The danger of outbound connections + insider threats

[WhiteHat]

I was working over the weekend to have my OrangePi PC (hence forth will be referred to as SBC) that sits in a DMZ on my network serve dynamic content. As I don't own a public ip. I resorted to having pwncat + AWS EC2 instance work for me to get me a http connection as well as reverse shell on my SBC.

And that got me thinking....

Over the years we have seen an increase in the importance of IT security. Its a welcome change from the simple firewall rules and default security settings that were once the standard.

One area which still does not get much importance OR even if it does, is not heard about or discussed much is the threat of outward connections and insider threats.

Run such connections over port 443+https and you have a connection that is usually very difficult to trace.

Exploiting an insider / piggy banking this using a trojan and you can very easily get into  a secure network and then work your way to elevating your privilege's on a host / expanding your footprint to further hosts.

The solution: HTTP inspection/SSL inspection, but it has its limitations and you can run all sorts of tricks to go around this. eg: Don't use SSH, instead run a http server that can accept specific keywords and perform tasks.

I hope to see much more organizations use an inspection solution so that this threat can be mitigated to quite an extent.

An unconventional way to prioritize work

Let me start off by saying "One size does not fit all OR everyone". Rock, Pebbles, Sand theory of Prioritization does work for some, but most people do not have a prioritization method at all and even if they do it may not necessarily work for them.

So, lets try something new!

Disclaimer: I know how to use this well and when not to use this method, it comes naturally and has worked very well for me and can greatly boost your productivity, but don't overdo it. Knowing the limits and pros and cons of every method is a must.

1) Lets say you have 3 types of tasks you need to do daily (ignore Impact for now)

Sr. No Priority    Time_Required(each task) No_of_Tasks

1         High          2 hrs                                        1

2        Medium     1 hr                                          3

3        Low          15 mins                                     6

most folks will pick up the the work considering descending order of Priority (High -> Medium -> Low). The reason is psychological, we tend to give a lot of importance to tasks with higher priority.

But is it the best way to do things?

I usually use a reverse psychology trick to get the brain to work more efficiently. The human brain subconsciously always thinks that more number of tasks done = more productive and less time required to think about what else needs to be done / less stress.

Hence I end up usually reversing the order. (Low -> Medium -> High) . Lets see how it helps

By the end of 3 hrs

following (High -> Medium -> Low) you would have completed only 2, tasks, your brain tells you that you still have 8 tasks to complete.

following (Low -> Medium -> High) you would have completed 7.5 tasks, now your brain tells you that you only have only 2.5 tasks remaining.

Even though the time required to complete the tasks is same regardless of order used, you will feel much more fresh and ready to tackle the remaining tasks.

Now what if I change the equation to say that there is 1 Critical task (the highest priority level) that takes 4 hrs. Would you still follow the same method? 

=> This is where I would not use the above process, most likely the Critical Task will take priority for me after which I will go back to (Low -> Medium -> High).

Again; understand the context and apply this method, as eventually we need to "Use the right tools/processes for the right job".