https://jhuk.tech/categories/cyber-news/","section":"Categories","summary":"","title":"Cyber News"},{"content":"","date":null,"permalink":"https://jhuk.tech/categories/tryhackme/","section":"Categories","summary":"","title":"TryHackMe"},{"content":"Once a vulnerability is discovered in any given IT system, one common payload a malicious attacker often wants to deliver is a reverse shell. From the black-hat attacker\u0026rsquo;s perspective, he or she wants to establish remote command-line access on the server-side of a victim\u0026rsquo;s business network. But what is a \u0026ldquo;shell?\u0026rdquo; And why is it considered \u0026ldquo;reverse?\u0026rdquo; I will explore these questions in the following brief discussion on the topic.\nIn the computing world, a \u0026ldquo;shell\u0026rdquo; is a generic term for a programmatic means of sending commands to a computer using text and a command line interface (CLI), instead of using a mouse (to point-and-click) and a graphical user interface (GUI). Command Prompt, Windows PowerShell, bash, and zshell are all common examples of computing shells that enable a user (or attacker) to interact with and send commands directly to the operating system layer of a laptop workstation or backend server. For example, launching cmd.exe in a Windows environment or Terminal in MacOS is an example of a user willfully accessing the shell environment.\nFirewalls are designed to inspect network packets flowing inbound to (also outbound from) a host, device, server or any other interconnected resource/node within a subnet. The purpose of any firewall is to control network packet flow by either explicitly blocking or allowing digital communications traffic. Firewalls can be implemented at many different logical layers of the OSI model, at different locations in a network topology, in-line as ethernet-wired hardware, or even deployed as endpoint application-based software. For example, Windows Defender is an example of a host-based firewall implemented at the application layer of a corporate workstation.\nFirewalls make the process of establishing a reverse shell connection to a victim\u0026rsquo;s device / workstation / web server more difficult, but not impossible. For example, web servers typically are configured to listen for and permit inbound/ingress network traffic that makes a request for its resources using port 80 and 443. However, web server firewalls are not always configured to analyze outbound/egress network traffic originating from the server with the same fine-toothed comb - meaning the firewall\u0026rsquo;s access control list (ACL) for egress traffic. In this latter case, malicious activity might look like a web server initiating the outbound request, instead of exclusively receiving and responding to inbound requests. Clearly, this is unusual behavior. Hopefully, logging and event monitoring tools have already been deployed in this fictional environment so that IT administrators can detect suspicious behavior if and when it does occur.\n(Source - https://www.techslang.com/definition/what-is-a-reverse-shell/)\nIn the above illustration, an attacker is blocked from making a direct bind-shell connection to the victim\u0026rsquo;s device because the firewall has been configured to deny his incoming attack. Undeterred however, the black-hat criminal decides to take a different method of achieving remote command-line access on the victim\u0026rsquo;s device by utilizing a reverse-shell payload. First, the wily criminal has to figure out a specific vulnerability that exists within the victim\u0026rsquo;s internal LAN. Most any vulnerability will do, whether it is sophisticated by using the latest CVE exploit and technical programming language bug, or much-less sophisticated such as by leveraging phishing or social engineering to get a user to accidentally download malware from a seemingly benign email. Once the reverse-shell malware has been launched within a corporate internal LAN, the malware makes an egress request to an established listening port the attacker has already set up at a remote location. In this manner, the corporate firewall has effectively been bypassed, and the attacker has achieved remote command-line shell access.\nAfter establishing this initial foothold, the attacker can then easily branch out to escalate privileges, establish network persistence, and compromise, modify, and exfiltrate other downstream targets such as proprietary data and/or intellectual property corresponding to the criminal\u0026rsquo;s individual or organizational ultimate objectives. The MITRE ATT\u0026amp;CK Framework provides a very helpful methodology that criminals (and red-team penetration testers) often have in mind when attacking information systems, along with detailed descriptions of each step in the process with examples of techniques involved.\nThank you for reading! My writeup was intended to provide very brief context for understanding the severity of a modern 0-day vulnerability like Log4j and its potential downstream impacts.\n","date":"3 February 2022","permalink":"https://jhuk.tech/2022/02/03/what-is-a-reverse-shell-implications-for-log4j-vulnerability/","section":"Posts","summary":"\u003cp\u003eOnce a vulnerability is discovered in any given IT system, one common payload a malicious attacker often wants to deliver is a \u003cstrong\u003ereverse shell\u003c/strong\u003e. From the black-hat attacker\u0026rsquo;s perspective, he or she wants to establish remote command-line access on the server-side of a victim\u0026rsquo;s business network. But what is a \u0026ldquo;shell?\u0026rdquo; And why is it considered \u0026ldquo;reverse?\u0026rdquo; I will explore these questions in the following brief discussion on the topic.\u003c/p\u003e","title":"What is a Reverse Shell? Implications for Log4j Vulnerability."},{"content":"In today\u0026rsquo;s modern tech-centered business environment, corporations like Facebook, Google, and Amazon have collected extensive analytics of users\u0026rsquo; online digital behavior in order to build, maintain, and increase their market caps. Public scandals such as Facebook’s voluntary involvement with Cambridge Analytica clearly reveal that businesses have enormous financial incentives to gather, store, and sell the personally identifiable information of end users. Historically, the legal guidelines surrounding the processing of users\u0026rsquo; personal data has been lax. However, in response to this growing list of privacy concerns, European lawmakers passed and codified the General Data Protection Regulation (GDPR) on May 25th, 2018.\nAccording to Article 5 of the GDPR, six specific guidelines have been laid out to serve as philosophical principles that collectively constitute data privacy. Those principles are 1.) Fairness and lawfulness; 2.) Purpose limitation; 3.) Data minimization; 4.) Accuracy; 5.) Storage limitation; and 6.) Integrity and confidentiality. (Goddard, 2017) Many of these data privacy and security principles will already be familiar to experienced cybersecurity professionals, however the explicit identification of these distinct principles into a single, written, legal document helps to clarify the complex issue of data privacy.\nIn addition to these 6 principles, GDPR also stipulates, guarantees, and enshrines certain functionalities to be \u0026ldquo;request-able\u0026rdquo; by end users. These many functional rights include the “right to erasure”, “right to access”, “right to rectification”, “right to data portability”, and also “right to restriction of processing.” (Bozhanov, 2018) This means that any business wishing to provide digital services in Europe should be aware that they must also figure out a way to implement these technical functionalities that can be requested by end users.\nThe exact method regarding how different organizations will choose to implement each of these GDPR requirements will be incumbent upon each individual organization and their technical engineering team to reach consensus and settle upon, then execute. This means that data privacy concepts can be instantiated in different programming languages, paradigms, and technology stacks according to the requirements of each particular business environment.\nFor example, if an EU business owner wants to implement the “right of erasure” into his database that contains the home address shipping information of his customers. Doing so would help fulfill the Article 5 GDPR guidelines of 3.) data minimization and even more directly 5.) storage limitation. A hypothetical means of implementing this functionality into programming code might entail establishing a policy for database data retention and deletion deadlines. For example, in the customer shipment and fulfillment space, databases storing shipping information could automatically schedule for job deletion a customer’s personal home address information once another API tracking system determines the shipment returns a successful value. (Bozhanov, 2018) Best practices for “pseudonymization” of users personal information, perhaps via the use of an encryption key or obfuscation algorithm, should also be implemented within organizational policies that better ensure non-attribution. (Politou, 2017)\nNext, specific instructions have been laid out by GDPR that address the methods and means by which users can authoritatively provide informed consent, prior to collecting their personal data online. According to the Court of Justice of the EU, in order for consent to be freely given and informed, it must be a “separate action” from the activity the user was initially pursuing. (Nouwens, 2020) In other words, this means that passively browsing an online application does not constitute positive action and therefore does not provide meaningful informed consent. Instead, a user must provide explicit “opt-in” consent and a check-box must not automatically be filled in by default. (Nouwens, 2020)\nIn comparison to Europe, the United States has a very different outlook on an individual\u0026rsquo;s data privacy. Unlike data protection laws found in Europe, those laws in the United States have been siloed into specific categories, in many cases corresponding to the particular business industry to which that data belongs.\nThe categories covered under federal law are healthcare data (under the Health Information and Portability Accountability Act, HIPAA), financial data (under the Gramm Leach Bliley Act, GLB) children’s information (under the Children’s Online Privacy Protection Act, COPPA), students’ personal information (under Family Educational Rights and Privacy Act, FERPA), and consumer information (under the Fair Credit Reporting Act, FCRA).\n(Houser, Voss, 2018)\nIt is important to notice two points. First, many of these regulations were enacted prior to common use of the internet and cloud storage systems, and correspondingly do not map very intuitively to the current digital landscape in 2022. Second, many of these laws approach data protection from the perspective of businesses rather than consumers. While the EU seems to frame data protection in the GDPR from the fiduciary perspective of individuals, the United States has approached the same topic of data privacy from the perspective of corporations. These vast differences in privacy rights ideologies can be traced back to the expressed inclusion of a “right to privacy” in the Charter of Fundamental Rights of the European Union, whereas no such equivalent legal guarantee exists in the United States Constitution.\nIn a globalized economy and increasingly digital marketplace, it is difficult to avoid doing business with consumers located in various countries located across the world including the European Union. Despite this, there are many new business challenges that GDPR introduces to an already strained economic environment. Those include extraterritorial application of GDPR fines to data processors located outside the EU, specific functional rights granted to individual users (as previously discussed), and a host of new compliance mechanisms and audit-proof record-keeping requirements. (Rahman, 2018)\nAccording to Article 83 of the GDPR, corporations found liable for violating the most serious category of data protection laws will be fined the higher of 20,000,000 EUR or 4% of their global annual revenue. This would entail a fine of $1 billion USD in the case of Facebook, or $3-4 billion USD in the case of Google/Alphabet. Such exorbitant fines represent a potential existential threat for Google’s future ability to operate in the European marketplace precisely because a significant portion of their revenue stems from selling targeted advertisements using the data collected from European users.\nIn 2014, the Italian Data Processing Authority (DPA) ordered Google to provide “more effective notices and obtain prior consent from its users for the processing of their personal information.” Upon a technical investigation, it was discovered that Google was processing information in Gmail accounts and using data found in cookies to profile users and sell targeted ads. (Houser, Voss, 2018) It remains to be seen whether Google and Facebook will successfully be able to adapt their data processing systems in order to maintain compliance with the European marketplace, or whether GDPR truly represents an existential threat to the future operations of their business model.\nSince its introduction to the world on May 25th 2018, the General Data Protection Regulation has already had an enormous impact on the global digital economy, data privacy, and the field of cybersecurity. The impact of this legislation will continue to be felt into the next several years as privacy compliance requirements continue to evolve. It is important to pay attention to GDPR not only because the fines that can be imposed are substantial, but also because the data privacy practices implemented by global tech corporations merit greater scrutiny. The commodity these global tech giants sell after all, is our own personal data privacy.\nReferences -\n1.) Bozhanov, B. (2018, February 19). GDPR - A practical guide for developers and architects. AxonIQ. Retrieved November 22, 2021, from https://lp.axoniq.io/gdpr-data-protection-module.\n2.) GDPR Resources and Information. (n.d.). Article 5: Principles relating to processing of personal data. GDPR.org. Retrieved November 21, 2021, from https://www.gdpr.org/regulation/article-5.html.\n3.) Goddard, M. (2017). The EU General Data Protection Regulation (GDPR): European Regulation that has a Global Impact. International Journal of Market Research, 59(6), 703–705. https://doi.org/10.2501/IJMR-2017-050\n4.) Houser, K., \u0026amp; Voss, G. (2018, November 6). GDPR: The end of google and Facebook or a new paradigm in data privacy? Richmond Journal of Law and Technology. Retrieved November 21, 2021, from https://jolt.richmond.edu/gdpr-the-end-of-google-and-facebook-or-a-new-paradigm-in-data-privacy/.\n5.) Nouwens, M., Liccardi, I., \u0026amp; Veale, M. (2020, April 1). Dark patterns after the GDPR: Scraping consent pop-ups and demonstrating their influence. Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence | Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. Retrieved November 21, 2021, from https://dl.acm.org/doi/abs/10.1145/3313831.3376321.\n6.) Politou, E., Alepis, E., \u0026amp; Patsakis, C. (2018, March 26). Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions. OUP Academic. Retrieved November 21, 2021, from https://doi.org/10.1093/cybsec/tyy001.\n7.) Rahman, M. (2018, April 4). Amidst data scandal, Facebook will voluntarily enforce EU\u0026rsquo;s new privacy rules \u0026ldquo;everywhere\u0026rdquo;. XDA Developers. Retrieved November 21, 2021, from https://www.xda-developers.com/facebook-voluntarly-enforce-eu-privacy-law/.\n","date":"29 January 2022","permalink":"https://jhuk.tech/2022/01/29/general-data-protection-regulation-gdpr-an-overview-of-the-law-and-its-fines/","section":"Posts","summary":"\u003cp\u003eIn today\u0026rsquo;s modern tech-centered business environment, corporations like Facebook, Google, and Amazon have collected extensive analytics of users\u0026rsquo; online digital behavior in order to build, maintain, and increase their market caps. Public scandals such as Facebook’s voluntary involvement with Cambridge Analytica clearly reveal that businesses have enormous financial incentives to gather, store, and sell the personally identifiable information of end users. Historically, the legal guidelines surrounding the processing of users\u0026rsquo; personal data has been lax. However, in response to this growing list of privacy concerns, European lawmakers passed and codified the General Data Protection Regulation (GDPR) on May 25th, 2018.\u003c/p\u003e","title":"General Data Protection Regulation (GDPR) - The Law, Ethics, and its Fines"},{"content":"","date":null,"permalink":"https://jhuk.tech/categories/hackthebox/","section":"Categories","summary":"","title":"HackTheBox"},{"content":"Nmap is an extremely powerful, free and open-source network mapping utility that can be used for many purposes. In this post, I provide a brief overview of what Nmap can be used for in the cybersecurity industry. These various and useful functions include determining what hosts exist on a network, what services those hosts may offer, and what operating systems (and OS versions) may be running on the backend. Nmap can also scan information about firewalls and potentially also how to evade them. All of this information is acquired across whichever devices respond in the scanned range of IP addresses.\nNmap determines this information by sending raw IP packets to targets in the specified range. Then by analyzing data in the response packet, identifying information can be determined about the remote machine. Nmap can scan against a single target host IP address, but this tool can also scan entire enterprise-scale environments for assets and possible vulnerable services as well.\nThe command nmap -A -T4 cloudflare.com was input into an administrative Kali terminal. The -A flag enables OS detection, version detection, default script scanning, and traceroute. -T4 is a timing template that specifies the interval between sending packets and waiting for the response.\nAlthough the amount of text output initially feels overwhelming, it helps to break down each of the sections into different parts. There are 4 columns indicating the Port, State, Service, and Version. This information is valuable because it tells us not only whether a particular service is open and listening (the http service is open on port 80/tcp in this example); it also tells us detailed information about the version of the service (Cloudflare, Apache, Nginx, Windows IIS, etc.) that is running on that device. We can take this information to consult with other sources. This cross-referencing process will determine whether any vulnerabilities and/or exploits already exist in the wild for that specific CVE on the public internet.\nThe state of a port scanned by Nmap can be either open, filtered, closed, or unfiltered. Open means there exists an application on the target machine that is actively listening for connections/packets on that port. Filtered means that a firewall, filter, or some other network obstacle is blocking that port, so Nmap cannot determine its state. Closed ports do not have any application listening at that location. Unfiltered ports do send a response in some manner to Nmap\u0026rsquo;s probes, but not according to the expected pre-determined categories.\nIn this example nmap -Pn --script vuln 192.168.1.105 was executed. This NSE script detected CVE-2007-6750 named \u0026ldquo;Slowloris DoS attack\u0026rdquo; as a vulnerability on the scanned http server.\nFinally, the NSE (Nmap Scripting Engine) is another useful feature contained within the Nmap utility. This feature allows security administrators to run scripts that automatically test whether devices on their network are vulnerable to certain well-documented CVEs. From the vulnerability test in the above example, researchers were able to detect a specific CVE that attackers could leverage to launch a Denial of Service (DoS) attack on this http server. In other circumstances, different types of vulnerabilities may result in a more severe incidents such as intellectual property theft or a customer information data breach storing names, credit card numbers, and home addresses.\nReferences -\n“Nmap Reference Guide.” Chapter 15. Nmap Reference Guide | Nmap Network Scanning, https://nmap.org/book/man.html.\nTop 16 Nmap Commands: Nmap Port Scan Tutorial Guide. https://securitytrails.com/blog/nmap-commands.\n","date":"25 January 2022","permalink":"https://jhuk.tech/2022/01/25/nmap-overview-and-use-for-reconnaissance-and-asset-enumeration/","section":"Posts","summary":"\u003cp\u003eNmap is an extremely powerful, free and open-source network mapping utility that can be used for many purposes. In this post, I provide a brief overview of what Nmap can be used for in the cybersecurity industry. These various and useful functions include determining what hosts exist on a network, what services those hosts may offer, and what operating systems (and OS versions) may be running on the backend. Nmap can also scan information about firewalls and potentially also how to evade them. All of this information is acquired across whichever devices respond in the scanned range of IP addresses.\u003c/p\u003e","title":"Nmap - Overview and Use in Reconnaissance and Asset Enumeration"},{"content":"In this writeup, I will cover how a custom script in python “knows” to read text input by the user written at the command line. In line 1, the sys module is first imported. This makes all functions defined within the sys module available to the namespace of the rest of our program.\nThe dot operator accesses the “argv” property contained within the sys module, and this value is stored in the “message” variable. Then, when we print this variable, python returns a list object with 3 indexes. The string ‘argv.py’ is contained at the [0] index, ‘hello’ at the [1] index, and ‘everyone!’ at the [2] index.\nRunning “python argv.py del” in the command line returns the string “delete”. However if “somethingelse” is passed as a command line argument, this program returns, “That command is unknown.” as shown above.\nHere I changed the logic of my program to check if any string argument is passed to the argv.py file in the command line. In line 5, I have to access the 2nd element of the list sys.argv[1] since as mentioned above the [0] index is the name of the program itself. Then I add nested if statements to further check whether the argument passed in the command line matches a particular string that I would like to code additional logic for.\nIn this sample script, the output action is simply to print the same string if there is a match with “save”, “load” or “del” — but any additional logic that could be defined to interact or retrieve data from the system is, of course, also possible. Thank you for reading this explanation!\n","date":"21 January 2022","permalink":"https://jhuk.tech/2022/01/21/how-to-write-python-scripts-that-read-arguments-from-the-command-line/","section":"Posts","summary":"\u003cp\u003eIn this writeup, I will cover how a custom script in python “knows” to read text input by the user written at the command line. In line 1, the sys module is first imported. This makes all functions defined within the sys module available to the namespace of the rest of our program.\u003c/p\u003e\n\u003cp\u003eThe dot operator accesses the “argv” property contained within the sys module, and this value is stored in the “message” variable. Then, when we print this variable, python returns a list object with 3 indexes. The string ‘argv.py’ is contained at the [0] index, ‘hello’ at the [1] index, and ‘everyone!’ at the [2] index.\u003c/p\u003e","title":"How to write Python scripts that read arguments from the Command line"},{"content":"Professional Statement #Hello, world! My name is David J. Kim. I have worked full-time as a Solutions Architect for Akamai Technologies. I also have experience working in IT Operations as an Information Assurance Compliance Analyst for LMI. I was inspired to write free, original, educational cybersecurity content by John Hammond. This blog shares important lessons I have learned from using Burp Suite for web application penetration testing to using Claude Code to manage AWS Infrastructure, GitHub repositories, and Terraform.\nI am passionate about safeguarding personal data - both my own and the companies I represent. I enjoy learning about constantly evolving new technologies and applying my skills to tackle complex business problems.\nEducation and Certifications #I graduated with a Master of Professional Studies in Cybersecurity from the University of Maryland Baltimore County in December 2022. I passed the certification exams and am a current holder of the following certifications: CISSP (May 2025), GWAPT, GCIH, GSEC and Security+.\nThese certifications were excellent resources to jump-start my academic journey into computer systems, the OSI networking model, and fundamental internet protocols such as DNS/HTTP. However, I have since learned that demonstrating technical skills and the having the ability to communicate this IT knowledge across business units are also critical in the modern United States workplace.\nI believe the value of having any knowledge in cybersecurity is intrinsically tied to the act of sharing that knowledge with other people. Given the difficulty of staying up-to-date on cybersecurity issues and vulnerabilities, I believe in fostering a mindset focused on growth, rather than scarcity.\n","date":"18 January 2022","permalink":"https://jhuk.tech/about-me/","section":"Jhuk Tech News","summary":"\u003ch1 id=\"professional-statement\" class=\"relative group\"\u003eProfessional Statement \u003cspan class=\"absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100\"\u003e\u003ca class=\"group-hover:text-primary-300 dark:group-hover:text-neutral-700\" style=\"text-decoration-line: none !important;\" href=\"#professional-statement\" aria-label=\"Anchor\"\u003e#\u003c/a\u003e\u003c/span\u003e\u003c/h1\u003e\u003cp\u003eHello, world! My name is David J. Kim. I have worked full-time as a Solutions Architect for \u003ca href=\"https://www.akamai.com/\" target=\"_blank\" rel=\"noreferrer\"\u003eAkamai Technologies\u003c/a\u003e. I also have experience working in IT Operations as an Information Assurance Compliance Analyst for \u003ca href=\"https://www.lmi.org/\" target=\"_blank\" rel=\"noreferrer\"\u003eLMI\u003c/a\u003e. I was inspired to write free, original, educational cybersecurity content by \u003ca href=\"https://www.linkedin.com/in/johnhammond010/\" target=\"_blank\" rel=\"noreferrer\"\u003eJohn Hammond\u003c/a\u003e. This blog shares important lessons I have learned from using Burp Suite for web application penetration testing to using Claude Code to manage AWS Infrastructure, GitHub repositories, and Terraform.\u003c/p\u003e","title":"About Me"},{"content":"","date":null,"permalink":"https://jhuk.tech/tags/","section":"Tags","summary":"","title":"Tags"}]