0850 800 1483
Everything you wonder about the Cyber Security Industry or our services is here!
To create an efficient SOC; a strategy must be developed, the right tools and personnel must be invested, the SOC must be tailored to specific needs and risks. What is needed in the process of creating an efficient SOC should be well determined and a strategy should be applied accordingly. The SOC to be created must have access to anything that can affect its security status. The right tools and services for the SOC must be selected and invested in. Especially; Security information and event management (SIEM), Endpoint Protection Systems, Automatic Application Security, Firewall, Asset Discovery System, Data Monitoring Tool, Governance, Risk and Compliance (GRC) System, Vulnerability Scanners and Penetration Testing, Log Management System services and tools should be used. In the recruitment process, talented and self-developing personnel should be selected. After the staff is included in the team, necessary investment should be made in training to develop staff skills. Top security analysts in the SOC team; Must have Ethical Hacking, Forensics (Digital Forensics), Reverse Engineering, IPS (Intrusion Prevention System) Expertise skills. Different options should be considered when creating an SOC. It is important to choose the most appropriate type of SOC for the organization. Internal SOC with full-time staff and physical room on-premises, Virtual SOC consisting of part-time staff working in coordination to resolve issues as needed, Outsourced SOCs where some or all functions are managed by an external Managed Security Service Provider (MSSP) can be considered as an option for the type of SOC to be used.
SIEM (Security Information and Event Management) in Turkish, “Security Information and Event Management” collects and organizes data from all sources on the network and provides data so that SOC teams can quickly detect attacks and take action, simplify threat management, and minimize risk. SIEM is critical for SOC tasks such as monitoring, incident response, log management, compliance reporting. SIEM helps the SOC automate aggregation of logs and create rules that can greatly reduce false alerts. For these reasons, SIEM makes SOC more effective in securing organizations.
While SOC focuses on monitoring, detecting and analyzing the security status of an organization, the main purpose of NOC (Network Operation Center) is to monitor and analyze network performance, network speed and downtime in the network and solve any problems that arise. . SOC teams analyze the security status of the system and take necessary action before an organization's data or systems are compromised. NOC teams look for issues that could slow down network speed or cause varying downtime. Both examine issues in real time to prevent them from impacting customers or employees, and continually seek ways to make improvements so that similar issues don't recur. SOC and NOC Teams must collaborate to resolve major incidents and crises in enterprise systems with the best efficiency.
Let's start with the most important frequently asked questions; Why should we have a penetration test? It is of great importance for your system security that the security vulnerabilities in your systems are checked by cyber security companies, their strengths and weaknesses are reported and presented to your information. Despite all the care and efforts of you and your employees in security, there is no limit to the methods and tools that attackers can use to exploit your systems. Possibilities and risks change dimensions according to the level of knowledge and experience of the attackers. For this reason, the security of your systems; It would be a more realistic and efficient step to ensure and increase security by having "White Hat" hacker teams who can act from the point of view of cyber attackers and know the attack methods and take precautions against these methods. In addition, standards such as PCI, HIPAA require pentesting.
The most commonly used software during pentest studies are as follows: Metasploit Nmap Burp Suite Aircrack-ng John the Ripper SqlMap Recon-ng Subfinder Eyewitness In addition to the manual tools given above, some automated tools are also used to speed up the test studies: Nessus NetSparker Acunetix OpenVAS
Authenticate users with username and password. Secure the Coding Policy by paying attention to the Service Providers Policy. A strong password policy is recommended. Change user account names on an organizational basis regularly, such as a password assigned by cloud providers. Protect information exposed during Penetration Testing. Password encryption is recommended. Use centralized Authentication or single sign-on for SaaS Applications. Make sure Security Protocols are up to date and flexible.
Cross-Site Request Forgery: CSRF is an attack designed to persuade the victim to submit a request to perform some task as a user, which is harmful in nature. Side Channel Attacks: This type of attack is cloud-native and potentially devastating, but requires a great deal of skill and luck. This form of attack attempts to violate the victim's privacy by indirectly exploiting the fact that they are using shared resources in the cloud. Signature Wrapping Attacks: This is another type of attack, not specific to the cloud environment, but a dangerous method for the security of a web application. Basically, the signature wrapping attack relies on the use of a technique used in web services. Other Attacks: Hijacking using network sniffing Session hijacking using XSS attacks Domain Name System (DNS) attacks SQL injection attacks Cryptanalysis attacks Denial of service (DoS) and Distributed DoS attacks.
It is of great importance for your system security that the security vulnerabilities in your systems are checked by cyber security companies, their strengths and weaknesses are reported and presented to your information. But the security of your company depends on the security of your Cloud-based infrastructure as much as your systems. Our cloud penetration testing service will help you determine how secure your cloud assets really are.
As stated in the same communique, Minimum Penetration Test scope: Communication Infrastructure and Active Devices DNS Services Domain and User Computers E-mail Services Database Systems Web Applications Mobile Applications Wireless Network Systems ATM Systems Distributed Takedown Tests Code Analysis Social Engineering Internal Penetration Test (Intranet Security Checkup) headers.
The banking and finance sector has become the target of the biggest cyber attacks both in our country and around the world. Banks in our country are independent in accordance with subparagraph (ç) of the third paragraph of the Communiqué of the Banking Regulation and Supervision Agency dated 24.07.2012 and numbered B.02.1.BDK.0.77.00.00/010.06.02-1 “Communiqué on the Principles to be Based on the Management of Information Systems in Banks”. The teams are obliged to have a penetration test performed once a year.
We consider SIEM service to be a necessity rather than a luxury, because the benefits of SIEM products enable an organization to see the "big picture" of security incidents across the enterprise. By aggregating security log data from enterprise security controls, host operating systems, applications, and other software components, SIEM can analyze large amounts of security log data to identify attacks and threats lurking within. A SIEM is often able to identify malicious activity that no other host can identify because it is the only security control with enterprise-wide visibility.
In some ways, security information and event management (SIEM) differs from the normal, average event log management that businesses use to look at network vulnerability and performance. However, SIEM, as a term to express various technologies together, is built on the basic principle of event log management and monitoring. The biggest difference may be the techniques and features involved.
Software tools used in SIEM and Log Management service; Examples include SolarWinds Security Event Manager ManageEngine EventLog Analyzer Micro Focus ArcSight ESM Splunk Enterprise Security LogRhythm Security Intelligence Platform AlienVault Unified Security Management RSA NetWitness IBM QRadar.
Responding quickly to a cyber security incident will help an organization minimize losses, reduce exploited vulnerabilities, restore services and processes, and mitigate risks posed by future events. Incident response enables an organization to prepare for unknown risks as well as known ones, and to detect security incidents as soon as possible. It is a reliable method. Incident response also enables an organization to establish an implementation plan to stop an intruder before it can damage the system.
A successful incident response basically consists of 6 steps: Incident response steps 1. Preparation: It is the stage of preparing for possible risks before an incident occurs. At this stage, the SOME team members who will respond to the incident are determined and an incident response plan is prepared. 2. Detection and Analysis: It is the stage in which the cyber incident is detected. At this stage, it is tried to prove that the attack took place. For this, logs from security tools are collected and analyzed. In order for this stage to be successful, the SIEM and Log Management mechanism within the organization is of great importance. 3. Coverage/Containment: The containment stage is the stage where the attack is limited. At this stage, it is tried to limit the endpoints that the attacker can access and to keep the damage to a minimum. Existing system backups are also taken to prevent destruction of evidence during the containment phase. 4. Threat Eradication: Cleanup phase; It is the stage where the systems are completely cleared of their attacker assets and the threat is eliminated. 5. Recovery: Recovery phase; This is the stage where the system is restored to its pre-attack state after the attack. It is critical that system backups are taken regularly for the successful completion of this phase. 6. Lesson Learning (Post-Incident Activity): Lesson drawing; It is the stage where the weaknesses of the system are determined by evaluating all the data obtained from the beginning of a cyber incident to the end of the interventions, and the measures to be taken against other events that may occur in the future are determined. In our opinion, this stage, in which lessons are learned from mistakes, is the most important of the Incident Response stages, as it will be of great importance in preventing future attacks.
SOME consists primarily of technical IT professionals. In addition to IT specialists, officers working in the legal department in order to manage the legal aspect of the operation are also included in this team.
One of the biggest problems that arise with the introduction of KVKK is the field of consent, and especially for marketing. In accordance with KVKK, consent must be freely given and explicit. Current legislation allows approval with an "opt-out" checkbox. However, the new regulation requires approval through an "elected"; therefore, the data subject ticks a box to agree to receive marketing materials. For this reason, organizations should review their databases for appropriate approval. One of the problems with reapproval is the response rate to these requests, which may have been historically low. Failure to respond to such requests means that consent has not been obtained and you cannot reach them again. In practice, many organizations see the new regulation as an opportunity to “clean up” their marketing databases and ensure that they target those who are genuinely interested in getting their marketing information.
You may think that the data is deleted when you press the delete key on your computer. However, erasing digital data is not easy. However, you can create a data deletion policy together with your IT department or outsourced IT service provider, ensuring that the data to be deleted is kept in an archive with strict access restrictions, so that the archived data is considered "dead data" because direct access is not possible.
Yes, camera footage of data subjects is personal data under current and new regulations. If the data request is received and your organization still holds images of the data subject, you must provide them to the requesting party. In practice, camera recordings are kept for a short time, normally 30 days; therefore, if the request is made after this time, you are not obligated to provide it.
Firewalls are often compared to a lock on your network's door. But it might be more accurate to say that a firewall is a door. In the absence of a firewall, any connection can freely flow into your network. Including links from known malicious sources. This means you run the risk of unauthorized access to your networked files, which could lead to a data breach, malware infection or worse. That's why you need a firewall to filter out most malicious connections.
Firewalls work by inspecting data packets (small pieces of data) against an internal list of rules. These rules; IP addresses: Filtering traffic from suspicious IPs Domain names: Blocking traffic from known malicious domains Ports: Blocking traffic trying to enter from a specific port Content: We can give examples of blocking data packets containing certain keywords. A firewall scans the contents of the packet and then determines whether to allow it based on existing rules. In a typical network setup, all connections to the Internet pass through the firewall. That is, it examines all incoming and outgoing packets.
The inspection process involves comparing the contents of a package against the rules of the firewall. Depending on whether the rule is set to a blacklist or a whitelist, it will react differently to a match. A blacklist rule blocks packets that match the criteria. The whitelist rule blocks packages that do not meet the criteria. A firewall's rules are highly configurable. So you can make the package inspection process specific to your security installation. For example: Whitelisting your own company's IP address. Preventing any outsider from accessing those behind the firewall. Blacklisting the IP of a known malicious file server. To prevent malicious software from spreading to your network. Whitelisting specific domain extensions (.com, .co.uk .edu etc) in outbound traffic. Blocking personnel from accessing potentially dangerous sites.
5 key things your SOC will do: Proactive detection of malicious network and system activity. Instead of waiting an average of 206 days for their companies to detect a violation, you want to be notified as soon as possible to minimize the impact of the violation. Being able to reconfigure the defense configuration before the threat hits you with Threat Awareness See what could be compromised against new threats in your network thanks to Vulnerability Management Awareness of hardware and software assets running in your network; be aware of what kind of threats you are exposed to your assets Having the ability to complete forensics to you and any authority if you are exposed to a security incident or unauthorized access through Log Management These are the main functions you want in your SOC such as compliance monitoring and others. There is no question that they are all critical functions to ensure your company is protected.
Information technology presents new and complex ethical, legal and other issues that result in backlash from both good and bad use of information and communication technologies in society. Therefore, information technology law, like other laws, is critical to protect the rights of its users. This can be achieved through privacy, data protection, validity of online contracts, electronic provisioning, ensuring data integrity and authenticity, establishing intellectual property rights (IPRs), and building trust in open systems. In the virtual world of our age, people will need informatics law in order to feel safe and to use their rights knowingly within the legal framework.
Crime against people: While these crimes occur online, they also affect the lives of real people. Examples of some of these crimes include cyber harassment and stalking, distribution of child pornography, various types of fraud, credit card fraud, human trafficking, identity theft, and online defamation or slander. Crime against property: Some online crimes are committed against property such as computers or servers. Examples of these crimes include DDOS attacks, hacking, virus transfer, cyber and typo url hijacking, computer attack, copyright infringement and IPR violations. Crime against government: When a cybercrime is committed against the government, it is considered an attack on that country's sovereignty and an act of war. Cybercrimes against the government include hacking, accessing confidential information, cyber warfare, cyber terrorism and pirated software.
An important part of cyber law is intellectual property. Intellectual property can include fields such as inventions, literature, music, and businesses. IP rights related to cyber law generally fall into the following categories: Copyright Patent Trade Secrets Domain Disputes Contracts Privacy Business Slander Data retention Jurisdiction
Network Health Scan Recognizing UDP and TCP network services running on targeted hosts Identifying filtering systems between user and targeted hosts Identifying operating systems (OS) used by evaluating IP responses Sequence estimation Evaluating target host's TCP sequence number predictability to detect attack and TCP fraud made for purposes. System Health Scan Detecting vulnerabilities Evaluating the risk from any identified vulnerability Removing all identified vulnerabilities It is done for purposes such as reporting vulnerabilities and how they are handled.
Examples of tools used in System Health Scan are: NetSparker Nessus OpenVAS Acunetix Nmap Manage Engine Vulnerability Manager Plus Paessler PRTG Intruder.
Eliminates the need for centralized control and additional costs. Blockchain provides a secure environment among its members. Transactions are digitally signed using an asset owner public and private key pair. Once saved, the data in a block cannot be changed retrospectively. Open, distributed ledgers record transactions between two parties in an efficient, verifiable and permanent way. Transactions don't just need to be data, they can be code or smart contracts
Our Crypto/Blockchain Security Solution Process: Secure Blockchain System Design Blockchain System Penetration Test Blockchain Application Static / Dynamic Testing Secure Smart Contract Development Smart Contract Audit Web Application Security
%51 Saldırıları: %51 saldırı, en çok bilinen blokchain güvenlik sorunlarından biridir. %51’lik bir saldırıda, bir veya birkaç kötü niyetli varlık, bir blockchain’in hashrate’inin çoğunluğunu kontrol altına alır. Çoğunluk hashrate’i ile çift harcama yapmak ve diğer madencilerin blokları onaylamasını önlemek için işlemleri tersine çevirebilirler.2018’de ZenCash, Verge ve Ethereum Classic gibi birçok önemli kripto para, %51 saldırıya maruz kaldı. Genel olarak, saldırganlar bu blockchain güvenlik sorununu sömürerek geçen yıl 20 milyon dolardan fazla para elde ettiler.Borsa Saldırıları: En pahalı blok zincir güvenlik sorunlarından biri, blok zincir teknolojisinin kendisinde bir sorun değildir. Kripto para borsaları, büyük kripto kullanımları ve bazen zayıf güvenlik uygulamaları nedeniyle bilgisayar korsanları için karlı bir alan haline geldi. Pek çok değişim platformu, merkezi bir şekilde merkezileştirilmiş olduğundan, blockchain’in merkezileşmemiş yararlarını eski hale getirirler.Herhangi bir erken kripto alıcısı size 2014 Mt. Gox hack’inden bahsedebilir. Mt. Gox dönemin borsa lideriydi ve tüm bitcoin işlemlerinin neredeyse yüzde 70’ini gerçekleştiriyordu. Şubat 2014’te, borsa bir hackerın platformdan yaklaşık 850.000 BTC (~ 473 milyon $) çaldığını ortaya koydu. Etkilenen kullanıcılar ortada kaldı.Sosyal Mühendislik: Sizin ve çalışanlarınızın bilmesi gereken bir diğer blockchain güvenlik sorunu sosyal mühendisliktir. Sosyal mühendislik birçok formda gelir, ancak amaç her zaman aynıdır: özel anahtarlarınızı, giriş bilgilerinizi veya daha fazlasını doğrudan kripto para biriminizde elde etmek.Oltalama, sosyal mühendisliğin en yaygın biçimlerinden biridir. Oltalama girişiminde, kötü niyetli bir oyuncu size e-posta gönderir, mesaj gönderir ve hatta güvendiğiniz bir şirket markasını taklit eden bir web sitesi veya sosyal medya hesabı oluşturur. Genellikle, bir aciliyet duygusunu zorlamak için bir hediye veya kritik bir konu altında kimlik bilgilerinizi göndermenizi isteyeceklerdir. Bilgilerinizi teslim ederseniz, hesabınızı silmelerini engellemek için yapabileceğiniz çok az şey vardır.
IoT involves adding an internet connection to interrelated computing devices, mechanical and digital machines, objects, animals and people. Each “thing” provides a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the Internet introduces a number of serious vulnerabilities if not properly protected. IoT security has been the subject of scrutiny following a series of high-profile incidents where a common IoT device was used to infiltrate and attack a larger network. Implementing security measures is critical to securing networks with IoT devices connected to them.
Numerous challenges prevent securing IoT devices and providing end-to-end security in the IoT environment. Because the idea of networking tools and other objects is relatively new, security has not always been considered a top priority during the design phase of a product. Additionally, because IoT is an emerging market, many product designers and manufacturers are more concerned with getting their products to market quickly rather than taking steps to ensure security. A major issue with IoT security is the use of hard-coded or default passwords that can lead to security breaches. Even if passwords are changed, they are not strong enough to prevent infiltration. Many devices do not offer or may not offer advanced security features. For example, sensors that monitor humidity or temperature cannot implement advanced encryption or other security measures. Also, many IoT devices receive almost no security updates or patches with the “set it and forget it” mindset. From a manufacturer's point of view, providing security from the get-go can be expensive, slowing development, and causing the device to not work as it should.
Bir dizi saldırı, spam göndermek için kullanılan buzdolaplarından ve TV’lerden, bebek monitörlerine sızan ve çocuklarla konuşmaya çalışan bilgisayar korsanlarına kadar çeşitli başlıklar altında medyada yer aldı. IoT saldırılarının birçoğunun cihazların kendisini hedeflemediğini, daha çok ağa giriş noktası olarak IoT cihazlarını kullandığını belirtmeliyiz.Örneğin, 2010 yılında, araştırmacılar Stuxnet virüsünün İran’daki santrifüjlere fiziksel olarak zarar vermek için kullanıldığını, 2006’da başlayan saldırıların ancak 2009’da gerçekleşen birincil saldırı olduğunu ortaya çıkardı.Genellikle IoT saldırısının en eski örneklerinden biri olarak kabul edilen Stuxnet virüsü, endüstriyel kontrol sistemlerinde (ICS) merkezi denetim ve veri toplama (SCADA) sistemlerini hedef alarak, programlanabilir mantık denetleyicileri (PLC’ler) tarafından gönderilen talimatlara bulaşmak için kötü amaçlı yazılım kullanır.Aralık 2013’te Proofpoint Inc.’in kurumsal güvenlik şirketi araştırmacısı ilk IoT botnet’i keşfetti. Araştırmacıya göre, botnet’in %25’inden fazlası akıllı TV’ler, bebek monitörleri ve ev aletleri gibi bilgisayar dışındaki cihazlardan oluşuyordu.2015 yılında güvenlik araştırmacıları Charlie Miller ve Chris Valasek bir Jeep’e kablosuz olarak saldırdılar, arabanın medya merkezindeki radyo istasyonunu değiştirdiler, ön cam sileceklerini ve klimasını çalıştırdılar ve gaz pedalının çalışmasını durdurdular. Motoru da öldürebileceklerini, frenleri devreye sokabileceklerini ve frenleri tamamen devre dışı bırakabileceklerini söylediler. Miller ve Valasek, Chrysler’in araç içi bağlantı sistemi olan Uconnect aracılığıyla aracın ağına sızmayı başardılar.
A solid cloud security configuration is imperative for businesses migrating to the cloud. Security threats are constantly evolving and becoming more complex, and the cloud system is no less risky than an on-premises environment. That's why it's so important to work with a cloud provider that offers best-in-class security customized for your infrastructure.
Cloud service providers use a combination of methods to protect your data. Firewall (Firewalls) protect your network security and perimeter of your end users, traffic between different applications stored in the cloud. NAC (Network Access Control) protects data by allowing you to set up access lists for different entities. By maintaining strict access control, you can protect critical documents from malicious insiders or hackers with stolen credentials. Data Security methods include virtual private networks, encryption or masking. Virtual private networks (VPNs) allow remote workers to connect to corporate networks. Data Masking encrypts identifiable information such as names. This preserves data integrity by keeping important information private. Threat Intelligence (Cyber Reconnaissance) detects security threats and ranks them in order of importance. This feature helps protect mission-critical assets from threats.
Cloud-based security systems; Protecting your business from threats Protecting against internal threats Preventing data loss Provides benefits. Among the biggest threats to systems are Malware, Ransomware and DDoS. Malware and Ransomware Violations: Many cloud data security solutions identify malware and ransomware. Firewalls, spam filters and identity management help with this. This keeps malicious email out of employee inboxes. DDoS Protection: In a DDoS or distributed denial of service attack, your system is full of requests. Your website slows down until it crashes when the number of requests is too large to handle. Cloud security services actively monitor the cloud system to identify and defend against attacks. By alerting your cloud provider of the attack in real time, they can take steps to secure your systems.
Traditionally, organizations have invested in network forensics when they realized they needed a systematic approach to resolve security and network performance issues more quickly. This is still true, but in the era of 10G and faster networks, forensic service has taken on new and even greater importance as organizations can conduct detailed analysis of the traffic passing their networks at speeds of 5Gbps or higher. Today's networks transmit so much data that the only way to monitor and troubleshoot traffic is to record it first. Therefore, while network forensics is still an invaluable tool for finding evidence of security attacks, it is now a “must have” tool for analyzing modern networks in detail.
The Network Forensic service can be applied to many situations to solve performance, security, and policy issues in today's high-speed networks. Examples include: • Finding evidence of a security attack • Troubleshooting intermittent performance issues • Monitoring user activity for compliance with IT and HR policies • Identifying the source of data leaks • Monitoring business transactions • Troubleshooting VoIP over IP and video.
Three key capabilities are required to facilitate the use of the Network Forensic service: • Data Capture and Recording: The ability to capture and store large numbers of terabytes of data from high-throughput networks, including 10G and even 40G, without dropping or missing any packets. • Data Discovery: Once the data has been saved on the storage medium, the solution will be able to identify specific items of interest eg IP address, application, context etc. It should provide a tool to filter using. To find specific network conversations or individual packets in a timely manner. • Data Analysis: Automated analysis, including expert analysis describing the context of network events, helps IT engineers quickly identify abnormal or other significant network events. Once these are identified they can go in and make the appropriate corrections.
Smartphones offer many different features and allow users to do almost anything that was previously done with computers. Smartphones replace desktop computers in almost every way, with the advantages of portability; It is more suitable for use in most applications, from private use to business, from photography to online banking. As a result of this situation, smartphones carry valuable information for many researches. It helps the forensic investigator to identify the target person and obtain information about the person's recent activities by providing access to data such as recent chats, call logs, location data, pictures. In most cases, they carry more personal information than a traditional PC used to be. Thus, analyzing mobile phones has become the main part of a forensic investigation.
A forensic investigation has 4 main parts: • Seizure: The responsible agency seizes the mobile device and protects it from network communication. • Data Extraction: Extraction of data from a mobile device with a known set of mobile forensic tools. (Cellebrite, UFED, MSAB XRY, Oxygen Extractor, Hancom GMD, etc.) • Analysis: Analysis of extracted data with the help of a mobile forensic toolset. Evidence search and verification. • Reporting: Export of found evidence in an easy-to-understand format for subsequent use by non-technical personnel.
• Environmental documentation: When it comes to evaluating evidence in any forensic institution, preparing documents as they should be is one of the most important tasks. First of all, photographs should be taken of the mobile device itself and its environment (especially cables, adapters, docking station, etc.). In addition, the status of the device (operating/not working; locked/unlocked; visible damage, etc.) should be noted in the documentation. • Documentation of IMEI: As an identifier for smartphones, documents often use IMEI (International Mobile Station Equipment Identity). Since IMEI is supposed to identify a device in cellular network, dual SIM phones have two IMEIs, phones made for CDMA network have MEID instead of IMEI. Tablets without the ability to connect to a cellular network do not have an assigned IMEI. Usually the IMEI is printed on the back of the phone or on a sticker under the battery. If you can't find an IMEI this way, you can usually find it in the phone's menu or by pressing *# 06. • Using Locked Mobile Devices: If the phone is found in the unlocked state, the first priority is to stop the phone from locking, tap the screen and set the screen timeout setting to maximum. The next step is to go to the security settings and check if any lock codes are set. If the lock code is present and the code is unknown, data extraction from the phone may be considered immediately at the scene. If the screen is not active when the device is found, the screen should not be touched; so that possible blemishes on the screen can be removed and resolved with possible unlock patterns of the phone. All modern smartphones have the option to lock the phone or delete all data on the phone with the command of the remote control. This imposes your risk of losing all evidence of a device. Additionally, data coming into the device after the seizure can alter or overwrite evidence and undermine the forensic soundness of your examination. Therefore, the next priority should be to disconnect the device from the network.
Considering the audio processing capability, digital forensics service will help you ensure the overall integrity and survival of your network infrastructure. Seeing digital forensics as a new core element known as a "defense-in-depth" approach to network and computer security will contribute to the security of your organization. For example, understanding the legal and technical aspects of digital forensics will help you capture vital information when your network is compromised and help you initiate and manage legal action if the intruder is caught.
You may accidentally destroy evidence that is vital to an assault situation you may be exposed to, or you may be faced with a situation where your forensic evidence is found to be inadmissible in court. In addition, you or your organization may implement new laws that enforce regulatory compliance and impose liability when certain types of data are not adequately protected. Recent laws hold organizations liable in civil or criminal courts for failing to protect customer data.
First, those who research computers must understand the potential evidence they are looking for to structure their search. Computer crimes can range from child pornography to theft of personal information and destruction of intellectual property. Second, the researcher must choose the appropriate tools to use. Files may have been deleted, damaged, or encrypted, and the researcher should be familiar with a set of methods and software to prevent further damage in the recovery process. Digital Forensics collects two basic types of data. Persistent data is data stored on a local hard drive (or other medium) and retained when the computer is turned off. Temporary data is data stored or existing in memory that will be lost when the computer loses power or is shut down. Temporary data resides in registries, cache, and random access memory (RAM). Because temporary data is short-lived, it's important for a researcher to know reliable ways to capture it. System administrators and security personnel should also have a basic understanding of how routine computer and network administration tasks can affect both the forensic process (admissibility of evidence in court) and the ability to later identify and recover data that may be critical for security incident analysis.
They often involve more people, resources, and time to fully understand realistic levels of risk and vulnerability to an organization's technology, people, and physical assets. RedTeam Pentesting is often used by organizations with more mature or advanced security postures. After penetration testing and detecting most vulnerabilities, physical testing attempts to access sensitive information and breach defenses. It has an expanding scope from mixing the garbage in front of the relevant institution building to physically entering the Data Center of the relevant institution in order to obtain data. With the RedTeam Penetration Test, you have the opportunity to examine the security of your organization in depth from every aspect.
RedTeam Penetration tests begin with exploration to gather as much information as possible about the goal of learning about people, technology and the environment in order to build and obtain the right tools for engagement. By using Open Source Intelligence Gathering, RedTeam teams can gain a deeper understanding of infrastructure, facilities, and employees to better understand the target and their operations. It also allows for weaponization such as creating payloads of special malicious files, crafting RFID cloners, configuring hardware trojans, or creating fake individuals and companies. As part of testing, RedTeam teams take actions that indicate any opportunity for exploitation at the target, such as face-to-face social engineering or hardware trojan. The next step is to bypass physical checks to exploit these vulnerabilities and compromise servers, applications and networks or prepare for escalation. During the setup phase, Red teams take advantage of the exploit step to create a safe haven. Presumably, they try to gain command and control with all this operation, either by compromised servers or malicious file upload, or by using physical key representations and locking selected doors. When remote access to exploited systems is stable and reliable, the stage is set for targeted actual actions such as consuming critically sensitive data, information or physical assets.
Copying ID Cards of your employees using the Blackbox method, the availability of your institution's leaked information not only on the Internet, but also on the Deep and Dark Web, the general profile and vectors of phishing attacks on your employees' general profile and interests, the attention and awareness of the security personnel at the entrance of the institution, Our team, which has experience and knowledge on many issues such as the awareness of your institution employees about information security, the effects of malicious hardware to be coded on your systems, and so on; It will guide you with real-life scenarios to determine not only how secure and stable your information systems are, but how secure your organization is in every aspect.
SCADA systems have moved from closed networks to open source solutions to TCP/IP enabled networks. This has caused security vulnerabilities. Not only data is damaged, but also production can be disrupted by the control of the facilities, which causes physical damage and risks. Live systems are tested to effectively manage and mitigate this risk. Damages in my system are detected or areas where damage is foreseen are determined. With the tests conducted by our experts, we offer you the opportunity to better understand the security measures and vulnerabilities and prepare for future attacks before it is too late. We offer a professionally created plan to improve your security measures and prevent the dangers and costly damage from real security breaches.
A SCADA system is a common industrial process automation system used to collect data from devices and sensors located at remote sites and transmit data from a central site for monitoring or control. SCADA; It is used in power generation facilities (Nuclear, Hydroelectric), power lines, flow measurement equipment in pipelines, natural gas production and processing facilities, and many factory systems.
Below are some examples of tools used in SCADA Penetration Testing: Nessus Network Security Toolkit SamuraiSTFU SecurityOnion Metasploit PuTTy NetCat/CryptCat winAUTOPWN Cain&Abel nmap Scripts smod plsscan WireShark
VoIP (Voice Over Internet Protocol) infrastructure, which enables internal units to communicate with each other within your systems, is a system that does not have sufficient protection against external and internal attacks. It has vulnerabilities that allow sophisticated attacks such as call tracking, call management, phone calls, and even unauthorized recording of calls. As a result of the VoIP Infrastructure Penetration Test performed by our expert team with their technical knowledge, you will understand VoIP configurations and network designs in general, you will be able to work on the security vulnerabilities determined by our team, and you will witness the minimization of the risks of the VoIP infrastructure in your system.
Attacks to VoIP infrastructure: Eavesdropping SIP Attacks SIP Hijacking Internet Spam Malware embedding Web Attacks Viproy (VoIP penetration test kit) SIPVicious -svmap -svwar -svcrack -svreport VoLTE Attacks Sniffing VoLTE interfaces open keys on GSM SIM User location manipulation Roaming information manipulation Side channel attack SiGploit (Telecom Beacon Exploitation Framework)
The most used protocols in VoIP infrastructure: H.323: H.323 is a data on the IP standard offered by the International Telecommunication Union Standardization Sector (ITU-T). As you can see, this standardization body uses some letters to describe the scope based on the many criteria listed here: H: For audiovisual and multimedia systems G: For transmission systems and media S: T for switching and signaling: H for terminals for telematics services. 323 is one of the oldest packet-based communication systems protocols. Thus, this protocol is stable. The current version is v6. It is used by many vendors in many products such as Cisco call manager, NetMeeting and RadVision.H.323. Skinny Client Control Protocol: Skinny Call Control Protocol (SCCP), developed by Selsius, is a Cisco proprietary protocol. This communication uses the following different message types: 0001: RegisterMessage 0002: IPportMessage 0081: RegisterAckMessage RTP/RTCP: Real Time Protocol (RTP) is a transport protocol based on RFC 3550, specifically over UDP. Secure Real-Time Transport Protocol (SRTP): Secure Real-Time Transport Protocol (SRTP) is an application protocol based on RFC3711. SRTP offers advanced security features; Thus, it secures RTP through encryption using XOR operation with a keystream. H.248 and Media Gateway Control Protocol: Media Gateway Control Protocol (MGCP) is a protocol developed by Cisco. Session Initiation Protocol (SIP): Session Initiation Protocol (SIP) is a session management protocol based on the RFC 3261 protocol.
During the pentest studies, there are various risks that may be encountered, as the systems for the target institution are examined from a real attacker's point of view. Just as the attacker has the possibility of affecting the entire system in a real attack scenario, unconscious penetration testing can cause disruption to your systems. In order to avoid such disruptions, the pentest team and the system administrators of the institution served should work in coordination. With continuous communication and coordination, all risks should be minimized and a penetration test should be performed without causing any interruptions.
The steps of the penetration test start with the first stage where the contract is signed and the planning is done. At this stage, a confidentiality agreement is made between the consultant company that will provide the service and the company that receives the service, and it is acted within the scope specified in this agreement. After the contract phase, which we can consider as the preparation phase, is completed, the technical penetration test phases are applied respectively: Exploration Phase: At this phase, the penetration tester conducts research on the target institution and tries to expand the attack surface by collecting all kinds of information he can gather. The information gathering step is one of the most important steps of the pentest. The more data is collected in this step, the more successful the penetration test will be. Scanning Phase: While mostly passive information gathering techniques are used in the exploration phase, more concrete and functional data is collected by interacting with the target during the scanning phase. With tools such as Nmap, Nessus, Burp Suite, the systems of the target institution are scanned. As a result of scanning, open ports, services and version information about services are determined. Vulnerability Analysis Phase: During the vulnerability analysis phase, the vulnerabilities of the services running on the detected ports are determined. For example, if an outdated service is used, known vulnerabilities related to this service are investigated. First Access Phase: After vulnerabilities are detected, they are exploited and the target system is first accessed and infiltration is performed. Ensuring Permanence: In the permanence phase, studies are carried out to remain active in the infiltrated system. If necessary, the penetration tester moves horizontally through the network from one system to the next. (Lateral Movement) Cleanup Phase: As a real attacker would do, the penetration tester removes the tools he has installed in the system after completing the relevant studies, and does not leave any traces by deleting the data obtained during the test in order not to leave any traces on the system. Reporting Stage: The most important stage of the pentest is the reporting stage. In order to eliminate the identified security vulnerabilities, the report prepared must be extremely clear, detailed and understandable. The tests performed by the penetration test team are meticulously recorded in the report and presented to the relevant system administrators.
Penetration tests are basically grouped under 3 different methodologies. These methodologies are shaped according to the perspective of the attacker and the data he has: Black Box Pentest Methodology: Black Box Penetration Test is a pentest method in which the entire infiltration process is made from scratch by approaching the system like a real threat actor without having any knowledge of the target system. In this methodology, the attacker does not have any knowledge of the system and the black box penetration test reveals the best possible result in a possible attack. Gray Box Pentest Methodology: Gray Box Pentest is a type of pentest that can be considered as a partial black box, in which limited information about the target system is obtained and the penetration tester is given certain authorizations. White Box Pentest Methodology: White Box Pentest is a type of methodology in which sufficient information about corporate systems is presented to pentester by system administrators. White box pentest method is preferred because it gives faster results. Pentest methods are divided into 3 different branches as mentioned above. Blackbox methodology should be preferred in order to determine the possible effects of cyber events that may be encountered in real life scenarios in the most accurate way.
Although defensive security products are improving day by day, the number of hacking cases does not decrease at the same rate. Therefore, you should realize before it's too late that the "watchdog" applications you have on your system may not be enough, and expand your domain dominance. Detailed research and analysis of information owned by institutions/organizations that will pose a danger if leaked has an extremely important place among the current and visionary approaches of cyber security.
The 3W header covers three main environments: Deep Web, Dark Web and Clear Web. Using our experience in cyber intelligence, we conduct research on every important point on the "web".
The place of your technical infrastructure, which grows with your institutional development, is also growing at the same rate. In order to strengthen your defense against these attacks, which can reach incredible dimensions, you should have an Access Denial (DoS / DDoS) Test once a year.
Denial of access attacks are known as the nightmare of commercial platforms and the size of the attacks is increasing day by day. Access Denial Tests are required in order to minimize financial loss against possible attacks and to simulate the moment of crisis.
As a result of the Access Blocking Tests conducted to overload and disable the system with simultaneous attacks from one or more different IP addresses, the behavior of your system against these attacks is analyzed and proactive solutions are produced by our expert team.
In order to keep your organization's awareness alive and to improve your measures, it is recommended that the APT Attack Simulation Service be carried out in six-month periods.
The most dangerous players in the cyber world are the groups with financial or motivational support, namely APT groups, who patiently research their target and vulnerabilities. They can remain hidden for a long time by damaging the systems they can reach with attacks with highly specialized malware. It is very important to be able to analyze your behavior in the face of a possible APT attack.
Checking the existing security mechanisms against APTs and detecting channels where data can be leaked are included in the scope of APT Attack Simulation.
The most fragile link in the security chain is the human factor. The reason for the success of many hacking attacks from the past to the present is that the employees of the institution or organization do not have sufficient security awareness. In order to increase the awareness of your institution or organization, having a Mail Gateway security test is one of the most necessary tests besides the technical protection you provide to your assets.
As technology improves and defensive measures increase, attackers are looking for new ways without wasting time. Attack methods continue to evolve with each passing day and are supported by new methods. With the Mail Gateway Security Test, which you will have 3 times a year, you can create the fastest awareness against the updated attack methods.
With the Mail Gateway Security Test; You will get a chance to protect against malicious URLs, protect against impersonation attacks, and protect against malware.
The purpose of a load test is to demonstrate that the expected volume of a system can be handled with minimal acceptable performance degradation. If a load test peaks in concurrent users, the base load will continue to increase the load on the system until resources become overloaded. This pushes the system into a possible failure state to see how the system is handling itself and whether the system can perform a proper recovery. To summarize in short articles; Load testing tests the reliability and performance of my system. Load Testing helps detect bottlenecks in the system under heavy user stress scenarios before they happen in a production environment. Load testing provides excellent protection against poor performance and offers complementary strategies for performance management and production environment monitoring.
There are many ways to do load testing. Here are a few examples for you to get an idea of: Manual Load Testing: This is one of the strategies to run load testing, but it does not produce repeatable results, cannot provide measurable stress levels in an application, and is very difficult to coordinate. In-house developed load testing tools: An organization that recognizes the importance of load testing can create its own tools to perform load testing. Open source load testing tools: There are several load testing tools available for free as open source. They may not be as sophisticated as their paid counterparts, but are the best choice if you're on a tight budget. Enterprise-class load testing tools: They often offer a Capture/Playback option. They support a large number of protocols. They can simulate an extremely large number of users.
The load test allows you to see the variables listed below in case of abnormal use of your system. Response time for each operation Performance of system components under various loads Performance of database components under different loads Network latency between client and server Software design issues Web server, application server, database server etc. server configuration issues such as CPU maximization, memory limitations, network congestion etc. hardware limitation issues such as
It is of great importance for your system security that the security vulnerabilities in your systems are checked by cyber security companies, their strengths and weaknesses are reported and presented to your information. Because, despite all the attention and efforts of you and your employees on security, the methods and tools that attackers can use to exploit the system are endless. Possibilities and risks change dimensions according to the level of knowledge and experience of the attacker. For this reason, it would be a more realistic and efficient step to ensure and increase the security of your systems by having them tested by "White Hat" hacker teams, who can think and act like a hacker and know the attack methods and can take precautions against these methods. In addition, standards such as PCI, HIPAA, Pentest (penetration test) to be made.
In order for the penetration test to achieve its purpose and ensure efficiency, the steps to be applied under the headings of pre-test, during and after the test should be determined within a plan. We offer you a few questions that can help you shape your “Pentest Plan”: • What is the scope of the penetration test to be performed? (Black Box, White Box, Gray Box) • Should my risky systems be included in the penetration test? • How often should I have a penetration test? • Who should I have the penetration test done?
Evaluating the results of the penetration test and taking the relevant actions are much more important than the test itself. We regret to express that a common mistake; it is only to examine the relevant report by having a penetration test and to close only the most urgent gaps and postpone the others. As a result of not closing these gaps, it is a common situation that the same angles are detected again in the next penetration test study. We share with you a few items that are recommended to be implemented in order for the test to achieve its purpose: • The penetration test report should be shared with the senior management in order to provide the necessary management support. • It is recommended that the results of the penetration test be prepared as a risk map and submitted to the management. • The test report should be examined in detail and the workload for closing the gaps should be distributed among the relevant people and teams. • It is recommended that the relevant report be shared with the software team and system administrators by organizing a meeting. Because the vulnerabilities found may be caused by a frequently used algorithm or system management tool. It should be aimed to bring the necessary perspective to the software team and system administrators in order not to become open again on these issues in the future. • The process of closing the gaps specified in the report should be followed up in detail. • The date of the next penetration test should be determined.
It is of great importance for your system security that the security vulnerabilities in your systems are checked by cyber security companies, their strengths and weaknesses are reported and presented to your information. Because, despite all the attention and efforts of you and your employees on security, the methods and tools that attackers can use to exploit the system are endless. Possibilities and risks change dimensions according to the level of knowledge and experience of the attacker. For this reason, it would be a more realistic and efficient step to ensure and increase the security of your systems by having them tested by "White Hat" hacker teams, who can think and act like a hacker and know the attack methods and can take precautions against these methods. In addition, standards such as PCI, HIPAA, Pentest (penetration test) to be made.
Attackers or malicious people can use known methods on the related software and hardware equipment in order to seize or exploit the software and hardware used within your systems, as well as "zeroday", that is, zero-day vulnerabilities. So instead of using known vulnerabilities, they can discover and exploit a new vulnerability. In addition; Just because your systems have the most up-to-date technology doesn't necessarily mean they're configured correctly. While the people who install your systems do their job with the aim of making the system work correctly, we do our job with the aim of protecting your systems.
When we at Infinitum IT perform external network penetration testing, we seek to exploit identified vulnerabilities in networks, systems and services to gain access to sensitive information using the appropriate tools at our disposal. We test under controlled conditions to minimize the risk of outages. Our goal is to provide comprehensive details on security vulnerabilities existing in your environment. Infinitum IT's approach to external network penetration testing is summarized as follows: Finding target hosts and services, evaluating the security of these targets with penetration testing tools and methods, trying to gain access to target hosts, and gaining higher privileges within the system. Our detailed methodology includes the following phases: Intelligence: Initial reconnaissance activities to find responsive hosts and services in each public IP range and facilitate target list development. Target Planning: The first targets are selected according to the opportunity and prioritization is made for the attacks in the first stage. Vulnerability Ranking: Both published and undocumented vulnerabilities are ranked to identify possible exploits to be tracked on each targeted host. Vulnerability Assessment: Additional testing is performed to confirm valid vulnerabilities, eliminate false positives, and validate target selection. Attack Planning: Using the information gathered, methods, tools and approaches are selected to track services that are likely to offer an opportunity to gain access. Exploiting Vulnerabilities: Tests are performed to provide command and control to unprotected hosts, applications, networks, and services, ideally persistently. Privilege Escalation and Lateral Movement: Post-exploit actions are performed to gain additional access, further penetration, elevate privileges, expose lateral hosts and gather additional information. Data Detection: Collecting sensitive information, configuration information and other evidence that may have an impact on target systems.
Regardless of how much or how little attention is paid to the setup of your wireless network, businesses need to proactively investigate security weaknesses to prevent unauthorized access to network resources and data leakage. Because if your applications on the Wireless Network cause any security weakness, attackers can damage your systems by exploiting this vulnerability. can give. However, if you have a Wireless Network Penetration Test, security experts can find security vulnerabilities in your systems before attackers and report them to you.
If there is a security vulnerability in your Wireless Network, attackers can exploit this vulnerability and hijack your systems. Therefore, it is recommended that your Wireless Network test be done regularly every 6 months.
After the Wireless Network penetration test, the security experts who performed the test prepare a detailed report. In the content of this report, information about the services found in your systems, the vulnerabilities found and a solution proposal are presented following these issues. The institutions or companies that made the test should examine the test reports in detail and close the found weaknesses. to secure their systems.
Today, as mobile applications are used more and more in every field, it becomes more and more interesting for malicious attackers. Therefore, mobile applications should have strong security just like websites. Because if your applications on the mobile application cause any security weakness, attackers By exploiting this vulnerability, it can damage your systems. However, if you have a Mobile Application Penetration Test, security experts can find security vulnerabilities in your systems before attackers and report them to you.
Testing of mobile applications is usually done after the update. Because the developers have made any changes or corrections on the application. Therefore, there is a high probability of security vulnerabilities in the application. Apart from this, it is recommended to regularly perform a mobile application penetration test every 6 months.
After the Mobile Application penetration test, the security experts who performed the test prepare a detailed report. In the content of this report, information about the services found in your systems, the vulnerabilities found and a solution proposal are presented following these issues. The institutions or companies that made the test should examine the test reports in detail and close the found vulnerabilities. to secure their systems.
Due to the large amount of data stored in web applications and the increase in the number of transactions on the web, Security Testing of Web Applications is very important day by day. If your applications on the web cause any security vulnerability, attackers can damage your systems by exploiting this vulnerability. However, if you have a Web Application Penetration Test, security experts can find security vulnerabilities in your systems before attackers and report them to you.
While performing web application penetration tests, it is based on a classification. Because the importance of the tests varies according to the systems. For example, it is recommended that a company or institution with a critical attack probability have their tests performed once a week. Those with a medium probability of attack are tested every 6 months, and those in normal conditions are tested once a year. needs to be done.
After the Web Application penetration test, the security experts who performed the test prepare a detailed report. In the content of this report, information about the services found in your systems, the vulnerabilities found and a solution proposal are presented following these issues. The institutions or companies that made the test should examine the test reports in detail and close the found vulnerabilities. to secure their systems.
Established in 2017 to provide consultancy, service and support services on information security, Infinitum IT carries out studies within the framework of cyber incident response services, secure code development/analysis, penetration tests, and blue/red teamwork.
Esentepe Mah. Buyukdere Cad. LOFT PLAZA Floor:4 Flat:86 Levent/Istanbul
Copyright © 2023 InfinitumIT– All Rights Reserved.
Esentepe Mah. Buyukdere Cad. LOFT PLAZA Floor:4 Flat:86 Levent/Istanbul
Copyright © 2023 InfinitumIT– All Rights Reserved.