Thursday, August 11, 2016

I recently got hired at New Era Computers. My interview for the job consisted of me clean installing Windows 10 on machines that previously held Linux OS's. I had manually cleaned and reformatted the disks using the command line DiskPart utility.

During the first week I started cleaning up computers with utilities such as CCleaner, Microsoft Security Essentials, TDSSKiller, ADWCleaner and MalwareBytes. I spent time removing adware and bad Chrome extensions, installing drivers on new computers, setting up printers, and troubleshooting basic software problems clients had. I also created a network share from Windows XP to Windows 10 for one client. The biggest refresher that week was how easy malware can spread...

So far in this second week I have learned how to use and customize Tronscript to automate a lot of the PC cleanup process and made a backup with a Seagate External drive for the first time. I've started researching how to use Clonezilla to make and restore images as well.

Thursday, July 21, 2016

Most ransomware involves encrypting the host's data and then demanding a ransom for decryption.
I was trying to think of a less complicated way to achieve the same effect with less code and necessary permissions.

Instead of encrypting the data or transferring it to the attacker's computer, why not just keep it on the victim's machine and hide it,
with only one line of code.

mv -f /home ./Documents/.testy

Where the targets home directory is moved to a hidden directory in a different folder. An attacker could simply tell the victim that the data has been taken and demand a ransom, it is unlikely that the victim would think that someone would pull such a simple trick on them. However it's a one-trick pony so it's a bit lacking in the usefulness department.


Most ransomware involves encrypting the host's data and then demanding a ransom for decryption.
I was trying to think of a less complicated way to achieve the same effect with less code and necessary permissions.

Instead of encrypting the data or transferring it to the attacker's computer, why not just keep it on the victim's machine and hide it,
with only one line of code.

mv -f /home ./Documents/.testy

Where the targets home directory is moved to a hidden directory in a different folder. An attacker could simply tell the victim that the data has been taken and demand a ransom, it is unlikely that the victim would think that someone would pull such a simple trick on them. However it's a one-trick pony so it's a bit lacking in the usefulness department.

Friday, June 10, 2016

Backing up Google Data from a Second Account

Google offers a service called Takeout as a way to make backups of all your Google data. It’s great that they offer this, but I think there could be a more secure way to secure all of your data and account.

Here’s my idea. Google should offer a secondary account as a failsafe comprised of a secondary email address and password with a duplicate of all of your data. The second account would be private, you and only you would only know of its existence and you would use a password that you had never used before and would never use again. In the event your main account is compromised, you would be able to log into your second account to use as your new account, or alternatively, regain access to the first account from the second account.

Although this isn’t an available option, there are a few methods I’ve found to provide the same  redundancy for most data as that idea. Create a second private account, and choose to share all folders in Google Drive with that account with full ownership. And of course, set up your second private Gmail to have all mail from your main account forwarded to it, creating a safe cloud storage option.

I find it hard to believe anyone could access my account with two-step verification, but they say it’s not a matter of if you get hacked, it’s when you get hacked.

Tuesday, May 24, 2016

Wrote this shell script today for Ubuntu.

#this script autobacks up encrypted and nonencrypted files to a USB flash drive.
#it assumes dirs exist
#and files filearrived and file2arrived exist on unencrypted and encrypted respectively
#and your USB is plugged into the first port
#personalized config:
#subsitute anybody for your username
#substitute encrypt64 for the folder you want your USB mounted at on your Home dir
#subsitute Documents for the folder you want encrypted
#substitute "files" for the folder you want unencrypted
#When you want to view your encrypted files run this command alone
# sudo mount -t ecryptfs  /home/anybody/encrypt64 /home/anybody/encrypt64

read -p "is ecryptfs installed?" -n 1 -r
if [[ ! $REPLY =~ ^[Yy]$ ]]
sudo apt-get install ecryptfs-utils
echo "Headed to home dir"
echo "making sure ecrypt is unmounted"
sudo umount /home/anybody/encrypt64
sudo umount /dev/sdb1
echo "mounting usb"
sudo mount /dev/sdb1 /home/anybody/encrypt64
echo "checking mount point"
df -h | grep sdb1

read -p "Copy unencrypted files?" -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]
echo "copying unencrypted"
sudo cp -r files encrypt64
echo "checking unencrypted arrived, user should check date modified"
ls -l --sort=time encrypt64/files | grep filearrived

read -p "Copy and encrypt files?" -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]
echo "starting encryption"
sudo mount -t ecryptfs  /home/anybody/encrypt64 /home/anybody/encrypt64
echo "copying encrypted documents"
sudo cp -fr Documents /home/anybody/encrypt64
echo "checking encrypted arrived, user should check date modified"
ls -l --sort=time /home/anybody/encrypt64/Documents | grep file2arrived
echo "stopping encryption"
sudo umount /home/anybody/encrypt64
echo "checking if encrypted success, you should see random characters"
tail -n1 /home/anybody/encrypt64/Documents/file2arrived
read -p "Run last check?(optional)" -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]
sudo mount -t ecryptfs  /home/anybody/encrypt64 /home/anybody/encrypt64
cat encrypt64/Documents/file2arrived
sudo umount /home/anybody/encrypt64
echo "you should be able to read the file above"
echo "ecryptfs has been unmounted."
echo "operation complete"

Sunday, February 21, 2016

Many of my articles have been linked from the Defensive Information Security podcast. I didn't write here last week, so I just want to reference a few noteworthy reads I skipped. Please ignore any autocorrect errors you see here, I'm limited to writing on my phone at the moment.

They include ransomware used as a distraction, where it was believed that an attack was meant to divert attention away from the real endgame. I thought this was fascinating, almost another level of social engineering. It reminds me of how instead of using data encryption, one could use data obscufication.  It shows me that as much as network security is about implementing a solid network and maintaining it,  that it is just as much a mind game against fellow humans.

The next was that many windows flaws are mitagated by disabling the admin account. Now it is interesting looking again at this a week later, after two days ago I read an article stating that one of the top ten important GPOs was quite simply disabling the Guest account. Anyhow, the article may be right, but we don't live in a perfect world. Most of the time, we want those admin privileges to enhance productivity, and we are all aware of the security tradeoff whether we like it or not. As a youngun, I do like to speculate about the future and I have to wonder about there being a smarter solution to using computers than simply admin or non-admin rights, perhaps an adaptable system based on each user and security concerns?

The next article was that hackers attacked 20 million accounts on Alibaba's Taobao shopping site. Essentially an Aliexpress type site or any other. I wouldn't normally discuss this, we hear about these mass attacks all that time. Defensive Security reported on it due to the sheer scale of this attack, but that's not what is relevant to me. For me, I have ordered many items from these (mainly Korean in my experience) sites. I have seen tons of reviews about how customers items never showed up to their door, and many reviews that were obviously from the seller himself, using disposable accounts. Anyway, why this relates to me, is for years, my father, who is not in IT,  always had a policy of never ordering anything from any of those foreign countries. He never told me why. Whatever his reason was, he was right. Simply put, it is questionable whether or not the site itself is safe. These sites have not garnered trust. I wouldn't be surprised if they were in on the breach, or less dramatically, having next to no security and not caring about it. As worrisome as that is, shouldn't I be more worried about T-Mobile's recent attack where there was a fair chance my SS number was compromised? One massive Asian corporation might have leaked my credit card info, but my cell phone provider leaked the only number that truly matters to a citizen of the U.S. Which is the bigger deal?

Once again, it's neat to see what I've been learning about used in the real world.

Sunday, February 7, 2016

This week the "head hacker" of the NSA gave a talk about defending against nation state attackers. The full talk is hosted on YouTube, The Register has a write up of the speech, and Defensive Security Podcast Episode 147 also has some comments. This NSA briefing stood out to me because so much of what the speaker, Rob Joyce, had to say is exactly what's we've been covering in this Network Administration class. For example, the six stage process ("reconnaissance, initial exploitation, establish persistence, install tools, move laterally, and then collect, ex-filtrate and exploit the data") the NSA uses to crack its targets is parallel to the attack strategy mentioned in the Comp-Tia+ Network Security textbook.

Most of the talk is just review at this point, patching vulnerabilities, keeping access to confidential information or system privileges/rights to only isolated systems/essential personnel. The article and podcast I linked above focus on some of the more useful advice in the talk like using white-listing and possibly the most important tip in the talk, using reputation-based tools before you run code.

What stood out to me however, was that Joyce explains that these nation state hackers don't really focus on exploits. They wait to strike, patiently and persistently, they wait and wait until they find your weak spot and exploit it. I may have already known this, but hearing the warning come from the top has raised my paranoia level and alertness. You're waiting for someone outside your network to attack you, but they're right on the outside waiting on you. Or they may already be inside, right under your nose. It's a change of thinking from waiting for a sign that you're under attack to assuming from the start that you may already be compromised. It's how you're going to look for the attacker inside your network, isolate him, kick him out, keep him from your sensitive data and make sure you make the changes necessary to keep your doors locked.

Another interesting read came out this week on hacking an SQL server without a password. It was appealing for me because I'm just starting to see how attacks play out, what has always been a foreign language to me is turning into concepts I can grasp, and my thinking patterns are beginning to shift towards a hacker's mindset. The penetration tester used Kali Linux, ARP Spoofing, Wireshark, a Man-in-the-Middle attack strategy and commands that filtered out strings and replaced them with his own user credentials to gain access to the server. He knew the information he needed to collect to have all the pieces he needed to get in and then devised a method of getting in. Redditors on Netsec were quick to bash the man for his "l33t haX0r skillz" on an unencrypted machine, but this applied to me because I'm seeing all of these different aspects of computer information I've been learning about come together in practical use.

The last for this week is just a simple overview of how Windows 10 is built to be secure (with NSA backdoors or not), from its architecture to the fact that it's going to be constantly patched and updated. Some of the most important features listed directly from Microsoft are UEFI Secure Boot, better use of TPM, Virtualization Based Security, Enterprise Data Collection, Rights Management Services, SmartScreen and Device Guard.

The reason I focused on the last two articles is because I've been putting some thought into my home setup. I'm very comfortable with Windows 7 on my desktop, but I think it's time to upgrade. I may be switching to Windows 10 (my laptop already made the jump at launch), and dual booting Kali Linux on the side. Windows 10 for security reasons and Kali because I hear it referenced all the time, and I'd like to try my hand at penetration testing. Security on one side, attacking on the other.

Sunday, January 17, 2016

Good Old Grandpa Tor and the HORNET's Nest

I’ve been focused on the attacker side of information security for a while now, and have stumbled upon a rival to Tor. As security gets tighter on the Internet, the deep web is simultaneously thriving.  The new adversary is called High-Speed Onion Routing at the NETwork Layer, a.k.a. HORNET. As it’s name implies, it works like Tor through onion networks, only it’s much much faster and can be scaled to a size comparable to the Internet. They’re claiming it can reach speeds of up to 93 gigabits per second. It also works at the Network layer so a VPN can be used with it. You should look at this article if you want to see how it works, but I want to focus on the implications of it. The rise of HORNET (Hail Hydra?) is the start of another deep web. Tor has always been known as the dark web, and I expect it to grow for many years to come, but I’m starting to think that Tor will eventually be remembered as the grandfather of the anonymous online underworld. It lays down the foundations for the future. When most people think of Tor, one of the first thoughts that comes to mind is “slow”. Tor is notoriously slow to a crawl. It averts many users from exploring the deep web, for example computer hobbyists that are always racing to build bigger badder machines to reach high network speeds. The HORNET network is the newest answer to that problem. The way I’m looking at it, in the coming years, competitors to Tor will come into the light, building new systems that will offer advantages to all the drawbacks Tor has, with Tor pushing as hard as it can to keep up for many years to come. We’ll see many deep webs come and go, and the user base on them will continue to rise right alongside simplicity and ease of use.

Right now there is a large market for hackers selling virus’ as a service as well as rootkits to low-skill or no-skill would be criminals. Compromised information is a hot commodity. There are even high skilled hackers that sell their expertise to clients. The more users learn how to be script kiddies, the larger the potential impact on information security. The more people are armed with tools to attack, the easier it is to obtain the tools, and the easier it is to use the tools, the more attacks there will be.

Wednesday, January 13, 2016

Social Engineering in Portland

I decided to make a stop at Pioneer Square on my way to class to see if I could come up with any ideas about social engineering to fulfill the requirements of a school assignment.

While I did not find many, I did come up with some easy ways to gather information. As I stepped off the train and set foot on the square, a paper was waved in front of me to catch my attention. A man was asking me to sign a petition. Wearing headphones, I waved him away with a hand gesture. (Headphones are magical devices). And there it was. Within seconds, I saw the first way I could collect data from people. Have them sign a petition. Print out some fancy looking papers and ask people to fill them out. Name, address, email, done. I could even include a few extra "optional" fields for them to fill out. With that in mind, I walk down the block and a man reaches out his hand to hand me a card. 20160113_140050.jpgA card with one link. I figured I could easily hand out similar cards with a link to a website I hosted with malware to infect the machines of anyone who dare find salvation. I walked to a corner on the square and just observed the passersby for a while, wondering what sort of information I could gather from just looking. How could I gather anything useful like date of birth, full name and address from just looking at people? That question was answered in less than two minutes when a woman passed by, literally wearing her I.D. (drivers license) around her neck, most likely a tourist tired of pulling out her identification every time she walked into a local bar (or had gotten used to being harassed by police in other less friendly foreign countries she visited).

I watched people and cars go by for a little while, and didn't see anything of interest except for a girl standing in the middle of a square with a journal, people watching and writing about them. Perhaps drawing up characters for a book or looking for fashion trends, or she could have been a hacker, you never know. 360 degrees of people to observe around her, and who would ever guess that she would be writing about anything other than her tourist trip to Portland.

Only a short time, maybe five or ten minutes since I had stepped off the train had passed. I started walking in the general direction of the bus I had to take to get to Sylvania campus. I kept my eyes focused on how I could gather information. My first thought was installing a camera inside one of these newspaper dispensers. 20160113_132119.jpg The second was to leave a sticker with a link to a malicious website on the back of a pole. 20160113_132141 (1).jpg
I wasn't sure what I could do in this next location, but it seemed interesting. 20160113_132421.jpg Two payment machines in two corners, and two elevators. Perhaps someone could stand in the elevator and take pictures of payment exchanges made on the machine? It didn't really seem like a very effective method. I moved on, to find perhaps the best security hole on this little trip. I was standing on the sidewalk looking down at TJ Maxx.
20160113_132545 (1).jpg
Jackpot. With a better camera, you could take pictures of everything going on here, everything on the employee's computer, any cards passed from the customer to the employee, even the contents of the customers bags, just from observing. 20160113_132602.jpgThe last thing of interest that I saw was a man window washing. Capture.PNG
The only credentials he needed?
This sign.
You could see into people's houses with a camera attached to your helmet with this method. It would be most effective if you had already targeted a specific person and wanted to gather more details about them from where they lived.
Assuming you don’t have a fear of heights.

I made it to the bus stop and still had plenty of time to kill, so I continued looking for anything of interest on the block. I took a picture of this locked door, and was going to write about how easy it would be to watch someone enter the number in the keypad and walk in, but I decided it was too boring.

Ironically, as the camera was focusing to take the picture, a guy walked by me to the door, entered the number and walked inside.
Another ten minutes had passed. I found myself wandering into the Cascade building. I ignored the elevators, they didn't seem to lead anywhere interesting. On the opposing side of them, I spotted an old letter box.
It probably hadn't been opened in ages.
I took a peek inside to find some old building plans, nothing special. Directly in front of me were two double doors with no label.
I stepped through it to find mailboxes, no security cameras or anything guarding them, might be good for dumpster diving.
I continued through the next door ahead of me that led to a stairwell.
I opened up what looked like a fuse box, to my disappointment I only found a few wires (not sure if they could be modified to tether into any of the buildings networks). I continued roaming through the stairwell and rooms, finding random equipment like this,
locked doors like these,

and eventually found an old hallway that lead to a door. I forgot to take a picture of it. It was titled something like "MIT Data Storage" or something similar. If you were an attacker looking for data to breach, this would be it. How to get into a place like this with social engineering? Well, it isn't as if they would lay out contact information for who to convince to get access.
20160113_134043_HDR (1).jpg
Unless they leave that info on the door. This was the big finale of this trip so it’s pretty much the end of the story.

I figured I had spent enough time here, so I started making my way back to the bus stop. Right next to the stop was the Exchange building. I was just looking at it, but these guys were holding the door open. One asked me if I was coming in, I declined, and then thought about it and said why not. 

Next to the elevators was this door.
It looked a little harder than most to break into, though to the right of it (not in the picture) was a scanner for a keycard. I figure all you'd need to get in would be to cheat the scanner. I stepped into the elevator, it wouldn't move without a key, but one could just call for help and convince them to let you up.
Last thing I spotted was this hidden in the wall, but I didn't try to open it.
I went back outside and caught the bus.   

Maybe I didn't find anything all that interesting. Perhaps I'm an idiot with a camera. But this exercise was a good way to get my mind started thinking about how an attacker might work with "no-tech" methods. It's interesting that even though people saw me taking pictures in odd places, no one bats an eye. When I was walking around the block people watching, there was an older woman with a badge hanging out, and I was paying attention to it and her clothing trying to determine what kind of job she had, which translates to 4-6 seconds of more eye contact than glancing at someone, breaking the social rules of the sidewalk. Because I came to a full circle around the block, I actually ran into her again on accident, and gave her the same amount of eye contact to get a second look. She didn't notice. In the city, everyone's doing something always preoccupied. No matter what you're doing, it's likely not even going to be an afterthought to anyone. You're invisible. In less than an hour, I found plenty of security holes doing nothing but walking around. 

What's next for now, I've decided to start looking into Kali Linux's penetration tools to see what I can do with them.