Statistics
We looked inside some of the posts by tenderfootsecurityblog and here's what we found interesting.
Average Info
Notes Per Post
8
Likes Per Post
7
Reblog Per Post
0
Reply Per Post
1
Time Between Posts
8 hours
Number of Posts By Type
Text
17
Last Seen Tumblr Blogs
Fun Fact
Hackers stole 65M passwords from Tumblr in 2013.
Text
Job Application: Community and Professionalism
Contributing to the course environment
In tutorial participation:
I attended and participated in every tutorial through the case study where I took down my group's notes and blogged about it. In these case studies I contributed to the open discussion about the various topics in the tutorial.
Case study week 1.
Case study week 2.
Case study week 3.
Case study week 4.
Case study week 5.
Case study week 6.
Case study week 7.
These should also demonstrate my positive attitude in attempting to come up with solutions to some very bad situations (e.g. Deep Water Horizon).
Documenting Security Everywhere:
The following posts should demonstrate my effectiveness and time management skills (something that you are looking for as part of your community and professionalism section). The act of blogging to my 9 followers also contributes to the community.
Some of my best posts would be: Security Everywhere week 3. This was reblogged twice and commented on by others! What a community I contributed to. Exquisite.
This is another post where I contribute to the community by blogging about security procedures that have not been mentioned in the course.
Security Everywhere week 4. It was also reblogged
I also contributed to others learning through my write up about the some of the CTF's I completed as well as my weekly lecture blogs. Here is some of my tumblr history:
Teamwork:
Working together with in at team of six to present a Social Engineering presentation in two weeks is a great example of professionalism and community. We were not originally told when we would be presenting so we just meet up every weekend and worked for about four hours on researching and compiling our information.
Here is a screenshot of us communicating and professionally dividing up tasks.
This is another example of me working together with my good friend Nanway for some notes!
James also helped me on a few levels of Bandit.
Communication and Feedback
I gave constructive feed back and positive reinforcement throughout the term, however most of it was verbally. I'm sure those conversation were recorded by the NSA via any microphone that was near by but I don’t have access to those. There are a few screenshots of me communicating and giving feed back.
This was on Nanway's week 3 case study post
Here is a three way discussion on Nanway's Security everywhere post.
This is an example of one of the MANY positive comments I made.
Further, I contributed to the breaking into a house activity which was liked my many of my classmates !!
As well as the hiding the crown jewels activity!
Responsible Data Handling
I did the phishing activity in week 6 but I did not post it because it did it on my friend and I don’t want to expose his details (James Hull). I actually had a lot of potentially sensitive data that I came across and wrote notes about but did NOT blog about. You'll just have to trust me on this. An example of data I did not share was Jazz's phone number, but if you have a look at his _censored_because_i_want_marks_.
0 notes
Text
Job Application: Skills
My something awesome involved research into various web vulnerabilities, how to exploit and real life examples, and then following up on them. I then applied these skills in a range of CTFs. This hopefully proves that I know the content of the course and can apply it on a practical level, and understand why it worked.
Something awesome skills:
Bandit Skills: (Technical ability)
Level 25: I learnt how to write some shell script.
Level 13. A level I found challenging.
Web hacking 101: (Research Skills)
CRLF Injections: I learnt about carriage return line feed injections, a more obscure injection type.
Open Redirect Vulnerabilities.
Natas: (Technical Ability)
Level 11 Had to learn some PHP syntax for this level, something I was previously not familiar with.
Pico2018 CTF, relevant web hacking ones: (Technical ability)
No Login: A cookie related CTF.
COMP6441 CTF: (Technical Ability)
Completed one of the web hacking CTFs.
Above are some highlights of my something awesome showing my skills, more examples can be found at my something awesome summary.
Cryptography Skills: (practical + technical skills):
I became very skilled at the NSA cryptography game throughout the term.
Practice 1
Practice 2
Practise 3
Practise 4
Practise 5
Practise 6
Practise 7
Additional Skills about content in the course:
Life expectancy of a computer. (research skills)
Hardware secure module and Secure cryptoprocessor (research skills)
Buffer Overflow: (technical skills)
Wifi Deauthentication and Disk encryption: (research skills)
Reverse engineering workshop (Jazz's talk)
Bits of Security: (practical skills)
Vulnerabilities in Code: (technical skills)
Social engineering presentation: (practical skills)
I presented in week 4 to the rest of the course about social engineering. I did not blog about this but here is a link to our presentation.
0 notes
Text
COMP6441 CTF
I did one of the web hacking ones! (was stuck on the other one however)
2 notes
·
View notes
Text
Job Application: Time Management
I think my time management this term was decent with room for improvement. From the start of the course I realised that it was required to do weekly blogs about the lecture content, security everywhere and case study. This was the minimum required work and then on top of this work on my something awesome.
Something Awesome Time management:
My something awesome had many components to it so I planned a initial schedule when I first proposed it. This initial schedule was planned to achieve as much of my goals as possible in the time frame given.
(note the due dates section)
I tried to keep to this schedule as best I could but I underestimated how much time Bandit would take me. Upon completion of that milestone, I re-assessed and adjusted my timeline.
(The main thing here was that I adjusted so I would have more time to do Natas seeing as Bandit took me so long)
(This is the second update following the completion of the second milestone for my something awesome) So far, I had completed everything according to my adjusted plan for the remaining term.
The rest of my something awesome did not go to plan according to my schedule. I don’t think is a result of poor time management but instead a result of overestimating my ability. I was not able to complete Natas in time and stopped working on it at level 15. This is because I found that with each new level completed, the time to do the problems would increase. Level 15 took me three days to complete. It simply wasn't worth it anymore. Instead I moved on to the next milestone which was the Pico2018 CTF's.
Towards the end of the term my something awesome began to take up all my time (as I prioritised it) and I found that I was not able to blog about the lectures 6 and 7 and security everywhere to the standard of previous weeks. I managed to catch up once I presented my something awesome.
Here is a breakdown of my weekly minimum blogs:
(there were also additional blogs but they won't be linked. Refer to actual blog for more information)
Note that the week heading is the week the blog was completed.
Week 1
Lecture notes week 1.
Security Everywhere week 1.
Case study week 1.
Week 2
Lecture notes week 2.
Security Everywhere week 2.
Case study week 2.
Week 3
Lecture notes week 3.
Security Everywhere week 3.
Case study week 3.
Week 4
Lecture notes week 4.
Security Everywhere week 4.
Case study week 4.
Week 5
Lecture notes week 5.
Case study week 5.
Week 6
Case study week 6.
Week 7
Case study week 7.
Week 8
Lecture notes week 6.
Lecture notes week 7.
Lecture notes week 8.
Security Everywhere week 7.
Security Everywhere Week 8.
Case study: None, did presentations all class.
As you can see, I was mostly consistent throughout the weeks until weeks 5, 6 and 7. However the blog posts that I missed were caught up in week 8.
Overall, this is the breakdown of my time management throughout the term.
Note: for more evidence, I managed to consistently blog 115 times over 8 weeks. Examine my blog post time stamps!
0 notes
Text
Job Application: Analytical Skills
Throughout the past eight weeks I have consistently demonstrated analytical skills by taking new information, understanding it and then applying or researching the concepts further.
Please note that I generally merged most of the weekly activities and findings of mine into one large blog post so there may be some scrolling to get to the relevant analytical sections that I have linked.
Also to demonstrate consistent high quality analysis I'll have at least one link to my analysis relating to research, reflection or application every week. Further, I have put into brackets the aspect of analysis that it particularly addresses.
Week 1
Life expectancy of a computer: (Research)
Here I talk about the expectancy of software vs hardware and attempt to define life expectancy itself.
Security Everywhere: Stickers on Laptop Camera (Application)
This is a direct application of a security procedure that I initially criticised (see blog post) but have since then come to my senses. I even have a sticker on my laptop camera now.
Week 2
NSA Cryptography Practice (Research + reflection + application):
Here I did my first two cryptography challenges which I found incredibly challenging. I then researched strategies including things like letter frequency and the most common letters and applied it throughout the rest of the term.
(more practice in week three)
(more practice in week four)
I found myself improving from week to week.
Type 1 and Type 2 Errors: (Analysis and research), you’ll have to scroll down the blog post. Sorry.
Week 3
High Impact and Low Probability Events: (Research + application)
A very in depth analysis where I thoroughly researched and applied these types of events to real world scenarios. I reckon its a good read!!!
Plane Doors: (Application)
In this case study my group and I applied concepts we learnt in the previous week such as Defence in Depth and made sure not to have security through obscurity.
Week 4
Security Everywhere: Facebook monitoring facial expressions (research and analysis)
This is a follow up of sorts to my initial naïve security everywhere post on laptop camera stickers.
Bandit level 13: (Research, application and reflection)
Tl;dr, I found this level every challenging and had to rely on me reflecting on my previous skills learnt from previous levels, researching some command calls and applying them to capture the flag!
Week 5
Security Everywhere: Banking Security Device (Research)
I went into depth researching this and attempted to analyse it for strengths and weaknesses.
CLRN Injections: (Research, application and reflection)
Part of my something awesome where I learnt about this particular web vulnerability and its application. I then reflected on what to do to avoid this type of exploit.
Week 6
SQLi: (research about this vulnerability)
Application of SQLi.
Another application of SQLi
This demonstrates that I have can research and apply concepts.
Week 7
Security Everywhere: Spam email (reflection)
My friend received a spam email and I analysed the potential threats/methods of attack.
Case Study: Improving defense of Australia (research and application)
Used a threat model to analyse this situation.
These are just some highlights of my analysis throughout the past eight weeks, there are more examples of analysis on my blog.
0 notes
Text
Week 8 Lecture Notes
Root Cause Analysis:
We are trying to work out what went wrong in these types of analysis. When something goes wrong, what is the root cause?
Human error, this is much easier to fix. Just sack that person, there is no need to fix the software or hardware.
Culture, there is no one really to blame for this and so its nothing really to blame.
_____?
Human Weaknesses:
Honesty, misdirection and limited focus. Honour codes and to what extent does this change people's behaviour.
Doing an exam where you are required to mark your own marks and then shred the paper after so no one can really check your score. This was an experiment to test honour codes. It was found that if you signed the honour code before you started the exam verses signing it after, the people who signed it at the start were more 'honourable/honest', supposedly because they were thinking about it during the exam.
Humans can only look at a certain number of things at a time so if the situation is complex, we are fairly useless. Humans get distracted by the interesting thing.
Similarity matching: is when you don’t have to think very much. As soon as you don’t need to think this is good.
Frequency gambling: This is when you are trying to think of a pattern in your brain to find a solution. When there is ambiguity, the pattern your brain picks is the one that you have used most often in the past that has worked the most. You're gambling that what has worked in the past will work in the future.
Attacker vs Accident:
The example of trains driving and trying to avoid accidents when in the simulation is trying to make the trains crash. This is the difference between security and programming
Confirmation bias: when you think you have done something heaps of times so you become a little arrogant and get things wrong. Richard's orienteering example, the map he was using was a very small scale compared to what he was used to so he was very wrong.
Didn’t talk about cognitive strain
Group think syndrome: is when you're in a group and you really like being in the room. When you value being in the group more than anything else. You value harmony in the group rather than leaving. An example of this was JF Kennedy's room during war someone had a good opinion and JF asked them to join his discussion room. When they joined they were too scared to give an opinion.
Three design phases that isn't brittle:
Procedural
Meta-procedural
Conceptual
This is when your software has to be rewritten every time a new functionally happens
Operator deskilling due to automatic safety devices. By having a safety automation, you're deskilling your humans who are the last resort. For example, the number of minutes that a pilot actually is using the controls keeps decreasing.
Learn about one of the accidents:
Chernobyl
Bhopal
Challenger
"in one of the accidents you analysed ______" - an exam question
Privacy Talk:
If you vpn from another country it may be cheaper to book a flight
3 Mile Island:
Latent failure
2 notes
·
View notes
Text
Week 7: Lecture Notes
MID-TERM discussion:
Question 5: Suppose there is a 10 digit pin to arm the country's nuclear weapons …
The correct answer is Type I / Type II error. The biggest problem is that having a 10 digit pin introduces a reasonable mechanism to stop a launch when it shouldn’t launch. When you have a launch that should happen, that is when type I error occurs because he is a single point of failure for their launch.
Question 10: Merkle Puzzle Question
RSA 64, you can crack this very fast. Then Richard realised that non of the answers are correct so we all get full marks in this question. Wow.
Class Content:
Diffie Hellman
This uses the fact of exponentiation, remember that if you raise something to the power and then another power, you get the same value if your do it the other way round (duh). The idea is that if we both think of a secret number and then raise it to the power of each other's secret number, we will have the same number. A hacker cannot observe this because they don’t know the individual numbers. The two now use this as a key.
The difference between this is and RSA is that we have the same key where as in RSA we exchange keys.
Good at establishing confidentiality but not authentication.
Krak des Chevaliers
A very nice castle, has two rings of defence around it (defence in depth). No one could ever breach the inner wall. They then failed to social engineering because of a fake letter from someone
Vulnerability
This is just something that
Software bug
When a software has a mistake in it, it is not always a vulnerability. A collection of bugs can be the main vulnerability
The main types of bugs we are concerned about are:
Memory Corruption: the simplest type of this is a buffer over flow. If the amount of space you need for a buffer is known before run time, you store it in the heap. Attacks to the stack are more diabolical.
How functions are called in C: This is process switching that your operating system does. So function calls and stuff. He went pretty quick.
Integer Overflow: If you keep adding to an integer it will eventually overflow the allotted size. This obviously depends if it is a signed or unsigned int.
Format String:
C has a strange way of printing things with printf. This is a function and expects a variable number of arguments passed into it. The first one is a format string that tells you what to do with the other arguments. We all know this. In the old says you are supposed to do it like this printf("%s", "Hello World!");
This is long so everyone would just do this printf("Hello World!");, everyone would put what they wanted to print out as the format string.
An issue with this is having some string callled name that takes in your name, then calling printf(name);. This is vulnerable because the name could have % in it then you can change the printfs. E.G. if you put in Tom %s into the printf, since C does not check if there are two arguments put in, it just looks somewhere lower in the stack for the %s. So if we put our name then %x %x … %x, this will print out everything in the stack in hex. This is an information gathering attack and could potentially reveal things like stack canaries. %n writes to memory if you do it in the print command. This is very bad.
The Swiss cheese if you have it as a block, it is a solid block of cheese but if you slice it up you get holes in it. This is analogy for bugs in code, sometimes the holes (bugs) will line up and then you get a major vulnerability.
Memory Leak: printf is a way of getting this.
National Vulnerability Database
This is like naming new animals, it is a world wide data base for discovering a new vulnerability, you get to name the number.
Responsible Disclosure
When you find the vulnerability you're supposed to tell the person first then slowly escalade it to higher ups. There are still many debates about this.
Bug Examples:
This is optimising indenting. Lol.
Security Engineering - Assets:
Work out what all the things you should be protecting and their relative value to you. E.G, the Louvre is priceless so destroying it is not worth it at all.
It is easy to protect the wrong thing, dedicate some time to deciding what your assets are.
Regularly surveying the values of people of the involved in what you are protecting. Multiple pairs of eyes is a good asset.
Develop a sensible plan - well designed to tease this information out of them. Humans are generally poor at regurgitating everything they know.
Periodically revise current lists of assets
Think of Coke, the brand is worth more than the actual formula to make the drink.
Authentication:
This is a huge problem, if the computer has been pre-loaded with a shared secret, it can use that but once it has been used once, what happens then? This is a very difficult problem, a computer in a room with no context has to make a decision.
You can have a one sided difficulty, say for example there is a store and you are interacting with them. The store does not care about if you are real or not, they just want your money where as you care if the store is real and legitimate. This is a one way street. You can get destroyed by a man in the middle attack, they intercept the public key and give your own.
Man in the middle attack:
Web of Trust: (PgP) find how this works.
PKI (this is the more dominant one and common one ): This solves the man in the middle problem but creates a whole lot of other problems.
SSL is how we will communicate between each other (TLS is another name I think)
This is kind of like a passport. It is a document that links a photo of me to my name and other information. X509 Certificates links a public key with a domain and maybe some other information. Signed with a public key of specific signers, the padlock that comes up in your browser shows this.
Look up how tls handshake works, find example of when CA were compromised
Bug Bounties presentation:
Hacker 101 has some good tips on bug bounty hunting.
Fuzzing:
This is a technique you use to look for bugs. There are different types of this. You put in some input then mutate it / generation based stuff to see if the output is what to be expected.
You can back door a mac https://null-byte.wonderhowto.com/how-to/hacking-macos-configure-backdoor-anyones-macbook-0184637/
Fuck.
Penetration testing:
This is an authorized simulated cyber attack on a computer system to evaluate security risks.
Nmap is fucked lol.
1 note
·
View note
Text
Case Study: Improving the Defence of Australia
5 Things that you would improve defence of Australia.
Make lots of back ups
Move all critical infrastructure away from internet
Or pen testing
This is a mitigation
Stronger passwords
Compulsory encryption
Turn them
5 Things to attack
Water Supplies
Power
Bounties for killing anonymously
Host a diplomatic event (not that good)
DDOS their shit
Improve Education
Propaganda
Stock pile zero days
Pre-emptive strike
1 note
·
View note
Text
Week 6: Lecture notes
Cryptographic Protocols
Don’t write your own cryptographic systems!
Buffer overflows
Proof of work for bit coins
Hard disk encryption
One way of cracking RSA is factorizing numbers fast
Wishful thinking is like security through obscurity, its not necessarily good
Moore's law
World speeds up - double transistors on a board every year
Every month we lose one bit of security
Disk Encryption:
Generate a key randomly to encrypt the disk
Encrypted version of the key is stored on the disk
Encrypted version is a user passphrase
Disk Encryption attacks:
Windows encrypts the hard drive if they don’t have disk encryption however this is using inbuilt disk encryption
Write to RAM and then turn power of -> a lot of RAM stuff takes ages to go away so what you can do is. Turn the computer off, freeze it, turn it back on and the encryption key is stored in RAM.
Ciphers:
Symmetric is when there is the same key for encryption and decryption
Asymmetric
Authentication:
How can we authenticate someone is the right person
How can a computer do this
Use factors
Use something you know like a shared secret. The main take away is that this is very hard to do.
One time pads:
This is described by Claude Shannon as "perfect secrecy" meaning that if done correctly, this code is uncrackable. This uses a key which is completely random and at least as long as the message to be encoded. Each letter of the message you want to send is combined with the corresponding letter of the key using mo
This being absolutely depends on three things.
The pad must be generated from truly random numbers
Pad must be as long as the message
Pad must never be reused.
Web Talk:
Form of injection attack
Google got hit with one of these
Cryptocurrencies:
Different interpretations and implementations of blockchain technology
1 note
·
View note
Text
Something Awesome!
Project Proposal:
The over arching goal of my something awesome was to develop skills in web hacking so that I understand and identify potential vulnerabilities and gain practical knowledge on how to attack these vulnerabilities. My motivation behind this can be summed up by the following questions:
“What is making these websites secure? Are they even secure? What information can you gain from hacking this website? How do I make a secure website?” - proposal blog.
(click on the header to see my actual project proposal blog post, or here)
The following tasks was how I went about this goal.
Over the Wire - Bandit:
I first wanted to become familiar with the general format of Capture the Flags and terminal. Since CTFs are used to simulate potential vulnerabilities of varying types I thought it would be a good idea to get acquainted with the finding exploits in a set of beginner challenges.
Notable and interesting level write ups:
Bandit level 13
This level involved a file which had been compressed multiple times using various techniques and the challenge was to decompress it in the right order. In the end file was a very useful but realising that this command line call existed was the main issue. This CTF ended up taking me very long as I went on a very round about way of attempting to decompress the file.
Bandit Level 25
This was the brute force level and I had to learn how to write some shell script, a very useful skill!
Bandit Level 26
Just a strange level that involved literal thinking out of the box and more shell scripting.
Level Blogs:
Bandit Level 0
Bandit Level 1
Bandit Level 2
Bandit Level 3
Bandit Level 4
Bandit Level 5
Bandit Level 6
Bandit Level 7
Bandit Level 8
Bandit Level 9
Bandit Level 10
Bandit Level 11
Bandit Level 12
Bandit Level 13
Bandit Level 14
Bandit Level 15
Bandit Level 16
Bandit Level 17
Bandit Level 18
Bandit Level 19
Bandit Level 20
Bandit Level 21
Bandit Level 22
Bandit Level 23
Bandit Level 24
Bandit Level 25
Bandit Level 26
Bandit Level 27
Bandit Level 28 - 33
Bandit Reflection.
Bandit was extremely beneficial in teaching me about useful terminal commands that I utilised in later web page CTFs and everyday use. During this, I had to learn to use vim, something that I have been avoiding my whole CSE degree and now I have customised all my settings. I’ve documented my learnings in depth in the blog posts above.
Update blog adjusting the deadlines for my something awesome.
Web Hacking 101 by Peter Yaworski:
I read 14 chapters of this book (I only blogged about 10) to develop a broader knowledge of the multitude of web vulnerabilities.
Most Interesting Chapters:
Chapter 8: CRLN Injection
This chapter stood out from the rest because of its very in-depth examples of how to use this exploit
Chapter 4: Open Redirect Vulnerabilities
Another interesting chapter, worth the read.
Chapter Notes:
(in order of reading)
Chapter 7: HTML Injection
Chapter 8: CRLN Injection
Chapter 4: Open Redirect Vulnerabilities
Chapter 5: HTTP Parameter Pollution
Chapter 6: Cross Site Request Forgery
Chapter 9: Cross Site Scripting
Chapter 14: Remote Code Execution
Chapter 11: SQL Injections
Chapter 17: Race Conditions
Chapter 23: Tools
Reflection.
Another update for the end of week 5.
These chapters were written in a very simplistic way full of real life examples making it very easy to understand and see how to exploit the vulnerability.
Over the Wire - Natas:
Taking the skills I just read about into practise.
Notable Levels:
Natas Level 11
I found this level extremely difficult and had to learn some basic PHP syntax long the way
Natas Level 14
This level was closely related to SQL injections which I read about in Web Hacking 101.
Level Blogs:
Natas Level 0
Natas Level 1
Natas Level 2
Natas Level 3
Natas Level 4
Natas Level 5
Natas Level 6
Natas Level 7
Natas Level 8
Natas Level 9
Natas Level 10
Natas Level 11
Natas Level 12
Natas Level 13
Natas Level 14
Natas Level 15
Natas Reflection.
Doing these CTFs was completely justified spending time reading Web Hacking 101. There were many challenges related to the chapters I read and where they were not, I learnt more about aspects of web vulnerabilities.
Pico CTF 2018:
Some additional CTFs I completed (only attempted ones related to web hacking)
Inspect me!
Logon
Irish Name Repo
Mr Robots
Client Side Is Bad
No Login
Reflection.
Like wise to Natas, I was learnt about additional topics that I didn’t read about such as cookies and how to exploit them.
Note that for all my CTFs I documented what I was thinking and how I went about capturing the flag.
Self Marking Criteria:
P: Completed Bandit Levels + Read and blogged about five chapters of Web Hacking 101
C: Completed Bandit Levels + Read and blogged about ten chapters of Web Hacking 101 + Attempted most of Natas problems
D: Completed Bandit Levels + Read and blogged about ten chapters of Web Hacking 101 + Completed all Natas Problems + Completed Three Pico2018 CTFs
HD: Completed Bandit Levels + Read and blogged about ten chapters of Web Hacking 101 + Completed all Natas Problems + Completed Five+ CTFs from listed Pico2018.
(from proposal). I give myself a Distinction!!!
End
Whilst I didn’t manage to accomplish all my goals, I am very satisfied with the amount of consistent work and learning I did. I discovered more about web hacking than I originally envisioned I would have and more importantly became very interested in it.
1 note
·
View note
Text
Something Awesome Reflection
In the grand scheme of my something awesome, I think I’ve come a long way from being naive about everything security, to now having a much better understanding of vulnerabilities and how to exploit them, specifically in web pages. I’m quite happy with the progress I’ve made throughout the term and more importantly I’ve enjoyed doing it.
I've become very comfortable with the command line and I have a greater knowledge of SSH, using vim and terminal in general.
Visiting websites I’m now always on the look out for possible exploits. I quickly scan the URL to see if there is anything odd or strange that could be exploited. If its a website to log into, I check the cookies fields and always try some generic SQLi injections before logging in
Identifying vulnerabilities and exploiting them kind of go hand in hand with the style of CTFs I was doing and I learnt about PHP and how to inject it via .jpeg files.
I taught my friend who works at UTS IT Security about a few web vulnerabilities!
Overall, I’m really happy with the outcome and I'm glad with my growth in security this term.
0 notes
Text
Pico2018 Web Hacking CTFs: Relection
I exceeded my goal of completing five of these CTFs to make up for my lack of completing Natas by completing 6! These, however were lesser in difficulty compared to Natas and a few covered similar areas.
My main take aways from the CTFs I attempted and completed is that there are multiple ways to exploit a specific vulnerability. For example, comparing Irish Name Repo this was similar to Natas 14 however since the server side for both CTFs were written in different languages there were different ways to comment out the rest of the code. These kinds of adjustments are things that I hope to notice and pick up on when exploiting web vulnerabilities. Another cool thing I learnt was cookie manipulation in Logon.
Overall, this set of CTFs was more of a consolidation to my learnings from Natas and Web Hacking 101, reaffirming my knowledge and showing me how to apply it in differing ways.
0 notes
Text
Over the Wire Natas: Reflection
Natas was a huge step up from Bandit. I only managed to complete 15 of the 33 Natas levels in the time remaining before my something awesome presentation was due. I’m not really sure how much time I spent attempting these problems but to give a rough estimate, I started attempting this Over the Wire set towards the end of week 6 and spent the majority of week 7 and Monday of week 8 attempting them. The most notable level was level 11 which took me three days to figure out a solution.
Whilst I did struggle with this set of CTFs, I found it very rewarding and I was able to implement some of the skills I read about in Web Hacking 101. Finding ways to exploit SQL injections and non sanitised inputs was challenging to me and taught me the importance of odd cases. I say odd cases because most of the input that is used to inject are not exactly the standard edge cases that I would consider. It’s definitely something I previously would not have thought of when writing test cases in code. Also learning things about robots.txt files, writing php and payloads and how to modify some client side HTML are skills that will definitely come into use.
I also looked at the solution of the current level I’m stuck on (Natas level 16) and I’m glad I decided to move on from Natas to Pico2018. (GOOD TIME MANAGEMENT) It seemed rather difficult to a degree similar to Natas 11.
Overall, the main take away I have from the Natas is that I have a significantly better knowledge of webpage vulnerabilities and how to exploit them than I did when I started this course so while I didn’t complete the set, I have completed my goal of learning more about web security. I definitely could practise and read more about web vulnerabilities and how to exploit them.
0 notes
Text
Security Everywhere: Spam email
One of my friends received this email. As convincing as this email sounds and as much as I wish it was this easy to help people and get s e x, I’m assuming this some sort of phishing scam. I didn’t click the link but it did get me wondering what type of link it would to be (the look here link which conveniently hides the URL). I think there are two possibilities that it could be:
A link to some sort of form where you fill in your details
A direct download link
Diving deeper into a link to a form, I think this is the more possibility the link could be. I’m assuming that this isn’t an overly complex social engineering ploy designed to get some money.
As for a direct download link, this could maybe just be a link that downloads some sort of malware which gives them access to your computer. However, I think this is unlikely because they would have to sift through your computer to find things of value and then either continue to exploit this or sell the information. This is very suspicious as that means the link would just download something and do nothing else. The social engineer scenario has been compromised.
Comparatively, since this is obviously a - brute force attack of sorts (old mate Sylvia must have sent this to thousands of people) - so the direct download link to malware would be extremely time consuming.
Maybe if we combined both possibilities this would be more likely as individuals who would click on the link, get a download and a link to some form which they fill out. Overall, I think this is an interesting ploy and I wonder what their success rate is.
0 notes
Text
Security Everywhere: Hacking Doors
During the lecture break I went to buy coffee and I didn’t want to walk back around to the main entrance of science theatre so I had to improvise
This is such an easy ‘hack’, maybe next time I’m in a bank vault i’ll leave my tissue behind for later exploitation.
If I had to relate this to computer security, it could be like dropping a payload that doesn’t do anything until activated.
0 notes
Text
Pico2018 No Login: Complete!
This level was a little more difficult, however the hint was again in the title. When going to the web page, I saw this.
And there was nothing that I could see in the source code that looked like a vulnerability.
Hmmmmmmmm. Clearly, I would need to be admin to get the flag, so after messing around I had the idea to try adding a cookie called admin and setting its value to be true like I have done in a few other web related CTFs.
and refreshing i got this!!!
sick
0 notes
Text
Pico2018 Client Side is Bad: Complete!
This web related level from Pico was easy. The solution was given in the hint and upon inspecting the source code, I could figure out the flag.
0 notes