100% found this document useful (1 vote)

90 views42 pages

Kernellix Profile

This document provides an overview of Kernellix Cyber Defense & Response Center, located in Yangon, Myanmar. It operates a 24/7 cyber fusion center from a 2,000 square foot office in MICT Park. Established in 2014, Kernellix provides cyber security solutions and services, including security operations, security engineering, security assessments, and information assurance. It aims to be the regional market leader in preventing, detecting, responding to and mitigating cyber incidents. The document then outlines Kernellix's proposed services and provides examples of clients from various industries in Myanmar that utilize their solutions. It also describes some active threat actors targeting organizations in Myanmar, and presents a strategic cyber defense program implementation approach.

Uploaded by

hieunt2489

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

90 views42 pages

Kernellix Profile

Uploaded by

hieunt2489

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 42

Kernellix Cyber Defense & Response Center

January 2024
Solutions and Services

Min Min Soe

TLP:GREEN Unclassified Cyber Security Consultant
Kernellix

24/7 cyber fusion center, operating from 2,000 sqft office in Security Operations
Detect, respond, and remediate cyber incidents using state-of-
MICT Park, Yangon, Myanmar. the-art technology and a well-established incident response
process

Established in 2014, Head quartered in Yangon, Myanmar.

Security Engineering
Enhance protection, detection, and response capabilities through
the use of state-of-the-art technology and in accordance with
Provides solutions and services to prevent, detect, respond industry benchmarks.

and mitigate cyber incidents.

Security Assessment
Uncover vulnerabilities and exposures through a thorough
Endeavors to be the regional market leader in providing testing methodology and real-world attack vectors.

solutions and services to prevent, detect, respond, and

Information Assurance
mitigate cyber incidents
Assess risk factors and enhance cyber security program based
on proven industry best practices.

TLP:GREEN Kernellix Co., Ltd. | Unclassified 2

IT Operations, Cyber Defense & Risk Management
Proposed Services

Managed Security
IT ISMS
Detection & Operations
Operations Frameworks
Response Center

Networking Detection & Response EPP, EDR, XDR, SIEM, SOAR ISO/IEC 27001:2022
System Administration Incident Response Security Engineering NIST CSF
Applications Threat Hunting CIS Security Controls
ITSM Digital Forensics Security Assessment (VAPT)
Adversary Simulation

Technology Operations Risk Management

Managed Service Provider Managed Detection and Response Computer Security Incident Readiness
ISMS, Compliance
(MSP) (MDR) Team (CERT, CISRT)
TLP:GREEN Kernellix Co., Ltd. | Unclassified 3
Client Highlight
Multiple industries, various sizes and diverse technology platform

Digital Services Retail and Logistics

Leading telematics solution company; designing, manufacturing Started as a supermarket in the 1996, leading grocery market
and selling anything from GPS systems to navigation leader in Myanmar and an icon the country’s retail industry.

Full Service FSIs Manufacturing

Founded in 1995 with more than 23 years of experiences with
Leading full-service financial institution in Myanmar operating over 2,000 employees nation wide produce quality products
since 1992 with over 200 of branches across Myanmar such Grand Royal Whiskey

Software Development House Online Travel Portal

Established in 1996, a leading system integration and software Leading travel company in Myanmar offering a wide range of on-
development company with the largest market share in and offline distribution solutions for the industry. Myanmar’s
Myanmar first one-stop online travel portal.

TLP:GREEN Kernellix Co., Ltd. | Unclassified 4

Threat Landscape - Myanmar
Active Threat Actors Targeting Organizations in Myanmar

Enterprise Assets
Foreign/Global Threats Domestic Threats

Email BEC Scam Ransomware Nation State Cyber Intrusion

• Financial USD Millions • Interruption in critical • Compromise of corporate • Compromise of corporate
• Compromise of corporate business operations confidential information confidential information
confidential information • Compromise of corporate • PlugX Mustang Panda • Reputational Damage
Endpoint confidential information 2020 • Social Media
• Emotet Campaigns • Extend/Expose to APT

Parameter Data Leak

• Accidental
• Privileged abused
Infrastructure
Fraud
• Control Lapses
• Feature Abuse
Cloud Platform • API Abuse

Applications

TLP:GREEN Kernellix Co., Ltd. | Unclassified 5

Cyber Defense Program
Strategic Program Implementation

Enterprise Assets Baseline Enhanced Long Term

Email Enterprise Security Defensible Architecture Secure Controls/Program

• Email – MFA, Phishing
Protection • Asset Inventory • CIS Controls
Endpoint • EPP • Security Policy • NIST CSF
• EDR • Configuration Management • ISO 27001
• NGFW • SIEM/SOAR • PCI DSS
• SIEM/SOAR/XDR • Security Operations
Parameter
• Patch Management
• Vulnerability Management
• Penetration Testing
Infrastructure Secure Configuration • Vulnerability Assessment

• Community Benchmarks
Cloud Platform • Vendor Best Practices

• WAF
Applications
• Application Penetration Testing

Users / Stakeholders Security Awareness

TLP:GREEN Kernellix Co., Ltd. | Unclassified 6

Cyber Defense Program
Strategic Program Implementation

Enterprise Assets Baseline Enhanced Long Term

Email Enterprise Security Defensible Architecture Security Controls/Program

Microsoft Security • Asset Inventory • CIS Security Controls

• Security Policy • NIST CSF
Endpoint Configuration Management ISO 27001
Elastic Security • •
• SIEM/SOAR • PCI DSS, HIPAA
• Security Operations
• Vulnerability Management
Parameter
• Penetration Testing
• Vulnerability Assessment

Microsoft Security IG1: 56 IG2: 130 IG3: 153

Infrastructure Secure Configuration controls controls controls

Cloud Platform PCI DSS, HIPAA ISO/EC 27001

Elastic Security
NIST CSF
Applications

Users/Stakeholders Security Awareness

TLP:GREEN Kernellix Co., Ltd. | Unclassified 7

Operation Team
Detection & Response Cyber Fusion

• Threat Modeling Fusion 3 Fusion 3 Fusion 3 • Security Engineering Fusion 6 Fusion 3

• Fusion SOC Manager SOC Manager SOC Manager • Platform Deployment Red Team Manager Engineering Manager
• Monthly SOC Reports • Cloud Security
• SLA • Security Assessment
• Vulnerability Scanning
• Vulnerability Assessment
• Penetration Testing
• Adversary Simulation
• Security Validation
• Escalation Alpha Team Bravo Team • Digital Forensic India Team Kilo Team
• Customer Communication SOC Analyst SOC Analyst • Incident Management Security Analyst Security Engineer
• Partner Communication • Training Programs
• Daily / Weekly SOC Reports • Consulting
• Log Source Management Juliett Team Lima Team
• Detection Engineering Assoc Security Analyst Assoc Security Engineer
• SLA Tracking
• Case Management
Mike Team
Security Consultant
• Alert Investigation Charlie team Echo Team Golf Team
• Triage Assoc SOC Analyst Assoc SOC Analyst Assoc SOC Analyst
• Escalation
• Technology Maintenance
• EDR Delta Foxtrot Team Hotel Team
• NDR Assoc SOC Analyst Assoc SOC Analyst Assoc SOC Analyst
• SIEM/SOAR

TLP:GREEN Kernellix Co., Ltd. | Unclassified 8

Professionals
A Team of skilled, experienced and certified professionals

Certification Bodies Engineer’s Certifications

TLP:GREEN Kernellix Co., Ltd. | Unclassified 9

SOC Platform Architecture
Technology Components
Kernellix SOC Platform Enterprise ICT Environment Enterprise ICT Team
Endpoints On Premises Data Center Cloud

Workstations Servers & Applications Security Infrastructure

Infra Team Info Sec Team

Alert and Log Ship Integration

EDR, Vulnerability Management, Alerting, Identify Management, SIEM/SOAR

Elastic Security

Microsoft Security Kernellix SOC Team Kernellix SOC Portal

• Operation Dashboard
• Incident Reports
• SOC Metrics
• Collaboration
• Notifications

TLP:GREEN Kernellix Co., Ltd. | Unclassified 10

Security Assessment
Uncover vulnerabilities and exposures in the environment for timely mitigation

VULNERABILITY ASSESSMENT
Identify and prioritize security vulnerabilities in the environment to
evaluate information security posture and remediate.

PENETRATION TESTING
Simulate a controlled cyber attack to evaluate the risk and adverse
impact of malicious actors targeting the organization

VULNERABILITY SCANNING
Conduct active, continuous and semi-automated scanning to track
vulnerabilities in the environment

TLP:GREEN Kernellix Co., Ltd. | Unclassified 11

Assessment Scope
Digital Service

Mobile Application Security 3 Mobile API 3

Assessment

Android/ iOS

Web Application Security

Assessment

2 Web Portal 2 HTML 5

Web Application Firewall

Database Server Application Server
Infrastructure Security
Assessment Operating System Operating System
Parameter Firewall
On Premises / IaaS

TLP:GREEN Kernellix Co., Ltd. | Unclassified 12

Security Assessment
Infrastructure Security

Database
Identify Known/Published Security Flaws
Digital Services
• Customer Info
• Transaction Info
Programming Language
• Membership Points
• Payment API
• Authentication Info Framework

Internet
Application Services

Linux

IaaS

Digital Platform
TLP:GREEN Kernellix Co., Ltd. | Unclassified 13
Security Assessment
Application Security

• Top 10 Web
• Top 10 Mobile
• Testing Guide
• Cheat sheet

CWE 25 2020

TLP:GREEN Kernellix Co., Ltd. | Unclassified 14

Security Assessment
Penetration Testing

Enterprise Assets

Email Attack Map

1. Low Hanging Fruits
• Laxed Firewall Rules
Corporate Network • Web Presence

Warehouses HO 2. DMZ Server Compromised

Threat Actor External
Branches • Configuration Flaws
4 • Known Vuln CVE

Parameter • Software Flaws

3. Credentials Dumping/Sniffing
3 DMZ Servers Firewalls Public IPs
2 1 4. Lateral Movement
• Network Segregation
Digital Services

DMS Membership Online Store

TLP:GREEN Kernellix Co., Ltd. | Unclassified 15

Security Assessment
Vulnerability, Impact, Proof of Concept and Recommendation

Risk Rating Critical

SQL Injecti on Impact: High, Likelihood: High

VULNERABILITY DESCRIPTION
• The application does not neutralize or incorrectly neutralize user input before forwarding to backend database servers for execution. A threat
actor can inject SQL commands to be executed by the backend database server.

IMPLICATION
• A threat actor can exploit the vulnerability to manipulate SQL commands and queries to extract or modify confidential information from the
back-end database.

• In addition, the application connects to the database using high privilege credentials, such as a database administrator. Thus, leading to an entire
databases compromises on the database server.

TLP:GREEN Kernellix Co., Ltd. | Unclassified 16

Security Assessment
Vulnerability, Impact, Proof of Concept and Recommendation

Risk Rating Critical

SQL Injecti on Impact: High, Likelihood: High

STEPS TO REPLICATE / PROOF OF CONCEPT

1. The parameter values userid and pwd in the login page is vulnerable to the SQL injection attack.

2. Enter userid admin and inject the value or 1=1# in the pwd request parameter value.

3. The application allow a threat actor to login with out the valid password.

4. A threat can further exploit the vulnerability to extract data from backend database and execute operating system (OS) commands and
subsequently obtain administrative access on the backend database server.

• Illustrated in Figure 1 and 2.

TLP:GREEN Kernellix Co., Ltd. | Unclassified 17

Security Assessment
Vulnerability, Impact, Proof of Concept and Recommendation

Risk Rating Critical

SQL Injecti on Impact: High, Likelihood: High

RECOMMENDATION
• Validate or sanitize input to for special characters for database such as semi colon, quotes, etc.

• Neutralize or encode special character to be interpreted as literal text.

• Disable execution of system commands on the database if there is not business/technical requirements.

• Implement layered defense against SQL injection using

• Parameterized Queries

• Server side input sanitizing

• Database privilege access management

TLP:GREEN Kernellix Co., Ltd. | Unclassified 18

Security Assessment
Vulnerability, Impact, Proof of Concept and Recommendation

Risk Rating High

Informa ti on Enumeration - P I I Impact: High, Likelihood: High

VULNERABILITY DESCRIPTION
• The customer profile API endpoint returns customer Personally Identifiable Information (PII). The application does restrict a threat actor from
fuzzing the customer ID and does not restrict the number of API calls. A threat actor can abuse the API endpoint to enumerate the significant list
of customer PII from the system.

IMPLICATION
• The customer ID is incremented in predictable pattern. A threat actor can formulate the customer ID increment pattern via the programming
scripts.

• Per our assessment via the Internet, a threat actor can enumerate 1,000,000 customer PII including name, phone number, address, nation id,
and income group in 3 minutes by exploiting the vulnerability.

TLP:GREEN Kernellix Co., Ltd. | Unclassified 19

Security Assessment
Process

Scoping Onboarding Kick off Assessment Debrief Retest Closure

• Define High Level • Identify Test environment • Test environment • Conduct Assessment • Discuss findings • Retest reported findings • Archive assessment notes
Requirements information readiness • Produce status update • Discuss remediation • Archive assessment
• Estimate Scope of work • Identify Technology Stack • Confirm Assessment • Produce preliminary report actions reports
• Define Tentative Schedule • Set up communication schedule
platform
• Discuss Rules of
Engagement

1 week prior to start Within 90 days after 90 days after prelim

2 weeks prior to start date 1 week to 4 weeks assessment schedule
date prelim report date report date

TLP:GREEN Kernellix Co., Ltd. | Unclassified 20

Security Assessment
Methodology – NIST SP 800-115

Additional Discovery