The area is secure.

DOS attack: used to shut down network (spam the network)    - used as a distraction    - while another attack is carried out

properties RSA provides:    - Authentication

HTTPS has perfect forward secrey    - Use diffie hellman every time for a new session

Chosen Plaintext Attack:    - You have a cipher text you want to decrypt and you try different plain text

Known the different data/control interactions (buffer overflows are an example, telephone tones, )    - TICTOU    - sql injection    - Snapchat Atack:    - hardcoded key:        - replay attacks        - re use

   - ECB: Chinese syndrome (film t=is assessible)

- insider attacks, - social engineering (usb),

- the more security you have, the harder it is to work    - no stackoverflow    - no email    - - partially air gap some of the network - for MAC key where key is

questions from case studies, extended demos, a movie, course textbooks for the extended stream.

For my something awesome project, while most people chose to do CTFs, I chose to do something original, practical to the real world, and completely new to me. I chose to learn about Open Source Intelligence (OSINT) and carried out an OSINT Investigation against my own Tutor.  For the full proposal details please see my proposal blog.

To summarise the proposal, in order to do well in my project I set the following goals:

Research OSINT theory from a range of sources 

Use industry-recommended tools for intel gathering

Gather information with varying levels of difficulty

Produce a high-quality final profile

A Link to the Proposal, Blogs, Video, and Final Profile

Achievements

In the end, this is a summary of what I was able to achieve:

Went from not knowing what OSINT stood for, to conducting extensive research on OSINT using DefCon talks, video tutorials, articles and podcasts

Blogged my findings and thought process consistently every week to track progress and keep organized

Used multiple tools from the industry such as osintframework.com, Maltego, Google Dorking and Bellingcat’s Online Investigation Toolkit to gather information 

Created a 5page final profile of Andrew along with a private blog about other confidential information I found

Gained an appreciation and understanding of why and how OSINT is used in the cybersecurity industry

Went completely out of my comfort zone to create a video presentation of my research and findings

Overall Reflection

Overall, this project pushed me out of my comfort zone and definitely developed my research, security mindset and problem solving skills. On average I would spend about 6 hours per week (4 hours researching/gathering intelligence + 2 hours collating and summarising into blogs) documenting my progress and coming up with creative ideas for discovering information.

Throughout the duration of this course, I have collaborated with other students, I’ve helped them and they have helped me. Altogether, we have established a professional ethos which benefits all. Contributing to the course environment 

I have provided helpful pointers online and tried to get lecture content clarified early in the week.

I have publicly posted all my lecture notes, revision guide and case study reflections (all lectures + tutorials, midterm revision) so that all people can benefit from this. Hopefully, this can act as a supplementary source of information against the course textbook.

I have participated in every class tutorial (without missing any) and have been a key member in each team. Not only have I given ideas (Houdini, Stargate) that were sound, but also facilitated teamwork within the team.

Teamwork

I’m lucky that I have some friends in this course, most of my friends have graduated. As a result, we often sit together in the lectures and do work together. 

Before the midterm paper, Neil and I used to try and crack as many crypto puzzles as we could before the lecture begins 

Vaish and I are in the same class! This makes things super easy. In the past, she has helped me get clear on a few things from the lecture, and I’ve helped her with some challenging homework questions like the HASH + MAC and OTP. 

I’ve always been an active member of the class, it's just the best way for me to learn. One case study that I particularly enjoyed being a part of was the Privacy Debate. Although I didn’t talk too much, that’s because while the opposition’s speaker was raising their case, I was cross-checking my notes for figures and writing rebuttals for my team to use. 

Before the midterm, I set up a google doc with Vaish in order for us to revise together and consolidate notes. 

Communication and Feedback

I demonstrated effective communication by clearly and concisely explaining to Vaish how to solve the lengthy OTP homework problem.   

I created a video presentation of my something awesome project just in case of an emergency. This required me to summarise my presentation into 2 mins

During the Houdini case study, my team liked my proposed solution however it was complicated to explain - especially to the whole class. Thus I broke it up into pieces and was able to explain the whole concept clearly. 

Responsible Data Handling

Since my something awesome project was on OSINT. Naturally, Andrew and I had an agreement that any information found that was confidential and private would only be put on the private blog.  

In the end, I did find data that was private and confidential about another target. I wrote about it in the password-protected private blog with all identifiable information redacted. (Link - password protected)

Vaish accidentally sent me a message with her phone, although instead of the message being the URL to her private blog, it was the password. I blogged about this in private blog but also recommended that she change her passwords. (Link - password protected)

This course has allowed us, students, to practice so many new skills! 

Technical Skills A lot of the homework activities in this course don’t require you to use code to solve them. Additionally, my something awesome project didn’t require me to create a new tool/implement code, thus my technical skill growth has been a little limited.

At best, I grew my technical experience with industry-standard tools such as Maltego and Google Dorking. I learned about them in week 3 and used them throughout my something awesome project. For example week 5 and week 6.

I would also argue that learning about bits of security and how to calculate them was an important technical skill as it gives context to how secure old/new algorithms are especially in a contemporary context of large scale computing power. 

Research Skills Unlike my technical growth, I’ve had a lot of opportunities for research in the past 8 weeks. 

I’ve done additional readings and reflections on a subset of case studies which I have found particularly interesting such as Houdini’s Death, Doors, and The Privacy Debate.

I furthered these skills again when diving deep into explanatory articles which have helped me with homework exercises. In particular homework exercises such as ELI85 and OWASP Top 10.

I developed my research skills specifically when completing phase 1 (weeks 2 & 3) of my Something Awesome Project where I used a range of sources to understand the theory of OSINT. 

Practical Skills My approach to this course and decisions of what to study (in something awesome) have led to a naturally skewed growth path towards Practical Skills. This came in many forms:

Within week 1, I was already trying to break into my house using different types of plastic cards (credit cards, membership cards, etc).

I used spare time to revise and build up my skill of cracking ciphers before the midterm exam.

I used the research and learnings from lectures to complete all practical exercises on Open Learning (Evidence). 

My entire Something Awesome project was about building practical OSINT Skills. For more information, it's better to check that section in this application. Something Awesome Project

Within this project, I came up with a feasible Social Engineering exploit which I thought was pretty smart. Read Sidenote 2.

One particular skill which I am proud to have worked on is the ability to communicate security concepts to non-security people. 

I was able to work on this by completing homework activities such as  ELI85 and OWASP Top 10. Each with the opposite audience highlighted how hard life as a security analyst must be sometimes managing different stakeholders. 

Using these tasks as warm-up, I was able to step out of my comfort zone and create a video of me explaining my Something Awesome Project within 2-3 mins. Youtube

Another practical skill I have picked up from the course is Security Awareness. This was developed by participating in homework such as Dumpster Diving, Shredding analysis, Googling Yourself and the social engineering PuppyLove challenge. 

Areas of Improvement 

Having completed COMP1917 in the past, I knew that Time Management was an important skill to master - especially in a Richard Buckland course. While there have been some hiccup’s along the way, my time management (and stress) have vastly improved over the term. I am very proud of the steps I took to ensure my long term success. 

I blogged consistently throughout the course, totaling over 50 blogs.

I took the initiative and started my something awesome project early before it was even approved. I knew the value of time in this project since I had organised it well in the proposal. Something Awesome Week 2

I quickly identified flaws in my productivity approach which caused me to fall behind on my wk3 homework activities and created a sensible plan to rectify the situation. Detailed Plan.

I followed up on my plan two weeks later to evaluate whether it was working. Not only did it help me with this course, it vastly improved my productivity with my other courses too. This plan was honestly one of the best things I did all semester. Follow up Blog

My time management improved so much that I was able to take opportunities in my schedule to quickly finish a week’s activities in three days. Leaving significant time to my something awesome project which was pivotal to the successful findings in week 7. Reflection blog in week 7, Something Awesome Week 7 (see end of blog).

By fixing previous issues and sticking to the plan, I’ve been able to complete all open learning tasks to date. All tasks completed

Despite falling behind on wk3 hw activities, I made it a point to never fall behind on lecture notes, pre-readings,  case studies and something awesome blogs. Evidence (All links in one place).

Areas for Improvement

I’ve been late to tutorials a couple of times. This hasn’t had a huge impact on me personally, and I certainly hope I haven’t been disrupting class too much by coming in late. I can make excuses about why it’s because of transport or late lectures on Tuesday’s but honestly, I’ve had long enough to figure out a solution.

I should’ve been reviewing my time management and other skills every two weeks via blogs to ensure that everything is running smoothly and that I’m paying attention to the right areas for growth.

Throughout the duration off this course, I’ve been working on improving my ‘security eyes’ otherwise known as my analytical skills. Broadly speaking, such skills can be categorized into 3 categories: 

Research

Something Awesome Research: Because my something awesome project was about something I had never even heard of before, I planned for a 2 week research phase. I used a range of sources to get a broad range of perspectives and identify common themes which helped me understand the theory behind OSINT. Phase 1 (Research): Week 2, Week 3.

I’ve done additional readings and notes on a subset of case studies which I found particularly interesting such as Houdini’s Death, Doors, and The Privacy Debate.

While nearly all homework activities have an element of research, there are some that have had a lasting impact or provided me a new perspective on security features and/or exploits 

ATMs: Being the ignorant millennial I am, I had never stopped to consider how authentication and authorization works on an ATM, what fail-safes it has, and what the common attacks are

Secure CryptoProcessors and Hardware Security Modules: Researching for this activity changed the way I view iPhone security. Knowing the low-level hardware, it’s vulnerabilities and the fact that your biometric data isn’t sent back to apple means that I might start trusting my phone to store my fingerprint and my face ID. 

Titan II: This activity expanded my security awareness because it was the first time I truly understood what it means to be a good security engineer. I truly appreciated Richard’s teaching that we humans are bad at judging risk, especially low probability high impact. The research into this technology and disaster was fascinating. 

Reflection

Something Awesome Reflections: In Phase 2 of my project, every week I would write about what the impact of having the information found is - especially from the point of view of an attacker. To read such reflections view here.

Lectures & Case Studies: After completing lectures and after completing the tutorial class I’ve always posted what my reflections were of the topics discussed (evidence - demonstrating that it’s been sustained over the semester). This was a very helpful process as it not only helped me refine what my process (with lectures and case studies) is but also objectively compare it to others. Something that I learned is that constant reflection causes ideas to evolve. For example, after finishing the tutorial I proposed a framework in week 4 for answering case study questions in the future. However, at the end of week 5, I realised that my framework is incorrect and needs to take into account all kinds of stakeholders too.

As I’ve written above, some homework activities have changed my perspective on companies and their products.

Some other homework tasks have made me more aware of my own digital/physical trace. Dumpster Diving and Google yourself.  

Application

Something Awesome Research Application: As explained briefly above, phase 1 of my project was an extensive research phase where I aimed to learn about the theory of OSINT and what tools are commonplace in the industry. In Phase 2, I put all that research to use by conducting my own investigation on my Tutor. I was successfully able to use the research knowledge and the tools examined to produce a final profile of my Tutor. More details are here.

After the week 5 surprise in the tutorial, I have taken the adjusted, new approach and mapped it to every case study since. 

I’ve used concepts like etaoin shrdlu and frequency analysis to increase my overall speed when cracking substitution ciphers (MidTerm Revision)

Lectures Notes:

Week 1: Introductions Week 2: Codes and Ciphers Week 3: Risk & Merkle puzzles/RSA/Diffie Hellman Week 4: Hashing & Physical Security Week 5: Vulnerabilities, Bits of security & More Hashing  Week 6: OTP & Threat Models Week 7: Misdirection, Kevin Mitnick & Assets Week 8: Identity & More Assets

Case Study Reflections:

Week 1: DeepWater Horizon Week 2: Houdini and Margery Week 3 p1, Week 3 p2: Doors  Week 4 p1, Week 4 p2: Google Physical Security & Midterm Revision Week 5: Security Minister and Automated Cars Week 6: War with Russia Week 7 p1, Week 7 p2: The Privacy & Surveillance Debate Week 8: StarGate Problem 

Something Awesome Blogs:

To Recruitment Team

Subject: JOB LISTING: SECURITY ENGINEER

My name is Kanishk Purohit, I'm in my final year of a Bachelor of Software Engineering at UNSW. I would like to express my interest in the Security Engineer position you currently have available at Gitzon.

Throughout my degree, I've had countless opportunities to learn cutting edge knowledge and skills from experts in the field. In particular, I believe my experience in the COMP6441 (Security Engineering and Cyber Security) is most apt for your review.

Despite the fact that I could not find any information on your company, and your servers are down, for your convenience I have addressed your selection criteria in the following pages:

Analytical Skills

Time Management

Skills

Community and Professionalism

Something Awesome Project

Thank you for considering my application! Hope to hear from you soon.

Best Regards, 

Find an example of something in everyday life that could be easily faked and explain how it might be achieved. 

Social Media is something that people use in everyday life and its a pillar of society where people are free to express their views and sentiments.  Given that, and the impact social media can have, making accounts on social media is very easy. They usually ask for name, email, age and all this information can be faked. With regards to email, osintframework.com has resources such as https://randomuser.me/ or https://backgroundchecks.org/justdeleteme/fake-identity-generator/ which provide all this information but also generated usernames/passwords and profile photos.   If a service requires you to verify your email address, you can use a temporary email account such as https://10minutemail.com/10MinuteMail/index.html. The email address exists for 10mins and then disappears (and it’s unrecoverable).  Sometimes, quite advanced services require a mobile number. For this, you can use services like twillio or google voice.  Creating fake/temporary social media accounts is actually a show on youtube

Found out some info for this post via 

This is a little summary/submission post which links to all my other posts:

Proposal

Week 2

Week 3

Week 4

Week 5 + Private Blog

Week 6

Week 7

Week 8 

Youtube Presentation 

This week I’ve been finalizing the profile I’ve been putting together of Andrew, I created a video of my presentation, and I’ve been having some final reflective thoughts which I felt would be good to write down.  Did I learn OSINT?

Yes. I definitely think I achieved this aspect of the project. The amount of research I did in phase 1 was enough and the notes I took were something I could always go back to in case I was stuck. It was really helpful to also have the podcasts because it felt like I was learning something new each week (even if I couldn’t use it) in my 30mins commute.  I think this knowledge also came across in my project with how I had to think of creative ways to get access to public data. 

What tools from the industry helped best?

Honestly, Google + Creativity. With Dorking and literally having all the world’s (public) information at my fingertips, google was really really helpful. I think in the case of my target, the other tools found on tool aggregation sites like osintframework.com and in the bellingcat doc, weren’t that useful. This is because of 3 main things: 

Many tools are now dead (especially the social media ones): Tools are always being forgotten and unmaintained or the hosting for a site that the tool is on hasn’t been paid, etc. There’s a reason why OSINT is called the land of dead tools. Something that definitely had a big impact on my project was the Cambridge Analytica scandal, since then social media companies have tightened their data privacy and most social media tools have been rendered useless. 

Australian Data is not typically public: I found that many tools and sites were built specifically to serve targets in the US. A lot of their records are frequently being put online and made public, and there are sites that search across all categories of public records and make OSINT ‘easy’. However, that is not the case in Australia (thankfully).

Some tools have started off free, built up a user base and then moved to be paid subscriptions. In my case, some online sites and Maltego restrict certain functionality in their free tier software and it’s hard to say if this had a major impact on my work. As with all OSINT, one small piece of intel can open doors to new discoveries and if the paid tier software would help find that then yes, it would’ve made a big impact. 

Trusty google and logic became my primary tools of choice and I think they’ve served me well. Sometimes an OSINT investigation will focus on physical digital infrastructure, getting ip addresses of servers to exploit, etc I didn’t need to do that in my project so I didn’t need to use those tools. 

How would things be different if this was a real investigation?

I think there would be 3 primary differences if this were a real investigation:

Specific Goal, More Structure: Usually investigations (at least from what I’ve seen) focus on finding out specific information on a target, not trying to find out everything possible. While it’s been interesting to see what information I could find by being more general, I’d love to participate in a future CTF to see if I can put these new skills to use for achieving specific goals.

More Time: I’m not sure how long investigations typically run for (for if there even is a typical time frame), but I think in an actual investigation there would be more time to really go through all social media profiles of work colleagues, friends, suspected family members etc. In this project, I had to balance my thesis and another course but I’m hoping that what I’ve managed to find is enough.

SO Appropriate to my something awesome project, this week’s task is to choose a service and download all our information from that service.  I chose Facebook, unfortunately, creating the zip with all my information was taking a very very long time. I eventually canceled my request and made another with a limited subset of information, particularly that which facebook gives to advertisers.  This is what a got from facebook:

Ads: “Your interests based on your Facebook activity and other actions that help us show you relevant ads”

This was really interesting, while there were some topics I would say I’m interested in, there were others which were random. Eg. Some Indonesian technology company, fashion and design, couch??? Come on facebook, if you are gonna collect all my data, get it right.

Another thing facebook gives you is all the companies who have uploaded your information as part of their contact list. Basically, you’ve given them your information at some point (ie. signed up for a newsletter, etc) and they are using that information to now run facebook ads against you. So I was able to see all the companies (which there weren’t that many) who do this. I wonder if there's a way to remove myself from their list. 

Facebook also tells you which ads you’ve clicked on. 

Location: Nothing. I am so happy about this, I find companies collecting location information is super creepy so I'm happy facebook doesn’t have this.

About you: 

Peer Group: University. That’s all it said. Not sure what this is for? 

Facial Recognition: Had a bunch of data which didn’t make much sense on facial recognition. It also had a number for the number of matches currently. 

Address Book: A list of email addresses of all your friends who have made this public to friends. This is creepy, no one knows that facebook has this feature. Keep people’s personal emails private.

Not gonna lie. I absolutely forgot that there was a case study this week. I assumed that the something awesome presentations (which went well btw!) would’ve taken too much time and we wouldn’t have a case study. Luckily, there wasn’t really any pre-reading required.  The Question: What would you M do to get from X his report on the Alien's (A's) planet? To expand, you are M, X is your lieutenant but he/she is completely invisible and cannot communicate with the physical world. A is an Alien, you know nothing about the alien and what they can do, but only A can see X. X has a report they need to give you, via A, how do you do it securely?  Group Discussion: We were broken into our groups for this and quickly identified that we need to accomplish three things  1. Authenticate identity (something i know, i am, i have) 2. Secure comms channel 3. Make it tamper proof/tamper evident (so we know if alien has changed message) This was pretty hard, we had to think out of the box a lot for this one. Typically you would use something like public/private key encryption or diffie hellman to set up communication channels but diffie hellman is not secure to man in the middle (which this is) and public/private key encryption cannot be done in one’s head especially when you’re dealing with an Alien who could probably do it too. 

Idea 1: In the end, this is the main idea we came up with.  1. X breaks report up into chunks  2. M creates a set of merkle puzzles for X  3. X solves one puzzle (in his/her head cause they’re smart like that) and encodes a chunk and sends it back to M (via A) 4. M receives this information and creates a new set of merkle puzzles for the next block of information. Repeat  Why this could work: A has to solve at least half the number of merkle puzzles (and figure out our human encryption ideals) to know what’s being sent Why this isn’t a great solution: X has to be able to do decryption and encryption mentally, and we are assuming that the aliens aren’t much smarter than us when they probably are.  Idea 2:  Use misdirection to set up a secret key with X and use that as a shared secret for communication.  Again, we are trying to fool an alien from a potentially superior race, what if they double bluff and act like they’ve been fooled but they actually do know the shared secret. Then they’ll easily be able to read + change all messages while humans will have every confidence that the channel is secure. :O  Class Discussion I was very interested in what people came up with because this was a tough challenge, unfortunately, a lot of solutions included genocide of the Alien race (???). 

Go somewhere private with the invisible man to exchange a key and use that key for encryption/decyption

Assumptions:

Military level encryption can be done in the head

Aliens can't follow or bug your stuff

Introduce A Trusted third party. Third party handles communications like a certificate server. Alien has to go through third party.

Assumption:

Introduction of a trusted third party, you can trust them. Set up like an embassy, with both Aliens and Humans. 

Assume that everyone is in the same room, get the alien out of the room (make sure it isn't bugged) and exchange a key or secret questions and answers.

Tutor’s Idea: This one is interesting because it doesn’t require complex mental magic for X, all you do is simply verify at the end of each stage whether the previous stage was correct :D The only issue with this is, how do you ensure that the Alien hasn’t figured out this is what you’re doing and isn’t changing the ‘verify flag’ every time to make it look like the channel is still secure.  Post Tutorial Idea: I thought about this problem earlier, and I came up with a composite idea combining both the Tutor’s idea and the ideas from the class. I shall call this TotalCheckSumFoolProofSecureCommunicationsViaAlienProtocol:

Week 8

8.1: Identity and Authentication:

Crypto Literacy

Stargate Ghost Problem

Problem of authentication - how do we know the person sending the message is who they claim to be? Even if the person has a particular style of writing, they could easily be mimicked.

Proving who you are:

100 points of id

show passport

online verification - info used

in person verification - photo used

the fact that you HAVE the object is important

driver's license (online verification - info used. In person verification - photo used)

bank card (info used, also the fact that it's a valuable item you'd keep close to you)

uni id card (info and photo used)

fingerprints

signed copy of documents from JP

DNA

Hard to authenticate using dna in an everyday scenario, but certainly criminals

Dental Records

JP Stamp (although stamps can be made quite easily)

Magstripe card

Knowledge

Some kind of background knowledge

password / secret question

e.g. if you claim you are in Sydney, asking how the day is there.

Uniform

trusting you to be a student jsut because you're in your unform

Vouching

2 Factor Auth (password + phone number + code):

Send message to your phone

Authentication can be done by (The three q's): - something you know - something you have - something you are / can do

Arguably, the entire list of ways to authenticate are auth by knowledge. Each item is a a bit of knowledge - even a fingerprint (when it is scanned, it is turned into a binary and sent and that binary representation of the fngerprint is checked, not the finerprint itself). The whole auth process is a chain of steps, which means that there are multiple links / points at which an attack could occur.

Basically we only have information based authentication. And once something is information, it can be compromised which poses a risk.

8.2 Biometrics

This lecture is unavaliable

8.3 Authentication vs Authorisation

Whats the difference?

Authentication: Who you are

Authorisation: What can you do

Authorisation depends on Authentication

Airport example: First you authenticate to the staff who you are, then they print you a boarding pass which authorises your access to board a particular airplane

Authentication and Authorisation happen at different times. If an attacker was to exploit this, it would be called a TOCTOU (Time of Check, Time of Use)attack.

This kind of attack is kinda impossible to stop. This is an issue with concurrency that we can't stop.

Wiki example: Authentication is done first, then some process is carried out. However in between that time period, if an attacker is able to create a race condition that allows them to change the process that needs to occur, then since the authentication step has been cleared the program will run the attackers code.

8.4 Identity Theft

Identity documents such as TFNs, passports, medicare cards, etc are usually not that expensive to buy genuinely (TFN and medicare cards are free). However, the cost of buying a fake one is not that expensive. You can get an Australian Passport for $1500 (2014), credit cards and TFNs for $1000, etc.

Top three consequences of Identity Theft:

Refused Credit

Mental and emotional Distress

Wrongly accused of crime

Most people don't report identity theft, they only tell a friend/family member. Only 29-30% of people tell a friend/family + government agency

Reasons why people don't report identity fraud:

Embarressment

Unaware they have been victim to this crime

Do not believe police will be able to do anything about it

Confusion as to which agency to report it to

Did not lose money so they don't believe they need to report it

Once someone has stolen your identity once, they retain that ability!

Your DOB, mother's maiden name, fingerprint, etc doesn't change. If they had all this information before, they still have it now.

This is why its so traumatic because victims live in fear for the rest of their lives

IDCare: Government Charity to help victims of Identity Fraud

What sorts of information is needed for ID Fraud?

Don't need the full 100pts, and getting the 100pts is not hard

Most of the time just a drivers license and some social media information is enough.

How do people get this data?

If you're authenticated is through information (and the way you authenticate reveals the information), then your information can be stolen. Using the secret can reveal the secret.

Attack a company that has your information (mygov, social media)

Public Social media

Dumpster Diving

Hack you: phishing, email, malware

Never set up a family tree, usually this is public and attackers can use this information.

Social Engineering

What do they do with the data?

Loans (taken out on your name with your credit history, but you are liable to the repayment of the loans)

social security (benefits can be claimed by 'you')

crime (adds to your criminal record)

tax (people can put tax refunds in your name)

driving

buy phones

credit cards (order new credit cards in your name)

conveyancing

social damage (impersonation online, bad)

Responding to ID Theft:

Call bank first.

Call the po po

Call IDCare (www.idcare.org)

Contact post office and make sure theres been no mail redirections

Use a clean machine to reset all your passwords

more...