This is my last entry for the COMSEC1 Learning Log 😦 This maybe the last entry for this subject but I know we’re going to have another learning log in our COMSEC2 :)) I just hope that Sir Justin is our COMSEC2 professor next term because there is a possibility that another professor would take the COMSEC2 subject. I like Sir Justin’s way of teaching because not only the lessons are full of knowledge, but also he demonstrates to us on how to use the tools that are needed in our course. I learned many things from this course; Auto It, which lets the user to create a script that would automate some programs in Windows. Reconnaissance, gathering information about the target. Nmap, a useful tool to use in port scanning and network scanning, and also many other tools that we’ve tried and discussed during the period of this course.
After this two weeks, we learned about Gaining access and Maintaining access. Gaining access means that you try to access your target’s system. This could be done by trying numerous techniques to bypass the system. These techniques could be the following: guessing the password, using a keylogger to capture the password, and other methods that could help extract the password information from the user. After gaining access, there are some steps to follow to maintain access of the system. This is important because if the user wants to access the system in another given time, he/she should follow these steps so that he/she could still use the system. The first step is to elevate the privilege of the user’s account once you’ve gain access. The reason is that some features may be disabled on the normal user level and some features require administrator intervention so that the feature could proceed. After the user is turned into an administrator level account, the next step is to disable the firewall of the computer. With the firewall disabled, the attacker could now communicate with the bypassed system in any given time. At first, I thought that extracting the password from the users was difficult but after some demonstration from Sir Justin, I saw that there is an application where in it could extract the contents of the password file, and the name of the tool is pwdump. We tested pwdump on a Windows XP based computer and it successfully extracted the password hashes of the user accounts on Windows. I was excited to see the results and I wanted to do the next step which was converting the hash values of the password into readable output. Cool right? :))
Using john the ripper, a password cracker, uses the technique of hashing a guessed string of letters and numbers that could be the possible password into a hash value and then comparing it to the hash value of the password extracted from the password file. It repeats the process until it successfully matches the correct hashing value to the password hashed value. After this subject, I guess I’ll still explore more about the tools being used in the computer security section. Now that I have a Kali Linux running in my virtual machine, I could explore the different tools inside Kali. Even though our subject is about to end, I don’t know what awaits us in our COMSEC2 class because what we’ve discussed here in our COMSEC1 class is just a part of a much larger definition of security in computers. I can’t wait!! 🙂 Thanks for reading 🙂
This time we had a new lesson about Understanding Hard Disks and File Systems. I don’t even know that this lesson will be part of our Investigation when we handle computer parts and physical part. This is important because to avoid any tampering of the evidence since the slightest touch or the mishandling of the device may result to damages. I also learned about the parts and how the hard drive works 😛 One of its part is Platter, as I’ve read it is a magnetic or ceramic disk that control or hold the actual data. The other one is the Track where in track numbering happens. Track Numbering begins at Track 0 then moves towards then goes to the center of the platter. And in the part of the hard drive there’s what we call the Sector, which is the smallest physical part. There’s also a cluster which is the smallest allocation naman. Wait there’s also a Slack Space, which refers to the free space on the cluster basta siya yung naleleft behind tsaka matatanggal lang yon pag inoverwrite pati idisk wipe ganern. In addition to what I’ve read in computerhope.com, Slack space is important form of evidence in the field of forensic investigation because slack space can contain relevant information about a suspect that a prosecutor can use in a trial. So that’s just a part of what we’ve discussed! 😉
In addition to this entry, I just want to share about our Final Project!!! WOOOOOO FINALLY WE’RE DONE! Our project is about BeEF (Browser Exploitation Framework) Ang cool niya swear! #FeelingHacker Well, I will not further discuss it because I included it on my last entry! 😉 I also liked group of Salazar’s Final Project because it’s a Social Engineering Tool wher in you could launch many different kinds of attacks like Spear Phishing, Creating a Payload and listener and Arduino Based Attack Vector (WOW Flexible 😛 ) etc…
One thing that I noticed about myself is that I have weakness that I need to conquer (lol), I’m afraid to talk and recite on class L I always think that my answers are wrong. (I’m too shy to answer what my prof is asking) But honestly when I’m not in class I always wanted to try everything that is related to security and hacking! Need to face your fears Joanna.…..
This is my fifth entry on my INVESTI blog. This first term is coming to an end because we only have 3 more weeks to go 😦 But I know that these coming 3 weeks are going to be fulled with new knowledge and lessons for me to learn 🙂 What we did this week was an exercise on the case study of company ABC. (This company is always a victim HAHAHAHA) Now there are 3 situations according to the exercise. The first situation was that there was a ransomware that was spread across the network of the company. It had infected 50 computers and they ask for 50,000 pesos ransom for each computer which bring to a total of a quarter of a million pesos (WOW). Now even though this situation is fictional, there are cases that in which companies are attacked with viruses and malware so that it could damage the company. With this type of malware installed on the computer, either pay the ransom being asked or just format the drive. If there are unnecessary files on the computer, the drive could be formatted. If there are important files at the computer with no back up of those files, you are left to pay the price of the ransom. The payment is made through bitcoin so it could not be traced back to the owner of the bitcoin wallet.
Now I want to talk about beef. Not beef the meat but BeEF which means Browser Exploitation Framework. This is a useful tool to use the exploitations available in many internet browsers. Google Chrome, Mozilla FireFox, and even Internet Explorer. These exploits ranges from getting your history to accessing your webcam through a fake permission flash pop-up. This is useful to extract information about a target without him/her knowing about it. To start using BeEF, you need to “hook” a user so that you could exploit his/her browsing session of the browser. After the “hook” part, the exploitations will begin. I am still learning more about BeEf and I will soon use other tools that are available in the Kali Linux operating system because after installing Kali Linux, I was surprised because there were already pre-installed tools for pentesting, hacking networks and many more. I got excited when I saw the tools and I’m ready to explore the tools individuality. I know that I can do this and with the help of Adrian, we could learn those tools together.
This is my fourth entry here in my INVESTI blog! Yehey!! 🙂 This week was our SOCIT week and that’s the 7th week. Before Sir Investi sends us down for a seminar, he briefly explained what is a First Responder and what are the procedures if you are that person. I saw the slides and saw the very definition of a first responder. It means that it is the first person who arrives at the scene of the crime. Base from the context of the first responder, I immediately thought of the meaning of the first responder and I was right! 🙂 The first responder has roles and jobs to fulfill and those jobs are: protecting the evidence, integrating the evidence, and preserving the evidence at the scene of the crime. The responder may be network administrator, law enforcement officer and etc. I already imagined that I am the first responder at the scene of the crime. Base from the lesson, I already know the sequence of what to do if there is any evidence present. There are also procedures on what to do if you are the first responder. I had read the roles and I already understood why this is important and why should it be followed.
I thought that if these procedures are followed, then there is no compromise of the evidence being handled. If these procedures are not followed, then the evidence wouldn’t be useful to the investigation since it wasn’t handled properly. Next was the rule of a first responder. It was that if the first responder has no experience in computer forensics, that person should avoid any attempts in recovering any files or using the computer. That should be avoided because if an untrained person tries to use the computer, it maybe a trigger for a self destruct virus or the integrity of the computer will change. There is compromise of the evidence that is related to the case and that should be preserved and should not be touched unless a qualified computer forensic personnel is present. I learned many things this week and I am interested in what else in is stored for the INVESTI subject.
My learning log entry #5, which is this entry, I will be telling you about the usage of AutoIt as well as the exercise that we’ve done. AutoIt, an script editor which you could write scripts that automates programs or any process that is in the confinement of the Windows operating system environment. We had to build a malware that will do a specific process that could either pose a threat to the user or damage the system. This malware is decided among team members and they have to settle what kind of malware should be used as a model of research and development. We decided to go for ransomware since we all though it was unique since it first encrypts the files of the infected computer and it asks for payment so that a key would be given to the user to give him/her the right to unlock his/her computer again. We found out that many people fall to this malware and most of them choose to check first if the worth of the files inside of the computer is worth more than the price for the key. There are two optimal solutions for the ransomware problem. That is to pay for the key or to reformat the drive and completely remove the virus. I had read some articles and some people are victimized by this malware and they seek help for the cure of the ransomware. We imitated the movement of the ransom ware and came up with a design and the needed features so that our malware could be considered as a ransomware.
But enough of the viruses and malware, I want to talk about scanning. There are 3 types of scanning; Port, Network and Vulnerability scan. All 3 of the scan types have different usages. Port scan is to scan for available and open ports, Network scan is to check if there are any active host in the network and last but not the least, Vulnerability scan is done to check if there are any weaknesses in the network. I learned that these scans are important in my profession since in the future when I have a job, I know that I need to check the network infrastructure before making it more secure. Not only did we scan for the exercise, we also used a browser which is famous among those who want to stay anonymous in the community and that is the Tor browser. Tor browser directs internet traffic and hiding the original IP address of the user by switching the IP address very quickly so that the host will not be detected by a scan. This browser helps the users anonymous but can be used in a bad way since it hides the user. This could be a problem because some criminals could use the Tor browser to prevent detection from authorities. Other could use the browser to do illegal activities via Internet. It is a good application at the same time, it poses as a bad application.
This week we had our SOCIT week celebration where in we commemorate the SOCIT department of APC. Even though we didn’t had classes because of the SOCIT week, we had to go to some seminar that are related to our course. Luckily, most of the seminars are fascinating and they caught my attention. Many of our subjects urged us to explore the events happening in the APC grounds. There were quizzes and trivia games as well as classes where in they teach you lessons in coding. But enough of those events, I will now tell you the events that I was interested in. The first seminar was conducted by the cousin of my block mate. He explain forensic investigation which was exactly the subject that I’m interested in. I listened well to the speaker and found out there are many software and applications that could be use to conduct recon on a target and get all the needed and relevant information about that target. There was an application that could determine the information about the picture. When was it taken, what device did the photo taker use for the picture and etc., which means that there are a lot of data that exist in the photo. I only though before that you could only determine the time where the photo was taken but this program reads the metadata of the picture. It presents all the gathered data from the picture and my reaction is that I was shocked to learn that this kind of tool exist.
After that seminar, he held another seminar in the same venue. He was the speaker again but he introduced another subject and that is Website security. He said that there are many kinds of attacks on the users even through the use of Social Engineering. He display a MySQL intection format as well as explained the usage of such injection. Even though that the seminar where about the attacks being commenced by the user. This seminar was helpful to me because it contributed to my knowledge of computer security as well as in my investigation class. With the new knowledge I obtain by listening to the seminar, I can download tools that the speaker said and try out the functionalities available. I can explore more about INVESTI and COMSEC since the seminars that we’ve attended to expounded upon the teaching that I know will soon be discussed.