Futaba _ Webs πΈπΈππΈπΈ
Cookie Session Hijacking πΈπΈππΈπΈ
Today we are going to be going over what cookie session hijacking is, and how to perform it. I want to talk about cookie session hijacking, the overall risk it poses for our digital landscape, as well as how to defend against it!
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today, I'm going to talk more about ransomware attacks and how to prevent them. This is to raise more awareness on proper Cyber Security data Hygiene methods, as well as other techniques that can be used to prevent any real damage should this attack connect. This article is also going to feature some of my formal QA answers from a recent interview I did most recently.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Premise π What is Session Hijacking? π What are COOKIES? π What is Cookie Session Hijacking? You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π Patreon Version
π Cookie Session Hijacking
Premise πΈπΈππΈπΈ
This is also a common means to breach a system you WILL see in a lot of CTF challenges, so PAY CLOSE ATTENTION IN THE VIDEO to how itβs done.
As always, any and all advanced versions of this article with a video guide if given will be for PAID patreon members only!!
What is Session Hijacking? πΈπΈππΈπΈ
Before we dive into what Ransomware is, let's go over what FDE is, since it heavily applies to the topic for today.
FDE, full disk encryption, is a defensive technique that is used to harden data protection across all hierarchical flat file systems. It's the overall process of enumerating the entire file system, and then applying what is known as symmetric cryptography in order to encrypt the entire data storage medium. A good example of this would be bitlocker, which is commonly used for Windows system infrastructures.
As you know, data encryption is irreversible without the crypto keys, so by performing this method and leaving the keys out the hands of the attacker, should they breach the system, whether it be digitally or physically, any and all data they steal will be useless to them.
What are COOKIES? πΈπΈππΈπΈ
Symmetric cryptography, also known as single key cryptography, is the process of using a singular crypto key known as a private key in order to both encrypt as well as decrypt data. It's commonly more used for FDE over Asymmetric due to it being the faster encryption method.
This makes sense as the overall process for FDE is to enumerate THE ENTIRE file system ENTIRELY and encrypt EVERY single file on the system. Asymmetric would be too slow for this as it's a slower encryption standard. It's also commonly used in mobile device data encryption as well for the same reasons.
Asymmetric encryption on the other hand uses two crypto keys to perform the same process, except, in this case, it uses a public key for encryption, and a private key for decryption. The main reason for this is to add more secure complexity for various data communication methods. Itβs also commonly used in stuff like PGP, pretty good privacy, which is commonly used for secure email data encryption.
One of the BIGGEST downfalls of symmetric data encryption is it's VULNERABLE to interception attacks. Should an attacker intercept the crypto key, they can: decrypt all data and messages, replay new ones on behalf of the original recipients, and a lot more.
However, with Asymmetric encryption, this isn't the case. Since it uses two crypto keys which come in pairs, Should a threat actor intercept the communication pipeline and steal one of the keys, their efforts will be in vain, as they lack one of the means to facilitate a SOLID man in the middle attack.
The whole premise of a man in the middle attack is to not only intercept the communication, but to reply messages on behalf of the respective parties. By using public key cryptography on top of other data channel splitting techniques, you render this the ineffective and leave them in a situation where they canβt facilitate it fully.
Should an attacker secure the public key only, then they'll only be able to send messages. They won't be able to read any of the data that is being sent back and forth, and any new messages will be suspected as false ones, which will lead to the replacing of the keys. Even if they verify with the key, it will all be for nothing.
However, in the event they have the private key, they'll be able to decrypt any and all messages, BUT, they won't be able to spoof and gain further insight and other information out of the communication pipeline. This is still a problem for them due to the fact most PKI infrastructures, even stuff like PGP, REQUIRE you to have the public key BEFORE you begin a communication to ensure message authenticity from the recipients. Simply not having the public key is like a lack of ID to verify who you areβ¦. WHICH MEANS A DEAD PRIVATE KEY! This does vary depending on the infrastructure so do be mindful as I'm going over this.
What is Cookie Session Hijacking? πΈπΈππΈπΈ
Now that we've gone over the basics, let's talk about what Ransomware is.
Ransomware is basically FDE with malicious intent. It's a form of malware that is known as "crypto" malware, which deploys cryptographic techniques that enumerate the victims file system, exfiltrating data from it, and then encrypting the main copy of the data on the file system, rendering it useless to them. Be mindful that "crypto" malware and "ransomware" are TWO different forms of malware. Crypto malware is the main archetype, where as Ransomware is the child of said archetype, inheriting cryptographic techniques.
After the data is encrypted, a message is displayed to the end user requiring them to pay a "ransom" in order to receive the crypto keys to decrypt their data, hence the name "ransomware". The problem with this is paying the ransom doesn't guarantee you will receive the keys.
Ransomware is on the rise for being an effective attack method because it can be combined with phage malware techniques and phishing techniques to become SUPER effective.
Before, a simple click of the link or mishap in security meant you had an undetected botnet. NOW, it means all your data is encrypted and unreadable, which can be problematic if you're handling sensitive data that has to do with critical record information like someone's student or home loan payment information for example.
Mr.Robot for example, one of their biggest exploits in the show was encrypting all of E Corp's data in order to "FREE" everyone from debt. HOWEVER, it caused quite the opposite effect, where now people that were close to being debt free, or had funds in their bank accounts, were unable to access anything or prove what they've made payments due to the data being indecipherable. The result? TOTAL CHAOS where the people they were trying to βFreeβ suffered more.
If you like to see the more advanced version of this article that talks about methods that can be used to mitigate, as well as any videos included, SUBSCRIBE TO MY PATREON CYBER SECURITY TIER!
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
