Saturday, January 23, 2021

1.2.bitcoin and blockchain

 

bitcoin and blockchain

What is the relation? 

Remember, Blockchain is a technology, and Bitcoin is an implementation of Blockchain. It is just a product built on top of it. Just like Google or Facebook is an implementation of the World Wide Web (www) and networking. There are many more such implementations or applications built using Blockchain like Ethereum, ripple, stellar, Stratis, etc. 

For instance, the below image is a Bitcoin explorer; you can view all the transactions taking place in bitcoins all over the world, just by going to this website. It is publicly available. Although you wouldn't know how to make sense out of the addresses, it is almost impossible to track these addresses if the user has used VPN or proxy servers while making transactions. Otherwise, these can be traced to the user's IP address. Although, if you buy bitcoins from a reputed wallet or exchange, the user will be asked to provide their KYC details, so that it is easy to put a face to this address to prevent frauds. 

Bitcoin was built to simplify transactions without involving a trusted third party, by bypassing government control of currency. And as we already know by now, it does so by maintaining thousands of ledgers all over the world and making all transactions transparent and public. If A transfer tokens to B and there is no trust relationship between them, then B doesn't have to worry if he will have the money or not. Similarly, A also doesn't have to worry if B will deny getting the token even if he got it. Both of them can see it publicly by using their addresses on the Blockchain, whether the transaction was made or not. 
Similarly, Ethereum is another product built using Blockchain technology. You can go to their website and view all the transactions. 
Another groundbreaking product built over Blockchain is Ripple. Ripple's distributed financial technology enables banks to send real-time international payments across networks. Ripple is a private network, and not everybody can join it. It only provides its services to banks and other financial institutions. It boasts about having more than 80 financial institutions on board with it all over the world as of today. And this includes some widely popular banks. 
Now you will wonder why all these banks want to be a part of ripple? International payments for businesses and cross border remittances have always been tricky, and with the government regulations involved on both ends, there are lots of time and money involved. Suppose that you want to send money from India to the USA. On average, this takes about 6-7 days and quite a fee. The minimum time required to transfer money is 4 hours, and this also comes with bad exchange rates and higher costs. Now, if your bank is using ripple, and the receiver's bank is also on board with ripple, then this entire process would take not more than 1-2 minutes (depending on the network congestion). Since ripple is private, we can count on the lesser fee and time taken.

Labels: ,

1.3.public and private blockchain

                                     Public  and Private Blockchain

Public Blockchain 

A Public Blockchain, also known as a permissionless Blockchain, is open to all, and everyone can read as well as write over the data. In a public Blockchain, you don't need any authorization as you have open access to all the data. Moreover, if the Blockchain is public, the rules are very complicated, along with a complex consensus algorithm for better security. 
In this guide, we will discuss complex consensus algorithms in detail, along with Proof-of-Work and Proof Of-Stake. Miners use these algorithms to confirm transactions over the Blockchain. 
A public Blockchain has more complex consensus algorithms as compared to a private Blockchain because, in a private Blockchain, the permission is limited to a group of people who are accessing the network. So in a private Blockchain, you don't need miners to solve a complex problem wasting precious time because the data needs to be confirmed very quickly. 
In the case of a complex consensus algorithm, they are computationally more expensive to mine into a block. No one owns a public Blockchain; hence it has no central authority or a single person holding it. Even Satoshi, who started the white paper for bitcoin, transferred everything to the public in 2009. So all the public Blockchains are open, which means no one owns them, and you can read and write data over it. The Bitcoin Blockchain and Ethereum Blockchain are the best examples of public Blockchains. 

Private Blockchain 
Private Blockchain, as the name suggests, is for personal use. It can be used with your existing applications to make them even more secure. Such networks allow you to provide significant permissions like you can authorize the nodes connecting to the network. Nodes are nothing but different computers connected inside the peer-to-peer network running the Blockchain codes. 
In a private Blockchain, you can provide permissions as to who can read the data and who can transfer the data. You can even offer authorization in a way that only person A has the permission to transfer money, and person B can only view this data. 

Private Blockchain has less security as compared to a public Blockchain because, in a private Blockchain, we make it easily accessible to a certain trusted group of people and not millions. Also, if you are using a private Blockchain (like Hyperledger or Corda), then you can have the same kind of security as a public Blockchain or bitcoin, and one authorized node can be the arbitrator for any dispute. 

Now you know that the private Blockchain is for those who want to have more control over the Blockchain, who want to be the authority governing the Blockchain. A few good examples of a private Blockchain are RecordsKeeper Blockchain, Hyperledger, Corda, Quorum, etc. 








Labels: ,

1.1.blockchain ecosystem

                                             Blockchain ecosystem





Labels:

Backtrack 5 linux- Installing BackTrack on Virtual Box

 What Is BackTrack?

So now that you are familiar with Linux, let me introduce you to BackTrack. BackTrack is a
Linux penetration testing distro developed by Offensive Security especially for ethical hackers and
penetration testers. It contains all the popular tools and software used for pen testing a variety of
services, networks, and devices.
BackTrack 5 is the latest version of the Linux penetration testing distro at the time of writing
this chapter. It comes in two flavors: Gnome and KDE. Gnome is an Ubuntu-based Linux operating
system that has officially been introduced only in the latest version of BackTrack. Here is a
screenshot of BackTrack 5.


How to Get BackTrack 5 Running
Now that you have a basic idea of what BackTrack is and why it is used, it’s time to install
BackTrack on our box and get things going. There are many ways you can get BackTrack up
and running. I install BackTrack on a virtualization software such as VMware or virtual box.
Personally, I am a fan of virtual box, since it does not take much of my computer’s memory.
Therefore, what we will learn next is how to install BackTrack on virtual box.
Installing BackTrack on Virtual Box
There are times when we need to switch between operating systems rapidly and we need our
BackTrack running alongside another OS like Windows or Red Hat Linux. One advantage of
doing this is it gives us more accessibility. For doing this you need to download VM Virtual Box,
which is a freely available tool.
Step 1—After downloading and installing virtual box on to your PC, click on the “New”
button. A dialogue box will appear where you would need to type the name of the “OS,” the
“Version,” and the operating system type. In my case the name would be “BackTrack,” the
OS “Linux,” and the version “Ubuntu.”


Step 2—The next step would be to allocate the RAM; it is recommended that you allocate at
least 1024 MB (1 GB) for BackTrack to run perfectly.

Step 3—Next, choose to create a virtual drive and then in the next window select the hard drive
type as VDI (Virtual Disk Image).


Step 4—In the next step, you have to choose if you want the hard disk to be dynamically allocated
or have a fixed size. If you have enough space on your hard disk, you might want to
choose the first option. Nevertheless, it’s up to you.



Step 5—Next, choose the name of your virtual hard drive and allocate the size of the hard disk.



 
Step 6—So, now when the virtual hard disk has been created and other settings are selected,
load the BackTrack that was downloaded onto the virtual box and click “Start”.

That’s all we need to do. We now have BackTrack installed on our virtual box.

Labels: ,

Ethical Hacking Certification

 Ethical hacking certification -

What is ethical hacker -

This kind of hacker is often referred to as a security professional or security researcher. Such hackers are employed by an organization and are permitted to attack an organization to find vulnerabilities that an attacker might be able to exploit. there are three type of certification-

1. Certified Ethical Hacker

2.Global Information Assurance Certification Penetration Tester

3. Offensive Security Certified Professional

1. Certified Ethical Hacker
           CEH certification training course provides you with the hands-on training required to master the techniques hackers use to penetrate network systems, helping you fortify your system against it. This ethical hacking course is aligned with the latest version of CEH (v11) by the EC-Council and adequately prepares you to increase your blue team skills.
Program Overview:
Program Features:
40 hours of instructor-led training
Accredited training partner of EC-Council
Six months free access to CEH v11 iLabs
Study material by EC-Council (e-kit)
20 current security domains
Covers 340 attack technologies
Exam pass guarantee (For the US only)
Prerequisites:
There is no specific eligibility criteria for Certified Ethical Hacker (CEH) training and certification, but we recommend a basic knowledge of TCP/IP.
Target Audience:
Network security officers and practitioners
Site administrators
IS/IT specialist, analyst, or manager
IS/IT auditor or consultant
IT operations manager
IT security specialist, analyst, manager, architect, or administrator
IT security officer, auditor, or engineer
Network specialist, analyst, manager, architect, consultant, or administrator
Technical support engineer
Senior systems engineer
Systems analyst or administrator
Certification Alignment:
Grasp the step-by-step methodology and tactics that hackers use to penetrate network systems 
Understand the finer nuances of trojans, backdoors, and countermeasures
Get a better understanding of IDS, firewalls, honeypots, and wireless hacking
Master advanced hacking concepts, including mobile device and smartphone hacking, writing
virus codes, exploit writing and reverse engineering, and corporate espionage
Gain expertise on advanced concepts such as advanced network packet analysis, securing IIS
and Apache web servers, Windows system administration using Powershell, and hacking SQL and Oracle databases
Cover the latest developments in mobile and web technologies, including Android, iOS,BlackBerry, Windows Phone, and HTML 5
Learn advanced log management for information assurance and manage information security with more clarity
This ethical hacking course will help you:
To become CEH certified, you must pass the CEH examination after either attending CEH training
at an accredited training center like Simplilearn or through self-study. If you choose self-study, you must fill out an application and submit proof of at least two years of experience in the network security domain. 
The purpose of the CEH credential is to:
Establish and govern minimum standards for credentialing professional information security
specialists in ethical hacking measures
Inform the public that credentialed individuals meet or exceed the minimum standards
Reinforce ethical hacking as a unique and self-regulating profession
Certification Details -
About the Exam
Number of Questions: 125
Test Duration: 4 Hours
Test Format: Multiple Choice
Test Delivery: ECC EXAM, VUE
Exam Prefix: 312-50 (ECC EXAM), 312-50
(VUE)
Cost: $500 + $100 (registration fee)
2. Global Information Assurance Certification Penetration Tester
          There are a variety of options to earn the GIAC Penetration Tester (GPEN) certification, but it is highly recommended that learners take the SEC560 course on Network Penetration Testing and Ethical Hacking from the SANS Institute; it is one of the most comprehensive courses on the topic and demonstrates that the certificate holder has received a good balance of theory and hands-on training.
3. Offensive Security Certified Professional
             Before considering the OCSP certification, understand that the coursework requires a solid technical understanding of networking protocols, software development, and systems internals, specifically Kali Linux, an open-source project maintained by Offensive Security. Most students enrolled in this training program will take the course online; classroom training is only offered in Las Vegas.
            The Global Information Assurance Certification (GIAC) program is run by the SANS Institute, one of the oldest organizations that provide cybersecurity education. GIAC offers dozens of vendor-neutral certifications with courses that require hands-on learning. GIAC courses are held online. The company also sponsors white research papers that are provided to the cybersecurity industry without charge.
           The Offensive Security Certified Professional (OSCP) is the least known but most technical of the certification options. Offered by the for-profit Offensive Security, it is advertised as the only completely hands-on certification program. Offensive Security designed the program for technical professionals “to prove they have a clear, practical understanding of the penetration testing process and lifecycle.”


Labels: ,

BLOCKCHAIN

 










Labels:

Friday, January 22, 2021

                           Linux Basics

In order to become a good ethical hacker or penetration tester, you need to be conversant with

Linux, which is by far one of the most powerful operating systems. Linux is really good for ethical

hacking and penetration testing because it is compatible with a wide variety of related tools and

software, whereas other operating systems such as Mac and Windows support fewer of these software

and tools. In this chapter, I will teach you some of the very basics of operating a Linux OS. If

you are already familiar with Linux basics, you can skip this chapter.

One of the most common questions asked in many forums is “Which Linux distro should I

use?” As there are tons of Linux distros such as Ubuntu, Fedora, Knoppix, and BackTrack you

can use any Linux distro you want as all work in a similar manner. However, I suggest you use

BackTrack if you really wish to dig deeper into this subject because it is all encompassing from a

penetration tester’s perspective.

Major Linux Operating Systems

Before talking about BackTrack, let’s take a look at some of the Linux-based distros that you will

encounter very often:

Redhat Linux—Used mostly for administration purpose.

Debian Linux—Designed for using only in open source software.

Ubuntu Linux—Designed mostly for personal use.

Mac OS X—Used in all Apple computers.

Solaris—Used in many commercial environments.

BackTrack Linux—Used mostly for penetration testing.

File Structure inside of Linux

On a Linux system, most everything is a file, and if it is not a file, then it is a process.

Here is a general diagram for file structure in Linux.


There are certain exceptions in a Linux file system

Directories—Files that are lists of other files.

Special file—The mechanism used for inout and output. /dev are special files.

Links—A system to make file or directory visible in multiple parts of the systems.

Sockets—A special file type, similar to TCP/IP sockets providing inter-process networking.

Pipes—More or less like sockets; they form a way for process to communicate with each other

with out using network socket.

Subdirectories of the root directory:

Directory Content

/bin -Common programs, shared by the system, the system administrator, and

the users.

/boot -The startup files and the kernel, vmlinuz. In some recent distributions also grub data. Grub is the GRand Unified Boot loader and is an attempt to get rid of the many different boot-loaders we know today.

/dev -Contains references to all the CPU peripheral hardware, which are represented as files with special properties.

/etc -Most important system configuration files are in/etc., this directory contains data similar to those in the Control Panel in Windows

/home- Home directories of the common users.

/initrd -(on some distributions) Information for booting. Do not remove!

/lib -Library files, includes files for all kinds of programs needed by the system and the users.

/lost+found -Every partition has a lost+found in its upper directory. Files that were saved during failures are here.

/misc -For miscellaneous purposes.

/mnt -Standard mount point for external file systems, for example, a CD-ROM or a digital camera.

/net -Standard mount point for entire remote file systems.

/opt -Typically contains extra and third-party software.

/proc -A virtual file system containing information about system resources. More information about the meaning of the files in proc is obtained by entering the command man proc in a terminal window. The file proc.txt discusses the virtual file system in detail.

/root- The administrative user’s home directory. Mind the difference between /,the root directory and /root, the home directory of the root user.

/sbin -Programs for use by the system and the system administrator.

/tmp -Temporary space for use by the system, cleaned upon reboot, so don’t use this for saving any work!

/usr -Programs, libraries, documentation, etc., for all user-related programs.

/var -Storage for all variable files and temporary files created by users, such as log files, the mail queue, the print spooler area, space for temporary storage of files downloaded from the Internet, or to keep an image of a CD before burning it.

File Permission in Linux

Although there are already a lot of good security features built into Linux-based systems, based

upon the need for proper permissions, I will go over the ways to assign permissions and show you

some examples where modification may be necessary. Wrong file permission may open a door for attackers in your system.

Group Permission

Owner—The Owner permissions apply only the owner of the file or directory; they will not

impact the actions of other users.

Group—The Group permissions apply only to the group that has been assigned to the file or

directory; they will not affect the actions of other users.

All User/Other—The All Users permissions apply to all other users on the system; this is the

permission group that you want to watch the most.

Each file or directory has three basic permission types:

Read—The Read permission refers to a user’s capability to read the contents of the file.

Write—The Write permissions refer to a user’s capability to write or modify a file or directory.

Execute—The Execute permission affects a user’s capability to execute a file or view the contents

of a directory.

Let’s see how it works.

File permission is in following format.

Owner Group Other/all

root@Net:~# ls -al

We will talk about aforementioned command later on in this chapter.

-rwxr-xr-x 1 net tut 77 Oct 24 11:51 auto run

drwx------ 2 ali tut 4096 Oct 25 2012 cache

File auto run permission

-—No special permissions

rwx—Owner (net) having read, write, and execute permission while group (tut) having read

and execute and other also having same permission.

File cahe permission

d—Represent directory

rwx—Owner (ali) having read, write, and execute permission while group (tut) and other/all

does not have any permission for accessing or reading this file.

Linux Advance/Special Permission

l—The file or directory is a symbolic link

s—This indicated the setuid/setgid permissions. Represented as a s in the read portion of the

owner or group permissions.

t—This indicates the sticky bit permissions. Represented as a t in the executable portion of the

all users permissions

i—chatter Making file unchangeable

There are two more which mostly used by devices.

c—Character device

b—Block device (i.e., hdd)

Let’s go through some examples

Link Permission

root@net:~#ln -s new /root/link

root@net:~#ls -al

lrwxrwxrwx 1 ali ali 3 Mar 18 08:09 link -> new

link is created for a file name called new (link is symbolic for file name new)

Suid & Guid Permission

setuid (SUID)—This is used to grant root level access or permissions to users

When an executable is given setuid permissions, normal users can execute the file with root level or

owner privileges. Setuid is commonly used to assign temporarily privileges to a user to accomplish

a certain task. For example, changing a user’s password would require higher privileges, and in this

case, setuid can be used.

setgid (SGID)—This is similar to setuid, the only difference being that it’s used in the context

of a group, whereas setuid is used in the context of a user.

root@net:~#chmod u+s new

root@net:~#ls -al

-rwSr--r-- 1 ali ali 13 Mar 18 07:54 new

Capital S shows Suid for this file.

root@net:~#chmod g+s guid-demo

root@net:~#ls -al

-rw-r-Sr-- 1 ali ali 0 Mar 18 09:13 guid-demo

Capital S shows Guid for guid-demo file and capital S is in group section.

Stickybit Permission

This is another type of permission; it is mostly used on directories to prevent anyone other than

the “root” or the “owner” from deleting the contents.

root@net:~#chmod +t new

root@net:~#ls -al

-rw-r--r-T 1 ali ali 13 Mar 18 07:54 new

Capital T shows that stickybit has been set for other user (only owner or root user can delete files)

Chatter Permission

root@net:~#lsattr

---------------- ./new

root@net:~#chattr +i new

root@net:~#lsattr

----i----------- ./new

Small i shows that this file is unchangeable and lsattr is a command to check if there is chattr on file.

Before we end up with file permission, let’s have little look about numerical file permission.

r = 4

w = 2

x = 1

The sum of those aforementioned values manipulates the file permission accordingly, that is,

root@net:~# ls -al

-rw-r--r-- 1 ali ali 13 Mar 18 07:54 new

Here other user only having “read” permission so what we are going to do is to change it into read

and write but not execute.

root@net:~#chmod 646 new

root@net:~#ls -al

-rw-r--rw- 1 root root 13 Mar 18 07:54 new

Let’s explore a bit more into it, we want read + write permission so 4 + 2 = 6 that’s mean read and write.

Hope it is clear now how to set permission on a file and what it does.

Most Common and Important Commands

ls: list directory contents

cd: changes directories

rm: remove files or directories

chmod: change file mode bits, from read to write and vise versa

chown: change ownership of a file

chgrp: change group ownership

screen: screen manager with VT100/ANSI terminal emulation, create background process

with terminal emulator.

ssh: secure shell for remote connection

man: manual/help

pwd: print name of current/working directory.

cd..: moves up one directory

mkdir: create a new directory

rmdir: remove director

locate: find a file with in directory or system

whereis: find a file with in system

cp: copy file

mv: move file/directory or rename a file or directory

mount: mount device such as cdrom/usb

zip: compress directory/files

umount: umount(eject) the usb

df: list partation table

cat: concatenate the file

ifconfig: show interface details

w: Show who is logged on and what they are doing

top: show system task manager

netstat: show local or remote established connection

nslookup: query Internet name servers interactively

dig: dns utility

touch: create a file

nano: file editor

vi: vim file editor

free -h: check free memoryruns.

Linux Scheduler (Cron Job)

Cron is a utility that helps us create schedule to perform a certain task/command. As we know that

/etc having configuration files for most of the services same as for cron.

We will just go through a quick review of how does it work and how do we set it up.

The following is the hierarchy for it.

# * * * * * command to execute

# ┬ ┬ ┬ ┬ ┬

# │ │ │ │ │

# │ │ │ │ │

# │ │ │ │ └───── day of week (0–6) (0–6 are Sunday to Saturday,

or use names; 0 is Sunday)

# │ │ │ └────────── month (1–12)

# │ │ └─────────────── day of month (1–31)

# │ └──────────────────── hour (0–23)

# └───────────────────────── min (0–59)

It’s pretty simple and easy to understand; aforementioned hierarchy is self-explanatory.

First * represent min 0-59

Second * represent hour 0-23

Third * represent day of month 1-31

Forth * represent month 1-12

Fifth * represent day of week 0-6

Cron Permission

Two files play important role in cron.

Cron Permission

Two files play important role in cron.

cron.allow

cron.deny

If these files exist, then they impose some restriction accordingly on users. That is, if a user is in deny

list, so he/she won’t be able to schedule any job/task and if user is in allowed list then she/he will be

able to add schedule job/task. All we have to do is just add user name in either of these two files.

Cron Files

Cron.daily

Cron.hourly

Cron.weekly

Cron.monthly

/etc/crontab: system-wide crontab

root@net:~#cat /etc/crontab

# /etc/crontab: system-wide crontab

# Unlike any other crontab you don’t have to run the 'crontab'

# command to install the new version when you edit this file

# and files in /etc/cron.d. These files also have username fields,

# that none of the other crontabs do.

SHELL=/bin/sh

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user command

17 * * * * root cd / && run-parts --report /etc/cron.hourly

25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts

--report /etc/cron.daily )

47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts

--report /etc/cron.weekly )

52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts

--report /etc/cron.monthly )

This is the output for crontab file; in other words, cron.hourly , cron.daily , cron.

weekly , cron.monthly are symlink of crontab.

Let’s say I would like to run a schedule at 12Am daily basis .

root@net:~#vi /etc/cron.daily/logs

0 0 * * * /home/network/log.pl

Save and exit.

Execute a job in every 5 seconds

Cron does not provide this feature by default. For this, we need to write up a small bash script

to accomplish this task by using the “sleep” command

cat seconds.sh

#!/bin/bash

while true

do

/home/cron/seconds.sh

sleep 5

done

root@net:~#chmod +x seconds.sh

root@net:~#nohup ./seconds.sh &

This command will exit if any error occurred and & signed will put the process in background.

Execute a job in every 4 minutes

If we specify * in the first field, it will run in every minute, it is not the way we want it so we

need to add */4 in the along with asterisk. If you wish to run in every 30 min, just add */30

root@net:~#vi cron.daily/logs-min

*/4 * * * * /home/network/log-min.pl

Save and exit.

Execute a job in every 4 hours

If we specify * in the second field, it will run in every hour; this is not what we want it, so we

need to add */4 along with asterisk. If you wish to run in every 15 hours, just add */15

root@net:~#vi cron.hourly/logs-hour

* */4 * * * /home/network/log-hourly.pl

Save and exit.

Execute a job in every 4th weekdays

The fifth field is DOW (day of the week). If we specify * in the fifth field, it will run in every

day. So we need to specify the specific day on which we want to run schedule. In the example, we

want to run schedule on every Thursday.

root@net:~#vi cron.week/logs-week

* * * * 4 /home/network/log-week.pl

OR

* * * * Thu /home/network/log-week.pl

Save and exit.

Execute a job in every 4 months

The third field is DOM (day of the month). If we specify * in the third field, it will run in

every day of month. So we need to specify the specific day on which we want to run schedule. The

fourth field is for month; If we specify * in the fourth field, it will run in every month. So we need

to specify the specific day and month on which we want to run schedule. In the example, we want

to run schedule on every first day of oct.

root@net:~#vi cron.week/logs-week

* * 1 4 * /home/network/log-month.pl

OR

* * 1 apr * /home/network/log-month.pl

Save and exit.

Note: If you want to assign a range like Jan to Nov then you will need to specify month as 1–11 .

Users inside of Linux

Let’s talk about users inside of Linux. The users inside of Linux are stored inside the /etc/passwd

file. So here is what the contents of the /etc/passwd file look like:

So, let’s try to understand what the sample entry means. The output for the first line looks like
this:
root:x:0:0:root:/root:/bin/bash
◾◾ The “root” is the username.
◾◾ The root is followed by x, which means that the password is moved inside the shadow file,
which we will discuss next.
◾◾ Next is the UID of the user, which is (0) for root, followed by the groupid (0) primary group
the user belongs to. In this case, the user belongs to root.
◾◾ Next is the space for comments, which an administrator may want to store.
       ◾◾ It is then followed by the absolute path of the home directory, which is also the starting location
of the command line.
More about the /etc/passwd file:
◾◾ In a standard /etc/passwd file, most of the users would be default users like bin/adm and
mail.
◾◾ All the Unix/Linux users are identified by a user id, which starts at 0 and increments from
there with some jumps in between. Any user with uid 0 has root level privileges.
◾◾ The nondefault users generally have UIDs starting from 500 or 1000, and increment from
there.
◾◾ Inside of the /etc/passwd file, some users would have /false at the end, which means that
those users cannot have an interactive login session.
Common Applications of Linux
Here are some of the common applications that you would most probably encounter with any
Linux flavor you use:
◾◾ Apache—This is an open source web server. Most of the web runs on the Apache web server.
◾◾ MySQL—This is the most popular database used in Unix-based systems.
◾◾ Sendmail—This is a free Linux-based mail server. It is available inside both open source and
commercial versions.
◾◾ Postfix—This can be used as a send-mail alternative.
◾◾ PureFTP—This is the default ftp server used for almost all Unix-based systems.
◾◾ Samba—This provides file and printer sharing services. The best part is that it can easily
integrate with Windows-based systems.

Labels:

1.1 CYBER SECURITY DEFINITION

 1.1 CYBER SECURITY DEFINITION

Definition: Cyber security refers to the protection of information systems (hardware,

software and associated infrastructure), the data on them, and the services they provide,

from unauthorised access, harm or misuse. This includes harm caused intentionally

by the operator of the system, or accidentally, as a result of failing to follow security

procedures.

UK National Cyber Security Strategy 

This is a succinct definition but expresses the breadth of coverage within the topic. Many

other definitions are in use, and a document from ENISA surveys a number of these.

The consideration of human behaviours is a crucial element of such a definition—but arguably

still missing is a mention of the impact on them from loss of information or reduced safety,

or of how security and privacy breaches impact trust in connected systems and infrastructures.

Moreover, security must be balanced with other risks and requirements—from a human

factors perspective there is a need not to disrupt the primary task.

A large contributor to the notion of cyber security is Information Security, widely regarded as

comprised of three main elements:

Definition: Information security. Preservation of confidentiality, integrity and availability

of information.

In addition, other properties, such as authenticity, accountability, non-repudiation, and

reliability can also be involved.

ISO 27000 definition 

For definitions of the subsidiary terms, the reader is referred to the ISO 27000 definitions .

Through the developing digital age other ‘securities’ have had prominence, including Computer

Security and Network Security; related notions include Information Assurance, and Systems

Security — perhaps within the context of Systems Engineering or Security Engineering.

These terms are easily confused, and it seems that often one term is used when another is

meant.

Many of those terms were subject to the criticism that they place an over-reliance on technical

controls, and focus almost exclusively on information. Stretching them to relate to cyberphysical

systems may be taking them too far: indeed, our working definition above privileges

the notion of information (whilst also mentioning services) — whereas in the case of networkconnected

actuators, the pressing challenge is to prevent unwanted physical actions.

1.2 CYBER KNOWLEDGE AREAS

Our categories are not entirely orthogonal. These are intended to capture knowledge relating

to cyber security per se: in order to make sense of some of that knowledge, auxiliary and

background knowledge is needed — whether in the design of hardware and software, or in

diverse other fields, such as law.

Human, Organisational, and Regulatory Aspects

Risk Management &

Governance

Security management systems and organisational security controls, including standards,

best practices, and approaches to risk assessment and mitigation.

Law & Regulation International and national statutory and regulatory requirements, compliance obligations, and

security ethics, including data protection and developing doctrines on cyber warfare.

Human Factors Usable security, social & behavioural factors impacting security, security culture and

awareness as well as the impact of security controls on user behaviours.

Privacy & Online Rights

Techniques for protecting personal information, including communications, applications, and

inferences from databases and data processing. It also includes other systems supporting

online rights touching on censorship and circumvention, covertness, electronic elections, and

privacy in payment and identity systems.

Attacks and Defences

Malware & Attack

Technologies

Technical details of exploits and distributed malicious systems, together with associated

discovery and analysis approaches.

Adversarial Behaviours The motivations, behaviours, & methods used by attackers, including malware supply chains,

attack vectors, and money transfers.

Security Operations &

Incident Management

The conguration, operation and maintenance of secure systems including the detection of

and response to security incidents and the collection and use of threat intelligence.

Forensics The collection, analysis, & reporting of digital evidence in support of incidents or criminal

events.

Systems Security

Cryptography Core primitives of cryptography as presently practised & emerging algorithms, techniques for

analysis of these, and the protocols that use them.

Operating Systems &

Virtualisation Security

Operating systems protection mechanisms, implementing secure abstraction of hardware,

and sharing of resources, including isolation in multiuser systems, secure virtualisation, and

security in database systems.

Distributed Systems

Security

Security mechanisms relating to larger-scale coordinated distributed systems, including

aspects of secure consensus, time, event systems, peer-to-peer systems, clouds, multitenant

data centres, & distributed ledgers.

Authentication,

Authorisation, &

Accountability

All aspects of identity management and authentication technologies, and architectures and

tools to support authorisation and accountability in both isolated and distributed systems.

Software and Platform Security

Software Security

Known categories of programming errors resulting in security bugs, & techniques for avoiding

these errors—both through coding practice and improved language design—and tools,

techniques, and methods for detection of such errors in existing systems.

Web & Mobile Security Issues related to web applications and services distributed across devices and frameworks,

including the diverse programming paradigms and protection models.

Secure Software

Lifecycle

The application of security software engineering techniques in the whole systems

development lifecycle resulting in software that is secure by default.

Infrastructure Security

Network Security

Security aspects of networking & telecommunication protocols, including the security of

routing, network security elements, and specic cryptographic protocols used for network

security.

Hardware Security Security in the design, implementation, & deployment of general-purpose and specialist

hardware, including trusted computing technologies and sources of randomness.

Cyber-Physical Systems

Security

Security challenges in cyber-physical systems, such as the Internet of Things & industrial

control systems, attacker models, safe-secure designs, and security of large-scale

infrastructures.

Physical Layer &

Telecommunications

Security

Security concerns and limitations of the physical layer including aspects of radio frequency

encodings and transmission techniques, unintended radiation, and interference.


Labels:

INTRODUTION TO HACKING

 Introduction to Hacking

There are many definitions for “hacker.” Ask this question from a phalanx and you’ll get a new

answer every time because “more mouths will have more talks” and this is the reason behind

the different definitions of hackers which in my opinion is quite justified for everyone has a

right to think differently.

In the early 1990s, the word “hacker” was used to describe a great programmer, someone who

was able to build complex logics. Unfortunately, over time the word gained negative hype, and the

media started referring to a hacker as someone who discovers new ways of hacking into a system,

be it a computer system or a programmable logic controller, someone who is capable of hacking

into banks, stealing credit card information, etc. This is the picture that is created by the media

and this is untrue because everything has a positive and a negative aspect to it. What the media has

been highlighting is only the negative aspect; the people that have been protecting organizations

by responsibly disclosing vulnerabilities are not highlighted.

However, if you look at the media’s definition of a hacker in the 1990s, you would find a few

common characteristics, such as creativity, the ability to solve complex problems, and new ways of

compromising targets. Therefore, the term has been broken down into three types:

TYPE OF HACKER:-

1. White hat hacker—This kind of hacker is often referred to as a security professional or security

researcher. Such hackers are employed by an organization and are permitted to attack

an organization to find vulnerabilities that an attacker might be able to exploit.

2. Black hat hacker—Also known as a cracker, this kind of hacker is referred to as a bad guy,

who uses his or her knowledge for negative purposes. They are often referred to by the media

as hackers.

3. Gray hat hacker—This kind of hacker is an intermediate between a white hat and a black

hat hacker. For instance, a gray hat hacker would work as a security professional for an

organization and responsibly disclose everything to them; however, he or she might leave a

backdoor to access it later and might also sell the confidential information, obtained after

the compromise of a company’s target server, to competitors.


Similarly, we have categories of hackers about whom you might hear oftentimes. Some of them

are as follows:

1 Script kiddie—Also known as skid, this kind of hacker is someone who lacks knowledge on how

an exploit works and relies upon using exploits that someone else created. A script kiddie

may be able to compromise a target but certainly cannot debug or modify an exploit in case

it does not work.

(From http://cdn.kaskus.com and http://the-gist.org.)

2 Elite hacker—An elite hacker, also referred to as l33t or 1337, is someone who has deep knowledge

on how an exploit works; he or she is able to create exploits, but also modify codes that

someone else wrote. He or she is someone with elite skills of hacking.

3 Hacktivist—Hacktivists are defined as group of hackers that hack into computer systems for a

cause or purpose. The purpose may be political gain, freedom of speech, human rights, and

so on.

4 Ethical hacker—An ethical hacker is as a person who is hired and permitted by an organization

to attack its systems for the purpose of identifying vulnerabilities, which an attacker might

take advantage of. The sole difference between the terms “hacking” and “ethical hacking”

is the permission.

Important Terminologies

Let’s now briefly discuss some of the important terminologies that I will be using throughout this

session.

Asset

An asset is any data, device, or other component of the environment that supports information related

activities that should be protected from anyone besides the people that are allowed to view

or manipulate the data/information.


Vulnerability

Vulnerability is defined as a flaw or a weakness inside the asset that could be used to gain unauthorized

access to it. The successful compromise of a vulnerability may result in data manipulation,

privilege elevation, etc.

Threat

A threat represents a possible danger to the computer system. It represents something that an organization

doesn’t want to happen. A successful exploitation of vulnerability is a threat. A threat may

be a malicious hacker who is trying to gain unauthorized access to an asset.

Exploit

An exploit is something that takes advantage of vulnerability in an asset to cause unintended or

unanticipated behavior in a target system, which would allow an attacker to gain access to data

or information.

Risk

A risk is defined as the impact (damage) resulting from the successful compromise of an asset. For

example, an organization running a vulnerable apache tomcat server poses a threat to an organization

and the damage/loss that is caused to the asset is defined as a risk.

Normally, a risk can be calculated by using the following equation:

Risk = Threat * vulnerabilities * impact

What Is a Penetration Test?

A penetration test is a subclass of ethical hacking; it comprises a set of methods and procedures

that aim at testing/protecting an organization’s security. The penetration tests prove helpful in

finding vulnerabilities in an organization and check whether an attacker will be able to exploit

them to gain unauthorized access to an asset.

Vulnerability Assessments versus Penetration Test

Oftentimes, a vulnerability assessment is confused with a penetration test; however, these terms

have completely different meanings. In a vulnerability assessment, our goal is to figure out all the

vulnerabilities in an asset and document them accordingly.

In a penetration test, however, we need to simulate as an attacker to see if we are actually able

to exploit a vulnerability and document the vulnerabilities that were exploited and the ones that

turned out to be false-positive.

Preengagement

Before you start doing a penetration test, there is whole lot of things you need to discuss with

clients. This is the phase where both the customer and a representative from your company would

sit down and discuss about the legal requirements and the “rules of engagement.”


Rules of Engagement

Every penetration test you do would comprise of a rules of engagement, which basically defines

how a penetration test would be laid out, what methodology would be used, the start and end dates,

the milestones, the goals of the penetration test, the liabilities and responsibilities, etc. All of them

have to be mutually agreed upon by both the customer and the representative before the penetration

test is started. Following are important requirements that are present in almost every ROE:

◾◾ A proper “permission to hack” and a “nondisclosure” agreement should be signed by both

the parties.

◾◾ The scope of the engagement and what part of the organization must be tested.

◾◾ The project duration including both the start and the end date.

◾◾ The methodology to be used for conducting a penetration test.

◾◾ The goals of a penetration test.

◾◾ The allowed and disallowed techniques, whether denial-of-service testing should be performed

or not.

◾◾ The liabilities and responsibilities, which are decided ahead of time. As a penetration tester

you might break into something that should not be accessible, causing a denial of service;

also, you might access sensitive information such as credit cards. Therefore, the liabilities

should be defined prior to the engagement.

If you need a more thorough documentation, refer to the “PTES Pre-engagement” document

(http://www.pentest-standard.org/index.php/Pre-engagement)


Milestones

Before starting a penetration test, it’s good practice to set up milestones so that your project is

delivered as per the dates given in the rules of engagement.

You can use either a GANTT chart or a website like Basecamp that helps you set up milestones

to keep track of your progress. The following is a chart that defines the milestones followed by the

date they should be accomplished.

Penetration Testing Methodologies

In every penetration test, methodology and the reporting are the most important steps. Let’s first

talk about the methodology. There are several different types of penetration testing methodologies

that address how a penetration test should be performed. Some of them are discussed in brief next.

OSSTMM

An open-source security testing methodology manual (OSSTMM) basically includes almost all

the steps involved in a penetration test. The methodology employed for penetration test is concise

yet it’s a cumbersome process which makes it difficult to implement it in our everyday life.

Penetration tests, despite being tedious, demands a great deal of money out of company’s budgets

for their completion which often are not met by a large number of organizations.

NIST

Planning Discovery

Reporting

Additional discovery

Attack

NIST, on the other hand, is more comprehensive than OSSTMM, and it’s something that you

would be able to apply on a daily basis and in short engagements. The screenshot indicates the four

steps of the methodology, namely, planning, discovery, attack, and reporting.

The testing starts with the planning phase, where how the engagement is going to be performed

is decided upon. This is followed by the discovery phase, which is divided into two parts—the first

part includes information gathering, network scanning, service identification, and OS detection,

and the second part involves vulnerability assessment.

After the discovery phase comes the attack phase, which is the heart of every penetration test. If

you are able to compromise a target and a new host is discovered, in case the system is dual-homed

or is connected with multiple interfaces, you would go back to step 2, that is, discovery, and repeat it

until no targets are left. The indicating arrows in the block phase and the attack phase to the reporting

phase indicate that you plan something and you report it—you attack a target and report the results.

The organization also has a more detailed version of the chart discussed earlier, which actually

explains more about the attack phase. It consists of things such as “gaining access,” “escalating

privileges,” “system browsing,” and “install additional tools.” 

OWASP

As you might have noticed, both the methodologies focused more on performing a network penetration

test rather than something specifically built for testing web applications. The OWASP

testing methodology is what we follow for all “application penetration tests” we do here at the

RHA InfoSEC. The OWASP testing guide basically contains almost everything that you would

test a web application for. The methodology is comprehensive and is designed by some of the best

web application security researchers.

Categories of Penetration Test

When the scope of the penetration test is defined, the category/type of the penetration test engagement

is also defined along with it. The entire penetration test can be Black Box, White Box, or

Gray Box depending upon what the organization wants to test and how it wants the security

paradigm to be tested.

Black Box

A black box penetration test is where little or no information is provided about the specified target.

In the case of a network penetration test this means that the target’s DMZ, target operating system,

server version, etc., will not be provided; the only thing that will be provided is the IP ranges

that you would test. In the case of a web application penetration test, the source code of the web

application will not be provided. This is a very common scenario that you will encounter when

performing an external penetration test.

White Box

A white box penetration test is where almost all the information about the target is provided. In

the case of a network penetration test, information on the application running, the corresponding

versions, operating system, etc., are provided. In the case of a web application penetration test

the application’s source code is provided, enabling us to perform the static/dynamic “source code

analysis.” This scenario is very common in internal/onsite penetration tests, since organizations are

concerned about leakage of information.

Gray Box

In a gray box test, some information is provided and some hidden. In the case of a network penetration

test, the organization provides the names of the application running behind an IP; however,

it doesn’t disclose the exact version of the services running. In the case of a web application

penetration test, some extra information, such as test accounts, back end server, and databases, is

provided.

Types of Penetration Tests

There are several types of penetration tests; however, the following are the ones most commonly

performed:

Network Penetration Test

In a network penetration test, you would be testing a network environment for potential security

vulnerabilities and threats. This test is divided into two categories: external and internal penetration

tests.

An external penetration test would involve testing the public IP addresses, whereas in an internal

test, you can become part of an internal network and test that network. You may be provided

VPN access to the network or would have to physically go to the work environment for the penetration

test depending upon the engagement rules that were defined prior to conducting the test.

Web Application Penetration Test

Web application penetration test is very common nowadays, since your application hosts critical

data such as credit card numbers, usernames, and passwords; therefore this type of penetration test

has become more common than the network penetration test.

Mobile Application Penetration Test

The mobile application penetration test is the newest type of penetration test that has become

common since almost every organization uses Android- and iOS-based mobile applications to

provide services to its customers. Therefore, organizations want to make sure that their mobile

applications are secure enough for users to rely on when providing personal information when

using such applications.

Social Engineering Penetration Test

A social engineering penetration test can be part of a network penetration test. In a social engineering

penetration test the organization may ask you to attack its users. This is where you use

speared phishing attacks and browser exploits to trick a user into doing things they did not intend

to do.

Physical Penetration Test

A physical penetration test is what you would rarely be doing in your career as a penetration tester.

In a physical penetration test, you would be asked to walk into the organization’s building physically

and test physical security controls such as locks and RFID mechanisms.

Report Writing

In any penetration test, the report is the most crucial part. Writing a good report is key to successful

penetration testing. The following are the key factors to a good report:

◾◾ Your report should be simple, clear, and understandable.

◾◾ Presentation of the report is also important. Headers, footers, appropriate fonts, well-spaced

margins, etc., should be created/selected properly and with great care. For example, if you

are using a red font for the heading, every heading in the document should be in that style.

◾◾ The report should be well organized.

◾◾ Correct spelling and grammar is important too. A misspelled word leaves a very negative

impact upon the person who is reading your report. So, you should make sure that you

proofread your report and perform spell-checks before submitting it to the client.

◾◾ Always make sure that you use a consistent voice and style in writing a report. Changing

the voice would create confusion in the reader; so you should choose one voice and style and

stick to it throughout your report.

◾◾ Make sure you spend time on eliminating false-positives (vulnerabilities that are actually not

present), because false-negatives will always be there no matter what you do. Eliminating the

false-positives would enhance the credibility of the report.

◾◾ Perform a detailed analysis of the vulnerability to find out its root cause. A screenshot of a

RAW http request or the screenshot that demonstrates the evidence of the finding would

give a clear picture to the developer of the status.

Understanding the Audience

Understanding the audience that would be reading your penetration testing report is a very crucial

part of the penetration test. We can divide the audience into three different categories:

1. Executive class

2. Management class

3. Technical class

While writing a report, you must understand which audience would read which part of your

report; for example, the company’s CEO would not be interested in what exploit you used to gain

access to a particular machine, but on the flip side, your developers will probably not be interested

in the overall risks and potential losses to the company; instead, they would be interested in fixing

the code and therefore in reading about detailed findings. Let’s briefly talk about the three classes.

Executive Class

This category includes the CEOs of the company. Since they have a very tedious schedule and

most of the times have less technical knowledge, they would end up reading a very small portion

of the report, specifically the executive summary, remediation report, etc., which we will discuss

later in this chapter.

Management Class

Next, we have the management class, which includes the CISOs and CISSPs of the company.

Since they are the ones who are responsible for implementing the security policy of the company,

they would probably be a bit more interested in reading about overall strengths and weaknesses,

the remediation report, the vulnerability assessment report, etc.

Technical Class

This class includes the security manager and developers, who would be interested in reading your

report thoroughly. They would investigate your report as they are responsible for patching the

weaknesses found and for making sure that the necessary patches are implemented

Labels: ,