@@ -13,38 +20,32 @@ in every repository as they all contain important information that could help wi
Website: uacrimsondefense.github.io+## Crimson Cyber Defense Competition Team +Everyone from begginer level to advanced are welcome and encouraged to join the competition team. It is a great opportunity to learn more about cyber security and really dive deep into what it takes to solve complex cyber security problems. Here you will find resources on CTFs and other competitions. New to cyber competitions? Check out the resources within the [Where_to_Start](/Competition_Team/0_Where_to_Start) directory.
+ ## [Meet the Crimson Defense H@ckers](/Crimson_Defense_H@ckers) The competition team is comprised of individuals motivated and driven to protect the world from any potential exploit or vulnerability. While both focused on hardening systems and pen-testing systems to make sure they are as secure as they can be, the Crimson Defense H@ckers work tirelessly day in and day out. They are an elite security group and there isn't a problem too difficult for them to solve. Head over to the Crimson Defense H@ckers directory and meet the team! +## Before You Start! +If you are looking to start solving your own challenges and learning about how to compete, if you do not already have a virtual machine set up to where you can solve these challenges go ahead and checkout the [Virtual Machines](Virtual_Machines) and follow the instructions on how to set up your own Ubuntu, Kali Linux, or Parrot OS virtual machine! + ## [Where do I even start?](/0_Where_To_Start) -One of most puzzling things to figure out, especially when trying to start learning about cybersecurity. There is so much to learn, which is one of the reasons why it is so great. But with there being so much information out there it can be hard to figure out where to even begin. This folder will help those brand new to cybersecurity. Individuals who have little to no experience and want to get started but don't know where to go. Hopefully the resources here will help you understand what cybersecurity is all about.
+One of most puzzling things to figure out, especially when trying to start learning about Cyber Security. There is so much to learn, which is one of the reasons why it is so great. But with there being so much information out there it can be hard to figure out where to even begin. This folder will help those brand new to Cyber Security. Individuals who have little to no experience and want to get started but don't know where to go. Hopefully the resources here will help you understand what Cyber Security is all about.
## [I'm new but I'm not brand new, you know?](/1_Beginner) -After learning the basics and having an understanding of what cybersecurity is, it is time to start diving deeper and learning all about the different aspects of cybersecurity.
+After learning the basics and having an understanding of what Cyber Security is, it is time to start diving deeper and learning all about the different aspects of Cyber Security.
-# Crimson Cyber Defense Competition Team -Welcome! Everyone from begginer level to advanced are welcome and encouraged to join -the competition team. It is a great opportunity to learn more about cyber security -and really dive deep into what it takes to solve complex cyber security problems. -Here you will find resources on CTFs and other competitions. New to cyber competitions? -Check out the resources within the [Where_to_Start](/Competition_Team/0_Where_to_Start) directory.
+## [I want to get a certification](/Security+More) +There are many certifications to choose from. Check out the Security+ directory and see which one grabs your attention!
-# Before You Start! -If you are looking to start solving your own challenges and learning about how to compete, -if you do not already have a virtual machine set up to where you can solve these challenges -go ahead and checkout the [kali directory](/Kali_Linux) and follow the instructions on how to set -up your own kali linux virtual machine! +## [CTF](/CTF) +Capture the flag events are a lot of fun. They test your skills across 5 main topics. These topics are Forensics, Cryptography, Web Exploitation, Reverse Engineering, and Binary Exploitation.
-# CTF -CTF stands for Capture The Flag. If you didn't know, now you know. +Checkout each individual CTF topic's directory and learn more about them and find out which tools you can be using right now to help you with solving CTF challenges!
-# Tools -Checkout each individual CTF topic's directory and learn more about them and find out -which tools you can be using right now to help you with solving CTF challenges!
- -Different topics you might come across in a CTF event include:
-[Forensics](/CTF/Forensics)
-[Cryptography](/CTF/Cryptography)
-[Web Exploitation](/CTF/Web_Exploitation)
-[Reverse Engineering](/CTF/Reverse_Engineering)
-[Binary Exploitation](/CTF/Binary_Exploitation)
\ No newline at end of file +Different topics you might come across in a CTF event include:
+[Forensics](/CTF/Forensics)
+[Cryptography](/CTF/Cryptography)
+[Web Exploitation](/CTF/Web_Exploitation)
+[Reverse Engineering](/CTF/Reverse_Engineering)
+[Binary Exploitation](/CTF/Binary_Exploitation)
\ No newline at end of file diff --git a/SECCDC/2020 SECCDQC TeamPack_DRAFT.pdf b/SECCDC/2020/2020 SECCDQC TeamPack_DRAFT.pdf similarity index 100% rename from SECCDC/2020 SECCDQC TeamPack_DRAFT.pdf rename to SECCDC/2020/2020 SECCDQC TeamPack_DRAFT.pdf diff --git a/SECCDC/Palo_Alto_Training_Materials.pdf b/SECCDC/2020/Palo_Alto_Training_Materials.pdf similarity index 100% rename from SECCDC/Palo_Alto_Training_Materials.pdf rename to SECCDC/2020/Palo_Alto_Training_Materials.pdf diff --git a/SECCDC/Preparing_for_the_CCDC.pdf b/SECCDC/2020/Preparing_for_the_CCDC.pdf similarity index 100% rename from SECCDC/Preparing_for_the_CCDC.pdf rename to SECCDC/2020/Preparing_for_the_CCDC.pdf diff --git a/SECCDC/pan-os-admin.pdf b/SECCDC/2020/pan-os-admin.pdf similarity index 100% rename from SECCDC/pan-os-admin.pdf rename to SECCDC/2020/pan-os-admin.pdf diff --git a/SECCDC/2021/2021 SECCDC Qualifier Team Packet.pdf b/SECCDC/2021/2021 SECCDC Qualifier Team Packet.pdf new file mode 100644 index 0000000..2807487 Binary files /dev/null and b/SECCDC/2021/2021 SECCDC Qualifier Team Packet.pdf differ diff --git a/SECCDC/2021/pan-os-admin.pdf b/SECCDC/2021/pan-os-admin.pdf new file mode 100644 index 0000000..c967831 Binary files /dev/null and b/SECCDC/2021/pan-os-admin.pdf differ diff --git a/SECCDC/2021/pan-os-cli-quick-start.pdf b/SECCDC/2021/pan-os-cli-quick-start.pdf new file mode 100644 index 0000000..5696ce3 Binary files /dev/null and b/SECCDC/2021/pan-os-cli-quick-start.pdf differ diff --git a/SECCDC/2021/pan-os-web-interface-help.pdf b/SECCDC/2021/pan-os-web-interface-help.pdf new file mode 100644 index 0000000..4477eee Binary files /dev/null and b/SECCDC/2021/pan-os-web-interface-help.pdf differ diff --git a/CTF/Binary_Exploitation/README.md b/Skills/Binary_Exploitation/README.md similarity index 100% rename from CTF/Binary_Exploitation/README.md rename to Skills/Binary_Exploitation/README.md diff --git a/CTF/Cryptography/README.md b/Skills/Cryptography/README.md similarity index 100% rename from CTF/Cryptography/README.md rename to Skills/Cryptography/README.md diff --git a/CTF/Forensics/README.md b/Skills/Forensics/README.md similarity index 100% rename from CTF/Forensics/README.md rename to Skills/Forensics/README.md diff --git a/Skills/README.md b/Skills/README.md new file mode 100644 index 0000000..be067ca --- /dev/null +++ b/Skills/README.md @@ -0,0 +1,19 @@ +# Skills +Throughout your next few years here at Alabama and your career, that is if you decide to pursue a career in Cyber Security, you are going to be competing at some point. Competitions are a great way to show off your skills, see if you can think outside the box, and learn something new. When it comes to Cyber Security, you will never know everything. Always keep an open mind and be willing to listen to what others have to say. A majority of the time they know something that you don't know and vice versa.
+ +When learning about competitions you will probably here terms thrown out such as defense, offense, and CTF. Defense refers to hardening systems and trying to prevent others from braking into your machine. Offense refers to finding vulnerabilities and exploits in machines that will let you use them to break into the machine and gain control. CTF refers to capture the flag competitions which will test your skills across a variety of Cyber Security topics. CTFs are mainly difficult because they involve topics that are so vastly different from each other that it is very hard to be advanced in each and every one.
+ +Capture the flag events are a lot of fun. They test your skills across 5 main topics. These topics are Forensics, Cryptography, Web Exploitation, Reverse Engineering, and Binary Exploitation.
+ +Checkout each individual CTF topic's directory and learn more about them and find out which tools you can be using right now to help you with solving CTF challenges!
+ +Different topics you might come across in a CTF event include:
+[Forensics](/CTF/Forensics)
+[Cryptography](/CTF/Cryptography)
+[Web Exploitation](/CTF/Web_Exploitation)
+[Reverse Engineering](/CTF/Reverse_Engineering)
+[Binary Exploitation](/CTF/Binary_Exploitation)
+ +When you get to be very competitive it is recommended that you specialize in a single topic and the rest of the members of your team do the same. Obviously, everyone chooses a different topic. This doesn't mean that you only have to know about that single topic, it just means that you should have the most knowledge when it comes to solving those particular problems. You and the rest of your team should meet on a regular basis sharing new information that you found and teaching everyone at least the basics of your topic. There will come times where you will get stuck and if you are the only one that knows anything about that subject then how are your teammates going to be able to help you. You might be thinking right now, "well if I, the master of web exploitation, get stuck on a problem then how then are my teammates going to be able to help me? I know way more than them.". I have many answers to this one. You didn't get enough sleep the night before so you brain is a little foggy so you just need your teammate to remind you of a tip or trick you showed them in a previous meeting that wasn't on your mind at the moment. It might be you first competition and your so nervous that you just feel like you forgot everything, bouncing around ideas with your teammates can help you remember what it was that you just briefly forgot.
+ +When it comes to learning and practicing for these, offense and defense are mission sets and then there are skill sets which get brought up in CTFs and Jeopardy. Those skill sets can be applied to both defense and offense. So mainly, when studying for CTFs don't think that the skills you are learning can only be used for CTFs and nothing else. \ No newline at end of file diff --git a/CTF/Reverse_Engineering/README.md b/Skills/Reverse_Engineering/README.md similarity index 100% rename from CTF/Reverse_Engineering/README.md rename to Skills/Reverse_Engineering/README.md diff --git a/CTF/Web_Exploitation/README.md b/Skills/Web_Exploitation/README.md similarity index 100% rename from CTF/Web_Exploitation/README.md rename to Skills/Web_Exploitation/README.md diff --git a/TOTW/README.md b/TOTW/README.md index 2192134..1fe470b 100644 --- a/TOTW/README.md +++ b/TOTW/README.md @@ -2,6 +2,13 @@ Every week someone from the competition team will look into a tool used for solving CTF challenges. A breif presentation will be given about the tool and a write up consisting of only a few sentences will be presented as well. Here you can find the tools that we have discussed and the write up provided by the individual who did researched said tool. # TOTW +Meeting on 2/4/21
+Python
+Waiting on inspectElement to fill this out.
+inspectElement + +---- + Meeting on 1/28/21
Nmap
"Using the command ifconfig you can get the rage of your network and once you do that you can then use Nmap to discover other machines. If there is a target machine in the network range, you can use Nmap to discover the machine’s IP address. Similar tools include netdiscover and ARP. Using these two tools first can allow you to narrow down the target machine and you can then use Nmap along with these two commands to get the information you need about the target machine. The command –sS will tell Nmap to look for open ports and services and the command –AT4 looks for OS information, which can tell you a lot about your target machine."
diff --git a/Virtual_Machines/Kali_Linux/README.md b/Virtual_Machines/Kali_Linux/README.md new file mode 100644 index 0000000..3fda12c --- /dev/null +++ b/Virtual_Machines/Kali_Linux/README.md @@ -0,0 +1,71 @@ +## Kali Linux +Once you have VirtualBox downloaded it is time to download Kali Linux. There are two options to choose from. The "customized" one is created by zSecurity. I took a course that he taught and it was great. It works very well but the other Kali machine has a ton of pre-installed tools. Either OVA file will work. They are both great! If you are interested in knowing what bugs he fixed, here is the link to it:
+[Kali Linux by Zsecurity](https://zsecurity.org/download-custom-kali/)
+ +## Links to both downloads +Link to the regular Kali Linux 2020 Machine:
+[Kali Machine](https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/#1572305786534-030ce714-cc3b)
+ +Link to the zSecurity Kali Linux machine:
+[zSecurity Machine](https://zsecurity.org/download-custom-kali/)
+
+ +## kali-linux-2020 +The default user has been changed to a standard, unprivileged user. The default username and password are both "kali".
+ +Prevent Kali from going idle: +- Click on the power button (top right), then "Power Manager Settings", and then Display +- Change all of them to "never" +- Go to security, change the same thing, if you want to. + +To change the password: +- sudo su (su meaning switch user) +- Type in the password ("kali") +- passwd root (we are changing the password for the root user, you.) +- type in your new password + +Now it is time to update. You will need to be patient for this step. Open up a terminal and type in the following: + +```unix +$ apt update && apt -y full-upgrade +``` + +After all of that you should be set. When powering down the machine do not use the x button in the corner. Doing that is like pulling the plug on your computer when it is on. You are going to go to VirtualBox, right click on the machine, then close, then power off.
+
+ +## Kali 2020 x64 Customized by zSecurity +After downloading and then double clicking on the OVA file, click on import. If you haven't downloaded Oracle VM extension pack, go ahead and do so now. I explain where it is one directory up. If you have everything downloaded we can now turn on the machine. If you would like to change the name of the machine I would do so now. Click on the machine, then settings, and then in general is where you can change the name. After you do that, hit start.
+ +The log in information is going to be:
+username: "root"
+password: "toor"
+ +Prevent Kali from going idle: +- Click on the power button (top right), then "Power", and then switch it to never. + +The next thing you want to do is update the sources where Kali can search and download programs from with the following command: + +```unix +# apt-get update +``` + +If you would like to you can install a terminal that will allow you to have multiple terminal windows open in the same window. You are going to download this with the following command. + +```unix +# apt-get install terminator +``` + +Press y and hit enter to confirm the download and then it will install on your system.
+
+ + +## Windows won't let you power on Kali Linux? +If you are using Windows then you might come across an error in which the machine won't even start. Does it say something like "Failed to open a session for the virtual machine"? If so, try the following and see if it fixes the issue. If it doesn't fix the issue then you can always message in the general slack and ask for help!
+ +What you are going to want to do is first close out your virtual machine manager, in this case it should be VirtualBox. Go to Windows Search and type in "features". Click on "Turn Windows features on or off". Now you are going to disable the following. If any of them are already disabled, then you can skip those: +- Virtual Machine Platform +- Windows Defender Application Guard +- Windows Hypervisor Platform +- Windows Sandbox + +Click ok and restart your computer. diff --git a/Virtual_Machines/ParrotOS/README.md b/Virtual_Machines/ParrotOS/README.md new file mode 100644 index 0000000..10db7f9 --- /dev/null +++ b/Virtual_Machines/ParrotOS/README.md @@ -0,0 +1,2 @@ +for now, donwload OVA file under Parrot Security OVA, double click to import it into virtual box. Start it, wait a few minutes, a pop up will ask if you want to update. Update, this will take a while. Take a snapshot of the machine in Virtual Box. Then go crazy!
+[Parrot OS](https://www.parrotsec.org/download/) \ No newline at end of file diff --git a/Virtual_Machines/README.md b/Virtual_Machines/README.md new file mode 100644 index 0000000..4e7e267 --- /dev/null +++ b/Virtual_Machines/README.md @@ -0,0 +1,19 @@ +# Virtual Machines +Here are a few virtual machines along with instructions on how to download them.
+ +If you are unfamiliar with what virtualbox, Linux, and Kali Linux are, then head on over to the "where to start" directory where I have added some great links to videos and readings on those topics. I'll even give you a link right to it, here: [Let's Learn](/0_Where_To_Start)
+
+ +## Before you get started +Before you get started, I recommend downloading a download manager. It is not necessary but can be helpful. You can download a popular and free one called [Free Download Manager](https://www.freedownloadmanager.org/). I mean, that name could not be better. If you ever google "hey I want a free download manger", boom that's the first thing that is going to pop up. If you're not sure why you should get it maybe this article will help.
+[Why You Should use a Download Manager](https://www.hellotech.com/blog/use-download-managers)
+ +I also recommend you create a folder in your home directory called VirtualBox images and store all of these images that you are downloading in there. You can also create folders for each of the machines within VirtualBox images. The two Kali machines and the Parrot OS machine can go in a folder called OVA files. The SEEDLabs Ubuntu machines can go in a folder called VMDK files and the iso image can go in a folder called ISO Images. Stay organized, it only makes life easier!
+
+ +## Virtualbox +If you don't already have virtualbox then go ahead and download it. We all use it so if you have any trouble with it don't be afraid to ask for help! I reccomend also downloading the extension pack after your installation for virtual box has finished. You will find it right under the download you just clicked on. It will be called "Oracle VM VirtualBox Extension Pack". Download it and then double-click it. It will open virtual box and then just hit install.
+[VirtualBox](https://www.virtualbox.org/)
+ +With whatever virtual machine you decide to download, after running the instructed update and upgrade commands make sure you take a snapshot! Doing so will save the state of the machine. You will title it "fresh install" and for the description you will put something along the lines of "Just installed this vm and ran the instructed update commands". Now if anything happens to your machine you can always restore this snapshot and run it like you just installed it. It is recommended that you create snapshots before doing anything big. I will always take a snapshot after downloading certain tools because some of them can be a pain to downlaod and install. +
\ No newline at end of file diff --git a/Virtual_Machines/Ubuntu-12.04/README.md b/Virtual_Machines/Ubuntu-12.04/README.md new file mode 100644 index 0000000..d780715 --- /dev/null +++ b/Virtual_Machines/Ubuntu-12.04/README.md @@ -0,0 +1,2 @@ +Downlaod the digital ocean download for the 12.04 machine and read the pdf for instructions.
+[Ubuntu 12.04](https://seedsecuritylabs.org/labsetup.html) \ No newline at end of file diff --git a/Virtual_Machines/Ubuntu-12.04/Ubuntu12_04_VM_Manual.pdf b/Virtual_Machines/Ubuntu-12.04/Ubuntu12_04_VM_Manual.pdf new file mode 100644 index 0000000..adf1eba Binary files /dev/null and b/Virtual_Machines/Ubuntu-12.04/Ubuntu12_04_VM_Manual.pdf differ diff --git a/Virtual_Machines/Ubuntu-16.04/README.md b/Virtual_Machines/Ubuntu-16.04/README.md new file mode 100644 index 0000000..db2cef9 --- /dev/null +++ b/Virtual_Machines/Ubuntu-16.04/README.md @@ -0,0 +1,2 @@ +Downlaod the digital ocean download for the 16.04 machine and read the pdf for instructions.
+[Ubuntu 16.04](https://seedsecuritylabs.org/labsetup.html) \ No newline at end of file diff --git a/Virtual_Machines/Ubuntu-16.04/SEEDVM_VirtualBoxManual.pdf b/Virtual_Machines/Ubuntu-16.04/SEEDVM_VirtualBoxManual.pdf new file mode 100644 index 0000000..7508226 Binary files /dev/null and b/Virtual_Machines/Ubuntu-16.04/SEEDVM_VirtualBoxManual.pdf differ diff --git a/Virtual_Machines/Ubuntu-20.04/README.md b/Virtual_Machines/Ubuntu-20.04/README.md new file mode 100644 index 0000000..c959bf6 --- /dev/null +++ b/Virtual_Machines/Ubuntu-20.04/README.md @@ -0,0 +1,10 @@ +## From SEEDLabs +Downlaod the digital ocean download for the 20.04 machine and click the link below for instructions.
+[Ubuntu 20.04](https://seedsecuritylabs.org/labsetup.html)
+ +[Instructions](https://github.com/seed-labs/seed-labs/blob/master/manuals/vm/seedvm-manual.md) + +## ISO image +Go to this link in which you will be prompted to download an iso file. Create a folder in your home directory for virtual box images and create a folder inside of that one called ISO images. If you are interested in getting this machine up and running in virtual box then message me and ask for help, if you even need it.
+ +[Ubuntu 20.04 download](https://ubuntu.com/download/desktop/thank-you?version=20.04.2&architecture=amd64) \ No newline at end of file