DEV Community: Prasan Singh

Significance of competitive intelligence

Prasan Singh — Mon, 09 May 2022 14:22:03 +0000

Competitive Intelligence, sometimes referred to as business intelligence, refers to the skill to gather, analyze, and use information collected on participants, customers, and other market factors contributing to a business’s cheap advantage. Competitive Intelligence is crucial because it helps companies understand their competitive environment and the opportunities and challenges it presents. Businesses analyze the information to create effective and efficient business practices.

How does competitive Intelligence works?
By definition, competitive Intelligence assembles actionable information from diverse published and unpublished sources, collected efficiently and ethically. Ideally, a business successfully employs competitive Intelligence by cultivating a detailed enough portrait of the marketplace so it may anticipate and respond to challenges and problems before they arise.

Here are some problems that will face in a competitive field in competitive Intelligence is:

1.) poor competitive differentiation: Competitive intl was too general and didn’t differentiate based on specific competitors. The information was also feature-specific, rather than giving insight for employees to set the product apart from valued propositions. It didn’t help the business stand out.

2.) decentralized competitive Intelligence : Information was being pushed out, but it was scattered everywhere. Employees would have to sift through old emails, docs, and slides in an attempt to find the insights they needed.

3.) internal messaging was inaccurate: Out-of-date information is terrible but incorrect information is worse. There was a disconnect between what marketing said and what sales experienced; marketing campaigns pushed positive positioning slants that weren’t true

4.) competitive information lacked strategic direction: There was no clearly defined strategy behind the competitive Intelligence being gathered. Sales teams were using the intel on an ad-hoc basis rather than creating structured battle cards that could help them through every sales cycle stage.

Competitive Intelligence is the systematic collection and analysis of information from multiple sources and a coordinated business’s competitive advantage. It is the action of defining, gathering, analyzing, and distributing Intelligence about products, customers, competitors, and any aspect of the environment needed to support executives and managers in strategic decision-making for an organization. Competitive Intelligence means understanding and learning what is happening in the world outside the business to increase one’s competitiveness. It means learning as much as possible, as soon as possible, about one’s external environment, including one’s industry in general and relevant competitors.

Key Takeaways

Competitive Intelligence is a legal business practice instead of industrial espionage, which is illegal.
The focus is on the external business environment.
There is a process involved in gathering information, converting it into Intelligence, and then using it in decision making.
Some Competitive intelligence professionals erroneously emphasize that if the Intelligence gathered is not usable or actionable, it is not Intelligence.

How Competitive Intelligence Works In order to obtain competitive Intelligence, companies can gather data and information from a vast amount of sources: customers, competitors, industry experts and reports, trade shows and conferences, financial statements, and government records. Additionally, due to the explosion of user-generated content on blogs, forums, social networks, and more, more information is available than ever before. This has led to a new phenomenon named ‘information overload.’ To deal with this exponential expansion of data, companies rely on tools and apps that help them collect, process, and analyze data more efficiently.

Check out CyberJunk Community Discord Server to get your hands on exclusive infosec tools, researches, and premium courses at no cost.

Connect with me:
LinkedIn: https://www.linkedin.com/in/prasan-singh-13ba15198/
Twitter: https://twitter.com/parsan26
Join The Community:
LinkedIn: https://www.linkedin.com/company/cyber-junk
Discord: https://discord.gg/ZmCmkw2enz
Support my HackClub:
https://bank.hackclub.com/donations/start/cyber-junk

Types of Steganography methods that are used for hiding confidential data.

Prasan Singh — Sun, 08 May 2022 04:14:05 +0000

** Are the images really safe? **
Steganography, according to Wikipedia, is the practice of concealing a message within another message or a physical object. In computing/electronic contexts, a computer file, message, image, or video is hidden within another file, message, image, or video. The word steganography comes from Greek steganographia, which combines the words steganós, meaning “covered or concealed,” and -graphia meaning “writing.”

Steganography Types

The type of cover data is also the type of steganography. Today, steganography is examined as text, image, audio, video, and protocol steganography.

Text Steganography

Confidential data is hidden in text files. Different methods can be used to hide the data in the text file. These methods include;• Format Based Method: Confidential data is hidden inside cover data with techniques such as adding text spaces, deliberate typing errors, and sizes of writing types. This method is easily detectable by computer software. Hence, it is a less preferred method.

• Random and Statistical Method: Hidden data is stored inside character strings. Places where confidential information is hidden must be reported to the extractor.

• Linguistics Method: Hidden data is stored in the syntactic structure.

Image steganography

is the method of hiding data inside an image file as cover data. In image steganography, pixel densities are used to hide the data. The most commonly used image formats as cover data are; BMP, PNG, JPEG, TIFF, and GIF(Kamble et al., 2013). Image steganography uses the weaknesses of the human visual system (HVS).

Most commonly used methods in image steganography;

• Least Significant Bit (LSB)

• Spread spectrum

• F5

• Palette embedding

• Wavelet transform

Data masking

Audio SteganographyThis method hides data inside sound files. This method uses audio file formats such as WAV, AU, and MP3 as cover data. Audio steganography has different methods.

These methods include;

• Least Significant Bit (LSB)

• Parity coding

• Phase coding

• Spread spectrum

• Echo hiding.

Video Steganography

It is the technique of hiding any file or data inside a digital video format file. Video steganography uses H.264, Mp4, MPEG, and AVI video formats as cover data. So almost all of the steganography techniques that can be applied to image and audio files can be used for video files. Video steganography provides less perceptibility because the video is a flow of images and sounds at a high frame rate. Due to the large size of video files, the payload capacities of video steganography is quite large.

Network or Protocol Steganography

It aims to hide confidential data inside a cover object protocol such as TCP, UDP, ICM, and IP. There are hidden channels in the OSI layer networking model where steganography can be used.

Steganography Defense

Detecting and managing malicious use of steganography already happening on a network is very difficult.

According to Barwise, “If an adversary is to able to penetrate a network successfully and unsuspectingly install malware onto a system that uses digital steganography to hide its presence, then the network and all associated data contained therein should be considered entirely compromised (Theoretical Framework). This is a good description of how difficult it is to detect and respond to the use of hidden data techniques against your information resources. Antivirus and IPS are not likely to detect malicious content in images or audio. It is difficult to detect network-based steganography with monitoring solutions. Consequently, the best approach to steganography defense is the implementation of known ways to prevent the infiltration of malware and unwanted utility software.

Prevention:

For prevention, the first step is identifying ways steganographic tools and infected carriers can find their way onto your network. The next step is to block them. In addition to implementing antivirus, IPS, and firewalls according to current best practices:

• Remove local admin access from all day-to-day accounts

• Only allow installation of whitelisted applications

• Strictly enforce least privilege and need-to-know

• Segment the network and prevent access to database servers to anything but application servers and strictly manage traffic entering and leaving the segments by using explicit allows

• Ensure all applications that access database servers have strong input validation

• Prohibit or strictly manage script and macro execution

• Consider blocking or alerting on suspicious movement of certain file types, including stripping them from all email messages Image files Audio files Video files Larger than regular Office applications (normal for your organization)

• Only download and install applications or other media from the internet that includes a valid hash value you can check

• Block general use of USB storage

• Train users not to download images, songs, videos, and other media from the internet, especially from social networking sites.

How an organization approaches these controls depends on its unique operating environment and management’s willingness to deal with the potential employee frustration.

It is all about risk and management’s appetite for risk. Deep Secure developed a novel approach to prevention. Their content threat removal tools assume all content is compromised. Original content is not delivered to the recipient. Instead, obvious business/functional information is stripped and placed into a new document/file. This reconstructed document/file is delivered, and the original is dropped.

Monitoring and Detection

As always, assume malicious actors find ways to circumvent your prevention controls. Some ways to proceed are:

• Monitor network behavior for anomalous packet traffic such as that described in the section, Attack Command and Control

• Monitor user behavior for unusual access and large data transfers

• Scan all computers, especially user devices, for steganography tools

• Periodically use forensics tools to test all or a meaningful sample of potential carriers found on the network to determine if they might contain hidden information

CONCLUSION: Steganography is used for good and malicious purposes, from securing confidential and sensitive data to stealing or backdooring the network.

Connect with me:
LinkedIn: https://www.linkedin.com/in/prasan-singh-13ba15198/
Twitter: https://twitter.com/parsan26
Join The Community:
LinkedIn: https://www.linkedin.com/company/cyber-junk
Discord: https://discord.gg/ZmCmkw2enz
Support my HackClub:
https://bank.hackclub.com/donations/start/cyber-junk

Role of Mobile Forensics in dealing with Mobile Threats.

Prasan Singh — Sun, 12 Sep 2021 12:57:25 +0000

Mobile devices such as smartphones and tablets have become an integral part of modern first world life. There are literally billions of active mobile devices. Each device typically contains a large amount of sensitive data about the user, as well as individuals and organizations with which the user interacts. They also act as endpoints that are typically authenticated and authorized to access a wide variety of secured systems. And most mobile devices are connected to the public internet a significant amount of the time. Mobile devices are small mobile computing devices. Each is comprised of a combination of hardware and software. Each is potentially susceptible to compromise by many different means. Various threats associated with mobile devices are listed below:

Data Leakage.
Mobile apps are often the cause of unintentional data leakage.
Unsecured Wi-Fi.
Network Spoofing.
Phishing Phishing and social engineering attacks.
Broken Cryptography.
Improper Session Handling.
Poor cyber hygiene, including weak passwords and improper or no use of multifactor authentication (MFA)
Poor technical controls, such as improper session handling, out-of-date devices and operating systems, and cryptographic controls

Perhaps the most difficult threat to defend against is the user. Users can be turned into unwilling accomplices of an adversary through many types of social engineering, or they can simply make a mistake in configuring or using the device. Either way, the technical security controls can often be defeated by the user being induced to do the wrong thing through error, trickery, coercion, or ill intent. Once this occurs, the systems to which they have access, such as their employer, can be at risk, as well as their own sensitive data.

Mobile devices can be attacked via web browser, email clients, instant messaging systems, and through compromised or malicious apps. Once compromised, an adversary may compromise the confidentiality, integrity, or availability of the data on the device, or may use the device as a way to do the same on systems to which the mobile device is connected

A compromised mobile device may also be used as a resource by an adversary. They may, for example, use it to send spam email or unsolicited text messages. They might use it to mine cryptocurrency. Or they might use it to artificially increase the number of clicks on advertising to fraudulently gains ad revenue.

A mobile device that is lost may contain data that has not been properly backed up elsewhere, resulting in loss of that data. This may result in economic loss as well as non-monetary consequences. If that data is subject to unauthorized access by an adversary, there may be additional consequences ranging from economic to legal to reputational.

As noted in the text Forensic science: An introduction (Saferstein, 2016), and presented on YouTube (Hinkson, 2019), digital forensic investigation of a mobile device can provide evidence that can be used to determine the temporal order of events as well as a causal chain of cause and effect. By gathering evidence, we can help determine the facts, and may be able to determine who is responsible as well as how and why the crime occurred. By gathering the evidence, we can help in determining the facts of innocence or guilt of a suspect, and/or by performing post-compromise analysis, we may be able to determine how an adversary compromised the security of a device and help improve security controls in the future.

Hack This Fall 2.0

Hack This Fall is an Online Hackathon powered by MLH. It is taking place shortly, you can join this Hackathon by the following link: https://hackthisfall.devpost.com/ and Use code HTFHE030 while registering for it. Don't let an awesome opportunity go!

how to identify the traces of the tor browser during the investigation?

Prasan Singh — Fri, 13 Aug 2021 19:16:38 +0000

Tor browser is one of the topics that excite every cybersecurity enthusiast. Tor was made for only one purpose, i.e., to make the user anonymous on the internet. It is used to access the Dark web, the deepest entity of the known Internet. Let's understand the working of Tor before investigating it. Tor browsers is based on Mozilla Firefox and work on relays. These are routers or nodes through which the traffic passes. These relays are divided into three levels:

Entry Relay: When establishing a Tor network, the user connects to the entry node, from which the user's IP address can be seen.
Middle Relay: Here, the data is transferred in an encrypted mode.
Exit Relay: data is sent to the destination servers through this node. Thus, the exit node is seen as the origin of the traffic, hiding the original identity of the user.

The working and routing technique is known as onion routing. Tor browser provides access to .onion websites available on the dark web. Tor’s hidden service protocol allows users to host websites anonymously with. Users on the Tor network can only access BIT domains and these websites.

Although the Tor browser provides anonymity to its users, artifacts pertaining to the activities performed on it reside on the system RAM as long as the system is not powered off. Investigators can acquire a RAM dump of the live suspect machine to identify and analyze the artifacts pertaining to malicious use of the Tor browser. To investigate cybercrimes perpetrated using the Tor browser, forensic investigators should collect RAM dumps from the suspect machine and study them to determine the malicious activities performed using the Tor browser, including websites visited, emails accessed, and programs downloaded.

When the Tor browser is installed on a Windows machine, it uses port 9150/9151 for establishing connections via Tor nodes. Forensic investigators can obtain the path from where the TOR browser is executed in the following Registry key: HKEY_USERS<SID>\SOFTWARE\Mozilla\Firefox\Launcher. The investigator analyzes the ‘State’ file located in the path where the Tor browser was executed on a suspect machine.

When the Tor browser is uninstalled from a machine, or if it is installed in a location other than the desktop (in Windows), it is difficult for investigators to know whether it was used or the location where it is installed, examining the prefetch files helps the investigators in obtaining this information. The prefetch files are located in the directory, C:\WINDOWS\Prefetch on a Windows machine. Using tools such as WinPrefetchView, investigators can obtain metadata related to the browser, which includes:

Browser created timestamps
Browser last run timestamps
Number of times the browser was executed
Tor browser execution directory
Filename

Linkedin: https://linkedin.com/company/cyber-junk
Discord: https://discord.gg/ZmCmkw2enz