CTRL + ALT + SEC

Tag: cybersecurity

TryHackMe | Active Directory Basics
This post is a write-up of the TryHackMe room “Active Directory Basics”. It is rated as an easy room and should take around 30 minutes.
Task 1: Introduction

Q1: Click and continue learning!

A1: No answer needed.

Task 2: Windows Domains

Q1: In a Windows domain, credentials are stored in a centralised repository called…

Come on man, its the name of the room. We can handle harder questions. This answer is in the 3rd paragraph of the task text.

A1: active directory

Q2: The server in charge of running the Active Directory services is called…

The answer is in the same paragraph as the last answer.

A2: domain controller
(more…)
April 3, 2024
Updating Linux
Okay, you’re a pro now. You’ve installed multiple Linux VM’s using VirtualBox or some similar tool. But now you need to remember to update it. This is important because like any other operating system Linux does have vulnerabilities.
- Red Hat warns of backdoor in XZ tools used by most Linux distros (Bleeping Computer)
- Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords (Bleeping Computer)
And those two articles are just from one source and just this week. Okay so how do you update? Use the below commands:
```
sudo apt update        # Fetches the list of available updates
sudo apt upgrade       # Installs some updates; does not remove packages
sudo apt full-upgrade  # Installs updates; may also remove some packages, if needed
sudo apt autoremove    # Removes any old packages that are no longer needed
```
April 1, 2024
Weekly Cybersecurity Wrap-up 3/25/24
Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Project

TryHackMe – Upload Vulnerabilities

Webinar
- Bright Talk – Verizon Threat Research Advisory Center MIB
Articles
- New ‘Loop DoS’ attack may impact up to 300,000 online systems – A new denial-of-service attack dubbed ‘Loop DoS’ targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic.
- Saflok Lock Vulnerability Can Be Exploited to Open Millions of Doors – Vulnerability in Dormakaba’s Saflok electronic locks allow hackers to forge keycards and open millions of doors.
- U.S. Justice Department Sues Apple Over Monopoly and Messaging Security – The U.S. Department of Justice (DoJ), along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a monopoly over smartphones, thereby undermining, among other things, the security and privacy of users when messaging non-iPhone users.
- KDE advises extreme caution after theme wipes Linux user’s files – On Wednesday, the KDE team warned Linux users to exercise “extreme caution” when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop’s appearance.
- New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts – Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named ‘Tycoon 2FA’ to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection.
- Unmasking the Online Persona: A Guide to Username Investigation – Shows other professional investigators the parts of a username, some special username subtypes, how to investigate them, and ways to improve personal operational security.
- TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service – A new variant of “TheMoon” malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries.
- US fines man $9.9 million for thousands of disturbing robocalls – A U.S. federal court has issued a $9,918,000 penalty and an injunction against an individual named Scott Rhodes for making thousands of “spoofed” robocalls to consumers across the country.
- Apple Security Bug Opens iPhone, iPad to RCE – CVE-2024-1580 allows remote attackers to execute arbitrary code on affected devices.
- Corporations With Cyber Governance Create Almost 4X More Value – Those with special committees that include a cyber expert rather than relying on the full board are more likely to improve security and financial performance.
- Retail chain Hot Topic hit by new credential stuffing attacks – American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers’ personal information and partial payment data.
- Cisco warns of password-spraying attacks targeting VPN services – Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.
- Splunk Patches Vulnerabilities in Enterprise Product – Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue.
Podcasts
- Smashing Security – 365: Hacking hotels, Google’s AI goof, and cyberflashing.
March 29, 2024
TryHackMe – Upload Vulnerabilities
The following write up is posted here to show how I worked through this on the TryHackMe platform to learn how to gain access to a webserver.
Task 1 – Getting Started

Start the VM and make the changes to your hosts file outlined in task 1.
```
cd ..
cd etc
sudo nano hosts
```
Copy and paste the information from task 1.

Ctrl-X to exit nano, when prompted hit Y to save then Return to save the file has hosts.

Q1: No Answer Needed.

A1: No Answer Needed.
(more…)
March 25, 2024
Weekly Cybersecurity Wrap-up 3/18/24
Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects
- TryHackMe – Hashing – Crypto 101 – Complete
Videos
- https://krebsonsecurity.com/
Articles
- StopCrypt: Most widely distributed ransomware evolves to evade detection – A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools.
- Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle – The rapid evolution of AI and analytics engines will put campaign-year disinformation into hyperspeed in terms of false content creation, dissemination and impact.
- E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials – A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced.
- Fujitsu Data Breach Impacts Personal, Customer Information – Fujitsu says hackers infected internal systems with malware, stole personal and customer information.
- Cisco Completes $28 Billion Acquisition of Splunk – The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023.
- IMF Emails Hacked – The International Monetary Fund (IMF) detects a cybersecurity incident that involved nearly a dozen email accounts getting hacked.
- AT&T says leaked data of 70 million people is not from its systems – BleepingComputer has reviewed the data, and while we cannot confirm that all 73 million lines are accurate, we verified some of the data contains correct information, including social security numbers, addresses, dates of birth, and phone numbers.
- Misconfigured Firebase instances leaked 19 million plaintext passwords – Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development.
Podcasts
- Cyberwire – Ep 2026 | 3.18.24 – The hot pursuit of Volt Typhoon.
March 22, 2024
Weekly Cybersecurity Wrap-up 3/11/24
Every week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects
- TryHackMe – Hashing – Crypto 101 – In Progress
Videos

Articles
- Security Bite: Hackers breach CISA, forcing the agency to take some systems offline – CISA says two systems were hacked in February through vulnerabilities in Ivanti products. In response, the agency had to shut down both systems, which reportedly had critical ties to U.S. infrastructure.
- Roku hackers breach 15,000 accounts and are selling them online – After gaining access to customer accounts, hackers attempted to purchase streaming subscriptions within Roku.
- Stanford: Data of 27,000 people stolen in September ransomware attack – Stanford University says the personal information of 27,000 individuals was stolen in a ransomware attack impacting its Department of Public Safety (SUDPS) network.
- Biden’s budget proposal boosts CISA funding to $3B – US President Joe Biden has asked Congress to approve an extra $103 million in funding for the Cybersecurity and Infrastructure Security Agency, bringing CISA’s total budget to $3 billion.
- LockBit ransomware affiliate gets four years in jail, to pay $860k – Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation.
- ChatGPT Plugin Vulnerabilities Exposed Data, Accounts – Three types of vulnerabilities related to ChatGPT plugins could have led to data exposure and account takeovers.
- US Seizes $1.4 Million in Cryptocurrency From Tech Scammers – The US seized approximately $1.4 million worth of Tether tokens suspected of being fraud proceeds from tech scams.
- Acer confirms Philippines employee data leaked on hacking forum – Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company’s employee attendance data after a threat actor leaked the data on a hacking forum.
- Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack – Akira ransomware crooks brag of swiping thousands of ID documents during break-in
- SIM swappers hijacking phone numbers in eSIM attacks – SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
- Former telecom manager admits to doing SIM swaps for $1,000 – A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts.
- Alabama Under DDoS Cyberattack by Russian-Backed Hacktivists – The hacktivist group Anonymous Sudan claims credit for a cyberattack that disrupted Alabama state government earlier this week.
- French unemployment agency data breach impacts 43 million people – France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals.
- Gone in (less than) 60 Seconds: How My Mercedes was Hacked and Stolen While My Family Slept – A month ago, my car was hacked and stolen in the middle of the night. So, for the first (and hopefully last) time, I’m the subject of my own article.
- Leak of Acer Philippines employee database appears on hacking forum – An attacker called “ph1ns” posted a link on a hacking forum to a stolen database containing employee attendance data from Acer Philippines. The database reportedly included workers’ names, usernames, passwords, roles, departments, employer’s name, birthdates, mobile numbers, and email addresses.
- International Monetary Fund email accounts hacked in cyberattack – The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year.
Podcasts

Smashing Security – 363: Stuck streaming sticks, TikTok conspiracies, and spying cars
March 15, 2024
TryHackMe – Hashing – Crypto 101
This is just Task 5 & 6, because those ones were fun for me. I did this on my own VM of Kali and therefore may be different if you use the TryHackMe attackbox.

Task 5: Password Cracking

First step for me was to look up the wordlist and I’m glad I did, because rockyou was zipped.

I used the following to unzip the file in: /usr/share/wordlists/
```
sudo gzip -d rockyou.txt.gz
```
Now that is done we will proceed with the question at hand:

Q1: Crack this hash: $2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG

Let’s put this in a file:
```
echo '$2a$06$7yoU3Ng8dHTXphAg913cyO6Bjs3K5lBnwq5FJyA6d01pMSrddr1ZG'> hash.txt
```
Look at the prefix. This means the hash type is bcrypt. Notice we added the ‘ to the front of the string and we added ‘> to the end of the string. Next, run this command:
```
john hash.txt --format=bcrypt --wordlist=/usr/share/wordlists/rockyou.txt
```
A1: 85208520

This is fun let’s do another…

Q2: Crack this hash: 9eb7ee7f551d2f0ac684981bd1f1e2fa4a37590199636753efe614d4db30e8e1

Again we put it in a file:
```
echo '9eb7ee7f551d2f0ac684981bd1f1e2fa4a37590199636753efe614d4db30e8e1'> hash256.txt
```
This is sha256 so we need to change the format on our command when we run JohntheRipper on it.
```
john hash256.txt --format=raw-sha256 --wordlist=/usr/share/wordlists/rockyou.txt
```
Our results look like this:

A2: halloween

Q3: Crack this hash: $6$GQXVvW4EuM$ehD6jWiMsfNorxy5SINsgdlxmAEl3.yif0/c3NqzGLa0P.S7KRDYjycw5bnYkF5ZtB8wQy8KnskuWQS3Yr1wQ0

This one is sha512crypt so we will change our format in the following command, but first we create our file:
```
echo '$6$GQXVvW4EuM$ehD6jWiMsfNorxy5SINsgdlxmAEl3.yif0/c3NqzGLa0P.S7KRDYjycw5bnYkF5ZtB8wQy8KnskuWQS3Yr1wQ0'> hash512crypt.txt

john hash512crypt.txt --format=sha512crypt --wordlist=/usr/share/wordlists/rockyou.txt
```
A3: spaceman

Q4: Bored of this yet? Crack this hash: b6b0d451bbf6fed658659a9e7e5598fe

This is Md5, but using rockyou won’t work. The hint says use the internet. So, using https://hashes.com/en/decrypt/hash, we find:

A4: funforyou

Task 6: Hashing for integrity checking

Q1: What’s the SHA1 sum for the amd64 Kali 2019.4 ISO? http://old.kali.org/kali-images/kali-2019.4/

Download and open the first file. The answer is on the first line:

A1: 186c5227e24ceb60deb711f1bdc34ad9f4718ff9

Q2: What’s the hashcat mode number for HMAC-SHA512 (key = $pass)?

Go to the website in the hint: https://hashcat.net/wiki/doku.php?id=example_hashes Do a find on “HMAC-SHA512” and you should find the answer:

A2: 1750
March 15, 2024
Weekly Cybersecurity Wrap-up 3/4/24
Projects
- TryHackMe (Top 3% of users!) – OWASP Juice Shop – Complete
- TryHackMe – Hashing – Crypto 101 – In Progress
Webinar
- The Rising Cyber Risks Of Social Engineering & Personal Devices – Michela Menting, Jennifer Varner and Nasrin Rezai – A steady rise in social engineering attacks highlights the risks associated with the human element, with employees inadvertently providing entry points into enterprise networks through acts as simple as providing personal information gained from a LinkedIn account to an urgent text message that leads to a click on malware. These risks can be heightened even further when employees use their personal devices, which can lack the proper security software required to thwart potential attacks.
Articles
- FCC Employees Targeted in Sophisticated Phishing Attacks – Advanced phishing kit employs novel tactics in attack targeting cryptocurrency platforms and FCC employees.
- Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure – U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware.
- GitHub besieged by millions of malicious repositories in ongoing attack – GitHub keeps removing malware-laced repositories, but thousands remain.
- A leaky database spilled 2FA codes for the world’s tech giants – A technology company that routes millions of SMS text messages across the world has secured an exposed database that was spilling one-time security codes that may have granted users’ access to their Facebook, Google and TikTok accounts.
- Report Uncovers Massive Sale of Compromised ChatGPT Credentials – Group-IB Report Warns of Evolving Cyber Threats Including AI and macOS Vulnerabilities and Ransomware Attacks.
- American Express credit cards exposed in third-party data breach – American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked.
- MiTM phishing attack can let attackers unlock and steal a Tesla – Researchers demonstrated how they could conduct a Man-in-the-Middle (MiTM) phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.
- Google Engineer Steals AI Trade Secrets for Chinese Companies – Chinese national Linwei Ding is accused of pilfering more than 500 files containing Google IP while affiliating with two China-based startups at the same time.
- Microsoft Says Russian Gov Hackers Stole Source Code After Spying on Executive Emails – Microsoft says the Midnight Blizzard APT group may still be poking around its internal network after stealing source code, spying on emails.
- FBI: Cybercrime Losses Exceeded $12.5 Billion in 2023 – FBI’s IC3 publishes its 2023 Internet Crime Report, which reveals a 10% increase in the number of cybercrime complaints compared to 2022.
Podcasts
- Cyberwire – Ep 2020 | 3.8.24 – From breach to battle: The escalating threat of Midnight Blizzard.
March 8, 2024
Weekly Cybersecurity Wrap-up 2/25/24
Projects
- O’Reilly Live Course – CompTIA Security+ SY0-601 Crash Course with Sari Greene
- TryHackMe (Top 3% of users!) – OWASP Juice Shop – In Progress
Videos
- Volt Typhoon
- About Harry Coker Jr.
- Book Recommendation: The Fifth Domain
Articles
- U-Haul tells 67K customers that cyber-crooks drove away with their personal info – U-Haul is alerting tens of thousands of folks that miscreants used stolen credentials to break into one of its systems and access customer records that contained some personal data.
- Energy Department Invests $45 Million in 16 Projects to Improve Cybersecurity – The US government makes a $45 million investment in 16 projects to improve cybersecurity across the energy sector.
- Domains Once Owned by Major Firms Help Millions of Spam Emails Bypass Security – 8,800 domains, many once owned by major companies, have been abused to get millions of emails past spam filters as part of SubdoMailing campaign.
- NIST Cybersecurity Framework 2.0 Officially Released – NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.
- Hack The Box Launches Certified Web Exploitation Expert As Demand for Risk Mitigation Grows – Hack The Box (HTB), the leading gamified cybersecurity upskilling, certification, and talent assessment platform, has launched its latest hands-on certification offering, the Hack The Box Certified Web Exploitation Expert (HTB CWEE), addressing niche specialized job roles.
- Avast to Pay $16.5M Fine for Selling Consumer Browsing Data – The FTC found that Avast collected reams of personal data through its antivirus product, then sold it to more than 100 third parties without disclosing its practices.
- Malawi Immigration Dept. Halts Passport Services Amid Cyberattack – President of Malawi vows not to pay ransom to “appease criminals.”
- Microsoft Releases Red Teaming Tool for Generative AI – Microsoft releases PyRIT red teaming tool to help identify risks in generative AI through automation.
- New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks – Cybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks.
- Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware – At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances.
- President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations – U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens’ personal data to countries of concern.
- Ransomware gang claims they stole 6TB of Change Healthcare data – The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform.
Podcasts
- Cyberwire – Ep 2013 | 2.28.24 – Protecting American data.
March 3, 2024
Top 5 Cybersecurity Books
1. Spam Nation: The Inside Story of Organized Cybercrime — from Global Epidemic to Your Front Door by Brian Krebs
2. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zetter
3. Worm: The First Digital World War by Mark Bowden
4. Dark Territory: The Secret History of Cyber War Fred Kaplan
5. Bytes, Bombs, and Spies: The Strategic Dimensions of Offensive Cyber Operations by Herbert Lin (Editor), Amy B. Zegart (Editor)
I can’t speak to how good all these books are but I follow Brian Krebs on LinkedIn and I think he is worth following. I will be reading all of these! I have read and written a review for Kim’s books here.

I’m currently reading The Hacker and The State by Ben Buchanan and I’m really enjoying it!

Who is Josephine Wolf?
February 28, 2024