venus/CyberSecurityClub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3 from atkison/main

Browse Source 
Updates
This commit is contained in:
stephensottosanti
2021-03-12 12:19:40 -06:00
committed by GitHub
parent 03dd9bd122 665f6a3d0a
commit 0bfaa55c22
15 changed files with 106 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Crimson_Defense/0_Where_To_Start/README.md
View File

@@ -1,11 +1,11 @@
# Where to Start
<p>You are probably here because this is all brand new to you and you want to learn what cyber security is all about! Here you will find links to resources that will hopefully provide you with the information you are looking for. If you are just starting out, it is time to learn the basics.</p>
<p>You are probably here because this is all brand new to you and you want to learn what cyber security is all about! Here you will find links to resources that will provide useful information. If you are just starting out, it is time to learn the basics.</p>
<br>
## <b>YouTube</b>
You won't find a better place full of videos to get you started than YouTube. So many different channels
with great content and individuals that wan't to educate others and teach people the important aspects
of the cyber security world. The following are links to youtube videos that are worth checking out!
You won't find a better place full of videos to get you started than YouTube. There are so many different channels
with great content and individuals that want to educate others and teach people the important aspects
of the cyber security world. The following are links to YouTube videos that are worth checking out!
### <b>What is Cyber Securtiy?</b>
"Cyber security is the practice of protecting systems, networks, and programs from digital attacks. These
@@ -35,16 +35,16 @@ Infosec<br>
[What Security Job Should I get?](https://www.youtube.com/watch?v=R_-K_TwsbOE)<br>
Cyberactive Security<br>
Here is a nice beginners guide to cyber security<br>
Here is a nice beginner's guide to cyber security.<br>
[Beginner's Guide](https://techbootcamps.rice.edu/blog/the-beginners-guide-to-cybersecurity/) <br>
<br>
## <b>Command Line Interface (CLI)</b>
<p>You will be spending a lot of time with the command line interface (CLI). Therefore, it is important that you understand why and how to use it. </p>
[What is Command Line Interface](https://www.w3schools.com/whatis/whatis_cli.asp)<br>
[What is Command Line Interface?](https://www.w3schools.com/whatis/whatis_cli.asp)<br>
<p>The following are great links lists of linux as well as bash commands and how to use them. They are important to know and will help you out a lot along the way.</p>
<p>The following are great links for Linux as well as bash commands and how to use them. They are important to know and will help you out a lot along the way.</p>
[Linux Commands Explained](https://www.mediacollege.com/linux/command-tutorial/) <br>
@@ -55,15 +55,15 @@ Here is a nice beginners guide to cyber security<br>
[Bash Reference Manual](https://tiswww.case.edu/php/chet/bash/bashref.html) <br>
<br>
<p>The following link takes you to a great website where you can practice using the above commands and the even teach you how use them. They want you to learn!</p>
<p>The following link takes you to a great website where you can practice using the above commands. They even teach you how use them. They want you to learn!</p>
[Over the wire](https://overthewire.org/wargames/bandit/) <br>
<br>
## <b>Virtual Machines and Virtualbox</b>
<p>Along with the CLI another important topic is the Virtual Machine (VM). Virtual machines get used a lot when learning cyber security and throughout your cyber security career! It is definitely very important to know. The following link will take you to a great description and video describing what a virtual machine is.</p>
## <b>Virtual Machines and VirtualBox</b>
<p>Another important topic is the Virtual Machine (VM). Virtual machines are used a lot when learning cyber security and throughout your cyber security career! It is definitely very important to know. The following link will take you to a great description and video describing what a virtual machine is.</p>
[What is a virtual machine](https://www.ibm.com/cloud/learn/virtual-machines)
[What is a virtual machine?](https://www.ibm.com/cloud/learn/virtual-machines)
<p>The hypervisor we typically use is VirtualBox, the following is a link to the main website where you can learn more about it. Downloading it is very straightfoward, click the big blue button!</p>
@@ -71,9 +71,10 @@ Here is a nice beginners guide to cyber security<br>
<br>
## <b>Introductory Material</b>
Here are some other links to videos I think will be helpful. Obviously, from YouTube.<br>
Here are some other links to YouTube videos I think will be helpful.<br>
This crash course is great for new beginners and can answer some of the million questions you probably have.<br>
This crash course is great and can answer some of the million questions you probably have since this is all new to you.<br>
[Crash Course for Computer Science](https://www.youtube.com/watch?v=tpIctyqH29Q&list=PL8dPuuaLjXtNlUrzyH5r6jN9ulIgZBpdo) <br>
[What is Linux?](https://www.youtube.com/watch?v=zA3vmx0GaO8) <br>
@@ -86,4 +87,4 @@ This crash course is great and can answer some of the million questions you prob
[What is Kali Linux?](https://www.youtube.com/watch?v=aHy1d4T7jh8) <br>
[Are we in a simulation?](https://youtu.be/dEv99vxKjVI?t=1925)
[Are we in a simulation?](https://youtu.be/dEv99vxKjVI?t=1925)

7
Crimson_Defense/Beginner/README.md
View File

@@ -1,11 +1,10 @@
# Beginner
You have a good grasp at what cybersecurity is and what it entails. You are at least familiar with everything covered in the [where_to_start directory](/0_Where_To_Start) and are ready to start learning more. If you are not familiar with everything covered in the basics then what are you doin? Get out of here, go learn the basics! They're important! Continuing, here you will find resources to help get you ready for the big leagues. <br>
Looking for resources to help you get ready for the big leagues? If you have a good grasp at what cyber security is and what it entails, or at least are familiar with everything covered in the [where_to_start](../0_Where_To_Start) directory, check out the websites listed below. If you are not familiar with the basics covered in where_to_start, then what are you doin? Go learn the basics! They're important! <br>
Potentially Helpful Websites:
Some Helpful Websites:
- Learning Guides https://picoctf.com/resources
- CTF Field Guide https://trailofbits.github.io/ctf/
- Over the Wire http://overthewire.org/wargames/
- Capture the Flag 101 https://ctf101.org
- Collection of CTF info https://github.com/apsdehal/awesome-
- ctf/blob/master/README.md
- Collection of CTF info https://github.com/apsdehal/awesome-ctf/blob/master/README.md
- List of practice sites https://www.sjoerdlangkemper.nl/2018/12/19/practice-hacking-with-vulnerable-systems/

6
Crimson_Defense/Crimson_Defense_H@ckers/README.md
View File

@@ -1,10 +1,10 @@
# Meet the Crimson Defense H@ckers
For a team that lives in the deep corners of the dark web, The Crimson Defense H@ckers really do know how to hide. After quite a long time of tracking them down I got them all to give a description of who they are and how they got into hacking. They keep their true identity sacred, so the following information might not be accurate. There is a risk to putting your personal information out on the surface web, especially for an elite security team such as this one. There might be some truth to these but since I can't be certain of it, I'll leave that up for you to decide. <br>
For a team that lives in the deep corners of the dark web, the Crimson Defense H@ckers really do know how to hide. After quite a long time of tracking them down, I got them all to give a description of who they are and how they got into hacking. They keep their true identity sacred, so the following information might not be accurate. There is a risk to putting your personal information out on the surface web, especially for an elite security team such as this one. There might be some truth to these, but since I can't be certain of it, I'll leave that up to you to decide. <br>
## The Team
<b>Percy Knox</b> <br>
I am an old white lady who loves to eat chocolate, but only if it's a Hersheys "giant" bar. The other ones just aren't as good. I started hacking in my early 60s, I want to say 63 but I could be wrong; It was so many years ago. It all started when I was at a Chinese restaurant and I opened up my fortune cookie and it said "you will be pwned in the near future". I immediately went home to my Ubuntu machine and starting securing the heck out of it. I don't know where I learned all the commands to be honest, they just came to me naturally. I spent 1000 hours, without getting up, making sure my system was as secure as it can be. A few days later I was pwned. I have since then spent every day practicing my security hardening skills and have never eaten at another Chinese restaurant again.<br>
I am an old white lady who loves to eat chocolate, but only if it's a Hershey's "giant" bar. The other ones just aren't as good. I started hacking in my early 60s, I want to say 63, but I could be wrong; It was so many years ago. It all started when I was at a Chinese restaurant and I opened up my fortune cookie and it said "you will be pwned in the near future". I immediately went home to my Ubuntu machine and starting securing the heck out of it. I don't know where I learned all the commands to be honest, they just came to me naturally. I spent 1000 hours, without getting up, making sure my system was as secure as it can be. A few days later I was pwned. I have since then spent every day practicing my security hardening skills and have never eaten at another Chinese restaurant again.<br>
<b>Gonzo</b><br>
To say I love almonds is an understatement. To say almonds are my life is more accurate. This is the story of how my passion for my nutty little friends nearly landed me in federal prison. Now, I'm the type of person to milk something I love for everything it has. In this particular case, it involved literally milking these azure gems, until I had what I needed: Unsweetened, original almond milk. I go through at least 4 gallons of the stuff a week. I mean, who could resist? Low calorie, high flavor, no lactose with which to abuse my intestines? What more could a man want? Well, they don't call them Blue Diamonds for nothing... my wallet began to suffer. So I did what I could, I went to Aldi, I budgeted- anything to continue my addiction. That was until I found myself on an administrative account of an admiral almond associate. From here it was simple: I had found lifetime access to an allotment of all almond associated accessories. Frantically, I got them shipped to my next door neighbor, who worked during the day and I knew wouldn't be home. However, I made one teensy-tiny misstep, by failing to realize that nearly 500kg of almond products cannot simply arrive domestically without attracted unappreciated almond-eyed attention. The day felt right.. the almond breeze felt like silk against my skin. As the trucks approached however, the situation felt less like almond joy and more like payday pain, as the peanut police pulled past, parking parallel to the path. The PPD? This wasn't normally their jurisdiction- they mainly concerned themselves with peanut problems, occasionally cashew crimes, but never almond arrests. Uh oh. They approached my door, and after affirming my identity, they took everything. Not a single nut left unharvested in my whole house. They tore apart the walls, found the stash I had squirrelled away under the staircase, above the ceiling, inside my shirt pockets. Thankfully, the plunder they took was enough to prevent the pressing of persistent charges. Nevertheless, this was the end of the nepharious nut negotiation. To this day, I am a changed man. Well, as much of a man as you can be after such a tragedy.<br>
@@ -16,7 +16,7 @@ Most people think my hobbies are weird. After all, if one has a super magnified
All of existence has culminated to this moment with me to begin to write this paragraph, but I do not have anything I need to accomplish. I am a champion “cornhole” player, and what motivates me to continue to play the sport is to beat people who call it “cornhole” so that I can call it “Bags” straight to their face. I would give you my email or phone number, but I am completely unavailable. My origin story began when I was walking down a street in the city, when I had a piano dropped on me. I wasnt extremely hurt, but someone was recording me. I smiled at the camera, but to my surprise, my teeth had been replaced by piano keys! After playing a short tune, they fell out, and I passed out. In retaliation, I performed a DOS attack on the piano moving company and sold employee info on the dark web (Reddit.com). My hobbies include haxing, playing heavily modded Minecraft on a laptop that can barely handle it, and emailing Noam Chomsky asking if he can help me with my Algorithms homework.<br>
<b>NaratoCotto</b><br>
Say man, I'm a young jit from Florida named NaratoCotto. My hobbies include hooping, watching Naruto, and taking your lunch money. So one day I'm looking at some snap stories and I see one of my boys had posted "follow for follow on Instagram". I was like say less, my account was lacking in followers and I was trying to get my clout up. I followed homeboy on Instagram and, what do ya know, days pass and no follow back! Time to take matters into my own hands I guess. I looked at the clock and turns out I was on demon time, respectfully. Anyway, I started looking up how to crack passwords and did a bunch of modules in the NCL gymnasium. Boom, the following week I cracked my boys password -SniperGang300- and went and gave myself the follow I rightfully deserved. <br>
Say man, I'm a young jit from Florida named NaratoCotto. My hobbies include hooping, watching Naruto, and taking your lunch money. So one day I'm looking at some snap stories and I see one of my boys had posted "follow for follow on Instagram". I was like say less, my account was lacking in followers and I was trying to get my clout up. I followed homeboy on Instagram and, what do ya know, days pass and no follow back! Time to take matters into my own hands I guess. I looked at the clock and turns out I was on demon time, respectfully. Anyway, I started looking up how to crack passwords and did a bunch of modules in the NCL gymnasium. Boom, the following week I cracked my boy's password -SniperGang300- and went and gave myself the follow I rightfully deserved. <br>
<b>inspectelement</b><br>
Waiting on response.... <br>

44
Crimson_Defense/Dark_Web/README.md
View File

@@ -1,6 +1,6 @@
# The Dark Web
If you were able to attend the meeting in which we talked all about the internet ans the dark web then go ahead and download the resources here that will get you on to the dark web. There is also a text file with .onion URLs that we discussed during the meeting. If you did not attend the meeting then I recommend you read what is below to get a decent understanding of how all of this works and what it means to access the dark web. <br>
If you were able to attend the meeting in which we talked about the internet and the dark web, then go ahead and download the resources here that will get you on to the dark web. There is also a text file with .onion URLs that we discussed during the meeting. If you did not attend the meeting, then I recommend you read what is below to get a decent understanding of how all of this works and what it means to access the dark web. <br>
## Resources
Link to download TOR browser:<br>
@@ -9,17 +9,17 @@ Link to download TOR browser:<br>
Link to download TAILS. Follow the instructions on how to verify your download:<br>
[TAILS](https://tails.boum.org/install/)<br>
<br>
For those curious, TAILS will help you become more anonymous if you are trying to be extra careful when on the dark web. I have TOR on my mac and I use it to access the dark web when I'm bored or want to access a specific site with a little more anonymity. <br>
For those curious, TAILS will help you become more anonymous if you are trying to be extra careful when on the dark web. I have TOR on my mac, and I use it to access the dark web when I'm bored or want to access a specific site with a little more anonymity. <br>
<br>
## Google as a Browser
Google sells ads not only on their search engine, but also on over 2.2 million other websites and over 1 million apps. Every time you visit one of these sites or apps, Google is storing that information and using it to target ads at you. A quick alternative can be to switch to Firefox. Firefox keeps very little data on you and blocks third-parties tracking cookies by default. Firefox is not watching you. <br>
Google sells ads not only on their search engine, but also on over 2.2 million other websites and over 1 million apps. Every time you visit one of these sites or apps, Google is storing that information and using it to target ads at you. A quick alternative can be to switch to Firefox. Firefox keeps very little data on you and blocks third-party tracking cookies by default. Firefox is not watching you. <br>
<br>
## Google as a Search Engine
Search engines are your second gate keepers to the internet, right after your ISP. Google tweaks what and how results appear on the page, which changes how you think. Average users don't understand just how much google knows about them. It goes against what search engines are made for, providing organic search results. Organic search result is referring to how all pages are indexed based on the search term and the content of the website alone and they are ranked according to how well these two parameters match. <br>
Search engines are your second gate keeper to the internet, right after your ISP. Google tweaks what and how results appear on the page, which changes how you think. Average users don't understand just how much Google knows about them. It goes against what search engines are made for, providing organic search results. Organic search result refers to how all pages are indexed based on the search term and the content of the website alone, and they are ranked according to how well these two parameters match. <br>
See for yourself. Go ahead and google "is google manipulating search results" on google.com and then search it again on another search engine such as duckduckgo.com and take a look at the difference. Google places content they want above the organic search results, making you scroll and making it more difficult to get to the organic results. <br>
See for yourself. Go ahead and google "is Google manipulating search results" on google.com. Then search it again on another search engine, such as duckduckgo.com, and take a look at the difference. Google places content they want above the organic search results, making you scroll and making it more difficult to get to the organic results. <br>
You can switch to a private search engine such as Duck Duck Go. They are great! They block sites from tracking you, and they don't keep any data on you. They don't care where you're going. <br>
<br>
@@ -31,23 +31,23 @@ If you were wondering why ads still follow you around when you are in incognito
## Virtual Private Network
VPNs, do you know what they really do? <br>
Your ISP (Internet Service Provider) can see the domain name of the site that you are visiting and there could be very good reason to hide those. Domain name refers to the main name of the site. So if you go to, this isn't a real site, https://YouTube.com/something/interesting/watchtv?=aerSnfSLflag{you_found_me}F9u$34t9g then the only thing that your ISP is going to see is that you went to YouTube.com, which is meta data. Your country may allow ISPs to sell that data to advertisers to build up a profile on you. Or maybe you are studying at a fundamentalists Christian college and you don't want the university administrators knowing that you are questioning your faith or your sexuality. Or maybe, your government is blocking adult type content and you want to get around it. <br>
Your ISP (Internet Service Provider) can see the domain name of the site that you are visiting, and there could be very good reasons to hide those. Domain name refers to the main name of the site. So, if you go to, (<b>NOTE:</b> this is <b>NOT</b> a real site), https://<i></i>YouTube.com/something/interesting/watchtv?=aerSnfSLflag{you_found_me}F9u$34t9g, the only thing that your ISP is going to see is that you went to YouTube.com, which is meta data. Your country may allow ISPs to sell that data to advertisers to build up a profile on you. Maybe you are studying at a fundamentalists Christian college and you don't want the university administrators knowing that you are questioning your faith. Maybe your government is blocking content and you want to get around it. <br>
If you are getting a VPN because you are concerned that your ISP is reading your messages well then you don't need to get one. As long as there is a padlock in the browser, typically right to the left of the URL, then your data is encrypted. If you are using any modern app then again, your data is encrypted. If you do use a VPN, all you are doing is changing who can see that meta data. Now what your ISP sees is the location of the server of the VPN that you are using. If you don't trust your ISP, why do you trust your VPN Service? There are many VPN services that have been hacked and caught logging without permission. If you decide to use a VPN then make sure you do your research on the company. Many of them are in it for the money. <br>
If you are getting a VPN because you are concerned that your ISP is reading your messages, you don't need to get one. As long as there is a padlock in the browser, typically directly to the left of the URL, then your data is encrypted. If you are using any modern app, then again, your data is encrypted. If you do use a VPN, all you are doing is changing who can see that meta data. Now what your ISP sees is the location of the server of the VPN that you are using. If you don't trust your ISP, why do you trust your VPN Service? There are many VPN services that have been hacked and caught logging information without permission. If you decide to use a VPN, then make sure you do your research on the company. Many of them are in it for the money. <br>
Many of the claims VPN services use to reel you in are a load of cr*p. If they say that they don't log your data no matter what, then that would be crazy. If that were true then their services would immediately be used for criminal activity and if they told you that they do log all of your data then they are going to get no customers. You just have to make sure they don't log your data without your permission. And if they do, people will eventually find out and they will go bankrupt. <br>
Many of the claims VPN services use to reel you in are a load of cr*p. If they say that they don't log your data no matter what, then that would be crazy. If that were true, then their services would immediately be used for criminal activity, and if they told you that they do log all of your data, then they are going to get no customers. You just have to make sure they don't log your data without your permission. If they do, people will eventually find out and they will go bankrupt. <br>
Another thing they'll use to try and reel you in is they will say that they use military grade encryption. This is AES, advanced encryption standard, and it is used on almost every site now by default. Don't believe me? Go to YouTube and click on the padlock in the browser and then click on the arrow next to "connection secure" and then click on more information. That's right, they use military grade encryption as well, pretty crazy right?! Unless you are being targeted by the government, using a VPN doesn't make your passwords and financial data any more safe. They are already pretty safe. <br>
Another thing they'll use to try and reel you in is they will say that they use military grade encryption. This is AES, advanced encryption standard, and it is used on almost every site now by default. Don't believe me? Go to YouTube, click on the padlock in the browser, then click on the arrow next to "connection secure", and then click on more information. That's right, they use military grade encryption as well, pretty crazy right?! Unless you are being targeted by the government, using a VPN doesn't make your passwords and financial data any more safe. They are already pretty safe. <br>
You may be wondering, "Hey person who created this github who's name shall never be revealed, when is a good time to use a VPN?". Well, assuming that you did your research and found a VPN that you can trust then a good time to use one would be if want to hide your identity and pretend you are in another country, torrent whatever you want, and if you want to download the last season of Game of Thrones. And if you are wondering if the government is going to serve a gag order for you because you downloaded a whole season of Game of Thrones then worry not! Believe it or not the government has more important things to do. <br>
You may be wondering, "Hey person who created this github who's name shall never be revealed, when is a good time to use a VPN?". Well, assuming that you did your research and found a VPN that you can trust, then a good time to use one would be if you want a higher level of security for online services such as banking, a secure internet connection in public places, access to your favorite video streaming content anywhere in the world, or to stay anonymous when shopping online. <br>
So just keep the following in mind. VPNs are useful, but not for everyday internet activity. Your ISP such as Verizon has no interest other than collecting your data, such as domain names you visit. But that is something that they need because they need to send that information to a DNS server which then fins the IP address for the URL that you are trying to visit. Also, can you trust the VPN service you are using? My intention isn't to scare you into never going on the internet again, it is just to inform you on what is happening. You deserve to know, we all deserve to know. Our privacy is our right and there are things in which we would rather the world not know. And like I mentioned earlier your messages are now encrypted by default so no one can read the entire data that is being sent when you are visiting a website, just the domain name. <br>
Just keep the following in mind. VPNs are useful, but not for everyday internet activity. Your ISP, such as Verizon, has no interest other than collecting your data, such as domain names you visit. But that is something that they need because they need to send that information to a DNS server which then finds the IP address for the URL that you are trying to visit. Also, can you trust the VPN service you are using? My intention isn't to scare you into never going on the internet again, it is just to inform you on what is happening. You deserve to know, we all deserve to know. Our privacy is our right and there are things in which we would rather the world not know. As I mentioned earlier, your messages are now encrypted by default, so no one can read the entire data that is being sent when you are visiting a website, just the domain name. <br>
When searching for a VPN service to use keep the following in mind. Your VPN is owned by a private corporation. Your VPN provider determines the available servers. Your VPN provider has no proof that they keep your data safe; And your VPN provider is in control of the entire traffic. Have fun researching!! :) <br>
When searching for a VPN service to use, keep the following in mind. Your VPN is owned by a private corporation. Your VPN provider determines the available servers. Your VPN provider has no proof that they keep your data safe. Your VPN provider is in control of the entire traffic. Have fun researching!! :) <br>
You can also set up your own VPN and it would actually cost less than paying for a VPN service, but that's its own presentation. Let me know if that is something you would be interested in learning more about, if you even know who this is. <br>
You can also set up your own VPN, and it would actually cost less than paying for a VPN service, but that's its own presentation. Let me know if that is something you would be interested in learning more about, if you even know who this is. <br>
One VPN worth checking out is ProtonVPN. It's free and they have paid options if you want more perks. They are also a great secure e-mail service if you want to upgrade your email. <br>
One VPN worth checking out is ProtonVPN. It's free, and they have paid options if you want more perks. They are also a great secure e-mail service if you want to upgrade your email. <br>
<br>
## The Internet
@@ -55,32 +55,32 @@ The internet was actually coined for a short word for inter-networking. The inte
<br>
## Internet Infrastructure
The internet works as a distributed system made up of lots of smaller computer networks owned by various ISPs, universities, governments, and other organizations that are all linked together through what is called peering agreements. There are organizations that help coordinate and direct internet traffic so that compatibility is maintained. One of the most well-known from these groups is ICANN which map IP addresses to internet domain names. When you enter YouTube.com in your web browser, it actually isn't enough information for your computer to know what website to show you. So your ISP directs it to a DNS server which matches what you typed to the IP address that corresponds to it so you can connect and get the information that you need. <br>
The internet works as a distributed system made up of lots of smaller computer networks owned by various ISPs, universities, governments, and other organizations that are all linked together through what is called peering agreements. There are organizations that help coordinate and direct internet traffic so that compatibility is maintained. One of the most well-known from these groups is ICANN, which maps IP addresses to internet domain names. When you enter YouTube.com in your web browser, it actually isn't enough information for your computer to know what website to show you; therefore, your ISP directs it to a DNS server which matches what you typed to the IP address that corresponds to it so you can connect and get the information that you need. <br>
You may have a lot of questions with one of them being, "How does the content of the website physically get to my PC?". One of the great features of the internet is that it is a packet switched network meaning that all data is broken up into little packets and then reassembled once it arrives at your computer. The advantage to this approach with computer data is that it allows each packet to take the most efficient route possible. This means that if everyone in the town next over from you, where your traffic would have normally gone, starts streaming Game of Thrones at exactly the same time it will congest any nearby nodes. This will cause your some of your packets to slow down. The remaining packets can be easily and dynamically rerouted via another path, even mid file so your internet speed stays high. <br>
You may have a lot of questions with one of them being, "How does the content of the website physically get to my PC?". One of the great features of the internet is that it is a packet switched network, meaning that all data is broken up into little packets and then reassembled once it arrives at your computer. The advantage to this approach with computer data is that it allows each packet to take the most efficient route possible. This means that if everyone in the town next over from you, where your traffic would have normally gone, starts streaming Game of Thrones at exactly the same time, it will congest any nearby nodes. This will cause some of your packets to slow down. The remaining packets can be easily and dynamically rerouted via another path, even mid file, so your internet speed stays high. <br>
<br>
## The World Wide Web
The World Wide Web uses URLs or Uniform Resource Locators to locate stuff and hypertext languages such as HTML that can be rendered by your internet browser as a web page. It is essentially a virtually space where all the great content is stored and accessed using a protocol called HTTP but the internet is the thing that keeps it all connected. Plenty of stuff that we use probably on a daily basis is not a part of the web. For example, if you use a non-browser based email server, through a program like outlook, you are probably using protocols such as SMTP or POP which lie outside the web.
The World Wide Web uses URLs or Uniform Resource Locators to locate stuff, and hypertext languages such as HTML that can be rendered by your internet browser as a web page. It is essentially a virtual space where all the great content is stored and accessed using a protocol called HTTP, but the internet is the thing that keeps it all connected. Plenty of stuff that we use, probably on a daily basis, is not a part of the web. For example, if you use a non-browser based email server, through a program like Outlook, you are probably using protocols such as SMTP or POP which lie outside the web.
## What is a Protocol
A protocol is a set of common rules that controls communication between two or more devices on a specific medium like a wire or a radio wave. A network uses the TCP/IP (Transmission Control Protocol/Internet Protocol) stack to communicate with other applications. It is a set of network protocols stacked over each other and designed to work with each other. <br>
<br>
## The Deep Web
The deep web is not a place, it is not hidden, and it actually harbors 0 criminal activity. The deep web is simply the unindexed content online; The raw data that google doesn't know about and google doesn't care about. It is the stuff on the internet that you can't bring up with a simple google search. Any page that you can't get to without needing to have the actual URL and the permissions to access it. This includes things such as private social media profiles, hidden sub reddits, medical and scientific and business databases, and bank account information. That is a whole lot of information. It is estimated the deep web makes up 99% of the world wide web and the surface web makes up only 1%. If this is all new to you, you have to freaking out right now. If you need to walk away for a few minutes to let that sink in then go ahead, I'll wait.
The deep web is not a place, it is not hidden, and it actually harbors 0 criminal activity. The deep web is simply the unindexed content online, the raw data that Google doesn't know about and Google doesn't care about. It is the stuff on the internet that you can't bring up with a simple google search. Any page that you can't get to without needing to have the actual URL and the permissions to access it. This includes things such as private social media profiles, hidden sub reddits, medical and scientific and business databases, and bank account information. That is a whole lot of information. It is estimated the deep web makes up 99% of the world wide web and the surface web makes up only 1%. If this is all new to you, you have to be freaking out right now. If you need to walk away for a few minutes to let that sink in, then go ahead, I'll wait.
## The Dark Net
The reason why you're reading this is probably to learn about the dark web or dark net. Well you made it, let's talk about it. If you are someone that skipped the whole beginning and this is the first section you are reading, shame on you. Get back to the top and read, I promise you'll learn something. Anyways, what is the dark net? <br>
The reason why you're reading this is probably to learn about the dark web or dark net. Well, you made it, let's talk about it. If you are someone that skipped the whole beginning and this is the first section you are reading, shame on you. Get back to the top and read, I promise you'll learn something. Anyways, what is the dark net? <br>
The dark net is a hidden area comprised of information that is actively hidden from the public. The dark net can only be accessed by specific tools such as the TOR browser. You can download the TOR browser from the internet. It is free and open-source. TOR is a special service. It makes your browsing activity and gets you into the dark web. Will you find crime? Yes, but not to the degree that the media has claimed. Crime is neither the primary use of the dark net nor why it was built. <br>
The dark net is just another tool and it is used by government agencies, journalists, anyone living in hostile governments, Whistleblowers, and just regular people who want to create and utilize anonymous online communities. Like any place where human beings congregate, there is illegal activity. You may be wondering why you only hear bad things about the dark net. This is because it sells. It's good click bait. There is also another agenda at work and it's to demonize the dark web and to scare people away from it. People in power try to do that because they believe if everyone was private and anonymous on the internet then they will lose control. <br>
The dark net is just another tool, and it is used by government agencies, journalists, anyone living in hostile governments, whistleblowers, and just regular people who want to create and utilize anonymous online communities. Like any place where human beings congregate, there is illegal activity. You may be wondering why you only hear bad things about the dark net. This is because it sells. It's good click bait. There is also another agenda at work, and it's to demonize the dark web and to scare people away from it. People in power try to do that because they believe if everyone was private and anonymous on the internet, then they will lose control. <br>
However you choose to judge it, one of the main reasons why the silk road was created was to fight back against that sort of control. It was built and operated in a hidden area and was operated by anonymous users. <br>
Privacy serves a purpose, it is why we have blinds on our windows and a door on our bathroom. We have plenty to hide, and it has always been our right to hide it; Until now. Because today there are people that don't want us to protect our privacy, who in a large degree already have free access to our personal information. This includes tech and phone companies, law enforcement, and black hat hackers. <br>
Privacy serves a purpose, it is why we have blinds on our windows and a door on our bathroom. We have plenty to hide, and it has always been our right to hide it...until now. Because today there are people that don't want us to protect our privacy, who in a large degree already have free access to our personal information. This includes tech and phone companies, law enforcement, and black hat hackers. <br>
<br>
## The Dark Web text
The text document contains URLs to websites and .onion sites to help with being anonymous when on the dark web. You will also find links to a few dark web search engines which can help you find other dark web sites. Have fun, be safe, and stay anonymous!
The darkweb.txt document contains URLs to websites and .onion sites to help with being anonymous when on the dark web. You will also find links to a few dark web search engines which can help you find other dark web sites. Have fun, be safe, and stay anonymous!

26
Crimson_Defense/Resources/README.md
View File

@@ -5,7 +5,7 @@ Stay up to date with the world of linux:<br>
https://www.linux.com/ <br>
<br>
Learn about current cyber security news <br>
Learn about current cyber security news. <br>
https://www.reuters.com/news/archive/cybersecurity <br>
<br>
@@ -13,14 +13,14 @@ Learn hands on cyber security techinques. The virtual machines for this site are
https://seedsecuritylabs.org/index.html <br>
<br>
The following is a link to a website in which you can buy some great course and learn a whole lot. Don't <b>EVER</b> pay full price for a course. Just put it in your wishlist, wait a few days, and then check again; There will be a sale.<br>
The following is a link to a website in which you can buy some great courses and learn a whole lot. Don't <b>EVER</b> pay full price for a course. Just put it in your wishlist, wait a few days, and then check again; there will be a sale.<br>
https://www.udemy.com/ <br>
<br>
Practice your cyber security skills. <br>
https://0x00sec.org/ <br>
Core hacking course on youtube <br>
Core hacking course on YouTube <br>
https://www.youtube.com/playlist?list=PLMGUdaTHpFQLmSAk5_cTM8Y502hhVpeNf <br>
<br>
@@ -50,12 +50,12 @@ Volatility <br>
https://github.com/volatilityfoundation/volatility/wiki/Command-Reference <br>
Autopsy <br>
is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones. <br>
An easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones. <br>
It has a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python. <br>
https://www.autopsy.com/ <br>
The Sleuth Kit <br>
is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. <br>
A collection of command line tools and a C library that allows you to analyze disk images and recover files from them. <br>
It is used behind the scenes in Autopsy and many other open source and commercial forensics tools. <br>
https://www.sleuthkit.org/ <br>
@@ -102,27 +102,27 @@ https://github.com/bwrsandman/Bless <br>
The following commands are going to be helpful: <br>
strings, file, exiftool <br>
and as always you can use Python to help <br>
As always, you can use Python to help. <br>
NETWORK TRAFFIC ANALYSIS: <br>
Wireshark <br>
is probably already installed <br>
It is probably already installed. <br>
https://www.wireshark.org/ <br>
The Telnet protocol is an old, insecure protocol used to remotely login to and administer computers <br>
The Telnet protocol is an old, insecure protocol used to remotely login to and administer computers. <br>
tshark <br>
network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded <br>
form of those packets to the standard output or writing the packets to a file. <br>
network protocol analyzer.
It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. <br>
https://www.wireshark.org/docs/man-pages/tshark.html <br>
Scapy <br>
Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. <br>
https://scapy.net/ <br>
Get familiar with <br>
Get familiar with: <br>
netcat <br>
https://linux.die.net/man/1/nc <br>
@@ -140,7 +140,7 @@ https://portswigger.net/bur <br>
OWASP ZAP <br>
https://www.zaproxy.org/ <br>
ensure you're familiar with your browsers dev tools - get used to the Console, Network and Application tabs. <br>
Ensure you're familiar with your browser's dev tools - get used to the Console, Network and Application tabs. <br>
InspectElement by right-clicking on the site or F12 <br>
exploit trusted client input <br>
@@ -260,4 +260,4 @@ Functions <br>
https://en.wikipedia.org/wiki/Subroutine <br>
The main function <br>
https://en.wikipedia.org/wiki/Entry_point#C_and_C++ <br>
https://en.wikipedia.org/wiki/Entry_point#C_and_C++ <br>

12
Crimson_Defense/Security+More/README.md
View File

@@ -1,18 +1,18 @@
# Security+ More
If you are interested in getting a Security+ certification, you have come to the right place. Here you fill wind links to resources that will help you get prepared for this challenging but ever so rewarding task. Getting a certification while still in school not only shows that you know what you claim to know but it shows that you are someone that goes above and beyond the normal expectations. You are someone who is excited and eager to learn. <br>
If you are interested in getting a Security+ certification, you have come to the right place. Here you will find links to resources that will help you get prepared for this challenging but ever so rewarding task. Getting a certification while still in school not only shows that you know what you claim to know but it shows that you are someone that goes above and beyond the normal expectations. You are someone who is excited and eager to learn. <br>
Security+ is not the only certification you can get but it is a great place to start. Not all companies are looking to see if this is something that you have, and I have been told from a company that some companies do not care if you have one, take that with a grain of salt. That same company did say that if you do have a certification then that is something that will definitely impress them. <br>
Security+ is not the only certification you can get, but it is a great place to start. Not all companies care about what certifications you have, but many do and use it as an added evaluation metric during the interview process. <br>
## Security what?
Not sure what CompTIA Security+ is? check out this video from, you guessed it, YouTube. This guy is great! If you are interested in other certifications and how to get them, check out some of the other videos on his channel.<br>
Not sure what CompTIA Security+ is? Check out this video from, you guessed it, YouTube. This guy is great! If you are interested in other certifications and how to get them, check out some of the other videos on his channel.<br>
[All About the CompTIA Security+](https://www.youtube.com/watch?v=PIg3pjiFdf0)
## Resources
For those of you ready to get going and want the good stuff, here you go. Former president Jake Wachs created a public drive full of resources to help you learn more about really anything. There are so many resources here, I recommend you bookmark it to your bookmarks toolbar! Now how he came about all of these great resources, I do not know. I would honestly rather it be a mystery then finding out that he just googled it. Here you will not only find resources to help you prepare for the Security+ exam but with anything that involves cybersecurity. Interested in learning about malware, cryptography, network security, cryptography AND network security, Kali linux, or advanced penetration testing? Then you should definitely check this out. You will also find that one of our current officers, Zachary Weske, has made some contributions as well. So you also have him to thank, and possibly others.<br>
[All the Cybersecurity information you've been waiting for your whole life](https://drive.google.com/drive/u/1/folders/1jO8Ys4zdz8jQGqbaEXRdqXCW87oLNta-)<br>
For those of you ready to get going and want the good stuff, here you go. Former Crimson Defense president Jake Wachs created a public drive full of resources to help you learn more about really anything. There are so many resources here, I recommend you bookmark it to your bookmarks toolbar! Now how he came about all of these great resources, I do not know. I would honestly rather it be a mystery then finding out that he just googled it. Here you will not only find resources to help you prepare for the Security+ exam but with anything that involves cyber security. Interested in learning about malware, cryptography, network security, cryptography AND network security, Kali Linux, or advanced penetration testing? Then you should definitely check this out. You will also find that one of our current officers, Zachary Weske, has made some contributions as well. So you also have him to thank, and possibly others.<br>
[All the Cyber Security information you've been waiting for your whole life](https://drive.google.com/drive/u/1/folders/1jO8Ys4zdz8jQGqbaEXRdqXCW87oLNta-)<br>
One of our favorites and our typical go to when it comes to preparing for the Security+ exam is Professor Messer. Here is a link to his YouTube playlist where you fill find 141 videos to help get you ready for the Security+ exam. If you check out his YouTube channel you will also find other playlists to other certifications that you might be interested in.<br>
One of our favorites and our typical go to when it comes to preparing for the Security+ exam is Professor Messer. Here is a link to his YouTube playlist where you will find 141 videos to help get you ready for the Security+ exam. If you check out his YouTube channel, you will also find other playlists to other certifications that you might be interested in.<br>
[Security+](https://www.youtube.com/watch?v=UbxRf_9Rcmg&list=PLG49S3nxzAnnVhoAaL4B6aMFDQ8_gdxAy) <br>
If you instantly fall in love with Professor Messer like most of us have, here is a link to his website where you can buy material to get you ready for the certification you are interested in getting. It's great stuff and worth the buy if you are willing to put in the time and really prepare for the exam. Buying it doesn't gaurantee that you will pass, it is up to you to put in the hard work. But hey, I believe in you!<br>

13
Crimson_Defense/Skills/README.md
View File

@@ -1,11 +1,11 @@
# Skills
Throughout your next few years here at Alabama and your career, that is if you decide to pursue a career in Cyber Security, you are going to be competing at some point. Competitions are a great way to show off your skills, see if you can think outside the box, and learn something new. When it comes to Cyber Security, you will never know everything. Always keep an open mind and be willing to listen to what others have to say. A majority of the time they know something that you don't know and vice versa.<br>
When learning about competitions you will probably here terms thrown out such as defense, offense, and CTF. Defense refers to hardening systems and trying to prevent others from breaking into your machine. Offense refers to finding vulnerabilities and exploits in machines that will help you break into the machine and gain full control. CTF refers to capture the flag competitions which will test your skills across a variety of Cyber Security topics. CTFs are mainly difficult because they involve topics that are so vastly different from each other that it is very hard to be advanced in each and every one. <br>
When learning about competitions you will probably hear terms thrown out such as defense, offense, and CTF. Defense refers to hardening systems and trying to prevent others from breaking into your machine. Offense refers to finding vulnerabilities and exploits in machines that will help you break into the machine and gain full control. CTF refers to capture the flag competitions which will test your skills across a variety of Cyber Security topics. CTFs are mainly difficult because they involve topics that are so vastly different from each other that it is very hard to be advanced in each and every one. <br>
Capture the flag events are a lot of fun. They test your skills across 5 main topics. These topics are Forensics, Cryptography, Web Exploitation, Reverse Engineering, and Binary Exploitation.<br>
Checkout each individual CTF topic's directory and learn more about them and find out which tools you can be using right now to help you with solving CTF challenges!<br>
Check out each individual CTF topic's directory to learn more about them and find out which tools you can be using right now to help you with solving CTF challenges!<br>
Different topics you might come across in a CTF event include:<br>
[Forensics](Forensics)<br>
@@ -14,16 +14,15 @@ Different topics you might come across in a CTF event include:<br>
[Reverse Engineering](Reverse_Engineering)<br>
[Binary Exploitation](Binary_Exploitation)<br>
When you get to be very competitive it is recommended that you specialize in a single topic and the rest of the members of your team do the same. Obviously, everyone chooses a different topic. This doesn't mean that you only have to know about that single topic, it just means that you should have the most knowledge when it comes to solving those particular problems. You and the rest of your team should meet on a regular basis sharing new information that you found and teaching everyone at least the basics of your topic. There will be times where you will get stuck and if you are the only one that knows anything about that subject then how are your teammates going to be able to help you? You might be thinking right now, "well if I, the master of web exploitation, get stuck on a problem then how then are my teammates going to be able to help me? I know way more than them.". I have many answers to this one. You didn't get enough sleep the night before so you brain is a little foggy so you just need your teammate to remind you of a tip or trick you showed them in a previous meeting that wasn't on your mind at the moment. Or maybe It might be you first competition and your so nervous that you just feel like you forgot everything, bouncing around ideas with your teammates can help you remember what it was that you just briefly forgot. <br>
When you get to be very competitive, it is recommended that you specialize in a single topic and the rest of the members of your team do the same. Obviously, everyone chooses a different topic. This doesn't mean that you only have to know about that single topic, it just means that you should have the most knowledge when it comes to solving those particular problems. You and the rest of your team should meet on a regular basis, sharing new information that you found, and teaching everyone at least the basics of your topic. There will be times where you will get stuck, and if you are the only one that knows anything about that subject, then how are your teammates going to be able to help you? You might be thinking right now, "well if I, the master of web exploitation, get stuck on a problem, then how are my teammates going to be able to help me? I know way more than them.". I have many answers to this one. Maybe you didn't get enough sleep the night before and your brain is a little foggy. Your teammate can remind you of a tip or trick you showed them in a previous meeting that wasn't on your mind at the moment. Maybe it is your first competition and you're so nervous that you just feel like you forgot everything. Bouncing around ideas with your teammates can help you remember what it was that you just briefly forgot. <br>
When it comes to learning and practicing for these, offense and defense can be considered mission sets and then there are skill sets which get brought up in CTFs and Jeopardy. Those skill sets can be applied to both defense and offense. So mainly, when studying for CTFs don't think that the skills you are learning can only be used for CTFs and nothing else. <br>
When it comes to learning and practicing for competitions, offense and defense can be considered mission sets. There are also skill sets which get brought up in CTFs. Those skill sets can be applied to both defense and offense. So mainly, when studying for CTFs, don't think that the skills you are learning can only be used for CTFs and nothing else. <br>
Potentially Helpful Websites:
Some Helpful Websites:
- Learning Guides https://picoctf.com/resources
- CTF Field Guide https://trailofbits.github.io/ctf/
- Over the Wire http://overthewire.org/wargames/
- Capture the Flag 101 https://ctf101.org
- Collection of CTF info https://github.com/apsdehal/awesome-
- ctf/blob/master/README.md
- Collection of CTF info https://github.com/apsdehal/awesome-ctf/blob/master/README.md
- List of practice sites https://www.sjoerdlangkemper.nl/2018/12/19/practice-hacking-with-vulnerable-systems/

18
Crimson_Defense/TOTW/README.md
View File

@@ -1,21 +1,21 @@
# Tool of the Week
Every week someone from the competition team will look into a tool used for solving CTF challenges. A breif presentation will be given about the tool and a write up consisting of only a few sentences will be presented as well. Here you can find the tools that we have discussed and the write up provided by the individual who did researched said tool.
Every week someone from the competition team will look into a tool used for solving CTF challenges. A brief presentation will be given about the tool and a write up consisting of only a few sentences will be presented as well. Here you can find the tools that we have discussed and the write up provided by the individual who did researched said tool.
# TOTW
Meeting on 3/04/21 <br>
<b>Cryptii.com</b><br>
Cryptii.com is an open source web app that provides the user with the means to encode or decode strings of characters within their browser. Encoding/decoding options include ASCII, binary, hexadecimal, base64, Caesar Cipher, Morse Code, and more! <br>
To explore the web app for yourself go to: https://cryptii.com/ <br>
To explore the web app for yourself, go to: https://cryptii.com/. <br>
<b> LOR </b>
----
Meeting on 2/25/21<br>
<b>Cewl</b><br>
<b>CeWL</b><br>
“The Custom Word List generator, CeWL is a ruby app which spiders a given URL to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.” This is useful when you have a webpage with some content (articles, blogs, or other forms of writing) available through http or https and you are trying to escalate your privilege. Example:<br>
cewl -d 2 -m 5 -w docswords.txt https://example.com <br>
Depth of 2, Maximum word-length of 5, output to docswords.txt, target https://example.com <br>
cewl -d 2 -m 5 -w docswords.txt https://<i></i>example.com <br>
Depth of 2, Maximum word-length of 5, output to docswords.txt, target https://<i></i>example.com <br>
<b>The Guilty Remnant</b>
@@ -23,7 +23,7 @@ Depth of 2, Maximum word-length of 5, output to docswords.txt, target https://ex
Meeting on 2/18/21<br>
<b>Hashcat</b><br>
Hashact is a popular password cracker and is designed to break even the most complex passwords. For example, let's say you are given a password that has been hashed using md5 (71b816fe0b7b763d889ecc227eab400a) and you know the format of the password you have is "SKY-HQNT-" followed by 4 digits then you can use hashcat to brute force it and find out what the entire password is. Using the following command will get you the answer:<br>
Hashact is a popular password cracker and is designed to break even the most complex passwords. For example, let's say you are given a password that has been hashed using md5 (71b816fe0b7b763d889ecc227eab400a) and you know the format of the password is "SKY-HQNT-" followed by 4 digits, you can use hashcat to brute force it and find out the entire password. Using the following command will get you the answer:<br>
hashcat -m 0 -a 3 ./<hash file name>.txt 'SKY-HQNT-?d?d?d?d' <br>
- m is for mode and 0 is mode md5 <br>
- a is for action and 3 is for brute force <br>
@@ -35,7 +35,7 @@ hashcat -m 0 -a 3 ./<hash file name>.txt 'SKY-HQNT-?d?d?d?d' <br>
Meeting on 2/11/21<br>
[Snort](https://www.snort.org/) <br>
Snort is an open source intrusion prevention system. It is capable of real-time traffic analysis and packet logging. You can easily read through the logs and you can also have the logs fowarded to the logging system of your choice such as splunk; CCDC members will probably be familiar with that name. I also propose that whoever manages splunk should be gifted the incredible nickname that I thought of, Spunk Master Flex; named after Funk Master Flex. <br>
Snort is an open source intrusion prevention system. It is capable of real-time traffic analysis and packet logging. You can easily read through the logs, and you can also have the logs fowarded to the logging system of your choice such as splunk; CCDC members will probably be familiar with that name. I also propose that whoever manages splunk should be gifted the incredible nickname that I thought of, Spunk Master Flex; named after Funk Master Flex. <br>
<b>Percy Knox</b>
@@ -43,7 +43,7 @@ Snort is an open source intrusion prevention system. It is capable of real-time
Meeting on 2/4/21<br>
<b>Python</b> <br>
When it comes to solving capture the flag challenges there are many great tools that you can use, some of which might already be downloaded on your pentesting machine! If not, you can find many great tools to download online. However, there are going to be times where the tools that you have at your disposal are almost what you need but not exactly what you need. If you ever get to this point, you should never give up. You just need to find another way to solve the problem and Python just might be your answer. Python is great for writing scripts quickly and effeciently. With Python, you can do almost anything. You can use Python to create scripts to solve an array of problems including password cracking, web exploitation, and many more. <br>
When it comes to solving capture the flag challenges, there are many great tools that you can use, some of which might already be downloaded on your pentesting machine! If not, you can find many great tools to download online. However, there are going to be times where the tools that you have at your disposal are almost what you need but not exactly what you need. If you ever get to this point, you should never give up. You just need to find another way to solve the problem and Python just might be your answer. Python is great for writing scripts quickly and effeciently. With Python, you can do almost anything. You can use Python to create scripts to solve an array of problems including password cracking, web exploitation, and many more. <br>
<b>inspectelement</b>
@@ -51,6 +51,6 @@ When it comes to solving capture the flag challenges there are many great tools
Meeting on 1/28/21 <br>
<b>Nmap</b> <br>
Using the command ifconfig you can get the rage of your network and once you do that you can then use Nmap to discover other machines. If there is a target machine in the network range, you can use Nmap to discover the machines IP address. Similar tools include netdiscover and ARP. Using these two tools first can allow you to narrow down the target machine and you can then use Nmap along with these two commands to get the information you need about the target machine. The command sS will tell Nmap to look for open ports and services and the command AT4 looks for OS information, which can tell you a lot about your target machine. <br>
Using the command ifconfig you can get the range of your network. You can then use Nmap to discover other machines. If there is a target machine in the network range, you can use Nmap to discover the machines IP address. Similar tools include netdiscover and ARP. Using these two tools first can allow you to narrow down the target machine, and you can then use Nmap along with these two commands to get the information you need about the target machine. The command sS will tell Nmap to look for open ports and services and the command AT4 looks for OS information, which can tell you a lot about your target machine. <br>
<b>Percy Knox</b>

12
Crimson_Defense/Virtual_Machines/Kali_Linux/README.md
View File

@@ -1,5 +1,5 @@
## Kali Linux
Once you have VirtualBox downloaded it is time to download Kali Linux. There are two options to choose from. The "customized" one is created by zSecurity. I took a course that he taught and it was great. It works very well but the other Kali machine has a ton of pre-installed tools. Either OVA file will work. They are both great! If you are interested in knowing what bugs he fixed, here is the link to it:<br>
Once you have VirtualBox downloaded, it is time to download Kali Linux. There are two options to choose from. The "customized" one is created by zSecurity. I took a course that he taught, and it was great. It works very well, but the other Kali machine has a ton of pre-installed tools. Either OVA file will work. They are both great! If you are interested in knowing what bugs he fixed, here is the link to it:<br>
[Kali Linux by Zsecurity](https://zsecurity.org/download-custom-kali/)<br>
## Links to both downloads
@@ -30,11 +30,11 @@ Now it is time to update. You will need to be patient for this step. Open up a t
$ apt update && apt -y full-upgrade
```
After all of that you should be set. When powering down the machine do not use the x button in the corner. Doing that is like pulling the plug on your computer when it is on. You are going to go to VirtualBox, right click on the machine, then close, then power off.<br>
After all of that, you should be set. When powering down the machine, do not use the <i>X</i> button in the corner. Doing that is like pulling the plug on your computer when it is on. You are going to go to VirtualBox, right click on the machine, then close, then power off.<br>
<br>
## Kali 2020 x64 Customized by zSecurity
After downloading and then double clicking on the OVA file, click on import. If you haven't downloaded Oracle VM extension pack, go ahead and do so now. I explain where it is one directory up. If you have everything downloaded we can now turn on the machine. If you would like to change the name of the machine I would do so now. Click on the machine, then settings, and then in general is where you can change the name. After you do that, hit start.<br>
After downloading and then double clicking on the OVA file, click on import. If you haven't downloaded Oracle VM extension pack, go ahead and do so now. I explain where it is [one directory up](../../Virtual_Machines). If you have everything downloaded we can now turn on the machine. If you would like to change the name of the machine, I would do so now. Click on the machine, then settings, and then general; this is where you can change the name. After you do that, hit start.<br>
The log in information is going to be:<br>
username: "root"<br>
@@ -49,18 +49,18 @@ The next thing you want to do is update the sources where Kali can search and do
# apt-get update
```
If you would like to you can install a terminal that will allow you to have multiple terminal windows open in the same window. You are going to download this with the following command.
If you would like to, you can install a terminal that will allow you to have multiple terminal windows open in the same window. You are going to download this with the following command.
```unix
# apt-get install terminator
```
Press y and hit enter to confirm the download and then it will install on your system. <br>
Press y and hit enter to confirm the download, and then it will install on your system. <br>
<br>
## Windows won't let you power on Kali Linux?
If you are using Windows then you might come across an error in which the machine won't even start. Does it say something like "Failed to open a session for the virtual machine"? If so, try the following and see if it fixes the issue. If it doesn't fix the issue then you can always message in the general slack and ask for help!<br>
If you are using Windows, you might come across an error in which the machine won't even start. Does it say something like "Failed to open a session for the virtual machine"? If so, try the following and see if it fixes the issue. If it doesn't fix the issue, you can always message in the general slack and ask for help!<br>
What you are going to want to do is first close out your virtual machine manager, in this case it should be VirtualBox. Go to Windows Search and type in "features". Click on "Turn Windows features on or off". Now you are going to disable the following. If any of them are already disabled, then you can skip those:
- Virtual Machine Platform

4
Crimson_Defense/Virtual_Machines/ParrotOS/README.md
View File

@@ -1,2 +1,2 @@
for now, donwload OVA file under Parrot Security OVA, double click to import it into virtual box. Start it, wait a few minutes, a pop up will ask if you want to update. Update, this will take a while. Take a snapshot of the machine in Virtual Box. Then go crazy! <br>
[Parrot OS](https://www.parrotsec.org/download/)
For now, donwload OVA file under Parrot Security OVA, double click to import it into VirtualBox. Start it, wait a few minutes, a pop up will ask if you want to update. Update, this will take a while. Take a snapshot of the machine in VirtualBox. Then go crazy! <br>
[Parrot OS](https://www.parrotsec.org/download/)

12
Crimson_Defense/Virtual_Machines/README.md
View File

@@ -1,19 +1,19 @@
# Virtual Machines
Here are a few virtual machines along with instructions on how to download them. <br>
If you are unfamiliar with what virtualbox, Linux, and Kali Linux are, then head on over to the "where to start" directory where I have added some great links to videos and readings on those topics. I'll even give you a link right to it, here: [Let's Learn](/0_Where_To_Start) <br>
If you are unfamiliar with what VirtualBox, Linux, and Kali Linux are, then head on over to the "where to start" directory where I have added some great links to videos and readings on those topics. I'll even give you a link right to it, here: [Let's Learn](../0_Where_To_Start) <br>
<br>
## Before you get started
Before you get started, I recommend downloading a download manager. It is not necessary but can be helpful. You can download a popular and free one called [Free Download Manager](https://www.freedownloadmanager.org/). I mean, that name could not be better. If you ever google "hey I want a free download manger", boom that's the first thing that is going to pop up. If you're not sure why you should get it maybe this article will help. <br>
Before you get started, I recommend downloading a download manager. It is not necessary but can be helpful. You can download a popular and free one called [Free Download Manager](https://www.freedownloadmanager.org/). I mean, that name could not be better. If you ever google "hey I want a free download manger", boom that's the first thing that is going to pop up. If you're not sure why you should get it, maybe this article will help. <br>
[Why You Should use a Download Manager](https://www.hellotech.com/blog/use-download-managers)<br>
I also recommend you create a folder in your home directory called VirtualBox images and store all of these images that you are downloading in there. You can also create folders for each of the machines within VirtualBox images. The two Kali machines and the Parrot OS machine can go in a folder called OVA files. The SEEDLabs Ubuntu machines can go in a folder called VMDK files and the iso image can go in a folder called ISO Images. Stay organized, it only makes life easier! <br>
<br>
## Virtualbox
If you don't already have virtualbox then go ahead and download it. We all use it so if you have any trouble with it don't be afraid to ask for help! I reccomend also downloading the extension pack after your installation for virtual box has finished. You will find it right under the download you just clicked on. It will be called "Oracle VM VirtualBox Extension Pack". Download it and then double-click it. It will open virtual box and then just hit install. <br>
## VirtualBox
If you don't already have VirtualBox, go ahead and download it. We all use it, so if you have any trouble with it, don't be afraid to ask for help! I recommend also downloading the extension pack after your VirtualBox installation has finished. You will find it right under the download you just clicked on. It will be called "Oracle VM VirtualBox Extension Pack". Download it and then double-click it. It will open VirtualBox; then just hit install. <br>
[VirtualBox](https://www.virtualbox.org/) <br>
With whatever virtual machine you decide to download, after running the instructed update and upgrade commands make sure you take a snapshot! Doing so will save the state of the machine. You will title it "fresh install" and for the description you will put something along the lines of "Just installed this vm and ran the instructed update commands". Now if anything happens to your machine you can always restore this snapshot and run it like you just installed it. It is recommended that you create snapshots before doing anything big. I will always take a snapshot after downloading certain tools because some of them can be a pain to downlaod and install.
<br>
With whatever virtual machine you decide to download, after running the instructed update and upgrade commands, make sure you take a snapshot! Doing so will save the state of the machine. You should title it "fresh install"; for the description, you will put something along the lines of "Just installed this vm and ran the instructed update commands". Now, if anything happens to your machine, you can always restore this snapshot and run it like you just installed it. It is recommended that you create snapshots before doing anything big. I always take a snapshot after downloading certain tools because some of them can be a pain to download and install.
<br>

4
Crimson_Defense/Virtual_Machines/Ubuntu-12.04/README.md
View File

@@ -1,2 +1,2 @@
Downlaod the digital ocean download for the 12.04 machine and read the pdf for instructions. <br>
[Ubuntu 12.04](https://seedsecuritylabs.org/labsetup.html)
Download the digital ocean download for the 12.04 machine and read the pdf for instructions. <br>
[Ubuntu 12.04](https://seedsecuritylabs.org/labsetup.html)

4
Crimson_Defense/Virtual_Machines/Ubuntu-16.04/README.md
View File

@@ -1,2 +1,2 @@
Downlaod the digital ocean download for the 16.04 machine and read the pdf for instructions. <br>
[Ubuntu 16.04](https://seedsecuritylabs.org/labsetup.html)
Download the digital ocean download for the 16.04 machine and read the pdf for instructions. <br>
[Ubuntu 16.04](https://seedsecuritylabs.org/labsetup.html)

6
Crimson_Defense/Virtual_Machines/Ubuntu-20.04/README.md
View File

@@ -1,10 +1,10 @@
## From SEEDLabs
Downlaod the digital ocean download for the 20.04 machine and click the link below for instructions. <br>
Download the digital ocean download for the 20.04 machine and click the link below for instructions. <br>
[Ubuntu 20.04](https://seedsecuritylabs.org/labsetup.html) <br>
[Instructions](https://github.com/seed-labs/seed-labs/blob/master/manuals/vm/seedvm-manual.md)
## ISO image
Go to this link in which you will be prompted to download an iso file. Create a folder in your home directory for virtual box images and create a folder inside of that one called ISO images. If you are interested in getting this machine up and running in virtual box then message me and ask for help, if you even need it. <br>
Go to this link in which you will be prompted to download an iso file. Create a folder in your home directory for VirtualBox images, then create a folder inside of that one called ISO images. If you are interested in getting this machine up and running in VirtualBox, then message me and ask for help, if you even need it. <br>
[Ubuntu 20.04 download](https://ubuntu.com/download/desktop/thank-you?version=20.04.2&architecture=amd64)
[Ubuntu 20.04 download](https://ubuntu.com/download/desktop/thank-you?version=20.04.2&architecture=amd64)

16
README.md
View File

@@ -5,11 +5,11 @@ Here you will find everything you need when it comes to learning more about Cybe
Crimson Defense was established with three main goals in mind:<br>
- Teach real Cyber Security that's applicable in the field (penetration testing, malware analysis, etc.)
- Bring together a group that advocates and promote the Cyber Security degree, major, and specialization within the Computer Science Department
- Compete in Cyber security competitions at the local, state, and national level
- Bring together a group that advocates and promote the Cyber Security degree, major, and specialization within the Computer Science Department at The University of Alabama
- Compete in Cyber Security competitions at the local, state, and national level
<br>
DISCLAIMER: Using security techniques with malicious intent will result in your removal from Crimson Defense. If applicable, you will be reported to the appropriate authorities. Do not abuse your power, WE ARE NOT A HACKTIVIST GROUP.
<b>DISCLAIMER:</b> Using security techniques with malicious intent will result in your removal from Crimson Defense. If applicable, you will be reported to the appropriate authorities. Do not abuse your power, <b>WE ARE NOT A HACKTIVIST GROUP</b>.
<p align="center">
<img width="450px" src="Archive/images/mainLogo.png" alt="Logo"/>
@@ -21,21 +21,21 @@ DISCLAIMER: Using security techniques with malicious intent will result in your
<br>
## <b>UACTF</b>
If you are competing in UACTF, Crimson Defense welcomes you to the world of cyber security and wishes you the best of luck during the competition. If you would like to know more about the competition and how to prepare then definitely check out the directory for it! Here I'll even help you out, just click the blue button: <br>
If you are competing in UACTF, Crimson Defense welcomes you to the world of cyber security and wishes you the best of luck during the competition. If you would like to know more about the competition and how to prepare, then definitely check out the directory for it! Here, I'll even help you out, just click the blue button: <br>
[Blue Button](/UACTF) <br>
## <b>Meet the Crimson Defense H@ckers</b>
Everyone from begginer level to advanced are welcome and encouraged to join the competition team. It is a great opportunity to learn more about cyber security and really dive deep into what it takes to solve complex cyber security problems. The competition team is comprised of individuals motivated and driven to protect the world from any potential exploit or vulnerability. While both focused on hardening systems and pentesting systems to make sure they are as secure as they can be, the Crimson Defense H@ckers work tirelessly day in and day out. They are an elite security group and there isn't a problem too difficult for them to solve. Head over to the [Crimson Defense H@ckers](/Crimson_Defense/Crimson_Defense_H@ckers) directory and meet the team! <br>
Everyone, from begginer level to advanced, is welcome and encouraged to join the competition team. It is a great opportunity to learn more about cyber security and really dive deep into what it takes to solve complex cyber security problems. The competition team is comprised of individuals motivated and driven to protect the world from any potential exploit or vulnerability. While both focused on hardening systems and pentesting systems to make sure they are as secure as they can be, the Crimson Defense H@ckers work tirelessly day in and day out. They are an elite security group, and there isn't a problem too difficult for them to solve. Head over to the [Crimson Defense H@ckers](/Crimson_Defense/Crimson_Defense_H@ckers) directory and meet the team! <br>
<br>
## <b>Before You Start!</b>
If you are looking to start solving your own challenges and learning about how to compete, if you do not already have a virtual machine set up to where you can solve these challenges go ahead and checkout the [Virtual Machines](/Crimson_Defense/Virtual_Machines) and follow the instructions on how to set up your own Ubuntu, Kali Linux, or Parrot OS virtual machine! <br>
Looking to start solving your own challenges and learning about how to compete? If you do not already have a virtual machine set up on which you can solve these challenges, go ahead and check out the [Virtual Machines](/Crimson_Defense/Virtual_Machines) section and follow the instructions on how to set up your own Ubuntu, Kali Linux, or Parrot OS virtual machine! <br>
<br>
## <b>Where do I even start?</b>
One of most puzzling things to figure out, especially when trying to start learning about Cyber Security. There is so much to learn, which is one of the reasons why it is so great. But with there being so much information out there it can be hard to figure out where to even begin. [This folder](/Crimson_Defense/0_Where_To_Start) will help those brand new to Cyber Security. Individuals who have little to no experience and want to get started but don't know where to go. Hopefully the resources here will help you understand what Cyber Security is all about.<br>
This is one of most puzzling things to figure out, especially when trying to start learning about Cyber Security. There is so much to learn, which is one of the reasons why it is so great. But with there being so much information out there, it can be hard to figure out where to even begin. [This folder](/Crimson_Defense/0_Where_To_Start) will help those brand new to Cyber Security, individuals who have little to no experience and want to get started but don't know where to go. Hopefully, the resources here will help you understand what Cyber Security is all about.<br>
<br>
## <b>How can I get a certification?</b>
@@ -45,7 +45,7 @@ There are many certifications to choose from. Check out the [Security+](/Crimson
## <b>CTF</b>
[Capture the flag](/Crimson_Defense/Skills) events are a lot of fun. They test your skills across a variety topics. These topics include Forensics, Cryptography, Web Exploitation, Reverse Engineering, Binary Exploitation, and more!<br>
Checkout each individual CTF topic's directory and learn more about them and find out which tools you can be using right now to help you with solving CTF challenges!<br>
Check out each individual CTF topic's directory to learn more about them and find out which tools you can be using right now to help you with solving CTF challenges!<br>
Different topics you might come across in a CTF event include:<br>
Forensics <br>