1 of 10

Teacher's GenCyber Camp 2022

Weeks Activities

2 of 10

Passive Reconnaissance

  • The purpose of this Activity is to become familiar with passive recon techniques and the types of information you can obtain using them.
  • Attempts to gain information about computer systems and networks without using or scanning them, without engaging them.
  • Sometimes called OSINT (Open-Source Intelligence)
  • Practicing passive recon against your own system will help reveal vulnerabilities.
  • Some companies hire outsiders to perform passive recon for them.

3 of 10

FOCUSES OF PASSIVE RECON

  • Organization Website
  • Company Directory (Upper Management Employees)
  • Location Details (Physical Location)
  • Address and Phone numbers (Social Engineering)
  • Security Policies implemented (Password policies etc…)
  • News articles and press releases
  • Job Postings (See if they disclosure their technology infrastructure)

4 of 10

Google Hacking

  • Google hacking, sometimes, referred to as Google dorking, is an information gathering technique used by an attacker leveraging advanced Google searching techniques.
  • Google hacking search queries can be used to identify security vulnerabilities in web applications, gather information for arbitrary or individual targets, discover error messages disclosing sensitive information, discover files containing credentials and other sensitive data.
  • Google Hacking is legal as it looks for publicly available information on the internet via the queries that you run. What you do with that information is what will get you into trouble.
  • Just be advised is that if you start to run a lot of searches using these examples, you may get a warning, confirming that you are not a bot.
  • This is a very powerful tool

5 of 10

Alternate Data Streams

  • Alternate Data Stream (ADS) is the ability of an NTFS file system (the main file system format in Windows) to store different streams of data, in addition to the default stream which is normally used for a file.
  • When this feature was created, its main purpose was to provide support to the macOS Hierarchical File System (HFS).
  • In the past, it was common to store a malicious payload within an ADS of a legitimate file.
  • But today, many security solutions will detect and scan ADSs’ (It’s not that easy because ADS is a normal occurrence, and it will blend in with legitimate ADSs’).
  • In this Activity we will show you how to hide a simple text file within a legitimate text file.

6 of 10

Password and FTP File Recovery Intercept

  • In this Activity we are going to demonstrate how to recover a Username / Password and 2 photos from 2 Wireshark capture logs.
  • This is to demonstrate how somebody can recover your information when you are on a Public Wireless Network.
  • Most people assume that their information is encrypted and protected when on such Networks. This is further from the truth.
  • This is a proof-of-concept lab.

7 of 10

HTTP File Recovery

  • In the previous Activity we recovered files and passwords that were transmitted via the FTP Protocol.
  • In this Activity, we will now see how we can recover Files that were transmitted via the HTTP Protocol.
  • Just remember, that this is not this easy to do, and this Lab is to show you proof of concept.
  • Cyber Security involves Frustration, Patience and Persistence.

8 of 10

Linux Basics

  • In this Activity, we will walk you through some Basics Linux Commands.
  • This will show you how to navigate via the Terminal (Command Prompt) for the next 2 Activities.
  • The Linux OS is very popular among security professionals and hackers.

9 of 10

Password Cracking with John the Ripper

  • In this this Lab we are going to crack a Zip file password via a dictionary attack.
  • These types of password cracking techniques will work on other zip files and shadow files with some minor adjustments and configurations.
  • In real life this process is NOT this simple, and it will take a long time (Several days, weeks and even months) with a lot of challenges.
  • So please keep this in mind while completing this Lab.

10 of 10

Encrypting and Decrypting Data using fcrackzip (Brute Force)

  • Examples of password recovery utilities and programs include hashcat, John the Ripper, Lophtcrack, and others.
  • In this Activity, we will use fcrackzip which is a simple Linux utility to recover the passwords of encrypted zip files.
  • Consider that these same tools can be used by cybercriminals to discover unknown passwords
  • Although they would not have access to some pertinent information, with time, it is possible to discover passwords to open encrypted zip files.
  • The amount of time required depends on the password strength and the password length.
  • Longer and more complex passwords (mix of different types of characters) are more secure.