Miscellaneous Solutions
|
|
- Millicent Corey Fitzgerald
- 6 years ago
- Views:
Transcription
1 2017 Miscellaneous Solutions Sponsored By 2017 Cyber Security Challenge Australia CySCA 2017 Miscellaneous Solutions
2 Table of Contents Challenge 1: Python In a Pickle Challenge 2: Python - Abstract Syntax Treat Challenge 3: Web - Ninja Belts Challenge 4: Web - Guestbook Challenge 5: Follow the Traffic Challenge 6: Caesar's Enigma Challenge 7: Lets Play a Game Challenge 8: Protoverse Challenge 9: Strings - Reversing password Challenge 10: Reversing needle Cyber Security Challenge Australia CySCA 2017 Miscellaneous Solutions 1 P a g e
3 Challenge 1: Python In a Pickle Python's standard library includes a serialization format called pickle. In this challenge, your task is to provide a pickled payload that will end in a particular result (and thus earn you a flag). The pickle protocol normally uses a variety of opcodes to perform standard Python operations, like importing modules and calling functions. Some of these operations can be dangerous, so this program filters input before unpickling it. In particular, it limits you to four relatively simple opcodes. To solve this challenge, you will need to read its source code. The following standard library modules might also help: - pickle (to understand your available opcodes) - pickletools (if you want to dig deeper into working with the pickle protocol) - struct (to create pickle.binint2 values) The challenge wants a list of numbers that, when converted to the equivalent ASCII characters, reads "Green and delicious!". The trick is that we only have four pickle opcodes available: BININT2 (opcode M): create an integer from \x00\x00 to \xff\xff LIST (opcode l): create a list from stack items (backtracking to a MARK) MARK (opcode (): in this case, note where the list ends (once you call l) STOP (opcode.): declare the end of pickled data Our favorite opcodes, such as REDUCE (R, run a function) and GLOBAL (c, import a top-level function), have been banned. So, the basic structure of our pickled data should look something like this: MARK BININT2, BININT2,...more BININT2 for awhile, LIST, STOP When Python unpickles this data, it will create a list of integers. The rest of the challenge code will then convert these integers to ASCII characters, and check if the resulting string matches the desired value. Code Once we understand the above ideas, the solution code should be fairly straightforward. Python's struct.pack('h', num) gives us a BININT2-formatted value. We need to prepend the M pickle opcode to each of those values, so Python knows how to interpret the bytes that follow. We build a string that starts with ( (MARK), ends with l. (build LIST and then STOP), and has a bunch of BININT2 values in the middle. Then, we're done! Challenge 2: Python - Abstract Syntax Treat Your task is to understand a text dump of a Python abstract syntax tree (AST). The program that runs this AST will give you its flag if you provide the right input. The dumped AST is essentially pseudocode. You can reconstruct the original program piece-by-piece, at which point you can figure out what it wants. For details on ASTs in Python, please see The convert function is a way to put strings in the program without having them directly show up in the AST. It just converts the numbers to their ASCII equivalents. The key thing to notice in the AST dump is the string towards the bottom. This is created by doing hashlib.md5(secret).digest()[::-1] Cyber Security Challenge Australia CySCA 2017 Miscellaneous Solutions 2 P a g e
4 Pretty much everything else is just noise and obfuscation. Once you know that you have a backwards MD5 sum, you can reverse it and either crack the MD5 or just Google the hex digest. In Python, you can run binascii.hexlify() to convert a string to hex. You can also just brute-force the solution without doing any reversing, but hopefully no one does that! CN\x9f\x1e\xa0\x0e{\x8a\x86\xc4\x8f\xf7\xe6\xf5d\x1d 1d5de6f78fc4868a0ea01e9f!= 'CN\x9f\x1e\xa0\x0e{\x8a\x86\xc4\x8f\xf7\xe6\xf5d\x1d'): CN\x9f\x1e\xa0\x0e{\x8a\x86\xc4\x8f\xf7\xe6\xf5d\x1d \x1d\xf5d\xe6\xf7\x8f\xc4\x86\x8a\x0e{\xa0\x1e\x9f schaakmat Challenge 3: Web - Ninja Belts Last year's ninja belt search engine has been upgraded. Can you extract the flag from its database? This Python web app creates an in-memory database SQLite database of belt names, on each connection. The database uses a simple LIKE query to return belts, so simply putting in % returns the flag via a wildcard query: echo 'GET /?belt_color=% HTTP/1.1' nc Challenge 4: Web - Guestbook Everybody enjoys signing online guestbooks, and webmasters love to read them. Your task is to use an XSS bug to set the XSS JavaScript variable. A bot monitors this value, and will give you the flag if you succeed. As a security measure, you have a very limited set of characters available. Specifically, you can use <, >, A-Z, =, /, and -. This challenge uses PhantomJS (a headless WebKit browser) to check for XSS exploits when a user-supplied payload is injected into a web page. The goal of the challenge is to set the global XSS variable. There are a few tricks here. First is the input validation, which limits the input to a fairly strict regular expression. No lowercase letters are allowed, to prevent things like infinite loops. We need to set XSS = something. There are not a lot of JavaScript built-ins that have all-uppercase names, but JSON will work. The obvious approach is, but that does not work. One thing to notice is that the regex allows the dash: -. This is a hint that we need to break out of an HTML comment with -->. Going through the progression of trying <SCRIPT>, >'>"><SCRIPT>, etc., and eventually figure out were in a comment. So, the solution is: --><SCRIPT>XSS=JSON</SCRIPT> 2017 Cyber Security Challenge Australia CySCA 2017 Miscellaneous Solutions 3 P a g e
5 Challenge 5: Follow the Traffic Found this pcap from a bank. I wonder if you can figure out where transfers are going. 1. Find traffic containing auth data. (uname/pass in plaintext, have to rebuild image) 2. (Credentials): (Username) user54429, (Password) E56rc4hMlv3xp, (Image Verification) Grumpy Cat 3. Response from valid auth gives second port (61702) and hints to look at port (8080) 4. Traffic at port 8080 contains caesar cipher'd DES-ECB key 5. Use DES-ECB key to decrypt hex-encoded bank info Flag (Bank account data): sendfrom: ::sendto: :sendamount:9001:::: Challenge 6: Caesar's Enigma Somehow Caesar got his hands on an Enigma machine. He has used standard methods to put the cylinder settings in ciphertext-a file and the switchboard settings have been encoded in to ciphertext-b. Ultimately, you will need to break the file ciphertext. plaintext-a Flag: VII IV V Reflect B RING AIE NEO ZZQ Solution: Ceasar Cipher (ROT 15) plaintext-b Flag: 8/5 14/22 3/9?/? 10/11 6/4 13/2 15/18 17/1?/? 382f f f f2f 3f f f f f f f2f 3f0a Solution: Hex encoded, then substitution cipher POC Code: key = { 'a': '5', 'b': 'c', 'c': 'f', 'd': '4', 'e': '1', 'f': 'a', '1': '3', '2': '8', '3': 'b', '4': '9', '5': 'e', '6': 'd', '7': '0', '8': '6', '9': '7', '0': '2', }; plaintext = '382f f f f2f 3f f f f f f f2f 3f0a'.replace(' ', '') ciphertext = '' for c in plaintext: ciphertext += key[c] print(ciphertext) decrypt_key = {} for c in key: decrypt_key[key[c]] = c new_plaintext = '' for c in ciphertext: new_plaintext += decrypt_key[c] print(new_plaintext) 2017 Cyber Security Challenge Australia CySCA 2017 Miscellaneous Solutions 4 P a g e
6 plaintext: Flag: 'MYXNAMEXISXMAXIMUSXDECIMUSXMERIDIUSXCMDRXARMIESXNORTHXXXGENXOFXFELIXXLEGXANDXLOYALXSRVNTXTOXTRUEXEMPERORXMXAU RELIUSXXXFATHERXTOXMDRXSONXHUSBANDXTOXMRDRXWIFEXXXANDXIX or 'My Name is Maximus Decimus Meridius... quote from the movie Gladiator' WILLXHAVEXVNGNCEXINXTHISXLIVEXORXNEXT' Solution: Break Enigma. Plaintext-a is the cylinder settings, plaintext-b is the switchboard settings. POC Code: from enigma.machine import EnigmaMachine machine = EnigmaMachine.from_key_sheet(rotors='VII IV V', reflector='b', ring_settings='a I E', plugboard_settings='8/5 14/22 3/9 19/25 10/11 6/4 13/2 15/18 17/1 21/20') machine.set_display('neo') enc_key = machine.process_text('css') machine.set_display('css') ciphertext = machine.process_text( 'MYXNAMEXISXMAXIMUSXDECIMUSXMERIDIUSXCMDRXARMIESXNORTHXXXGENXOFXFELIXXLEGXANDXLOYALXSRVNTX TOXTRUEXEMPERORXMXAURELIUSXXXFATHERXTOXMDRXSONXHUSBANDXTOXMRDRXWIFEXXXANDXIXWILLXHAVEXVNGN CEXINXTHISXLIVEXORXNEXT') print(enc_key) print(ciphertext) # Onto Decoding machine.set_display('neo') msg_key = machine.process_text(enc_key) print(msg_key) machine.set_display(msg_key) plaintext = machine.process_text(ciphertext) print(plaintext) Challenge 7: Lets Play a Game This executable was found lying around in a lab. See what you can do with it. Challenge 8: Protoverse I want to talk to this server. Need to learn its language first. Challenge 9: Strings - Reversing password Someone gave me this file. Apparently, there is a secret in it. You need the password to get the secret. Can you help me crack it? 2017 Cyber Security Challenge Australia CySCA 2017 Miscellaneous Solutions 5 P a g e
7 Challenge 10: Reversing needle We captured a program being used to exfiltrate data and its output. It's unknown what arguments were given to it. Can you find the flag in it? With a little bit of reverse engineering, it should be clear that the format consists of 16 word blocks, each block being seed, a verification number, the hash of the verification+secret, and 13 encrypted words of data. The encryption is done via xoring with the output of a linear congruential generator, seeded with the seed for each block. One twist is the algorithm also generates extra blocks using the same prng scheme. Given the secret, it's straightforward to verify which blocks belong and which don't. However, the participants aren't given the secret, so another way to identify the real data needs to be found. One way is to observe that the parameters chosen for the prng cause it to always produce even numbers. Blocks that contain odd numbers must be from the interesting data. The decryption should be straightforward: simply xor with the prng just like the encryption. The decrypted file should be a gziped file. Extracting it is a text files with a bunch of random numbers with the flag in plaintext in the middle of it Cyber Security Challenge Australia CySCA 2017 Miscellaneous Solutions 6 P a g e
Worksheet - Reading Guide for Keys and Passwords
Unit 2 Lesson 15 Name(s) Period Date Worksheet - Reading Guide for Keys and Passwords Background Algorithms vs. Keys. An algorithm is how to execute the encryption and decryption and key is the secret
More informationCTF Workshop. Crim Synopsys, Inc. 1
CTF Workshop Crim2018 31.10.2018 2018 Synopsys, Inc. 1 CTF (Capture the Flag) Capture the Flag (CTF) is a computer security competition. CTF are usually designed test and teach computer security skills.
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationCNIT 129S: Securing Web Applications. Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2
CNIT 129S: Securing Web Applications Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2 Finding and Exploiting XSS Vunerabilities Basic Approach Inject this string into every parameter on every
More informationP2_L6 Symmetric Encryption Page 1
P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationCS 155 Project 2. Overview & Part A
CS 155 Project 2 Overview & Part A Project 2 Web application security Composed of two parts Part A: Attack Part B: Defense Due date: Part A: May 5th (Thu) Part B: May 12th (Thu) Project 2 Ruby-on-Rails
More informationBase64 The Security Killer
Base64 The Security Killer Kevin Fiscus NWN Corporation Session ID: DAS-203 Session Classification: Intermediate A Short (Made Up) Security Story Helix Pharmaceuticals is concerned about security Industrial
More informationVERSION Lab 3: Link Layer
Lab 3: Link Layer Objective In this lab, you will investigate Ethernet and the ARP protocol. You will also prove you are a Wireshark Ninja by dissecting an unknown protocol. Knowledge from Lecture 20 and
More informationI was given the following web application: and the instruction could be found on the first page.
I was given the following web application: http://159.203.178.9/ and the instruction could be found on the first page. So, I had to find the path for the application that stores notes and try to exploit
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationHomework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING
UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING ENEE 457 Computer Systems Security Instructor: Charalampos Papamanthou Homework 2 Out: 09/23/16 Due: 09/30/16 11:59pm Instructions
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationIntroduction Classical Confidentiality Modern Confidentiality Integrity Authentication
Cryptography Introduction Classical Confidentiality Modern Confidentiality Integrity Authentication Introduction Cryptography in the Real World Cryptography is the process of writing or reading secret
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Introduction, Randomness, One-Time Pad, Stream Ciphers University of Tartu Spring 2017 1 / 34 Who am I? Arnis Paršovs MSc in Cyber Security Tallinn University of Technology,
More informationClassical Cryptography. Thierry Sans
Classical Cryptography Thierry Sans Example and definitions of a cryptosystem Caesar Cipher - the oldest cryptosystem A shift cipher attributed to Julius Caesar (100-44 BC) MEET ME AFTER THE TOGA PARTY
More informationBrian Holyfield, Gotham Digital Science OWASP NYC June 9, 2011
Brian Holyfield, Gotham Digital Science OWASP NYC June 9, 2011 What is a Padding Oracle? A system that, through inference, allows you do identify padding errors that happen during the decryption process
More informationCryptography [Symmetric Encryption]
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,
More informationCombating Common Web App Authentication Threats
Security PS Combating Common Web App Authentication Threats Bruce K. Marshall, CISSP, NSA-IAM Senior Security Consultant bmarshall@securityps.com Key Topics Key Presentation Topics Understanding Web App
More informationJacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013
Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013 Welcome Back! A Quick Recap of the Last Presentation: Overview of web technologies. What it is. How it works. Why it s attractive
More informationCPSC 424/624 Exam 2 Solutions closed book, notes, computer Spring 2015 (Note: there are no questions that are just for 624 students)
CPSC 424/624 Exam 2 Solutions closed book, notes, computer Spring 2015 (Note: there are no questions that are just for 624 students) Name: 1 (30) Questions on CIA 1.1 (15) One simple substitution cipher
More informationOral Question Bank for CL-3 Assignment
Oral Question Bank for CL-3 Assignment What is difference between JDK,JRE and JVM? What do you mean by platform independence? What is class loader and byte code? What is class, Object? what is mean by
More informationCyber Security Challenge Australia 2014
Cyber Security Challenge Australia 2014 www.cyberchallenge.com.au CySCA2014 Random Writeup Background: Its super random! Random 1 - Pulp Fiction Question: RL Forensics Inc. has contracted Fortcerts to
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Introduction, Randomness, One-Time Pad, Stream Ciphers University of Tartu Spring 2015 1 / 33 Who am I? Arnis Paršovs MSc in Cyber Security Tallinn University of Technology,
More informationIntroduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014
Introduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014 Page 1 Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers Permutation ciphers
More informationString Instructions In C Program Examples. Reverse >>>CLICK HERE<<<
String Instructions In C Program Examples Reverse The Lab2 submission instruction: (1) Please create.c file for each of your programs. (2) Please prepare a text (.txt) file, clearly describing how to run
More informationNew Zealand Cyber Security Challenge 2018 Round Zero write-up
New Zealand Cyber Security Challenge 2018 Round Zero write-up Challenge 1 This is a simple challenge that can be solved using your browser s developer tools (right-click, inspect element). You will notice
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationCS 161 Computer Security
Nick Weaver Fall 2018 CS 161 Computer Security Homework 3 Due: Friday, 19 October 2018, at 11:59pm Instructions. This homework is due Friday, 19 October 2018, at 11:59pm. No late homeworks will be accepted
More informationConsequences of Breach. Corrupted Data No access to resources Lost Sales/Loss of customer confidence Legal ramifications
Web Security Consequences of breach of security Minimum functional requirements Purpose of Security Measures Simple Encryption Hashing: what it is and why bother? PHP Hash ing Code Injection Prepared Statements
More informationHow many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?
Homework 1. Come up with as efficient an encoding as you can to specify a completely general one-to-one mapping between 64-bit input values and 64-bit output values. 2. Token cards display a number that
More informationCS61A Lecture #39: Cryptography
Announcements: CS61A Lecture #39: Cryptography Homework 13 is up: due Monday. Homework 14 will be judging the contest. HKN surveys on Friday: 7.5 bonus points for filling out their survey on Friday (yes,
More informationObfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis
Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel,
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Introduction, Randomness, One-Time Pad, Stream Ciphers University of Tartu Spring 2014 1 / 31 Who am I Arnis Paršovs MSc in Cyber Security Tallinn University of Technology,
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationAssignment 9 / Cryptography
Assignment 9 / Cryptography Michael Hauser March 2002 Tutor: Mr. Schmidt Course: M.Sc Distributed Systems Engineering Lecturer: Mr. Owens CONTENTS Contents 1 Introduction 3 2 Simple Ciphers 3 2.1 Vignère
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationBackend IV: Authentication, Authorization and Sanitization. Tuesday, January 13, 15
6.148 Backend IV: Authentication, Authorization and Sanitization The Internet is a scary place Security is a big deal! TODAY What is security? How will we try to break your site? Authentication,
More informationPASSWORDS & ENCRYPTION
PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014 CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are
More informationCryptography. What is Cryptography?
Cryptography What is Cryptography? Cryptography is the discipline of encoding and decoding messages. It has been employed in various forms for thousands of years, and, whether or not you know it, is used
More informationMidterm Exam. CS381-Cryptography. October 30, 2014
Midterm Exam CS381-Cryptography October 30, 2014 Useful Items denotes exclusive-or, applied either to individual bits or to sequences of bits. The same operation in Python is denoted ˆ. 2 10 10 3 = 1000,
More information15110 PRINCIPLES OF COMPUTING EXAM 3A FALL 2011
15110 PRINCIPLES OF COMPUTING EXAM 3A FALL 2011 Name Section Directions: Answer each question neatly in the space provided. Please read each question carefully. You have 50 minutes for this exam. No electronic
More informationBSc Security Challenges. Crypto, WebSec, AppSec
BSc Security Challenges Crypto, WebSec, AppSec 2015 Crypto1 Codebreakers We found an encoded message in an old book of one of our clients and we need your help to decode it! QFRDQZ MFRDQZ BLY CK B FLQZ,
More informationGlenda Whitbeck Global Computing Security Architect Spirit AeroSystems
Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems History 2000 B.C. Egyptian Hieroglyphics Atbash - Hebrew Original alphabet mapped to different letter Type of Substitution Cipher
More informationDissecting the Dyre Loader
Dissecting the Dyre Loader JASON REAVES November 25, 2015 Abstract Dyre or Dyreza, is a pretty prominent figure in the world of financial malware. The Dyre of today comes loaded with a multitude of modules
More informationFeaturing. and. Göteborg. Ulf Larson Thursday, October 24, 13
Featuring and Göteborg OWASP top ten 2013 Based on risk data from eight firms that specialize in application security, This data spans over 500,000 vulnerabilities across hundreds of organizations and
More information3. Apache Server Vulnerability Identification and Analysis
1. Target Identification The pentester uses netdiscover to identify the target: root@kali:~# netdiscover -r 192.168.0.0/24 Target: 192.168.0.48 (Cadmus Computer Systems) Note: the victim IP address changes
More informationCryptanalysis. Ed Crowley
Cryptanalysis Ed Crowley 1 Topics Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types 2 Cryptanalysis Science of cracking ciphers and codes, decoding secrets,
More informationCryptography ThreeB. Ed Crowley. Fall 08
Cryptography ThreeB Ed Crowley Fall 08 Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types Cryptanalysis. Science of cracking ciphers and codes, decoding secrets,
More informationCS150 Assignment 7 Cryptography
CS150 Assignment 7 Cryptography Date assigned: Monday, November 20, 2017 Date Due: Tuesday, December 5, 2017, 9:40am (40 points) There is no late grace period for this last assignment!!!!! Cryptography
More informationThe Caesar Cipher Informatics 1 Functional Programming: Tutorial 3
The Caesar Cipher Informatics 1 Functional Programming: Tutorial 3 Heijltjes, Wadler Due: The tutorial of week 5 (23/24 Oct.) Reading assignment: Chapters 8 and 9 (pp. 135-166) Please attempt the entire
More informationCIS 194: Homework 5. Due Wednesday, 25 February, Preface. Setup. JSON files. String theory
CIS 194: Homework 5 Due Wednesday, 25 February, 2015 Preface Setup You will need two packages that are not part of Haskell s standard library for this assignment. They are aeson and text. You can install
More informationControlling Website Account Information. A recent survey done by Privacy Rights Clearinghouse shows that in the past five years
Colson 1 Alex Colson Dr. Lunsford Information Security Management 10 July 2007 Controlling Website Account Information A recent survey done by Privacy Rights Clearinghouse shows that in the past five years
More informationSecurity Course. WebGoat Lab sessions
Security Course WebGoat Lab sessions WebGoat Lab sessions overview Initial Setup Tamper Data Web Goat Lab Session 4 Access Control, session information stealing Lab Session 2 HTTP Basics Sniffing Parameter
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationCRYPTOGRAPHY. Jakub Laszczyk. June 7th,
CRYPTOGRAPHY Jakub Laszczyk June 7th, 2018 @KarmanLtd Agenda About What is it? And History Part 1 - Hashing Part 2 - Symmetric Keys Part 3 - Asymmetric Keys Conclusion 2 About Karman Interactive is a mobile
More informationENGR/CS 101 CS Session Lecture 9
ENGR/CS 101 CS Session Lecture 9 Log into Windows/ACENET (reboot if in Linux) Start Python, open program from last time. Has everyone finished the program from last class so that it can encipher and decipher
More informationLab 5: Ciphers and Crypto Fundamentals
Lab 5: Ciphers and Crypto Fundamentals Aim: Bill, Richard, Charley The aim of this lab is to give an introduction to ciphers, basic encoding/decoding techniques and frequency analysis, as to provide some
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationGeneric IP Camera Driver
Generic IP Camera Driver Information Sheet for Crimson v3.0+ Compatible Devices IP cameras and web cameras where the static image is accessible through a web interface in either JPEG or bitmap formats.
More informationHacking TP-Link Devices. Fernando Gont
Hacking TP-Link Devices Fernando Gont About... Security Researcher and Consultant at SI6 Networks Published: 30 IETF RFCs 10+ active IETF Internet-Drafts Author of the SI6 Networks' IPv6 toolkit https://www.si6networks.com/tools/ipv6toolkit
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More information5/10/2009. Introduction. The light-saber is a Jedi s weapon not as clumsy or random as a blaster.
The Hacking Protocols and The Hackers Sword The light-saber is a Jedi s weapon not as clumsy or random as a blaster. Obi-Wan Kenobi, Star Wars: Episode IV Slide 2 Introduction Why are firewalls basically
More informationINSE Lucky 13 attack - continued from previous lecture. Scribe Notes for Lecture 3 by Prof. Jeremy Clark (January 20th, 2014)
INSE 6150 Scribe Notes for Lecture 3 by Prof. Jeremy Clark (January 20th, 2014) Lucky 13 attack - continued from previous lecture The lucky 13 attack on SSL/TLS involves an active attacker who intercepts
More informationA1 (Part 1): Injection Command and Code injection
A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application into executing commands or code embedded in data Data and code mixing! Often injected into interpreters SQL, PHP,
More informationThis lab exercise is to be submitted at the end of the lab session! passwd [That is the command to change your current password to a new one]
Data and Computer Security (CMPD414) Lab II Topics: secure login, moving into HOME-directory, navigation on Unix, basic commands for vi, Message Digest This lab exercise is to be submitted at the end of
More informationMITOCW watch?v=zlohv4xq_ti
MITOCW watch?v=zlohv4xq_ti The following content is provided under a Creative Commons license. Your support will help MIT OpenCourseWare continue to offer high-quality educational resources for free. To
More informationProtocol Analysis: Capturing Packets
Protocol Analysis: Capturing Packets This project is intended to be done on the EiLab Network, but if you want to try to VPN into the EiLab Network on your own PC from your home or workplace, follow these
More informationCS50 Quiz Review. November 13, 2017
CS50 Quiz Review November 13, 2017 Info http://docs.cs50.net/2017/fall/quiz/about.html 48-hour window in which to take the quiz. You should require much less than that; expect an appropriately-scaled down
More informationStream Ciphers. Stream Ciphers 1
Stream Ciphers Stream Ciphers 1 Stream Ciphers Generate a pseudo-random key stream & xor to the plaintext. Key: The seed of the PRNG Traditional PRNGs (e.g. those used for simulations) are not secure.
More informationCIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm
CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum
More informationText Input and Conditionals
Text Input and Conditionals Text Input Many programs allow the user to enter information, like a username and password. Python makes taking input from the user seamless with a single line of code: input()
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz II
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2011 Quiz II You have 80 minutes to answer the questions in this quiz. In order to receive credit
More informationLab 1: Cipher Fundamentals
Lab 1: Cipher Fundamentals Objective: The key objective of this lab is to be introduced to some of the fundamental principles involved in cryptography, including the usage of Base-64, hexadecimal, the
More informationCryptography. Intercepting Information Scenario 1. Tuesday, December 9, December 9, Wireless broadcasts information using radio signals
Cryptography December 9, 2008 1 Intercepting Information Scenario 1 Wireless broadcasts information using radio signals Any computer on a wireless network CAN listen to any network traffic http://www.geeksquad.com/
More information18-642: Cryptography 11/15/ Philip Koopman
18-642: Cryptography 11/15/2017 Cryptography Overview Anti-Patterns for Cryptography Using a home-made cryptographic algorithm Using private key when public key is required Not considering key distribution
More informationReview. Input, Processing and Output. Review. Review. Designing a Program. Typical Software Development cycle. Bonita Sharif
Input, Processing and Output Bonita Sharif 1 Review A program is a set of instructions a computer follows to perform a task The CPU is responsible for running and executing programs A set of instructions
More informationThis is a list of questions and answers about Unicode in Perl, intended to be read after perlunitut.
NAME Q and A perlunifaq - Perl Unicode FAQ This is a list of questions and answers about Unicode in Perl, intended to be read after perlunitut. perlunitut isn't really a Unicode tutorial, is it? No, and
More informationOpenSSL is a standard tool that we used in encryption. It supports many of the standard symmetric key methods, including AES, 3DES and ChaCha20.
Lab 2: Symmetric Key Objective: The key objective of this lab is to understand the range of symmetric key methods used within symmetric key encryption. We will introduce block ciphers, stream ciphers and
More informationLab 1: Cipher Fundamentals
Lab 1: Cipher Fundamentals Objective: The key objective of this lab is to be introduced to some of the fundamental principles involved in cryptography, including the usage of Base-64, hexadecimal, the
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationCSCE 813 Internet Security Symmetric Cryptography
CSCE 813 Internet Security Symmetric Cryptography Professor Lisa Luo Fall 2017 Previous Class Essential Internet Security Requirements Confidentiality Integrity Authenticity Availability Accountability
More informationProtocol Analysis: Capturing Packets
Protocol Analysis: Capturing Packets This project is intended to be done on your assigned Windows VM on the EiLab Network. This is, in part, because you must do this on a PC that you have administrative
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationSome Facts Web 2.0/Ajax Security
/publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire
More informationA New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4
IJSRD - International Journal for Scientific Research & Development Vol. 2, Issue 08, 2014 ISSN (online): 2321-0613 A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationSE420 Software Quality Assurance
SE420 Software Quality Assurance Encryption Backgrounder September 5, 2014 Sam Siewert Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function) A B C D E F G H I J K L M N O P Q R S T U V
More informationBlock Cipher Operation. CS 6313 Fall ASU
Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationCS 135: Fall Project 2 Simple Cryptography
CS 135: Fall 2010. Project 2 Simple Cryptography Project Rules: You should work on the project in your assigned team. This project is worth 60 points towards your total projects grade. If you choose to
More informationFundamentals of Python: First Programs. Chapter 4: Strings and Text Files
Fundamentals of Python: First Programs Chapter 4: Strings and Text Files Objectives After completing this chapter, you will be able to Access individual characters in a string Retrieve a substring from
More informationCryptography. some history. modern secret key cryptography. public key cryptography. cryptography in practice
Cryptography some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) modern secret key cryptography DES, AES public key cryptography RSA, digital signatures cryptography in practice
More informationKey Separation in Twofish
Twofish Technical Report #7 Key Separation in Twofish John Kelsey April 7, 2000 Abstract In [Mur00], Murphy raises questions about key separation in Twofish. We discuss this property of the Twofish key
More information