Redeeming The Golden Ticket To Life - Chapter 82: Bai Chang's Fury (contd.)
I observed Beta’s condition for another hour as I treated his other injuries. His vitals are showing signs of a great recovery. Beside me, Zhang Wei has gone silent for quite some time now.
After another hour Beta started to stir up. He was regaining consciousness.
‘Good’
After about two hours, a person who was so gravely injured that according to current medical practices should rest for more than a month in ICU; He was fine and healed in a matter of two hours only.
This is the power of Star Time System’s medical practices. In that civilisation, money was not a costly commodity but time.
As he blinked his eyes and woke up. He saw us and finally, his tensed up muscles have relaxed.
“Good to have you back Beta, now report.”
“Yes ma’am”
Zhang Wei turned towards me all perplexed.
“His first sensories are still in the stimulation of his last action. Thus he would be able to remember anything of the event in greater detail at this very moment of time,” I replied to his unasked question.
I turn to Beta and give him a nod. So he began to report-
“Ma’am, I followed the target two and arrived at an abandoned factory, outskirts of the city. The factory used to be a petroleum refinery unit before its close down.
There, target two met up with two other people. From their dialects, they seemed Russian operatives. There, target two proceed to deals with weapons and after two hours of wait, a Weapon Intelligence Team (WIT) arrives on the spot. They were a mix of government-owned military and private avenues.
Five military individuals from speciality careers including explosive ordnance disposal (EOD), intelligence analysis, Master at Arms (police) and photography, were present.
They transferred weapons, drugs and two flash drives and an external drive. At the end of the meeting just when I was leaving the spot a reflecting surface-exposed my position. Then it was a fight of survival. I do not remember anything after that.”
“Hmm”
“Okay You rest here for two more days and I will help you with physiotherapy for a week. Then you are a free man and good to go. Your teammates would fill you in with details and take rest now.” I said and walked out of the outhouse.
****
Inside the study room-
I pace about the room trying to put together all the pieces of the puzzle. It sure is difficult to pin-point to the minute details but the overall view is coming together.
I move towards my laptop and jack up ‘Jiffy’ with it.
Next, I move virtually towards Feling’s server and snoop around to find other networks that are clashing with it.
Soon, I found what I wanted. His network was accessed remotely by a certain Lt. General.
My person of interest was on site. Instead of directly attacking them, I chose a different path. I ran an entire system Vulnerability assessments; penetration tests and risk analysis of my network, Feling’s network and Lt. General’s network.
Vulnerability assessments are performed by using an off-the-shelf software package, such as Nessus or OpenVas to scan an IP address or range of IP addresses for known vulnerabilities. For example, the software has signatures for the Heartbleed bug or missing Apache web server patches and will alert if found. The software then produces a report that lists out found vulnerabilities and (depending on the software and options selected) will give an indication of the severity of the vulnerability and basic remediation steps.
It’s important to keep in mind that these scanners use a list of known vulnerabilities, meaning they are already known to the security community, hackers and the software vendors. There are vulnerabilities that are unknown to the public at large and these scanners will not find them.
While many “professional penetration testers” will actually just run a vulnerability scan, package up the report in a nice, pretty bow and call it a day. Nope – this is only a first step in a penetration test. A good penetration tester takes the output of a network scan or a vulnerability assessment and takes it to 11 – they probe an open port and see what can be exploited.
For example, let’s say a website is vulnerable to Heartbleed. Many websites still are. It’s one thing to run a scan and say “you are vulnerable to Heartbleed” and a completely different thing to exploit the bug and discover the depth of the problem and find out exactly what type of information could be revealed if it was exploited. This is the main difference – the website or service is actually being penetrated, just like a hacker would do.
Similar to a vulnerability scan, the results are usually ranked by severity and exploitability with remediation steps provided.
Penetration tests can be performed using automated tools, such as Metasploit, but veteran testers will write their own exploits from scratch.
A risk analysis is often confused with the previous two terms, but it is also a very different animal. Risk analysis doesn’t require any scanning tools or applications – it’s a discipline that analyzes a specific vulnerability (such as a line item from a penetration test) and attempts to ascertain the risk – including financial, reputational, business continuity, regulatory and others – to the company if the vulnerability were to be exploited.
Many factors are considered when performing a risk analysis: asset, vulnerability, threat and impact to the company. An example of this would be an analyst trying to find the risk to the company of a server that is vulnerable to Heartbleed.
The analyst would first look at the vulnerable server, where it is on the network infrastructure and the type of data it stores. A server sitting on an internal network without outside connectivity, storing no data but vulnerable to Heartbleed has a much different risk posture than a customer-facing web server that stores credit card data and is also vulnerable to Heartbleed. A vulnerability scan does not make these distinctions. Next, the analyst examines threats that are likely to exploit the vulnerability, such as organized crime or insiders, and builds a profile of capabilities, motivations and objectives. Last, the impact to the company is ascertained – specifically, what bad thing would happen to the firm if an organized crime ring exploited Heartbleed and acquired cardholder data?
A risk analysis, when completed, will have a final risk rating with mitigating controls that can further reduce the risk. Business managers can then take the risk statement and mitigating controls and decide whether or not to implement them.
The three different concepts but are not exclusive of each other, but rather complement each other. In many information security programs, vulnerability assessments are the first step – they are used to perform wide sweeps of a network to find missing patches or misconfigured software. From there, one can either perform a penetration test to see how exploitable the vulnerability is or a risk analysis to ascertain the cost/benefit of fixing the vulnerability. Of course, you don’t need either to perform a risk analysis. Risk can be determined anywhere a threat and an asset is present. It can be a data centre in a hurricane zone or confidential papers sitting in a wastebasket.
It’s important to know the difference – each is significant in their own way and has vastly different purposes and outcomes.
So I run all the diagnostics across different servers. In the meantime, I look for the specific project that they discussed, ‘project 33’.
For penetration testing, I used an upgraded version of Kali Linux. Formerly known as BackTrack Linux and maintained by the good folks at Offensive Security (OffSec, the same folks who run the OSCP certification), Kali is optimized in every way for offensive use as a penetration tester.
While you can run Kali on its own hardware, it’s far more common to see pen-testers using Kali virtual machines on OS X or Windows.
Kali ships with most of the tools mentioned here and is the default pen testing operating system for most use cases. Be warned, though–Kali is optimized for offence, not defence, and is easily exploited in turn. Don’t keep your super-duper extra secret files in your Kali VM.
Then I access the files related to ‘project 33’ on both Feling and Lt. General’s server.
I found some common points and as well as some interesting tidbits.
I flex my fingers and twiddle my thumb, twisting my neck from side to side I straighten up.
“Hehe. It’s time to wage my declaration of war on them.”
(Get ready to get ruined at a pace that makes you doubt the very purpose of your breath!)