W4500 Cyber Security
What is Cyber Security?
Cyber Security is the protection and hardening of computers and their software from attacks from malicious individuals called hackers. Cybersecurity is extremely important, now more than ever, because of the growing influence of global computing and internet access.
Capture the Flag
A Capture the Flag (CTF) competition requires individuals or teams to complete a series of cybersecurity-related problems in the allotted time. These problems will each consist of a hidden flag (a string of text) that must be found using hacking techniques. CTF's are useful for learning about vulnerabilities that hackers can exploit. There are different kinds of problems one may encounter in a CTF:
- Cryptography: In a cryptography problem, one must decode a hidden message.
- Forensics: Forensics problems offer a wide range of tasks but often require one to use basic computer knowledge to find information hidden in a file or directory.
- Reverse Engineering: Reverse engineering problems require one to understand how a given code works in order to exploit it.
- Web Exploitation: In a web exploitation problem, one must exploit a website using a wide variety of methods.
- Binary Exploitation: This category challenges one to exploit an executable file.
It's very useful to have access to a Linux machine when competing in a CTF, as the Linux terminal has many useful built-in tools that allow one to solve problems very quickly.
The Coder Merlin shell has many CTF related tools, and is a great Linux terminal to begin with.
If you would like more tools and the ability to use a GUI as well as command-line tools, Kali Linux is regarded as the best Linux OS to use for cybersecurity because of its vast quantity of built-in CTF specific tools. It's recommended that you run Kali Linux on a virtual machine.
Links for these resources:
- VMware Virtual Machine: https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html
- Kali Linux Image: https://www.kali.org/downloads/
wget is a useful command to download files from the internet into a shell. Note that you have to right-click the download link and copy the address:
john-williams@codermerlin:~$ wget [URL]
There are many online encryptors and decryptors specific to certain encoding techniques. Often, the best way to solve a cryptography problem is to look up the encryption technique on Google.
Forensics problems typically hide information inside of a given file. Some of the tools you can use to extract this information are shown below. Note that some of these tools may need to be installed.
Exiftool is useful for viewing file metadata:
john-williams@codermerlin:~$ exiftool [filename]
Binwalk can extract files from inside other files:
john-williams@codermerlin:~$ binwalk [filename]
HxD is a hex editor program that can edit a file's raw hex: https://mh-nexus.de/en/downloads.php?product=HxD20
grep is a Linux command that searches for a specified string within files.
Ghidra is a useful tool used for decompiling executable files and viewing their source code. The download link can be found here: https://ghidra-sre.org/
gdb is a command-line debugging tool that can be used to view the stack, registers, and code of an executable.
PwnTools is a library that contains a variety of Python tools related to binary exploitation. Use the pwn -h command to see all the included command-line tools.