Skip to main content

CCDC 2022-23 Log #1

We've recently had our first CCDC meeting for the year. A small informational for interested students. It went well, we seem to have some good candidates already popping up. It's still too early to tell if they'll stick it out, but I'm hopeful we'll have a good team this year. 

I'm planning on doing semi-regular updates on our team this year, mainly covering my perspective as co-captain and as a mentor. I'm also planning on dropping some of the tools and labs I'm creating for our team and my masters capstone. The first set of labs covers active directory configuration and object management. After finishing those, I'll work on labs for Linux incident response and systems hardening. I'm lucky to be in a position where my university has allowed me to use these labs to meet the capstone requirement, so long as I allow them to use the labs in undergrad courses. I'll also be releasing and updating my CCDC toolset for Windows servers and doing some deep dives on how they work/what they're used for (Vynae post coming soon!). 

Part of our training this year will include hosting a live red team during our inject practices. Now that our university has relaxed its covid regulations, we'll be able to have more frequent in-person meetings. This will let us organize more advanced training sessions such as live red team practice. The current plan is to have team alumni come in and start poking around and shutting down insecure boxes during an in-person inject practice. We're trying to get an environment that is as close to the real thing as possible, and I'm excited to get the new members some hands-on practice. 

Beyond that, we also have increased faculty involvement this year. I've asked several professors to come and give training sessions or topic-related lectures to the team this year. Typically, we get a very good incident response lecture from our coach, but this year we'll also be getting some custom pen testing and red team lectures. I'm also trying to put together some networking labs, but this semester might be a tad too busy to get those in a working state. 

Comments

Popular posts from this blog

Using PGPy to encrypt and decrypt files and messages

 PGPy is a library for python that enables the creation, storage, and encryption/decryption of PGP keys and files in python. Recently, in a small project to reacquaint myself with python, I used PGPy for key generation and encryption and decryption. That project can be found in my github at  https://github.com/lpowell . The goal of the project was to use command-line switches to control the program, and to provide basic encryption and decryption capabilities, along with rot13 and base64 encoding.  First, to load in a key use key, _ = pgpy.PGPKey.from_file(keyfilename) . This loads the key from either a binary or ASCII armored file. You can swap out .from_file for .from_blob , if you plan on using a key stored in a string or bytes object rather than a file. In my example code, I pull the key from a file, as I found it to be the simpler method.  Next, you'll need to open a file or create a string or bytes object that contains the message you wish to encrypt. We'll call this file

Frag Attacks - A critical Wifi vulnerability

Wifi fragmentation and aggregation attacks (FragAttacks) are a new collection of vulnerabilities in which a threat actor can exfiltrate data or attack victims within radio range. Mathy Vanhoef, a postdoctoral researcher at New York University Abu Dhabi, recently published his paper, Fragment and Forge: Breaking Wi-Fi through Frame Aggregation and Fragmentation , detailing several attack vectors and examining the intricacies of the aggregation vulnerabilities that have been part of the 802.11 standards since the inception in 1997.  Quite interestingly, every device tested was susceptible to one or more of the FragAttacks. While several 802.11 standards make these attacks harder to perform, they can be executed on all devices across all standards. It's a good thing then, that there was a nine-month embargo on information related to these attacks, allowing manufacturers to provide security updates to affected devices. Mathy Vanhoef has also created a website documenting the FragAttack

RFC 791 pt2

 This week's post will cover the operation of the Internet Protocol. Specifically, Time to Live (TOL), Type of Service(TOS), the Header Checksum, and the other remaining options available when transmitting data across IP. While this post will cover the basic operations and provide descriptions of their functions and use, a more technical dive will be saved for next week's post, which will cover the specification section of RFC 791. The final post in this series will cover the security implications of the Internet Protocol, and briefly cover the updates made to the original document and protocol.  Continuing from the last post, there are two main functions of the Internet Protocol. Addressing and Fragmentation. To begin,  the device you use to connect to the internet, or the internet module, uses the addressing function of IP to send and receive data. The internet module reads the address of the datagram and uses it to route to the desired endpoint. This address is carried in th