For a few years now, investing in cybersecurity has been essential for all types of companies, at least to contain or prevent any type of cyberattack. Every organization today faces risks that can put your system and sensitive information at risk. We live in a time of great technological change and one of the greatest challenges of computer security is this. To prevent cyberattacks, cybersecurity must advance to the same level. In this article you explain what is pentest, one of the most innovative computer security techniques. Keep reading!
It may interest you: Online Master in Cybersecurity
What is pentesting?
Due to the fraud and cyber attacks suffered by the entities, pentesting or penetration tester has been launched. The pentesting oh penetration test consists of attacking different environments or systems with the aim of detect and prevent possible falls. It is a technique to find those errors in the system. It is one of the practices most in demand today, since thanks to this type of examination, companies can remedy their weaknesses before cybercriminals do.
A pen tester I am a computer security auditor. It splits in two, the Red Teamwhich is the most offensive part, and the blue Team that’s the defensive part of pentesters.
It is a method to Assess the security of a company, a real simulated attack. Attempting to attack an organization with the aim of making a report with which the company obtains all the information it needs and can increase its vulnerabilities. Evaluated the security of a system to try to break it.
In summary, pentesting or penetration tests are useful for the following areas: for determine what chance of success a cyberattack could have, what vulnerabilities of greater and lesser risk does the company have, their characteristics that can put the organization at risk and their characteristics that are impossible to detect. Ultimately, you will also have to compromise computing capacity and efficiency to respond to potential attacks.
Types of Pentesting
On the other hand, pentesting is classified according to the type of information available to the computer security professional before preparing the test. We can find three typographical errors:
the pen tester knows all the data of the system and is usually part of the company’s technical team. It has all the information about the structure, data, IP, logins, passwords, firewords, etc. It is the most complete and was part of a comprehensive analysis of the structure. With these preliminary data, the test is sufficiently accurate when it comes to discovering the faults and the measures that must be taken.
It is the second best option when hiring a pentesting. the auditor does not have any organization data and start from scratch, as if you were a real cybercriminal. This helps make the drill as realistic as possible. It is a blind test of the network structure. Given these characteristics, it is a great experience for the company, and it is a good method to recognize the weaknesses of a business’s computer system.
Online Master in Cybersecurity
Become an IT security expert
I want to inform myself!
It would be a mixture of the black box and the white box. the pentesters Do you have some information to perform this test? of intrusion They do not go blindly like the previous option and have a low amount of information. Given this form, the auditor will invest time and resources to identify weaknesses and extreme threats in the amount of information already available. It is the most recommended pentest when contracting any of these services.
Challenges, fraud and risks, cybersecurity 2.0
Audit: Pentesting phases
The process when carrying out an audit is divided into 5 stages:
1 # Recognition
The first step is planning and reconnaissance. It is about defining the scope and objectives of the test, including the systems that will be addressed and the test methods that will be used. In addition, it is also used to compile all possible information, such as domain and network numbers, software, emails, etc. to better understand how the company works and its possible weaknesses.
2# Vulnerability analysis
The second step is to listen to how the system you are trying to break into will respond to various intrusion attempts. We start interacting with the target and manually or automatically analyze the system to identify possible weaknesses. Define the scope and strength of the penetration test and consult with the client about the depth of the tests to be performed and the permissiveness of the attacks.
3# Threat modeling
Once we have all the information, we have to prepare a structured representation of all the information that affects the security of an application. It is the process of capturing, organizing and analyzing all data from one view through security experts. It allows you to make decisions about risks and develop a model of typical modifications or a prioritized list to improve computer security.
The model helps us to see how we will attack the system, through which port to access. If the intrusion has been successful, this phase consists of the collection of private information, such as files hosted on a server or system. The purpose is to demonstrate to the customer that if a cybercriminal were to attack the system, they can access and steal the information.
5# Preparation of information
Ultimately, as our can imagined, we will write to do all the falls and improve them on security detected. Two types of reports are made. On the one hand, a technical one for system administrators, which is written with the appropriate terminologies together with detailed solutions. On the other hand, an executive report directed to the board of directors so that people who are not dedicated to the computer world understand it.
What did you think of this article about what is pentest? Already your comments and share!
And if you want to become a cybersecurity expert, format with the Online Master in Cybersecurity. Consult the technical knowledge necessary for a correct management of the cybersecurity environment, with the activities of design, planning, operation and incident management. We will wait for you!
Online Master in Cybersecurity
Become an IT security expert
I want to inform myself!
Become the Sherlock Holmes to find the one that fits in your team and can become its driving force, such is the challenge for leaders or managers. It is clear that hiring an employee who is not suitable for the position or the department can seriously damage the atmosphere of the team. How to manage to detect upstream those who will not match?
“The secret to my success is that we have made exceptional efforts to hire the best people in the world. »
Whatever the sector, there are criteria that allow you to identify the personality that you have in front of you. Each candidate is, above all, a human being with his character traits and his psychological reality. His goal is still to identify talent but also to find out if they will be able to integrate and take into account the values of his company. Here are some tips.
“I choose a lazy person for a hard job, because a lazy person will find an easy way to do it. »
See best practices
If you’re new to this, start by looking at the best practices available both on the web and in recruiting books. Training organizations, schools from all walks of life provide good advice to weed out those who do not know how to prepare for an interview. The other side of the coin is that they condition the candidate when he arrives for the interview. The assimilation of “good” practices and answers can show you that the person absorbs the information well but freezes you in a straitjacket of classic answers that can be as damaging for the candidate as for the recruiter. The candidates become clones and it seems difficult to discern their true personality. “Standard” answers rain down and “I am a perfectionist” becomes the answer to the question: “what is your main defect? “. So to be successful in your interview, you will have to take the next step, you will have to trust the candidate so that he gradually reveals his personality to you.
“You can imagine, create and build the most wonderful place on earth, but it will always take people to make the dream come true. »
Don’t forget professional matters
If the personality of the candidate is essential, the basic foundation remains professional issues. Even a person of good will will take a long time to acquire the skills from him. A panoply of questions available everywhere can allow you to choose the best candidate in terms of skills, but these questions can also lead to a dead end: it is still difficult to assess the candidate’s proficiency outside of their past experience. Without the union minimum, the person hired can quickly become a burden to the team, who will complain about having to train someone when they had asked for help. Therefore, you must identify the exact ability of the person to distinguish him from others and explain how this newcomer is not in competition but in complementarity. Otherwise, you run the risk of creating suspicion and a deleterious atmosphere with the famous question “Is this candidate there to replace me?” “. To ensure competence, many companies do not hesitate to test their candidate in their main mission.
But also issues related to the life of the person.
Once the professional questions have been overcome, tradition suggests analyzing the candidate’s profile through their activities outside the company (sports, solidarity activities, trips, etc.) but also trying to decipher the candidate’s personality. This is the most delicate moment where intuition plays a crucial role. Candidates have learned to thwart these questions because they know all the answers thanks to the well done manuals and through the advice given. So what needs to be done?
In the first place, it is necessary to know the personalities of the team that the candidate will integrate and choose the personality that will be a factor of cohesion, illusion… Starting from what already exists is still fundamental. In the same way that we form a soccer team, we do not choose players with identical qualities. It is therefore about integrating added value.
To make a relevant selection, it is necessary to be clear about what type of candidate you are looking for, for what type of position and for what purpose. To do this, make a rigorous list of the qualities you are looking for and keep them in mind during the interview.
The adaptability of the candidate.
This is the most difficult skill to discern. To glimpse it, do not hesitate to suggest specific cases of change or conflict and ask the candidate how he would face this situation, this difficulty. Then he will draw on himself and can only draw on his knowledge to a limited extent. By letting him answer, you’ll gain valuable insight into his personality. You will see his emotional intelligence in the face of conflicts and his enthusiasm, an essential quality in a team because it is a factor of adhesion. Transversal skills can also be useful and allow you to evolve according to changes, challenges, work overload.
Whatever position he holds, be it commercial, computer, administrative, accounting and even if it does not require constant interpersonal skills, the candidate must be able to exchange with all the company’s services and create a pleasant environment where everyone understands that his the position is fundamental but also that communication with others is fundamental.
Some questions to identify the personality of the candidate:
“Involving the right people takes time, requires the right questions and a healthy dose of curiosity. What do you think is the most important factor in building your team? For us, it’s personality. »
- What are the qualities of your best friend, what are the qualities that you like?
- What flaws do you hate?
- What are the defects of a society that destroy harmony, those that are factors of cohesion?
- In this type of situation, what qualities should be demonstrated, possessed or developed?
- What are your weaknesses? your qualities?
- What are the flaws that could harm this position?
- How do you see yourself in five years?
- Do you accept the authority of your supervisor?
- What do you do if you disagree with the directives of your Manager or the Company?
- Does your family life come before or after your professional life?
- Do you like change?
- What is the profession of your parents?
- Have you experienced periods of unemployment?
- Are you punctual? Do you respect the schedules?
- What is success for you?
- What are your professional values?
- What drives you forward in life?
- Do you consider yourself lucky?
- What image should we keep of you?
- Do you have brothers ?
- What are your activities outside of work? You do sports?
“My theory is that A-players hire people who are better than them. Clearly, B players hire C players to feel superior. And D-players sign D-players. When you start signing B-players, you can expect, as Steve called it, the Bozo explosion to happen. »
Can you imagine that someone can impersonate your identity with Artificial intelligence? Recently there has been talk of the phenomenon of deep fakessomething that has worried Famous and familiar faces. Nowadays, it seems more and more difficult to detect if the content spread by the network is true.
If you also have doubts about whether what you see on the Internet is real or not, keep reading this post where we tell you What are the deep fakes and how to detect them.
It may interest you: Postgraduate in Artificial Intelligence and Machine Learning
Application of Artificial Intelligence in Fintech
What are the deep fakes?
Recently, a video of actress Jennifer Lawrence with the character of actor Steve Buscemi appeared on the networks. At the same time that Lawrence spoke in a speech in front of the cameras, the actor’s face articulated the same expressions as hers. The video is a clear example of how fake news is no longer just text. We are facing the development of synthetic images, better known as deep fakes.
The deepfake number comes from deep learningtranslated as deep learning, one of the currents of Artificial Intelligence. In this case, it is learning with artificial intelligence that to be used with the intention of creating false content.
In most cases, this is based on video manipulations in the software analyzes the source material and extra part of the, then insert and fit it into another video. The so-called face swaps or deep video portraits It is the most common form of false.
It seems more and more difficult to detect what is real and what is not. This does not mean that it is impossible, even deep fakes best worked can be detected by specialists in style transfer techniques.
In an interview with Diario El País, Artificial Intelligence specialist Jorge Muñoz assured that we are facing a process that could scale beyond the world of celebrities. “The biggest problem with these techniques is that they require a large amount of data to be able to train them, so today we will only see content like this about famous people who can find millions of hours of high-quality video on the Internet.”
Deep fakes are not only videos
The videos deep fakes they have become the most widespread technique for creating fake news (also known as FakeNews) and the data proves it. According to the I Study on the impact of Fake News in Spain prepared by the Complutense University of Madrid:
- 86% of the Spanish population creates fake news Wow fake news.
- 60% of Spaniards think they know how to detect them, but in reality it is 14% who differentiates it.
- 4% of the population create and distribute fake news
However, they are not the only means of counterfeiting. The technology fake deep allows you to create completely fictional photos from scratch. Cases such as “Katie Jones” have been known, a profile that confirmed working at the US Center for Strategic and International Studies, but which, it is believed, was created to carry out espionage operations abroad.
The same happens with audio. Deep fake allows you to create “voice clones” of public figures.
How does the fake deep?
through a Artificial intelligence algorithm called encoder thousands of shots of the faces of the people who want to be faked are executed.
What the encoder does is identify and learn the similarities between the faces and the reductions to shared common features through a process of image compression. Then came into operation un second algorithm called decoder, which promises to recover the compressed images.
To perform the face swap, the encoded images are introduced in the opposite decoder so that it reconstructs the face of the other person. That is, an encoded image of face A feeds the decoder input into face B. The decoder is responsible for reconstructing face B with the expressions and orientation of face A to obtain a convincing image.
How to detect the deep fakes?
As technology evolves it has become more difficult to detect what is true and what is not. Below you already have some features that you can try to detect a fake deep
Humans typically blink once every 2-8 seconds, with each blink lasting between 1 and 4 tenths of a second. If you want to know if you are facing a DeepFake, look at the number of times it blinks, you realize that he does much less than a real person. The Loss Algorithm DeepFake he cannot blink at the same speed as a human.
face and neck
Does the body conform to the face where the posture matches the facial expression? Most of the DeepFake their main facial substitutionschanges in the body can only be implemented with great effort.
If the body of the person who has applied a face has other features that do not match, for example tattoos, pronounced muscles or a different skin color, it is a sign of forgery.
Although the technology is already very easy to use, the process of learning to make fakes are very worked. Therefore, most of the deep fakes that are shared only a few seconds in duration. So if a very short clip of implausible content needs to be verified and there is no obvious reason why the recording is so short, it is often because it is a false.
In this context it is important because the capture leak, to the person who first compared the deep fake video. a often, andThis helps to plug in the context of the post already check if the source material was more detailed after all.
sound for recording
Not only the image exposes a DeepFake, but also the sound. The software is often limited to changing the picture, but not adjusting the sound. sentences, if the sound is not present or does not match the imagefor example, with a poorly implemented lip touch, this indicates a fake.
Ten in mind the details. By verifying the content of the video, also it is useful to let it play at half speed. For example, small discrepancies in a person’s background or sudden changes in the image that are immediately noticeable.
inside of mouth
The software to create deep fakes has been able to transfer faces pretty well so far, but the devil is in the details. For example, some blur inside the mouth is another sign that it could be a fake image. Artificial Intelligence is still struggling to correctly represent the teeth, tongue and oral cavity when speaking.
positive uses of fake deep
Apart from maintenance, there are different applications that can be useful with this technology. One of them has to do with restoring the voice of people who have suffered from illnesses that have left them mute. Let’s look at some other applications:
- art and entertainment: In Florida, the Dalí museum has a deepkafe of the painter that presents his art and takes selfies with visitors. In the same way, the producers of the film did RogueOne from star Wars in 2016, bringing actor Peter Cushin to life.
- Research: The generative technology it is already allowing results to be seen in the medical field, through the use of fake brain scans based on real patient data. This is a useful technology to detect possible tumors.
As Artificial Intelligence evolves, specializations in this sector grow more and more. Companies are looking for up-to-date professionals in the sector, so if you want to work to be part of the change, join the Postgraduate in Artificial Intelligence and Machine Learning. What are you waiting for!
Postgraduate in Artificial Intelligence and Machine Learning
Learn about Big Data, Machine Learning and Deep Learning
I want to sign up!