Helsinki
Reply
[SinglePic not found]
Clever solution by making site more resilient by optimization
Testing SNORT – IDS rulesets
SCENARIO
The objective of this laboratory test, scenario is to create a solution and instructions for
testing an IDS1 systems usefulness for detecting attacks against a wordpress site. In
addition, we have to develop/download/find/whatever a SNORT configuration (rulesets,
preprocessors, whatever) that performs better than the default configuration in previous
post. By better we mean:
- Less false positives
- Less false negatives
- The objectives are contradictory so the rule of thumb is one false negative per 10 false positives eg. solution with 10 false positives and 2 false negatives is better than the solution with 100 false positives and 1 false negatives, but the solution with 10 false positives and 1 false negative is better than the solution with 1 false positive and 2 false negatives.
- Attack is defined by a single invocation of all the test scripts in a row
Testing IDS
SCENARIO
The objective of this laboratory test, scenario is to create a solution and instructions for
testing an IDS^1 systems usefulness for detecting attacks against a wordpress site. In
addition, a repeatable process to evaluate vendor claims. Whatever passive IDS system
sample delivered as a VM or a dedicated box. Creating the IDS system itself is out of
scope. Continue reading
Security Programing Techniques
INTRODUCTION
The main goal of this post is to introduce the reader with the security programing techniques into deferent program languages and operating system security models. The post is introducing four following topics:
- Session storage’s in Ruby on Rail
- Parameterized statements into Java with JDBC, C# with ASP.NET, PHP5, php-mysqli, Perl, Python and Hibernate Query Language (HQL)
- Unix permission model, Unix ACL and Windows 7 security
model - Finding all the security vulnerabilities in bash script
Each topic will be divided into own section, where at the end of each topic we stated the reference and additional reading material. The source code, scrips and the additional task were given by the lecture. However this will help the readers and people interesting into programing for further work and involvement with the above topics.
Honeypot document
INTRODUCTION
The main goal of laboratory report is to identify possible leaked/stolen information,
documents from our system without recognising that attacker had an access. Thus access of the document will inform us immediately with the information of the burglar. The report should highlight the following aspects:
- Constructed an document as non malicious code, for instance honey document that will help us to track from where, who, information about the system, etc. is using our document.
- Detail description of process, how did we build the document and the idea behind the tracking system.
- Description of needed infrastructure that is tracking the document. Continue reading
Identify Possible Infection of Malware Into the Wireshark Capture File
INTRODUCTION
The main goal of laboratory report is to identify possible infection of malware into the
wireshark capture file. The report should highlight the following aspects:
• Download https://sim.cert.ee/hw/download.pcap
• Find malware download in this pcap and extract malware or malwares find out
where malware was downloaded from.
• What malware, malwares changes in system.
• C&C Names and address.
• Document the process also where You found hints and how exactly You did it (you
need to show Your thought and communication process – please write a summary of
it.)
• Write an incident report. Continue reading
Virtual Machine Malware / Malicious Analysis
INTRODUCTION
The main goal of laboratory report is to identify possible infection of two Windows 7 virtual
machine. Virtual machines presented by the lecture:
- Win 1
- Win 2
The assignment is following:
Find out what is infecting the machine win1
- Understand which way is the current malware dangerous to “your organisation”
- If possible, do clean win1
- Is win2 clean or it has problems, too?
- If needed, do clean win2 Continue reading
Mobile Malware Analysis
PURPOSE
The goal of this post is to identify and analyze mobile malware file: mmc.jar. Thereby please follow the following steps for completing the task:
- Unpack the file (hint – using zip on .jar)
- Examine .class files using tool available here (local copies for Mac, Linux, Win)
- Find code sending SMSes using ‘sms://’ URI
- Calculate short number used in SM.send
- Finally for compiling the code use the developing tool Eclipse IDE.
Firstly, we are going to analysis the Java source code after decompilation. The accent is to find the code that is sending an SMSes using the ‘sms://’ URL. After identifying the linking associated classes we have to compile the code to move toward to final results of URLs. For this purpose we are using the developing tool Eclipse IDE.
Therefore, the results and the sent SMSes URLs are going to be presented into conclusion section. Which will complete the task and will yield the basic analysis of mobile malware file. Continue reading
Regular Expression
This post delivers solution of advance regular expression. In the following lines we describe the goal and the rules of the task, whereby follows with the working solution.
Task
Write a regular expression for matching the names which follow the following rules:
1) Each name consists of one or more parts. If there are two or more parts, they are separated either with a single space (” “) or dash (“-”) character.
2) Each name part must consist of letters only. The name part must begin with an upper-case letter which are followed by one or more lower-case letters. Each name part can have an optional prefix which begins with an upper-case letter, followed by one or more lower-case letters. Continue reading
Facebook
LinkedIn
Twitter
GooglePlus
Last
FourSquare
