Thinking InfoSec: #1

Introduction:

So, I’ve been trying to re-write my blog, but I’ve been getting writer’s block. I don’t do challenges anymore, such as #100DaysofCode or #100DaysOfInfoSec, because, well, I have far too much on my plate. I stopped and started studying for Comptia’s Network+, but even then, the responsibilities on my plate outweighed earning a certification. Plus, learning to get a certificate made me more stressed.

The point I’m making is I want to learn, and I want a job.

To do that, I need experience, and well, for us beginners, you know how that goes.

I recently purchased a book, “Sams Teach Yourself TCP/IP in 24 hours”. The plan is to read for 30 minutes to an hour every day. Afterward, I will write a 300-500 word blog post after each read.

Thought Bubbles:

Thinking by iconixar from NounProject.com

To understand TCP/IP, we need to understand what a network is.

Think of two people that want to speak to each other, Person A and Person B. Person A needs to send a message to Person B. Person A also needs a way to send this message, so they may use a mail carrier or e-mail. For the conversation to remain sensible, they need to make sure they speak the same language in that message. We’d also have to worry about messages getting lost, making sure that Person A sends it to the correct address that Person B lives at, etc.

That is an overly simplified version of how communication works between people and, in a way, with computers or devices. But the point remains: we need to send this information or data, and we need to make sure the conversation makes sense for both.

This is where protocols come in. Protocols are rules that communicating devices follow to send data from one computer to another (or, in this case, Person A to Person B). For example, a computer uses applications, hardware, cables (or wireless in some cases), and more to communicate, so the protocol allows data to be sent over these different networking pieces to reach the recipient/another computer.

“Network communication” is a term that the book frequently uses so far.

TCP and IP are also protocols.

We’ll get more into how these two protocols are important for how communication between devices on a network work.

Glossary:

  • Network
  • Protocol
  • Transmission Control Protocol
  • IP
  • Implementation
  • Standard

Source:

TCP/IP in 24 Hours, Sams Teach Yourself

Note:
– Mail carriers and e-mail may be referenced later when speaking of actual protocols that e-mail uses, so this will be referenced differently.

AfroTech Experience 2021

First, it really was a privilege to be able to attend AfroTech 2021 and be able to experience this during my senior year of university. Thank you to all that helped me get there ♥️

What is AfroTech 2021?

AfroTech is a digital and in-person conference held this year in what some may refer to now as the “metaverse”. The metaverse is the digital or virtual version of whatever world you’re in. You get to interact and network with other professionals through your avatar. There were the expo halls where you could speak with recruiters at their booths, but there were also other events hosted throughout the week (meeting with recruiters directly, career advice, etc.)

Building AfroTech Mini-Me

Attending AfroTech 2021

The conference was so awesome! It was quite the experience to interact and network with others virtually or in this “metaverse”. I think for this year, it took some adjustment, but AfroTech was a huge success despite many of us only participating virtually.

Day 4: Getting Started with WireShark

Prerequisites:

  • Networking Knowledge as in OSI Model and Ports/Protocols
  • Be able to install Wireshark

Note: This is not necessarily a tutorial but coffee for thought on what I’ve learned so far based on a class I am taking.

So, what is WireShark?

WireShark is a tool used by IT folks to analyze what kind of traffic is happening on their network. This focuses on devices on their network, who they talk to, and how they talk to them. It’s a completely free tool and although other network analyzing tools exist, this is great for beginners to understand what exactly is going on in their home network.

WireShark at First Glance

Difference between Capture and Display Filter

You can put in capture filters on what you want to specifically capture your traffic since remember, a lot of things are happening on your network.

If not, you can still use display filters to filter through the traffic.

Let’s Look at Ports & Protocols

UDP stands for User Datagram Protocol. It is associated with the network layer and is a way of how packets get transferred. I tend to mentally associate them with UPS since neither service cares about your package getting delivered properly; they just simply deliver.

TCP stands for Transmission Control Protocol and does care if your package or in this case, packets, gets delivered. In fact, TCP will let you know if the packet got delivered to the destination.

Another protocol that I noticed was HTTP which stands for HyperText Transfer Protocol and is used at port 80. It is a protocol that is used when you request a web page from a web server.

Unfortunately, when a user visits a HTTP site, information about the user is revealed in plaintext. such as their user-agent (ex: what browser used) or what website URL they requested.

HTTPs provides HTTP but instead encrypts the data between the user’s site and the web server they are requesting from. This is used at port 443. It also uses TLS/SSL but honestly, those two are still very new to me.

Here is an example from a PCAP file provided by WireShark:

  • It looks like we are looking at an HTTP request being made. It received 200 so it was a successful request.
  • There’s other information such as the time and what server, an Apache HTTP server.
  • The request URI, I’m guessing they took a visit to the site listed.
  • Under the reassembled TCP, it appears to be contents of the download website (as I can see the HTML, CSS they are using). It also includes a form and other information the website has.

So, if we look at this a little more closely, we can see the different layers of the OSI model at work such as the network layer when referring to Transmission Control Protocol.

Overall, it’s a lot of fun to look through, and honestly, I believe I’ll try to do a part two to this.

Challenges:

  • Very confused using ifconfig to see what my private vs router IP address actually was ???
  • So. Many. Protocols.
  • URI vs URL ??? (She’s new, never heard of her.)

Day 3: SSH and What I’ve Learned

Introduction

Greetings. It’s been a while since my last post. Note to self, I need to start uploading my work from Notion onto WordPress in an efficient way.

In the past week, I’ve been attending a SOC Analyst Prep course to learn more about the fundamentals needed to become one, and recently, we have gone over ports and protocols.

Today, I wanted to take about 2 ports/protocols which will be SSH and DNS.

What is SSH?

SSH stands for Secure Shell Protocol. and uses port 22. It is a network protocol that allows for a secure connection between two devices/computers. It is an improvement upon Telnet (however this data sent over this connection is unencrypted and in plaintext so this means you can see passwords over the communication channel). It is typically used to connect to a remote system (let’s say I am working from a Linux machine and I want to SSH into a different Linux machine not on my current network).

In order to do this, I would use the command.

ssh [username]@[other machine’s host name or IP address]

Security Risk Related to SSH:

– Poor Management of SSH Keys
– In a video by Twitter user: IppSec, the creator finds a SSH private key in someone’s Git history then uses it to SSH into the log.
– Here is [another video]
– Brute-force attacks
– In some cases, the attacker wants to brute force by using a combination of usernames and passwords in order to (hopefully) get the right combo and log in.
– IppSec does this [here].

Wrap-Up:

This is what I’ve gathered, feel free to correct me on anything I have posted by DMing me on Twitter. So far, I’m just learning a lot and planning to update this post in the future.

Source:

– [https://phoenixnap.com/kb/what-is-ssh](https://phoenixnap.com/kb/what-is-ssh)

Day 1: Docker, OpenVAS, Mossé Institute, and InfoSec Again lol

Greetings y’all, welcome to another day with me on my information security journey (or trying to figure it out at least)!

animated puppy waves

I’ve been using a learning platform called Mossé Institute. They provide learning and training guides for those interested in Cybersecurity. Now, if you have used a site called TryHackMe, this is not quite the same. I’ll be honest, it has a little less hand-holding as I’ve had to ask far more questions, and some of the documentation provided has not been as clear. However, the levels are listed as beginner, novice, etc.

I am a student, so I was able to gain free access to their remote cybersecurity internship. I didn’t want to call this a review but wanted to give my full-on opinion as I start working through some of the coursework. I wouldn’t exactly label the internship as “beginner-friendly” myself as you can see each step is labeled novice.

It expects you to already understand the concept of what a virtual machine is, how to deploy one, as well as knowing how to install security tools such as OpenVAS.

Mosse Institute Remote Cybersecurity Internship

Now, after some long while difficulty of 2 days and some help, I finally managed to install Docker and OpenVAS.

Now, the set-up of OpenVAS can get really complex, so the tutorial has you download and use Docker which already has it set up for you.

Docker is used by software developers to develop and manage applications in an environment. It can be a little confusing at first, at least to me, because Docker and Virtual Machines both use virtualization to do their job.

Now, what I understand most is that Docker relies on my OS kernel and virtualizes the applications. The virtual machine does not rely on my OS kernel because it creates its own.

Source: Docker vs Virtual Machine | Simply Explained

This is important because while I kept trying to install and use the Docker image provided in the tutorial; I kept getting some strange error that I didn’t quite understand.

So, I was trying to run this command and finally realized after like crying for two days it felt like. I have now realized the Docker image does not like the fact I have the processor ARM64.

Anyway, that’s another issue for tomorrow as I barely got any sleep over this!

upset cat meme

Some vocabulary:

  • Open-source
  • Vulnerability
  • OpenVAS
  • Virtual Machine
  • Docker

Questions:

  • What is the difference between Docker and a Virtual Machine?

Day 0: Who I Am & What I’m Learning

Introduction

Welcome to my first official blog post! I go by Alex or Alexandria. I am a senior undergraduate aiming to earn my bachelor’s in Cybersecurity. Some of you may know me as @alexandriastech on Twitter. I originally came to Twitter this past summer and had the goal of becoming a web developer.

Well, things change. I’ve decided to focus on getting my first role in Cybersecurity by the end of next year; I graduate in May 2022. I’ve had a couple of internships in the past related to Cybersecurity; most of them being related to governance and compliance. Currently, I serve as an IT Security Analyst intern but work with ServiceNow as my main responsibility.

What I’m Learning

One of the beautiful things about Cybersecurity is there is so much to do and so much to learn; however, one of the most difficult things about Cybersecurity is there is so much to do and so much to learn.

I’ve taken classes in networking, Python, HTML, CSS, JavaScript, SQL, and other technical topics/languages and have had difficulty focusing on which. I’ve been exploring more on my own and have probably picked up more by myself than college has ever taught me.

I think I am most interested in picking up:

  • Python
  • Networking
  • Cloud Technologies (Azure, AWS, or something of the sort)
  • ServiceNow

How I Plan to Move Forward

The thing is, I am not sure what I want to do after college. So as of right now, I am still learning as I go (and will continue to do this in life).

I hope to do a weekly update of what I’ve done throughout the week and post here.

Day 10 | 100 Days of Information Security

Date: Sep 14, 2021

Greetings to everyone who it may or may not be their first time on my blog. My name is Alexandria, and I am a Cybersecurity & Digital Forensics undergraduate. I took on the #100DaysofInfoSec challenge as a way of filling in the gaps that have been caused in undergraduate education (and especially with the pandemic).

In my journey, I’ll make many mistakes but also, I’ll learn many things!

To continue on from my last lesson, I’m learning different commands to learn how to manipulate STDIN and STDOUT files!

grep command

If we use the man command from last time, when we type in man grep, we get a little bit of an understanding of what grep does. In this case, I believe it is searching for patterns. So, good, I’m getting used to man pages and referring to the manual at hand.

Whew, I’m tired! There are a few flags that we can add to manipulate grep some more!

It’s been a hectic week already with mid-terms so I’ll have to cut this one short!

Day 8 | OverTheWire | 100 Days of Information Security

Date: Sept 08, 2021

  • Currently still using the Roppers’ Academy course
  • Goal: Complete Over the Wire: Bandit 0-4

So far, so good. I have used SSH which is how you can connect your computer to another computer over a secure connection; this is how they will talk to one another. SSH stands for secure socket shell.

Bandit Level 0 → Level 1

This required a ls command so that I could see the password for the next level and then SSH into there.

Bandit Level 1 → Level 2

This was a unique situation for me because I had not remembered how to open a dashed filename: ex. .

I used the cat ./-

This allows me to name the file path + name of the file.

Bandit Level 2 → Level 3

This was another unique situation which is simply opening up files and seeing their contents when the filename has spaces (ex. spaces in the filename).

Simply, use quotations around the filename.

Ex. “spaces in the filename”

Bandit Level 3 → Level 4

This required me to find hidden files. I just listed all the files by using the command: ls -a. This shows all files in the directory.

Day 7 | Basics of Networking | 100 Days of Information Security

Date: Sep 07, 2021

Networking concepts have always been difficult for me to understand (especially when you cannot see what you are talking about). In this exercise, I was able to set up a listener by opening a second terminal. From my first terminal, I was able to run commands and see outputs on my listener.

Definitions:

NAT

Bridged IP addresses (assigned by local router)

Public IP address

Local IP address

STDIN

STDOUT

STDERR

Pipe

curl

telnet vs SSH

Day 6 | Man Pages | 100 Days of Information Security

Date: Sep 06, 2021

So far, I’ve learned that when I am unsure of what a command does, I can use a manual provided Linux called man pages. To access this, I can use the command man.

Here are some definitions that I would like to keep up with:

Bridged IP Address

NAT – Network Address Translation

Traceroute

For now, I’ve stayed up the past few hours doing homework and want to start with a fresh mind tomorrow on Networking.