venus/CyberSecurityClub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

commit

Browse Source
This commit is contained in:
stephensottosanti
2021-03-08 22:10:38 -06:00
parent bde89f4f1a
commit 0b51262827
47 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Crimson_Defense/Skills/Binary_Exploitation/README.md Normal file
View File

@@ -0,0 +1 @@
# Binary Exploitation

25
Crimson_Defense/Skills/Code_Breaking/README.md Normal file
View File

@@ -0,0 +1,25 @@
# Code-Breaking and Decoding
[BACK TO UACTF](/UACTF)<br>
Having the ability to interpret and understand data even if it is presented in a different or unknown format is extremely important to conducting cyber security examinations and to the general understanding of cyber security. A coded message is simply a message that has been changed in some way so as to hide its meaning from prying eyes. <br>
There are many different ways to write the same information. Below is a Lookup Table that shows decimal, hex, octal, and html encodings for characters. There are other ways to encode messages, such as binary or Base 64, but these will give a good idea of how encoding works. <br>
The message “Let the games begin!” could be encoded as follows: <br>
Dec: 76 101 116 32 116 104 101 32 103 97 109 101 115 32 98 101 103 105 110 33 <br>
Hx: 4C 65 74 20 74 68 65 20 67 61 6D 65 73 20 62 65 67 69 6E 21 <br>
Oct: 114 145 164 040 164 150 145 040 147 141 155 145 163 040 142 145 147 151 156 041 <br>
Html: &#76 &#101 &#116 &#32 &#116 &#104 &#101 &#32 &#103 &#97 &#109 &#101 &#115 &#32 &#98 &#101 &#103 &#105 &#110 &#33 <br>
<p align="center">
<img width="650px" height="400px" src="/00_Archive/images/asciiTable.png" alt="AsciiTable"/>
</p>
Being able to recognize different encoding schemes can be an asset when trying to find hidden information. However, encoding isnt the most secure way to code a message. If a person recognizes the encoding scheme, all they have to do is go to the lookup table to decode it. <br>
Encryption is different from encoding as encoded messages do not require secret information to understand or interpret. Whereas, encryption involves altering the content of the message and must be decrypted using a secret key to reverse the process. Encryption is a more secure way to code a message. Encryption takes a key known by the encoder and uses that key to change the message. Then, only the people that know the key will be able to decrypt the message. The simplest form of encryption is a Caesar Cypher. For the example above, a Caesar Cypher shift +1 would shift each letter in the message up by one character. So, Let the games begin! would become Mfu uif hbnft cfhjo! More information on encryption: <br>
https://www.guru99.com/how-to-make-your-data-safe-using-cryptography.html <br>
https://www.khanacademy.org/computing/computer-science/cryptography <br>
[BACK TO UACTF](/UACTF)<br>

1
Crimson_Defense/Skills/Cryptography/README.md Normal file
View File

@@ -0,0 +1 @@
# Cryptography

22
Crimson_Defense/Skills/File_Analysis/README.md Normal file
View File

@@ -0,0 +1,22 @@
# File Analysis
[BACK TO UACTF](/UACTF)<br>
File analysis and understanding is one aspect of the larger field of Digital Forensics. Digital Forensics encompasses the investigation of data found on digital devices and involves preserving, identifying, extracting, documenting and interpreting this data. <br>
One of the more common activities in digital forensics is the recovery of deleted files. Though a user may have “deleted” or “moved a file to the trash bin” those files are not always deleted. A very nice set of intuitive tools for use in digital forensics is The Sleuth Kit tool set (http://www.sleuthkit.org/index.php). <br>
Below is a screenshot of the output of the Sleuth Kit file listing tool (fls) which shows two files that have been “deleted” by the user but are still recoverable. The ability to recover and save what was previously thought to be deleted files can be very valuable in an investigation. <br>
<p align="center">
<img width="650px" height="550px" src="/00_Archive/images/fileanalysis.png" alt="FileAnalysis"/>
</p>
Specifically, when looking at the analysis of files, an investigator needs to start with the file header. File headers are information about a file that the computer stores so that it knows what type of file it is. Typically, file headers are stored in the first 4 or 5 bytes of a file. By using the hexdump tool, the hexadecimal version of a file can be viewed. Hexdump is available on most Linux distributions and there are many Windows interfaces to Hexdump (ex. https://sourceforge.net/projects/hexdump/). <br>
One of the more interesting items that occur during an investigation is when a suspect tries to disguise a file by changing an incriminating files signature. Having a good understanding of file signatures is important. Below is an exert from a larger list of file signatures of the more common files seen during investigations. A larger list can be seen at the following location: https://en.wikipedia.org/wiki/List_of_file_signatures <br>
<p align="center">
<img width="650px" height="450px" src="/00_Archive/images/filesignatures.png" alt="FileSignatures"/>
</p>
[BACK TO UACTF](/UACTF)<br>

1
Crimson_Defense/Skills/Forensics/README.md Normal file
View File

@@ -0,0 +1 @@
# Forensics

38
Crimson_Defense/Skills/Network_Traffic_Analysis/README.md Normal file
View File

@@ -0,0 +1,38 @@
# Network Traffic Analysis
[BACK TO UACTF](/UACTF)<br>
Network traffic analysis begins by understanding the components of network communication. In this context, it will be key to understand the components of network
packets in addition to having the ability to capture, filter, and interpret traffic. Wireshark is very good at packet capture and protocol analysis and is one of the better tools for helping with understanding of network traffic. <br>
Wireshark can be downloaded here: https://www.wireshark.org <br>
The above website contains several tutorials and presentations to help get students up to speed on the use and value of Wireshark. <br>
<i>IP addresses</i> <br>
IP addresses are numeric labels that identify a device (computer, laptop, mobile device) on the Internet or local network. There are two standards for IP addresses: IP Version 4 (IPv4) and IP Version 6 (IPv6). IPv4 is more common, but many are starting to use the new IPv6 standard. Below is a quick overview of IPv4 <br>
In order to create a unique address on the network, IPv4 uses 32 binary bits. Typically, an IPv4 address is expressed using four numbers separated by dots. Each of these numbers are the decimal (base-10) representation for an eight-digit binary (base-2) number, also called an octet. For example: 130.160.43.57 <br>
<i>Ports and Protocols</i> <br>
At the Transport layer, TCP and UDP protocols provide the identification of the network ports. These port numbers determine how incoming network traffic to a system should be directed. Network ports provide the ability for a single system with a signal IP address to handle multiple network services and connections. Each single system can have up to 65535 unique ports and each of these ports can identify a distinct service. <br>
The Internet Corporation for Assigning Names and Numbers (ICANN), which regulates port usage, has established 3 categories for ports: well known ports for common
protocols and services (0-1023), registered ports for specific services (1024-49151), and dynamic ports which are assigned and release based on a session (49152-65535). <br>
Below is a table of common (well-known) ports and associative service name. <br>
<p align="center">
<img width="450px" src="/00_Archive/images/ports.png" alt="Ports"/>
</p>
Below are the header format and definitions for both IPv4 and TCP from https://nmap.org/book/tcpip-ref.html. This site provides a good reference for this
information. <br>
<p align="center">
<img width="500px" height="450px" src="/00_Archive/images/headerformat.png" alt="hf1"/>
<img width="500px" height="450px" src="/00_Archive/images/headerformat2.png" alt="hf2"/>
</p>
[BACK TO UACTF](/UACTF)<br>

29
Crimson_Defense/Skills/README.md Normal file
View File

@@ -0,0 +1,29 @@
# Skills
Throughout your next few years here at Alabama and your career, that is if you decide to pursue a career in Cyber Security, you are going to be competing at some point. Competitions are a great way to show off your skills, see if you can think outside the box, and learn something new. When it comes to Cyber Security, you will never know everything. Always keep an open mind and be willing to listen to what others have to say. A majority of the time they know something that you don't know and vice versa.<br>
When learning about competitions you will probably here terms thrown out such as defense, offense, and CTF. Defense refers to hardening systems and trying to prevent others from breaking into your machine. Offense refers to finding vulnerabilities and exploits in machines that will help you break into the machine and gain full control. CTF refers to capture the flag competitions which will test your skills across a variety of Cyber Security topics. CTFs are mainly difficult because they involve topics that are so vastly different from each other that it is very hard to be advanced in each and every one. <br>
Capture the flag events are a lot of fun. They test your skills across 5 main topics. These topics are Forensics, Cryptography, Web Exploitation, Reverse Engineering, and Binary Exploitation.<br>
Checkout each individual CTF topic's directory and learn more about them and find out which tools you can be using right now to help you with solving CTF challenges!<br>
Different topics you might come across in a CTF event include:<br>
[Forensics](/Skills/Forensics)<br>
[Cryptography](/Skills/Cryptography)<br>
[Web Exploitation](/Skills/Web_Exploitation)<br>
[Reverse Engineering](/Skills/Reverse_Engineering)<br>
[Binary Exploitation](/Skills/Binary_Exploitation)<br>
When you get to be very competitive it is recommended that you specialize in a single topic and the rest of the members of your team do the same. Obviously, everyone chooses a different topic. This doesn't mean that you only have to know about that single topic, it just means that you should have the most knowledge when it comes to solving those particular problems. You and the rest of your team should meet on a regular basis sharing new information that you found and teaching everyone at least the basics of your topic. There will be times where you will get stuck and if you are the only one that knows anything about that subject then how are your teammates going to be able to help you? You might be thinking right now, "well if I, the master of web exploitation, get stuck on a problem then how then are my teammates going to be able to help me? I know way more than them.". I have many answers to this one. You didn't get enough sleep the night before so you brain is a little foggy so you just need your teammate to remind you of a tip or trick you showed them in a previous meeting that wasn't on your mind at the moment. Or maybe It might be you first competition and your so nervous that you just feel like you forgot everything, bouncing around ideas with your teammates can help you remember what it was that you just briefly forgot. <br>
When it comes to learning and practicing for these, offense and defense can be considered mission sets and then there are skill sets which get brought up in CTFs and Jeopardy. Those skill sets can be applied to both defense and offense. So mainly, when studying for CTFs don't think that the skills you are learning can only be used for CTFs and nothing else. <br>
Potentially Helpful Websites:
- Learning Guides https://picoctf.com/resources
- CTF Field Guide https://trailofbits.github.io/ctf/
- Over the Wire http://overthewire.org/wargames/
- Capture the Flag 101 https://ctf101.org
- Collection of CTF info https://github.com/apsdehal/awesome-
- ctf/blob/master/README.md
- List of practice sites https://www.sjoerdlangkemper.nl/2018/12/19/practice-hacking-with-vulnerable-systems/

30
Crimson_Defense/Skills/Reverse_Engineering/README.md Normal file
View File

@@ -0,0 +1,30 @@
# Reverse Engineering
[BACK TO UACTF](/UACTF)<br>
Reverse engineering is the process of extracting information or design knowledge from anything that is man-made. The mechanisms within the field of reverse engineering are used in many applications including understanding malware, bridging software interoperability, and determining the strength of application code. <br>
Knowledge of the usage of a disassembler is helpful to solve reverse engineering tasks. A disassembler is a tool that interprets a compiled program and produces the
corresponding machine code that can be used for analysis. There are several disassemblers available including IDA and Ghidra (https://www.ghidra-sre.org). <br>
A free evaluation version of IDA can be found at the following link: <br>
https://www.hex-rays.com/products/ida/support/download.shtml <br>
Potential skills that may be necessary to solve reverse engineering tasks.
- Basic understanding of how binary data is read and structured
- How to programmatically read in binary data
- How to handle low-level reads and writes
- How to interpret raw data using a hexadecimal viewer
- Understanding how the stack and heap is used with applications
Below are potential examples of reverse engineering problems:
- Password discovery
- Breaking through obfuscation
- Discovering DLL Injection
- Discovering malware
Helpful links for information on the reverse engineering process
- https://securityaffairs.co/wordpress/46606/hacking/software-reverse-engineering-process-basics.html
- https://www.geeksforgeeks.org/software-engineering-reverse-engineering/
- https://medium.com/@vignesh4303/reverse-engineering-resources-beginners-to-intermediate-guide-links-f64c207505ed
[BACK TO UACTF](/UACTF)<br>

1
Crimson_Defense/Skills/Web_Exploitation/README.md Normal file
View File

@@ -0,0 +1 @@
# Web Exploitation

27
Crimson_Defense/Skills/Website_Security/README.md Normal file
View File

@@ -0,0 +1,27 @@
# Website Security
[BACK TO UACTF](/UACTF)<br>
One of the most overlooked aspects of the corporate environment is the health and security of the company website. Far too often it is not until after a security breach has occurred that investments in website security practices are made. To protect the security of the website, one needs to be proactive with a defensive mindset. <br>
OWASP, the Open Web Application Security Project (https://www.owasp.org), has several resources for improving web application security. One of many informative and
helpful items produced is their Top 10 list of Application Security Risks. Below is the link to the 2017 version. <br>
https://owasp.org/www-project-top-ten/ <br>
<i>SQL Injections</i> <br>
Number one on that list is injection flaws, and one of the most common injections are SQL Injections. These flaws are the result of an all too common failure to filter untrusted input. By not filtering user input, an attacker can easily inject commands that can potentially result in the loss of important or confidential data and even the hijacking of a clients browser. <br>
Below is a tutorial on SQL Injection. <br>
https://www.guru99.com/learn-sql-injection-with-practical-example.html <br>
<i>Cross-Site Scripting</i> <br>
Number seven on the list is another very common vulnerability, Cross-Site Scripting (XSS). This is another vulnerability that has its roots in failure to filter input. Here an attacker will provide JavaScript tags as input to a web application. Without the filtering of the input, the users browser will execute it. One of the more common results is getting a user to click on the crafted link. <br>
Below is a tutorial on Cross-Site Scripting. <br>
https://excess-xss.com/
[BACK TO UACTF](/UACTF)<br>