Difference between revisions of "W4500 Cyber Security"
(Initial edit. Added basic information about cyber security.) |
(Added information about cyber security tools) |
||
| Line 12: | Line 12: | ||
{{Hint| | {{Hint| | ||
The following Wikis in the W4500 Pathway correspond to CTF challenges. These pages will contain specific information about various exploits found in these challenges.}} | The following Wikis in the W4500 Pathway correspond to CTF challenges. These pages will contain specific information about various exploits found in these challenges.}} | ||
== Set Up == | |||
It's very useful to have access to a Linux machine when competing in a CTF, as the Linux terminal has many useful built-in tools that allow one to solve problems very quickly. Kali Linux is regarded as the best Linux OS to use for cybersecurity because of its vast quantity of built-in CTF specific tools. It's recommended that you run Kali Linux on a virtual machine. | |||
Links for these resources: | |||
* VMware Virtual Machine: https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html | |||
* Kali Linux Image: https://www.kali.org/downloads/ | |||
== Common Tools == | |||
=== Cryptography === | |||
There are many online encryptors and decryptors specific to certain encoding techniques. Often, the best way to solve a cryptography problem is to look up the encryption technique on Google. | |||
=== Forensics === | |||
Forensics problems typically hide information inside of a given file. Some of the tools you can use to extract this information are shown below. Note that some of these tools may need to be installed. | |||
Exiftool is useful for viewing file metadata. | |||
{{ConsoleLine||john-williams@codermerlin:~$ exiftool [filename]}} | |||
The strings command will list readable text in a file. | |||
{{ConsoleLine||john-williams@codermerlin:~$ strings [filename]}} | |||
Binwalk can extract files from inside other files. | |||
{{ConsoleLine||john-williams@codermerlin:~$ binwalk [filename]}} | |||
=== Reverse Engineering === | |||
'''Ghidra''' is a useful tool used for decompiling executable files and viewing their source code. The download link can be found here: https://ghidra-sre.org/ | |||
Revision as of 15:57, 9 November 2020
What is Cyber Security?[edit]
Cyber Security is the protection and hardening of computers and their software from attacks from malicious individuals called hackers. Cybersecurity is extremely important, now more than ever, because of the growing influence of global computing and internet access.
Capture the Flag[edit]
A Capture the Flag (CTF) competition requires individuals or teams to complete a series of cybersecurity-related problems in the allotted time. These problems will each consist of a hidden flag (a string of text) that must be found using hacking techniques. CTF's are useful for learning about vulnerabilities that hackers can exploit. There are different kinds of problems one may encounter in a CTF:
- Cryptography: In a cryptography problem, one must decode a hidden message.
- Forensics: Forensics problems offer a wide range of tasks but often require one to use basic computer knowledge to find information hidden in a file or directory.
- Reverse Engineering: Reverse engineering problems require one to understand how a given code works in order to exploit it.
- Web Exploitation: In a web exploitation problem, one must exploit a website using a wide variety of methods.
- Binary Exploitation: This category challenges one to exploit an executable file.
Helpful Hint
Set Up[edit]
It's very useful to have access to a Linux machine when competing in a CTF, as the Linux terminal has many useful built-in tools that allow one to solve problems very quickly. Kali Linux is regarded as the best Linux OS to use for cybersecurity because of its vast quantity of built-in CTF specific tools. It's recommended that you run Kali Linux on a virtual machine.
Links for these resources:
- VMware Virtual Machine: https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html
- Kali Linux Image: https://www.kali.org/downloads/
Common Tools[edit]
Cryptography[edit]
There are many online encryptors and decryptors specific to certain encoding techniques. Often, the best way to solve a cryptography problem is to look up the encryption technique on Google.
Forensics[edit]
Forensics problems typically hide information inside of a given file. Some of the tools you can use to extract this information are shown below. Note that some of these tools may need to be installed.
Exiftool is useful for viewing file metadata.
john-williams@codermerlin:~$ exiftool [filename]
The strings command will list readable text in a file.
john-williams@codermerlin:~$ strings [filename]
Binwalk can extract files from inside other files.
john-williams@codermerlin:~$ binwalk [filename]
Reverse Engineering[edit]
Ghidra is a useful tool used for decompiling executable files and viewing their source code. The download link can be found here: https://ghidra-sre.org/
