Tag Archives: OverTheWire

2016 in review

2016 has been a crazy year, and I’m not talking about celebrities, politics or world news. A lot of security related things have happened for me personally. I wanted to base this post chronologically on what I’ve done.

One of the first screenshots from 2016 is a constant reminder for me. What’s the first rule of infosec? Troll first, work later. I’ve come to realize that Twitter is the diving platform everyone needs. Twitter allows us to get lost in the world of meme’s, jokes, and sometimes useful rant’s from infosec’s favorite rockstars.

We had fun hacking Queen lyrics

Bsides Indy

Bsides Indy was a lot of fun. I got to meet some great people and attempted a CTF. Even if the CTF bombed hard, the team I was on had fun trying to attempt to play. The takeaway that I remembered most is networking. I met a lot of people I had only seen mentioned on Twitter feeds before. I took some of the stuff I learned at Bsides and messed around at Spartan Hacker’s SpartaHack hackathon.

For most of the conferences I’ve been to, I’ll say networking is the most important. The people I meet, the conversations we have, and the advice I get are invaluable to me. Networking is the main reason to continue to attending conferences.

Circle City Con

This conference was my first attempt at volunteering for a security team. Circle City was good experience. I learned a lot while on the job and met some great people. However at the same time, it was at this conference I learned that it’s not always best to volunteer for every shift you can make. After Circle City, I started shifting from a “ALL THE SHIFTS!” mindset to “I’ll fill a shift or two”. Circle City is a fun conference and a lot of stuff happens, I’ll be happy to get to go next year without being “on the job” for the entire conference.

My wall of badges after circle city con

Over the wire

Jayson from CBI introduced me to the Over the Wire challenges this year as well. It’s great training and proof that basic linux commands is all you need to be a 1337 H4CK3R. I learned a lot and that information helps me to gain a competitive edge in CTFs and during ethical hacking exercises at work. So far I’ve tackled Bandit with Jayson and friends, and also Leviathan by myself. Check out those posts if you want to know more about Over the Wire.

Converge Detroit

Pokemon Go was proof I was there!

The conference that started MiSec. I was happy to volunteer at this conference in our own backyard. There was a lot of great talks, I got to network with a lot of my favorite people and help out with Hak4Kidz all day Saturday.

 

 

 

I was lucky to get to play Jayon’s CTF-NG. Jayson has done an amazing job creating a new style of CTF. It’s far above any other CTF I’ve attempted. The point of the game is to get cards and use them to beat other players. Cards are distributed across customized VMs inside the game’s network. I was able to get into a few machines and find some annoyance cards. Not bad for my first attempt at the game. Since playing I’ve learned there’s a lot of networking and basic linux commands that I need to master.

At least I can prove I was really annoying!

Since my first attempt at Jayson’s CTF, I’ve had a few more chances to redeem myself. I’ve had a couple helpful hints. There’s been improvement in my network analysis and tool usage. In the latest attempt, I was able to find a legendary card.

School’s out for summer!

In May I graduated from MSU with a major in Media and information and a minor in Computer Science. I continue to learn what I can about information security, but I’m hesitant to sign up for more another degree. At the same time I moved from an internship to a full time position at Vertafore where I get to work with application security and vulnerability management.

Misec Panel – Path to the dark side

MiSec had a really cool panel in May where some experienced infosec professionals shared their journey of getting to where they are today. There was a lot of great tips and live tweeting so check out the post I did to follow up on that.

TLS research & talks

One of the first projects I did while working full time at Vertafore was researching TLS. The goal was to find how it worked, why it was required and what standards are the most important to secure connections. I drafted some standards, locked down this website by using Let’s Encrypt, and gave a lightning talk at MiSec Jackson about some of my research.

Hacker Summer Camp

Hackers and DefCon go together like PB&J. Add BsidesLV, guns, and black hat parties and there’s a whole week of fun, training, and more in Vegas. I met so many people while volunteering, standing in lines for talks, or visiting work shops. Hacker summer camp was a great experience and I’m pumped for 2017. DefCon 25 is going to be huge, being the 25th anniversary of the original DefCon means they’re going all out. A new location, more villages and workshops, there’s going to be something for everyone. I hope to see you there!

Defcon Smiley

HPKP research

The next research project I worked on at work that I also brought over into my personal websites was enabling Public Key Pinning. It’s a header that compares the TLS certificate to a pin that client’s browsers saves after the first visit to a website. I wrote a post about it and if you frequently visit this blog, you may have had a issue when my TLS certificate expired and I failed to correctly renew it. A few readers were blocked from seeing the blog because the HPKP pins didn’t match. I’m just happy I learned this lesson (and what’s required to fix it) on my personal websites and not while one of work’s applications!

I’ve done a little more for work that was based in application authentication. Specifically, I looked at 2FA, salted hashes, and other factors that goes into a securing login process. There’s blog posts on that research but those posts haven’t moved from drafts to something publishable. There will be a few time traveling posts appearing in 2016 next year.

Misec Lansing

September 14th was the first meeting of a new chapter of MiSec. Tek Systems hosted the first meeting in Lansing for MiSec and we have since moved on campus so students have a better chance of attending. It’d be great to have students and infosec professionals working together to improve the community.

Kyle and I had the idea to start another location. Since Kyle organizes the Jackson meetings, I’m the coordinator for the Lansing chapter. I get to be the guy that finds speakers for each month and organizes other events in the area. If anyone wants to give a talk or is interested in another event for MiSec Lansing, please reach out to me about it.

Other MiSec projects I contributed to this year is the MiSec slack channel and the wordpress redesign for the website. If you want to join us on slack, there’s an invite app that just requires an email. The wordpress redesign is something @taco_pirate and I worked on.

GrrCon

GrrCon 2015 was one of the jumping points of my security career. I can’t believe it’s already been a year since then. Going back to GrrCon, (having my employer pay for it), was really different this year. I wasn’t working behind the scenes but the organizers and team leads remembered me from last year. I played hacker Jeopardy (and somehow survived the aftermath), I was able to attend talks and still got a chance to network.

My journey into infosec is still just beginning and I’m excited to see where it goes from here! I plan on attending more conferences, be active in the community and continue to learn as much as I can. I hope you’ll join me!

OverTheWire: Leviathan

Hello everyone, thanks for looking at my last post about OverTheWire: Bandit. Since my traffic is about x10 my average consistently for the last four days, I wanted to write a follow up post about the next wargame offered by OverTheWire, Leviathan.

All over the exercises, they say to not post walkthroughs or writeups, so I won’t. I will do my best to promote the project without giving away the important stuff. If you’ve done the Bandit challenge already with or without a group, I suggest trying Leviathan on your own. Leviathan only has 7 levels, which by myself, took me just under 2 hours.

Leviathan Lv7 end messafe
Just to prove I made it through the lessons!

Shh, don’t tell, here are some tips

Now the site does say it’s 1/10  for difficulty so it should not be hard right? Well… it is if you have no idea what you’re doing, so you should definitely start with Bandit if you’ve never used bash before.

Remember what you learned from bandit. Cat files, ls directories, and don’t forget that passwords are stored in /etc/leviathan_pass/. There is two commands that you should read the manual for: ltrace and ln. You might need to find a website to convert combinations of only 2 numbers (well, 10 😉 ) to readable letters.

That is all the help I am willing to give you guys, otherwise you would not learn anything. There is only six levels and you should be able to figure most of it our. Trust me, there are walk throughs you can google (BUT SHOULD NOT)… I will admit that I did that for the second level but that does not make it ok. It is a cheap way to get to the next level and you do not learn  as much. Definitely try to do as much as possibly without looking up the password or how to get it.

OverTheWire: Bandit

Hey everyone, this post about Bandit is NOT a walkthrough of the greatest (only) “learn bash hacking” programs I’ve completed. This is NOT going to give you an advantage if you’re looking for cheat codes. This post will hopefully make you click on OverTheWire and want to try it out for yourself.

Why you should try Bandit

Do you work with Linux, bash shells, scripts, or ever have to deal with the command line? If you are a developer, network admin, forensic analyst, incident responser, pentester… or any other IT job, the answer is most likely yes (unless you have some serious automation or “a guy” for that). Whether you’re entering into a new field or you need a refresher course, Bandit is the first of many war games offered by the good looking hackers of OverTheWire. Start at Lesson 0 and work your way through them all.

Last night, I met up with a group of fellow hackers from #Misec and we tackled it. We went from 4pm to 12am, only stopping for a taco/wings run. We had a wide range of skill levels from 15 years of experience to a recent college grad, but we were able to go through the tasks at a pretty even pace. Doing this training in a open group where everyone discusses their tactics was really cool because there are multiple ways to do the same lesson, there’s never one right answer. I highly suggest you do the same. Get a group of 4-10 people, grab a six-pack and hunker down somewhere.

Helpful Hints

By the end of the night, I had expanded on the bash commands I already knew like ls, cat, chmod, mkdir, touch, openssl, and vi/nano/vim. I looked at the man page (help documentation) for the first time for other commands I heard of but didn’t use: grep, file, diff, gzip, tar, and so much more. Seriously guys and gals, you will not complete this course unless you type <cmd> –help or man <cmd>.

There was only really tricky lesson in Bandit for those unfamiliar with development or python. So to assist but not give the answer away, I’d like to point a few things out about python. Please note this is one specific way to beat this level, @jadedtreebeard found a faster way to beat this level without even touching python.

  • Run python scripts by writing: python filename.py
  • Variables have type, so numbers (30002) are integers and words are strings (“words”)
    • Change integers to strings: str(myVariable)
    • Change strings to integers: int(myString)
  • Importing packages are the first thing to do in a .py file
    • I suggest you look at socket *COUGH COUGH*
  • range(x, y) will give you a list starting at x going to y
  • For loops will loop through every object in a list
    • Syntax: for something in list:
    • Indent under that line and it’ll be included in the list
  • If statements are powerful
    • What would happen if you only did something when a variable contained a certain substring
      • if only “Correct” was in someString: then I could print someString only when it has the right values instead of every incorrect one as well… 😉

There are 27 lessons in Bandit, it took our group 8 hours to casually and thoroughly go through every lesson. A few are very tricky. I suggest you a) read cmd manuals b) read the associated links from OverTheWire for each lesson c) brainstorm and bounce ideas around your group. The only thing you should not do is google the answer, this is a public activity and other people have already done this. I suggest you stay away from googling “how to complete Bandit”…. It’s not cool, you can learn so much more by following a-c.

Lastly, I want to give a shout out to @Ashioni of @CBI_IT, @JadedTreeBeard, @bigryanb, @EquinchOcha and the other hackers in my group who’s twitter handles I do not know… It’s because of them I had such a fun time instead of pulling my hair out when I got stuck on lesson 28. If you are in the Michigan area, you seriously need to look up #Misec, it’s a great group of people. Reach out to @Ashioni, he is trying to set up a workshop at @CBI_IT to go over these exercises.

After you’ve conquered Bandit, move on to the next level: Leviathan. I suggest trying Bandit in a group with other people, but Leviathan should be pretty tame and is a good way to test your individual skills.