DEV Community

Cover image for When a crisis occurs - Panic
Steveland
Steveland

Posted on

When a crisis occurs - Panic

#todayilearned #infosec #devjournal #security

Another week rolls on by and it has been quite eventful.

  • Managed to have my first COVID jab, so now I can recieve all the good TV stations although I do have some hotspots around the house. Now, I just have to make sure that my firewalls rules are in place and no unauthorised ports are exposed.

  • Did some more automation at work which is always good, it's nice to keep those skills sharp and have a plan of what I want to achieve and slowly make progress on it.

  • Had some American styled food to celebrate wife birthday, very yummy and tasty. Every single piece was cooked well, soft and well...We still have left overs Homer drool

In not so good news, my car broke down on the weekend, which is not what I want. Something to do with the starter motor dying on me, so now I have to wait for the garage to contact me to see what the damage is.

Relating the incident to , it has shown me that:

  • When you have a plan, and it doesn't go to plan, take a breather, think about the situation, pivot and then adapt (The original plan was going to be to drive it home and then get it to the garage).

  • When the environment is busy (3 kids in the car), it's important to have a clear head, and despite the initial panic. Try not to panic as that can spread to other people (Son saw the intial wide eyes), but after breaking down on a fast road. Was able to get the car to the side of the road. Takeaway - Figure out the initial priorities (Kids safety) and act on it, then plan for the rest.

  • Communication - Kept in contact with the wife, but didn't overwhelm with too much information. Told her enough to let her know what was going on and what the plan was. Same with the kids, let them know what the situation was, but obviously the style and delivery was not the same. Therefore, in my head, it's the same when you are in security, keep the lines of communication open. Let the relevant stakeholders know the situation but know how to deliver that message in a way that makes sense to them.

  • Presentation of Information - I was hoping it was the battery that went as that would be easier to deal with. However, I presume like an incident, the information is there to come to the correct solution, if you know what to look for.

    • Lights were still working
    • Low battery indicator had not come on yet
    • The engine wouldn't even turn over (Didn't even make the usual clicking noise)
    • Information about the steering wheel assist going showed up (It's amazing how heavy the steering wheel is when it doesn't have assist - and this is someone that is old enough to have driven cars pre power steering).

The above may seem cringeworthy but hey, it's what I thought about and writing down your thoughts is never a bad thing. The above makes me think of another post I did years ago on why Batman would be a good QA. I mean I did a whole page on it.

Immersive Labs

  • Attempted to do the Halloween CTF and I know that I'm on the right track, or I hope so. The main takeaway is that I'm learning about the tool PRET and what it can be used for. Also learning about what ports, printers are usually communicating on.
    • So far, I've been able to log on to the printer using the correct printer language
    • Navigated the directories to the print jobs to find the files
    • Managed to get them to my local computer
    • Converted the ps file to text file which reveals the picture information in a meaningful text format - However I'm sure the information is there in the many lines in the files, I just need a way of identifying it (I tried grepping for flag or token).

The thing I like about Immersive Labs is that they give you just enough information to move on and I like to think I'm making good progress with the free labs.

HacktheBox

Tried to hack the main invite page, as I knew that I did it before in the past. I remember enough to open the source code (although it does give it as the number one hint) and I knew that Javascript was the main focus clue but after ten minutes, I lacked the steps to take that information and use it. So I stepped back and went through the Academy that they have that taught me about:

  • JavaScript obfuscation and De-obfuscation
  • The tools and process needed to take the code and decode it
  • Converting the encrypted string and use tools to decode.

That was a nice knowledge dump to have, so now I have a good process and copious notes on how to decrypt encoded JavaScript code. Once I knew that, it was obvious on what to do.

I also did some more modules and learnt more about Burp Suite. I've used it before so it was more of a refresher course on how to intercept/Repeat the requests. Also had the refresher on how to manipulate cookies to hold different information. I have to say that it's a constant road of learning as it really is a case of use it or lose it.

Right now, I'm half way through the Networking modules, so going over again the different modules that deals with TCP/IP - OSI model. The different types of topology (Tree, Star, Point to Point, etc). It's quite heavy in knowledge, so I'm making pointed notes to read.

TryHackMe

  • Did some more modules on Networking. Alot of the tasks and investigation was around the different types of protocols and how to manipulate them.
    • File Transfer Protocol
    • Simple Mail Transfer Protocol
    • Telnet
    • Network File Systems

Generally, the process tends to be the same, the only difference seems to be the detailed steps on how to exploit it.

From what I'm seeing, it seems to be the following

  • Research the landscape, find the important ports
  • If possible, see if Anonymous access is available
  • If so, log in and do some more research on the server
  • Check for usernames or keys
  • If possible, use a reverse shell
  • ......
  • Profit

Learning and Education

In other news, sat down with son and we went through some introduction courses. We used the Try Hack Me, introduction to Linux. So now he knows or as an idea on

  • IP Address, it knows that it's like an address that identifies a webpage or computer
  • Some Linux commands, so he knows how to list a directory using some flags, he knows how to cat a file, how to create a file and he knows how to run a binary script.
  • When he was answering the questions, he needed some guidance, but generally he was fine.

We also used a website that was less technical and more gamified and story driven - https://www.pbs.org/wgbh/nova/labs/lab/cyber/

Take cybersecurity into your own hands. In this Lab, you’ll defend a company that is the target of increasingly sophisticated cyber attacks. Your task is to strengthen your cyber defenses and thwart the attackers by completing a series of cybersecurity challenges. You’ll crack passwords, craft code, and defeat malicious hackers.

It uses challenges where you have to guess a password, use scratch to control a robot and much more.

In his words, the pbs site was easier to understand the concepts, while Try Hack Me was good in that I was learning real life skills.

I like to think he is engaged as he wants to write a school article about What cybersecurity is and how to make yourself safe (from his point of view). He did ask me if schools get hacked. I did reply that I've never heard of an incident but if you think about the data that schools hold, it's quite the minefield of information. He'll do some more research and write it up. As soon as he does, I'll publish it here as well.

Top comments (0)

Read next

retr0kernel profile image

SmartVerify : Securing Smart Contracts with Our ML-Powered Solidity Vulnerability Scanner WebApp

Krish Srivastava -

arpadt profile image

Using Verified Permissions with Cognito to control access to API endpoints

Arpad Toth -

crabnebuladev profile image

Recent Rust Security Advisory: CVE-2024-24576

CrabNebula -

mrtnsgs profile image

HackTheBox - Writeup Surveillance [Retired]

Guilherme Martins -