Entry #6

This is my last entry for the COMSEC1 Learning Log 😦 This maybe the last entry for this subject but I know we’re going to have another learning log in our COMSEC2 :)) I just hope that Sir Justin is our COMSEC2 professor next term because there is a possibility that another professor would take the COMSEC2 subject. I like Sir Justin’s way of teaching because not only the lessons are full of knowledge, but also he demonstrates to us on how to use the tools that are needed in our course. I learned many things from this course; Auto It, which lets the user to create a script that would automate some programs in Windows. Reconnaissance, gathering information about the target. Nmap, a useful tool to use in port scanning and network scanning, and also many other tools that we’ve tried and discussed during the period of this course.

Jim-Carrey-Fast-typing

After this two weeks, we learned about Gaining access and Maintaining access. Gaining access means that you try to access your target’s system. This could be done by trying numerous techniques to bypass the system. These techniques could be the following: guessing the password, using a keylogger to capture the password, and other methods that could help extract the password information from the user. After gaining access, there are some steps to follow to maintain access of the system. This is important because if the user wants to access the system in another given time, he/she should follow these steps so that he/she could still use the system. The first step is to elevate the privilege of the user’s account once you’ve gain access. The reason is that some features may be disabled on the normal user level and some features require administrator intervention so that the feature could proceed. After the user is turned into an administrator level account, the next step is to disable the firewall of the computer. With the firewall disabled, the attacker could now communicate with the bypassed system in any given time. At first, I thought that extracting the password from the users was difficult but after some demonstration from Sir Justin, I saw that there is an application where in it could extract the contents of the password file, and the name of the tool is pwdump. We tested pwdump on a Windows XP based computer and it successfully extracted the password hashes of the user accounts on Windows. I was excited to see the results and I wanted to do the next step which was converting the hash values of the password into readable output. Cool right? :))

raw

Using john the ripper, a password cracker, uses the technique of hashing a guessed string of letters and numbers that could be the possible password into a hash value and then comparing it to the hash value of the password extracted from the password file. It repeats the process until it successfully matches the correct hashing value to the password hashed value. After this subject, I guess I’ll still explore more about the tools being used in the computer security section. Now that I have a Kali Linux running in my virtual machine, I could explore the different tools inside Kali. Even though our subject is about to end, I don’t know what awaits us in our COMSEC2 class because what we’ve discussed here in our COMSEC1 class is just a part of a much larger definition of security in computers. I can’t wait!! 🙂 Thanks for reading 🙂

large

Advertisements

ENTRY #5

My learning log entry #5, which is this entry, I will be telling you about the usage  of AutoIt as well as the exercise  that we’ve done. AutoIt, an script editor which you could write scripts that automates programs or any process that is in the confinement of the Windows operating system environment. We had to build a malware that will do a specific process that could either pose a threat to the user or damage the system. This malware is decided among team members and they have to settle what kind of malware should be used as a model of research and development. We decided to go for ransomware since we all though it was unique since it first encrypts the files of the infected computer and it asks for payment so that a key would be given to the user to give him/her the right to unlock his/her computer again. We found out that many people fall to this malware and most of them choose to check first if the worth of the files inside of the computer is worth more than the price for the key. There are two optimal solutions for the ransomware problem. That is to pay for the key or to reformat the drive and completely remove the virus. I had read some articles and some people are victimized by this malware and they seek help for the cure of the ransomware. We imitated the movement of the ransom ware and came up with a design and the needed features so that our malware could be considered as a ransomware.

autoit-logo.jpg

But enough of the viruses and malware, I want to talk about scanning. There are 3 types of scanning; Port, Network and Vulnerability scan. All 3 of the scan types have different usages. Port scan is to scan for available and open ports, Network scan is to check if there are any active host in the network and last but not the least, Vulnerability scan is done to check if there are any weaknesses in the network. I learned that these scans are important in my profession since in the future when I have a job, I know that I need to check the network infrastructure before making it more secure. Not only did we scan for the exercise, we also used a browser which is famous among those who want to stay anonymous in the community and that is the Tor browser. Tor browser directs internet traffic and hiding the original IP address of the user by switching the IP address very quickly so that the host will not be detected by a scan. This browser helps the users anonymous but can be used in a bad way since it hides the user. This could be a problem because some criminals could use the Tor browser to prevent detection from authorities. Other could use the browser to do illegal activities via Internet. It is a good application at the same time, it poses as a bad application.

2000px-Tor-logo-2011-flat.svg.png

ENTRY #4

This week we had our SOCIT week celebration where in we commemorate the SOCIT department of APC. Even though we didn’t had classes because of the SOCIT week, we had to go to some seminar that are related to our course. Luckily, most of the seminars are fascinating and they caught my attention. Many of our subjects urged us to explore the events happening in the APC grounds. There were quizzes and trivia games as well as classes where in they teach you lessons in coding. But enough of those events, I will now tell you the events that I was interested in. The first seminar was conducted by the cousin of my block mate. He explain forensic investigation which was exactly the subject that I’m interested in. I listened well to the speaker and found out there are many software and applications that could be use to conduct recon on a target and get all the needed and relevant information about that target. There was an application that could determine the information about the picture. When was it taken, what device did the photo taker use for the picture and etc., which means that there are a lot of data that exist in the photo. I only though before that you could only determine the time where the photo was taken but this program reads the metadata of the picture. It presents all the gathered data from the picture and my reaction is that I was shocked to learn that this kind of tool exist.

raw

After that seminar, he held another seminar in the same venue. He was the speaker again but he introduced another subject and that is Website security. He said that there are many kinds of attacks on the users even through the use of Social Engineering. He display a MySQL intection format as well as explained the usage of such injection. Even though that the seminar where about the attacks being commenced by the user. This seminar was helpful to me because it contributed to my knowledge of computer security as well as in my investigation class. With the new knowledge I obtain by listening to the seminar, I can download tools that the speaker said and try out the functionalities available. I can explore more about INVESTI and COMSEC since the seminars that we’ve attended to expounded upon the teaching that I know will soon be discussed.

f8a0d93f0a30aa293c1b8e9c249bdc25

Entry # 3

Last week Friday, we didn’t have our COMSEC class due to the extreme unpredictable weather that’s why classes were cancelled. Hay hahaha. But before that, we had a discussion last week Tuesday and it was about reconnaissance and foot printing. Basically, it was about data and information gathering about a specific target that you want to attack. Before the attack, one must should do foot printing so that the person could learn all the important things about the target. There were many ways to extract the needed information and Sir Comsec showed us the ways.

tumblr_m0miayX13Z1qafj58.gif

There was using Google hacks to find more information about the target. Google hacks was used in our earlier activity but it is a helpful hack since you can gather more information of the target through the use of one of the best search engine in the internet. Other tools are the websites that could give us information about the target’s location. It was Google Earth and Google Maps which gave us the location of the target’s house and other useful images of different location. That’s why try Google now!! 😛

But enough of promoting Google into your lives, we also had another set of tools and this were designed for a different target; a website. These tools were Netcraft, IPvoid, Who.is, and even command prompt ( Wow!!! :O ) we also had our activity about this topic but unfortunately the internet was slow and unresponsive (BEST. INTERNET. EVER, APC center of IT excellence HAHAHA ) that’s why we did the activity in our homes.

Angry-Woman-GIF.gif

My groupmates and I were chatting so that we can help each other to finish the activity on time and we did it!! ( Yehey!!! Goal accomplished) I can say that this activity was interesting and was fun to do. It was filled with new boundaries and new terms that broaden our simplistic view of information extraction ( Miss Universe version of “Masaya gawin at may natutunan ako” HAHAHAHAHA) I am expecting more activities that could help use to learn more about the subject and security in whole. See you next time! YAHOO!!

tumblr_m78mwmcsrF1ry24igo1_500

Entry # 2

Well, we had our first activity but Sir Comsec is not around 😦 sad……. But we still continue our lab exercise about Wireshark and with that, the exercise also have theoretical questions that will going to answer based on what we will going to do. Our groupmates divided the tasks, since we’re only 3, RJ said that he will be going to answer the theoretical and Adrian & I will be going to do the Wireshark. At first, nahirapan kami because we are just following the direction without analyzing it, e pag ganun pa naman Adrian and I are always arguing na “Mali ka, ako tama”, “Ganito nga kasi”, “Ay nako bahala ka dyan”, “Intindihin kasi yung question”. Hahahahaha then we got it! Yung sa 3 way handshake. Then, when we’re in the middle of the lab exercise, we found it interesting! Paunahan kami! Haha. In the last part, we are arguing again about bakit di nalabas yung HTTP… etc = POST. And still nagpapaunahan kami. Sa pinoy exchange lumabas naman yung = POST pero bakit sa tipidpc hindi 😦 sad.

5-reasons-to-wireshark_FEATURED

We’re running out of time. Then we found out that when you type the pinoyexchange.com, wala siyang https, but the other one which is the tipidpc.com ay meron. Natawa kami!! Adrian said that dahil daw pop up yung ‘sign in’ sa pinoy exchange kaya nalabas yung = POST, sa tipidpc daw di pop up. HAHAHAHAHAHA so funny! Ayun pala ang dahilan because mas secure yung TipdPc while the pinoy exchange doesn’t have. YEHEY!!!!

15669999

Next meeting, we had our discussion with Sir Comsec. Wooooh! For me the discussion is fairly easy because some of the topic discussed was what we learn in ITCONCE, DATACOMM, and in INFOSEC. It is an advantage that we had our INFOSEC before, because the lessons are fresh from our minds but I had forgotten some of the topics and I need to review those lesson that I had forgotten. Hehe.

I also want to share about our recent lesson which is about Cryptology. When Sir discussed / reviewed the lesson, it was clear and more defined to me.  I made more sense to me than before, because it was elaborated and studied upon.

crypto_logo

Sir Comsec told us to download a new software called “Burp Suite” and tomorrow (July 1, 2016) we will explore what it does and what it is for. Yehey!!!

Finally, the activity today was about the decoding of the encoded message from the website given to us by Sir Comsec. It was a message that was encode into a Base64 link that was supposed to be associated to a link of a page. Sir explained that links or the URL of the pages of websites are encode for security reasons. After getting the message, the next task was to find out the password for the account. The account was from tipidpc and we had to do a dictionary attack so that we can access the site. A dictionary attack is an attack by guessing the password using a dictionary or collection of possible words that maybe the password itself. We had use Burp Suite to launch a dictionary attack and we found out that when the password has been presented, it had to have a different length compared to the other words. We retrieved the password and it was aardvarks. After that activity, there was one final task that Sir Comsec had given to us and it was to crack a zip file that has a txt file containing a plaintext. He said that there were clues on the site and we found out the hidden message in the message box. It was encrypted using the Caesar cipher and through trial and error, we crack the zip and successfully extracted the txt file.

Well…….. “LESSON FOR TODAY” …….. DO NOT OVER THINK 🙂

tumblr_mur9elUY6o1re6xeqo1_500

WEEK 1

this course has the prerequisite of the subject INFOSEC. INFOSEC is really a good subject, Sir Infosec has a lot of research papers thingy and his lesson was in his google drive that’s why our topics when you read it (kahit mahaba and madaming slides, mapapa read ka talaga). Because it was interesting and engaging at the same time. It was about different types of security and some of the lessons there were about situational based problem. For example, if a fire happened inside a room filled of computers and electric components, what type of fire extinguisher should be used so that none of the computers are affected or there is only minimal loss. Figuring out the solutions for those kind of problems are challenging and it trains us to know how to response to the problem with the best solution in mind.
200_s
This week we already had our ‘bunutan’ for our Research topic, and our leader, RJ Verano picked “Eavesdropping ”
I’m excited to work with my groupmates, because I found out that our topic is interesting that’s why I always love to search for articles or something that is related to our topic! 🙂 It’s interesting to read those kinds of articles because it gives us an idea what kind of solution should be implemented and it’s also added learning 🙂 we already passed the outline for our group, and I learned so much from the articles alone! Such as drone being able to intercept incoming messages and connections, the threat that exist in the usage of public wifi and many more! 🙂 It just goes to show you that lessons like these are one of the motivation to learn more 🙂
giphy.gif

I also expecting this subject that Sir Comsec will give us many research papers and articles which will read to give us more knowledge about the lesson. Hihi 🙂 not only research papers, but his personal insights about the subject which helps us to understand the lesson easier. Sometimes the lessons maybe hard to understand but with my classmates help and with Sir Comsec’s effective teaching technique, I know that I can excel in this class and fulfill the objectives of this subject 🙂

large.gif