zeroday
Zero-Day Exploits: What They Are and Why You Should Care

In cybersecurity, zero-day exploits are one of the most dangerous threats. If you work in IT or are starting to explore this world, it’s important to know what they are and how they can affect you.

What Is a Zero-Day Exploit?

A zero-day exploit is a security weakness in software or a system that even the developers don’t know about.
The term “zero-day” means there’s zero time to fix it before attackers can use it. In simple words, hackers discover and take advantage of this flaw before anyone can fix it.

A Market for Zero-Day Vulnerabilities

You might not expect it, but there’s a market for selling zero-day vulnerabilities.

On the legal side, companies like Google, Microsoft, and Facebook offer bug bounty programs. These programs reward people who find and report security issues.

For example, Google’s Vulnerability Reward Program pays anyone who reports a security bug in their services, like Chrome or Android. This helps Google improve security and gives ethical hackers recognition and rewards.

On the dark web instead, hackers sell these exploits to cybercriminals or groups for money.

Famous Zero-Day Exploits

Here are some real-world examples:

  • Stuxnet (2010): A malware that attacked industrial systems, causing serious damage (USA + Israel vs Iran Nuclear program).
  • Heartbleed (2014): A security flaw that exposed millions of sensitive data records (using a breach in the SSL protocol).
  • Pegasus (2021): Spyware used to track journalists and activists through their phones (it’s a mix of different exploit for mobile OSs, probably still used …) .

Why Are They So Dangerous?

  • They can’t be stopped immediately: There’s no update available until the flaw is found and fixed.
  • Huge impact: They can affect entire companies and millions of users.

How to (try to) Protect Yourself

Here are some tips to reduce the risk and the damage:

  • Keep everything updated: Software updates often include important security fixes.
  • Use modern security tools: Firewalls, antivirus software, and intrusion detection systems help a lot.
  • Backup your data regularly: If something goes wrong, you won’t lose everything.
  • Stay informed: Learn about new threats and teach your team to recognize suspicious behavior.
The Heart of Scrum: People

Projects are done by people, for people. The agile philosophy emphasizes close collaboration between two key groups:

  • The project team, who builds the product.
  • The project clients, who benefit from it.

One of the most crucial roles in this collaboration is the Product Owner.

The Product Owner: A Central Role in Scrum

The Product Owner holds the responsibility for managing the product backlog and making all key decisions related to it. This role is critical for the success of the project.

What does the Product Owner do?

  1. Defines and Validates Requirements:
    • Gathers and documents user stories and epics.
    • Ensures the backlog reflects all necessary functionalities and priorities.
  2. Prioritizes the Product Backlog:
    • Decides which user stories should be built first and which can wait.
    • Adjusts priorities as the project evolves, ensuring the most valuable tasks come first.
  3. Reviews and Validates Outputs:
    • At the end of each sprint, the Product Owner checks the deliverables to ensure they meet the agreed requirements.
    • Provides constructive feedback if something doesn’t meet the expected standards.
  4. Approves the Final Product:
    • At the end of the project, the Product Owner gives the final approval, ensuring the product is ready for release.

Who Can Be a Product Owner?

Usually, the Product Owner represents the organization for which the product is being created—essentially, the project client. This person needs a strategic vision and domain expertise.

Common roles that might act as Product Owner include:

  • Head of Sales
  • Head of Marketing
  • Head of IT, etc.

The Product Owner needs to be hands-on throughout the entire project, working closely with the team, reviewing progress, and adapting to changes when necessary.

The Power to Adapt

In Agile, requirements can change. The Product Owner plays a key role in approving changes and adjusting priorities between sprints. If a high-value user story emerges, it’s the Product Owner’s job to bring it forward, ensuring the project remains focused on delivering value.

Undo unsaved changes in Git

If you did a git checkout on a branch and found conflicts or, in general, you did some changes in your local repo, you can undo everything and go back to the previous state with these steps:

git reset --hard HEAD

This command reverts everything to the state of the last commit and discards local changes, including conflicting ones.

or better

git reset --hard origin/nome-del-branch

If there are any untracked files that are causing problems, you can delete them with:

git clean -df

Just a tricky, if you want to go back to the previous branch, just do this:

git checkout -
From User Stories to the Product Backlog

After gathering user stories and epics, they are structured into the product backlog, forming a detailed “to-do list” for the development team. User stories are rephrased to sound more task-oriented.

  • Example:
    • User Story: “As a user, I want to see the ingredient list for each pizza.”
    • Task: “Add ingredients box next to each menu item.”

These work items may also be referred to as Product Backlog Items (PBIs).

Product Backlog and Increments in Scrum

The Product Backlog is a comprehensive, ordered list of all tasks needed to build or enhance the product.
It serves as the foundation for the development team’s work, broken down into sprints.

An Increment is a completed, functional piece of the product that delivers value to users.
Each sprint produces one or more increments that are tested and ready for use in the real world.
Increments are like building blocks, adding functionality to the product step by step.

Early Value Delivery

Early Releases: Once a significant portion of the product (e.g., an epic or a group of functionalities) is complete, it can be released for users to start benefiting from it—even if the rest of the product is still in development.

This reduces the time to market—the time between the idea’s conception and its introduction to users.

Users can test and provide feedback on the most critical functionalities first, allowing for real-world adjustments before further features are developed.

Important functionalities are programmed and released first, enabling users to start working with the product early. Additional features are incrementally added and released, enhancing the product over time.

Epics and User Stories in Scrum

Epic

In Scrum, an epic is a large set of product requirements that can be broken down into smaller pieces. It represents a broad and complex functionality.

Example: The online payment functionality for an order is an epic.

 It can be formulated similarly to a user story, for example: “As a user, I want to pay online to avoid exchanging cash with the delivery person.”

User Stories

These are smaller, more specific parts of an epic. Each epic includes several related user stories.

Example: Paying with a credit card, PayPal, cash, or Bitcoin are user stories under the “Online Payment” epic.

Relationship Between Epics and User Stories

It’s hierarchical. User stories are grouped under an epic, or an epic is broken down into user stories.

  • If a functionality can be completed within a single sprint, it’s a user story.
  • If it requires multiple sprints, it’s an epic.

Organizations may adapt these definitions to suit their specific needs, so interpretations can vary.

Through user stories and epics, the project team defines the entire scope and requirements of the product.

What Are User Stories?

A user story is a short, one-sentence description of what a user wants to achieve with a system or product.

They provide a simple, user-focused way to define requirements that are easy for both users and technical teams to understand.

Format:

“As a user, I want to [do something] in order to [achieve a goal].

The “in order to” part explains why the user needs this feature, offering valuable context for the development team.

Examples of User Stories (Pizza Website)

  1. “As a user, I want to scroll through the menu in order to quickly see all the options I can choose from.”
  2. “As a user, I want to see the ingredients of each pizza.”
  3. “As a user, I want to pay for my order using Bitcoin.”

These stories:

  • Help open communication between users and the technical team.
  • Allow developers to understand the user’s perspective and reduce misunderstandings.
  • Provide flexibility for developers to suggest better ways to achieve the same goal.

How Are User Stories Created?

  • When: They’re typically gathered during initial project planning.
  • Who Creates Them:
    • Future users or their representatives (e.g., during brainstorming workshops).
    • The Product Owner, who manages the product’s scope in Scrum.
    • Business Analyst
  • How:
    • Often collected in workshop sessions using sticky notes (hence their iconic association).
    • Later documented in electronic format for organization and future reference.

Benefits of User Stories

Focus on the user’s needs: They prioritize what the user values most.

Encourage collaboration: Involve both users and developers in the process.

Reduce misunderstandings: Developers can better visualize user expectations and propose alternative solutions if necessary.

Of course, these are all theories—practice is often a different story. There are many challenges to face, starting with clients who often don’t know exactly what they want. This is why Agile is, above all, a mindset—a way of thinking and organizing projects. It’s about embracing uncertainty, fostering collaboration, and adapting to change in real time. Agile isn’t just a process; it’s a philosophy for navigating complexity.

The Three Pillars of Scrum

Transparency

Open communication is key in Scrum. Everyone—team members and stakeholders—needs to have the same understanding of the work and its current status.

The goal is to avoid surprises and ensure that everyone is on the same page.

Inspection

Scrum encourages regular check-ins to make sure the work is progressing as expected.

By identifying any issues early, the team can address problems before they grow and potentially derail the project.

Adaptation

If something’s not working—whether it’s the product, the process, or the progress—it’s time to adapt.

Changes should happen quickly to ensure the project stays aligned with its goals.

Key Elements of Scrum

Artifacts
These are the tools that guide the team and define the scope of the work:

  • Product Backlog: A list of everything that needs to be done to achieve the project goals. Think of it as the project’s to-do list.
  • Sprint Backlog: A smaller, more focused list of tasks the team plans to tackle during a specific sprint.
  • Increment: The finished, usable product that’s delivered at the end of a sprint.

The Scrum Team
The Scrum team works as one cohesive unit, with three main roles:

  • Product Owner: Manages the backlog and ensures the team is working on what brings the most value to the customer.
  • Development Team: A cross-functional group of professionals who build and deliver the product.
  • Scrum Master: A facilitator who helps the team follow Scrum principles and remove any obstacles they might face.
There’s no hierarchy here—just collaboration. Teams are usually kept small (up to 10 people) to maintain efficiency and flexibility.

Scrum Events
These events keep the team organized and moving forward:

  • The Sprint: The core of Scrum, a time-boxed period (usually 1-4 weeks) during which the team works on delivering a usable increment.
  • Inside the Sprint:
    • Sprint Planning: A meeting where the team decides what they’ll accomplish during the sprint.
    • Daily Scrum: A quick, daily check-in (often called a stand-up) to ensure everyone is aligned.
    • Sprint Review: A meeting to showcase the completed work to stakeholders and gather feedback.
    • Sprint Retrospective: A session to reflect on what went well, what didn’t, and how the team can improve in the next sprint.

    Scrum is all about being lean, transparent, and adaptable. It’s designed to help teams handle complex challenges by breaking work into manageable chunks, focusing on delivering value, and constantly improving.

    The 12 Agile principles

    User satisfaction

    Satisfy the customer through early and continuous delivery of valuable software.

    Welcoming change

    Accept and integrate changes, even in advanced stages of development, to ensure a competitive advantage for the customer.

    Frequent delivery

    Frequent delivery of working software (preferably within short timeframes, days, or weeks).

    Continuous collaboration

    Business and developers must work together daily throughout the project.

    Motivated people support

    Build projects around motivated individuals, providing them with the support, tools, and autonomy to get the job done.

    Face to face communication

    The most effective method of conveying information within a team is direct conversation.

    Working software

    Progress is measured through working software.

    Agile focuses on operational and customer-usable functionality as an indicator of progress.
    Avoid false perceptions of progress (e.g., only code developed but not tested or integrated).

    Keep a steady pace

    Agile promotes sustainable development, where sponsors, developers, and users can maintain a constant pace indefinitely.

    Excessive pace leads to burnout, reducing quality and morale.
    Realistic goals ensure consistent, high-quality productivity.

    Technical excellence

    Continuous attention to technical excellence and good design improves agility.

    Avoid shortcuts that can cause errors or require additional work in the future.
    Design and technical quality are key to ensuring long-term success.

    Simplicity

    Focus only on activities that add value.
    Avoid unnecessary complexity.
    Simplicity improves efficiency and value, working smarter.

    The art of maximizing undone work is essential.

    Self-organized teams

    The best requirements and designs emerge from self-organizing teams.

    Autonomous and motivated teams produce better solutions.
    Agile promotes horizontal management, promoting autonomy and collective ownership.
    This approach speeds up decisions and increases effectiveness.

    Reflect and Adapt

    The team reflects regularly to become more effective and adapts its behavior accordingly.

    Continuously reviewing processes and priorities improves flexibility and efficiency.
    Analyzing situations such as Bill’s unmet expectations can improve management of future requirements.

    Cyber Kill Chain methodology

    The “Cyber Kill Chain” methodology is a framework developed by Lockheed Martin to describe the stages of a cyberattack, from initial reconnaissance to data exfiltration.

    Basically the author applied the structure of a military kill chain (F2T2EA) to information security

    It helps organizations understand and detect malicious activities at various stages to improve their defensive measures. Here are the seven stages of the Cyber Kill Chain:

    1. Reconnaissance:
      • The attacker gathers information about the target organization. This can include identifying potential vulnerabilities, researching employee roles, and understanding the network structure. Footprinting
      • Social media profiling, website analysis, dns reconnaissance, phishing target identification, open source intelligence
    2. Weaponization:
      • The attacker creates a deliverable payload (e.g., malware, exploit) by coupling malicious code with a legitimate file or software. This stage involves create or obtain the actual attack tools.
      • Developing malware, embedding malware in documents, setting up exploit kits, preparing command and control servers, packaging payloads with droppers, creating delivery mechanisms (phishing email, drive-by download, malicious link…)
    3. Delivery:
      • The attacker sends the weaponized payload to the target.
      • sending phishing emails, deploying malicious link and attachments, compromised websites, delivering (for free also) USB and physical media, and so on
    4. Exploitation:
      • Once the payload reaches the target, it exploits a vulnerability to execute the malicious code.
      • exploiting software vulnerabilities, leveraging social engineering, executing malicious code (the one downloaded previously or installed with the USB or similar) or using zero-day exploits.
    5. Installation:
      • The malicious payload installs a backdoor or other persistent mechanism on the victim’s system, allowing the attacker to maintain access.
      • installing a backdoor, setting up a remote access trojans, creating a scheduled task or service, adding new user account,…
    6. Command and Control (C2):
      • The attacker establishes a communication channel with the compromised system. This enables them to issue commands, exfiltrate data, or download additional tools.
    7. Actions on Objectives:
      • The attacker achieves their goals, which can include data theft, system disruption, financial gain, or espionage. This stage involves executing the final intent of the attack, such as exfiltrating data or causing damage.

    By understanding these stages, organizations can develop more effective detection, prevention, and response strategies to disrupt the attacker’s progress at various points along the kill chain.

    Getting Started with Angular: Installing the Latest Version from Scratch

    If you’re new to Angular and want to get started with the latest version, you’re in the right place! This guide will walk you through every step to install Angular from scratch.

    What You’ll Need

    1. Node.js (includes npm): Node Package Manager (npm) is necessary for installing Angular and its dependencies.
    2. A code editor: Visual Studio Code is popular and free, but feel free to use any editor you prefer.

    Step 1: Install Node.js and npm

    Angular requires Node.js and npm. Here’s how to get them:

    1. Go to the Node.js website: https://nodejs.org/
    2. Download and install Node.js: Choose the “LTS” version (recommended for most users).
    3. Verify the installation: Open a terminal (Command Prompt on Windows, Terminal on macOS or Linux) and type:
      node -v
      If Node.js is installed, it will show a version number.
      Next, check for npm:
      npm -v
      You should see a version number if npm is installed.

    Tip: npm comes with Node.js, so installing Node.js automatically installs npm.

    Step 2: Install the Angular CLI

    Angular CLI (Command Line Interface) is a tool to manage Angular projects, create new applications, and run them.

    1. Open your terminal.
    2. Run the following command to install the Angular CLI globally:
      npm install -g @angular/cli

    Note: Adding -g installs Angular CLI globally, meaning you can use it from any location on your computer. And most probably you need “sudo” permission to do it.

    1. Verify the installation:
      ng version
      This command should show the Angular CLI version if it’s installed correctly.

    Step 3: Create a New Angular Project

    Now that the Angular CLI is set up, let’s create a new Angular project.

    1. Choose a location in your terminal where you want to create the project.
    2. Run the following command:
      ng new my-first-angular-app
    3. Follow the prompts:
      • Angular will ask if you’d like to add Angular routing. Type y (for “yes”) if you want to use routing (you can add it later if you’re not sure).
      • Then, select CSS as your preferred stylesheet format (you can choose another option, but CSS is the most common).

    Angular will generate a new project with the necessary files and folders.

    Step 4: Navigate to Your Project and Start the Development Server

    1. Navigate into your new project directory:
      cd my-first-angular-app
    2. Start the Angular development server:
      ng serve
      or
      npm start
      These commands compile the app and launches a local server.
    3. Open your browser and go to http://localhost:4200.
      You should see the default Angular welcome page.

    Tip: The Angular development server automatically reloads the page when you make changes to the code.

    Step 5: Explore the Project Structure

    Here are a few important files and folders to be aware of:

    • src/app: This folder contains all of your application’s code.
    • src/app/app.component.ts: This file contains the main component of the application.
    • src/app/app.module.ts: This file declares which components are part of your app.
    • angular.json: This configuration file tells Angular how to build and serve your project.

    Next Steps

    Now that you’ve successfully installed Angular, you can start building components, services, and other features that make Angular a powerful framework for creating dynamic web applications. Here are a few ideas for what to learn next:

    • Components: Understand how Angular components work.
    • Routing: Set up navigation between different parts of your app.
    • Services and Dependency Injection: Learn how to manage data across your application.

    Happy coding! Remember, practice is key, and don’t hesitate to reach out with questions as you learn.