Set As Homepage
Add To Favorites

AliNovel

Font: Big Medium Small
Dark Eye-protection
AliNovel > Redeeming The Golden Ticket To Life > Chapter 82: Bai Changs Fury (contd.)
Previous Chapter List Next Download Add To Library

Chapter 82: Bai Changs Fury (contd.)

Popular recommendations Shadow SlaveBeyond the DivorceMy Substitute CEO BrideDisregard Fantasy, Acquire Currency
    Chapter 82: Bai Chang''s Fury (contd.)


    I observed Beta''s condition for another hour as I treated his other injuries. His vitals are showing signs of a great recovery. Beside me, Zhang Wei has gone silent for quite some time now.


    After another hour Beta started to stir up. He was regaining consciousness.


    ''Good''


    After about two hours, a person who was so gravely injured that ording to current medical practices should rest for more than a month in ICU; He was fine and healed in a matter of two hours only.


    This is the power of Star Time System''s medical practices. In that civilisation, money was not a costlymodity but time.


    As he blinked his eyes and woke up. He saw us and finally, his tensed up muscles have rxed.


    "Good to have you back Beta, now report."


    "Yes ma''am"


    Zhang Wei turned towards me all perplexed.


    "His first sensories are still in the stimtion of hisst action. Thus he would be able to remember anything of the event in greater detail at this very moment of time," I replied to his unasked question.


    I turn to Beta and give him a nod. So he began to report-


    "Ma''am, I followed the target two and arrived at an abandoned factory, outskirts of the city. The factory used to be a petroleum refinery unit before its close down.


    There, target two met up with two other people. From their dialects, they seemed Russian operatives. There, target two proceed to deals with weapons and after two hours of wait, a Weapon Intelligence Team (WIT) arrives on the spot. They were a mix of government-owned military and private avenues.


    Five military individuals from speciality careers including explosive ordnance disposal (EOD), intelligence analysis, Master at Arms (police) and photography, were present.


    They transferred weapons, drugs and two sh drives and an external drive. At the end of the meeting just when I was leaving the spot a reflecting surface-exposed my position. Then it was a fight of survival. I do not remember anything after that."


    "Hmm"


    "Okay You rest here for two more days and I will help you with physiotherapy for a week. Then you are a free man and good to go. Your teammates would fill you in with details and take rest now." I said and walked out of the outhouse.


    ****


    Inside the study room-


    I pace about the room trying to put together all the pieces of the puzzle. It sure is difficult to pin-point to the minute details but the overall view ising together.


    I move towards myptop and jack up ''Jiffy'' with it.


    Next, I move virtually towards Feling''s server and snoop around to find otherworks that are shing with it.


    Soon, I found what I wanted. Hiswork was essed remotely by a certain Lt. General.


    My person of interest was on site. Instead of directly attacking them, I chose a different path. I ran an entire system Vulnerability assessments; pration tests and risk analysis of mywork, Feling''swork and Lt. General''swork.


    Vulnerability assessments are performed by using an off-the-shelf software package, such as Nessus or OpenVas to scan an IP address or range of IP addresses for known vulnerabilities. For example, the software has signatures for the Heartbleed bug or missing Apache web server patches and will alert if found. The software then produces a report that lists out found vulnerabilities and (depending on the software and options selected) will give an indication of the severity of the vulnerability and basic remediation steps.


    It''s important to keep in mind that these scanners use a list of known vulnerabilities, meaning they are already known to the securitymunity, hackers and the software vendors. There are vulnerabilities that are unknown to the public atrge and these scanners will not find them.


    While many "professional pration testers" will actually just run a vulnerability scan, package up the report in a nice, pretty bow and call it a day. Nope  this is only a first step in a pration test. A good pration tester takes the output of awork scan or a vulnerability assessment and takes it to 11  they probe an open port and see what can be exploited.


    For example, let''s say a website is vulnerable to Heartbleed. Many websites still are. It''s one thing to run a scan and say "you are vulnerable to Heartbleed" and apletely different thing to exploit the bug and discover the depth of the problem and find out exactly what type of information could be revealed if it was exploited. This is the main difference  the website or service is actually being prated, just like a hacker would do.


    Simr to a vulnerability scan, the results are usually ranked by severity and exploitability with remediation steps provided.


    Pration tests can be performed using automated tools, such as Metasploit, but veteran testers will write their own exploits from scratch.


    A risk analysis is often confused with the previous two terms, but it is also a very different animal. Risk analysis doesn''t require any scanning tools or applications  it''s a discipline that analyzes a specific vulnerability (such as a line item from a pration test) and attempts to ascertain the risk  including financial, reputational, business continuity, regtory and others -to thepany if the vulnerability were to be exploited.


    Many factors are considered when performing a risk analysis: asset, vulnerability, threat and impact to thepany. An example of this would be an analyst trying to find the risk to thepany of a server that is vulnerable to Heartbleed.


    The analyst would first look at the vulnerable server, where it is on thework infrastructure and the type of data it stores. A server sitting on an internalwork without outside connectivity, storing no data but vulnerable to Heartbleed has a much different risk posture than a customer-facing web server that stores credit card data and is also vulnerable to Heartbleed. A vulnerability scan does not make these distinctions. Next, the analyst examines threats that are likely to exploit the vulnerability, such as organized crime or insiders, and builds a profile of capabilities, motivations and objectives. Last, the impact to thepany is ascertained  specifically, what bad thing would happen to the firm if an organized crime ring exploited Heartbleed and acquired cardholder data?


    A risk analysis, whenpleted, will have a final risk rating with mitigating controls that can further reduce the risk. Business managers can then take the risk statement and mitigating controls and decide whether or not to implement them.


    The three different concepts but are not exclusive of each other, but ratherplement each other. In many information security programs, vulnerability assessments are the first step  they are used to perform wide sweeps of awork to find missing patches or misconfigured software. From there, one can either perform a pration test to see how exploitable the vulnerability is or a risk analysis to ascertain the cost/benefit of fixing the vulnerability. Of course, you don''t need either to perform a risk analysis. Risk can be determined anywhere a threat and an asset is present. It can be a data centre in a hurricane zone or confidential papers sitting in a wastebasket.


    It''s important to know the difference  each is significant in their own way and has vastly different purposes and oues.


    So I run all the diagnostics across different servers. In the meantime, I look for the specific project that they discussed, ''project 33''.


    For pration testing, I used an upgraded version of Kali Linux. Formerly known as BackTrack Linux and maintained by the good folks at Offensive Security (OffSec, the same folks who run the OSCP certification), Kali is optimized in every way for offensive use as a pration tester.


    While you can run Kali on its own hardware, it''s far moremon to see pen-testers using Kali virtual machines on OS X or Windows.


    Kali ships with most of the tools mentioned here and is the default pen testing operating system for most use cases. Be warned, though--Kali is optimized for offence, not defence, and is easily exploited in turn. Don''t keep your super-duper extra secret files in your Kali VM.


    Then I ess the files rted to ''project 33'' on both Feling and Lt. General''s server.


    I found somemon points and as well as some interesting tidbits.


    I flex my fingers and twiddle my thumb, twisting my neck from side to side I straighten up.


    "Hehe. It''s time to wage my deration of war on them."


    <em><strong>(Get ready to get ruined at a pace that makes you doubt the very purpose of your breath!)</strong></em>
『Add To Library for easy reading』
Previous Chapter List Next Download Add To Library
Popular recommendations
Shadow Slave Beyond the Divorce My Substitute CEO Bride Disregard Fantasy, Acquire Currency The Untouchable Ex-Wife Mirrored Soul