Really? Haha, No…

forensics15

Over the weekend, I participated in GoogleCTF2017, my first Capture The Flag (CTF) event. It was both humbling and exciting.  

If you asked me three days ago what was the absolute worst thing someone could say to me, I would have given a completely different answer than today, but today, my answer is ‘Really? Haha, no…’ a phrase I heard way too many times as I worked through the challenges trying to find flags.

In a CTF, each team has a set of challenges that needs to be solved in order to find the flag and grab the points. The flag is usually a piece of code =>CTF{this-is-a-flag}<=.  

CTF competitions touch on many aspects of information security including cryptography, steganography, reverse engineering, forensics, and other topics.

There are three common types of CTFs 

  • Attack and Defend
    • Red Teams (Offense) vs. Blue teams (Defence) actively attacking and defending network infrastructures.
  • Jeopardy.
    • Challenges are broken up into multiple topics ranging from easy to difficult, to insane. 
  • Mixed.
    • Varied formats. Depends upon the host of the event.

GoogleCTF2017 was set up as a Jeopardy-style event, and it turns out that I knew more than I thought; Moreover, it was a wonderful experience competing against peers and picking up mad new skills while expanding upon my security knowledge.

In order to increase my skills in preparation for this CTF (and many others to follow), I used the websites below to practice and train.

As a Front-end developer, knowing how to exploit your own web applications before a cyber criminal can is critical and Google Gruyere is an invaluable resource. You ‘learn by doing’ and in that process, you come to understand how applications can be attacked using cross-site scripting vulnerabilities (XSS) and cross-site request forgeries (XSRF). Additionally, it allows the user(s) to find, fix, and avoid vulnerabilities and other bugs that have an impact on security including

  • Denial-of-service (DoS)
  • Information disclosure.
  • Remote code execution.

However, the greatest part of the weekend I have neglected to mention so far was the elation you feel when you use tactics and exploits to find a flag, and it works, i.e., ‘you have successfully hacked something, and you captured a flag.’ Today, I realized, I belong in this field.

Results:

995 points, six challenges, ten hours, two days.

  • 1 Miscellaneous
    • Start Here (FAQ)
  • 3  Crypto Challenges
    • Crypto Backdoor
    • Introspective CRC
    • Shake it
  • 1 Pwn
    • Inst Prof
  • 1 Web
    • Joe

You don’t have to be an expert in order to compete in a CTF. You just need an unrelenting curiosity and passion to never quit!  The purpose of the competition, besides capturing the flag,  is to recognize your strengths and more importantly your weaknesses. CTFs require a great deal of work and dedication but are highly rewarding. Strive for excellence.

ctf_tools_1_dark_sd

As-A-Service Expands, Buckle Up Your Seatbelt.

Cybercrime is a thriving high reward low-risk business model, and it can be summed up easily with just-$.

In the past, there were various obstacles to overcome in order to get into the cybercriminal game. The ‘original cybercriminals’ ran a centralized operation which images (7)owned the servers and constructed malicious software (malware) from scratch.

This business model proved to be incredibly expensive to operate and exceedingly time-consuming; in order to make a substantial profit, large organizations were the only option.

However, similar to other ecosystems, the cybercriminal ecosystem continues to evolve. obrela-security-industries-8-638Today,  it is a distributed system where anyone with an agenda can simply rent, lease or purchase an ‘as a Service,’ services and ‘cash in’ on their crimes.

Some of the more of the well-known as a Service, services include:

  • Malware as a Service (MaaS)
  • Distributed Denial of Service as a Service (DDoSaaS)
  • Ransomware as a Service (RaaS)
  • Hacking as a Service (HaaS)
  • Money Laundering as a Service (MLaaS) to name a few.

The distributed system requires less effort because the criminals take advantage of the current ‘trends’ including the ‘human factor,’ where one in three individuals within an organization, regardless of training, will click on a phisher’s email and/or ‘low-hanging fruit’ otherwise known as the persons or organizations that despite all the warnings incur the risks with sub-par security, found easily by an exploit kit. Rather than deploying sophisticated and expensive Zero-Day attacks, now, any endpoint becomes a potential source of revenue.

As a Service, services is a flourishing business model run on the black markets found on the DarkNet such as the TOR network. TOR is a technological revolution in the ddasfacilitation of cybercrimes, because of the anonymity under which groups are able to operate.

Cybercriminals commit crimes directly against individuals, organizations, or governments through means such as malware attacks.

Direct methods are when resources are taken directly from the victim including

The criminals also attack in indirect manners including identity theft and fraud.

Indirect methods involves information obtained covertly from the victim which can be sold on the DarkNet including

The introduction of the cloud computing as a Service, services paradigm has brought abundant 3bjbp2xc-1323738953advantages to the information technology industry but also greater opportunities for cybercriminals.

Cybercriminals no longer need to rely on their own skills and assets to carry out exploits.

Several of these services include

  • Infrastructure as a Service (IaaS) provides the rental of servers and storage devices.
  • Software as a service (SaaS) provides the infrastructure enabling the dynamic production of applications.
  • Data as a Service(DaaS) Data is stored in the cloud and is accessible by a range of systems, and devices.
  • Platform as a Service( PaaS) allows users to develop, run and manage applications without the complexity of building and maintaining expensive infrastructure and the space required to develop and launch applications.

These cloud-based technologies afford cybercriminals with greater flexibility, greater resource management and agility in the furiously-paced technological environment allowing for even-more-dangerous and aggressive exploits.

Cybercriminals have taken full advantage of these services because they eliminate the need to maintain their own infrastructure, they can facilitate better operational security (OpSec) which adds a layer of obfuscation between the cybercriminals and the organizations hunting them while efficiently creating and distributing their malware attacks.

Another fuel for as a Service is the rise and popularity of cryptocurrencies. Cryptocurrency iscrypto-currency_market_capitalizations digital money that utilizes a decentralized, peer-to-peer (P2P) payment network thus making it harder to discover criminal activity.

The most utilized form of cryptocurrency is Bitcoin.

Bitcoin is used globally for legitimate organizations but is better know for the criminal exploits.

The topic of Bitcoin would not be complete without addressing the processes of Tumbling. Tumbling essentially adds an additional layer of anonymity to block attempts to track and uncover Bitcoin transactions. There are multiple ways to Tumble Bitcoins including

  • Multiple Wallets Cybercriminals creates a wallet via TOR and adds Bitcoins to it. Atop-crypto-currency-wallets-03 second wallet is created, again, utilizing TOR, and moves the funds into the second wallet. Last but not least, a third wallet is created, and the funds are moved again, thus confusing the trail of transactions between the three wallets making attribution almost impossible.
  • Third Party Services DarkNet organizations offer services in order to launder howitworksbitcoins which add a ‘proprietary obfuscation technology’ that breaks the link to the source of the funds and prevents any blockchain analysis tracking bitcoin transactions.

The DarkNet is an encrypted network built on top of the DarkWeb. Two typical DarkNet Deep-Web-Dark-Webtypes are P2P used for file sharing and networks such as TOR for anonymity.

Tor-EncryptionTOR which is short for ‘The Onion Router,’ provides anonymity to its users by bouncing the user’s communications around a distributed network of relays worldwide; TOR also prevents tracking of what sites are visited, prevents the sites visited, from learning the user’s physical location, and allows access to .onion sites ranging from legal to absolutely illegal. TOR can be used on Windows, Mac OS X, or Linux without any additional software.

As with all things as a Service, where there is a need, service providers seem willing to satisfy it. Moreover, as long as the return on investment (ROI) remains high, the expectation for continued investment into even more resources in order to unleash greater numbers of cybercrimes on the broadest possible range of targets will continue. Buckle up your seatbelt.  

                                                 Prevention Guidelines

  • Use strong passwords- Eight characters. Include upper and lower case letters, Numbers and Special Characters (!@#$%^&*(
    • Adding just one capital letter, and one special character changes the Brute Force processing time for an 8 character password from 2.4 days to 2.10 centuries. Think about that!passwords
  • Never write your password on a sticky for an intruder to find.
  • Group the sites you visit into categories, i.e. business, personal, sensitive, and use a password for each category.
  • Activate your Firewall- it is the first line of defense.
  • Use your Anti’s
    • Anti-Virus
    • Anti-Malware
    • Anti-Spyware
  • Secure your Mobile Devices-They are just as vulnerable as your computer.
  • Install the latest OS updates.
  • Download Applications and Attachments FROM TRUSTED SOURCES ONLY.
  • Delete all unknown e-mails.
  • Use encryption for all your sensitive data.
  • Use HTTPS for all your transactions.
  • Backup your data frequently and store it in multiple locations.

Cybersecurity is a shared responsibility. Stop. Think. Connect.