Hackathon Workshop – Day 01

Agenda for Day 1

Introduction to Cyber Security – (Brief History, Attack Types/Classification, MITRE
ATT&CK & CTFs)
Cryptography Algorithms, Cryptanalysis & Applications
Networking Fundamentals
Introduction
Network Security (Firewall & its types, IDS/IPS)
Wireless Networks
Wireless Security Protocols
Wireless Network Vulnerabilities and exploitation
Emerging Technologies

Introduction
Introduction to Cybersecurity
Cybersecurity refers to the practice of protecting digital systems,
networks, and data from unauthorized access, use, disclosure,
disruption, modification, or destruction.

CIA Triad:
1. Confidentiality: Ensuring that information is accessible only to
authorized individuals.
2. Integrity: Maintaining the accuracy, consistency, and reliability of
information and protecting it from unauthorized modification or
tampering.
3. Availability: Ensuring that information and system resources are
accessible and available when we need to access them.
Evolution of IS Industry
Pre Internet-Era - It all begins with Passwords. (1960s)
Post Internet-Era - Malwares, Worms & Viruses being developed by
Computer Scientists to compromise other systems. (1980s)
Perimeter Security Era – Firewalls were introduced (1990s)
Regularization Era – Cyber security Laws & Regulations started to be
formulated. (Early 2000s)
Cyber Warfare Era – The Stuxnet Phenomenon & its after affects, The
War begins!! (Late 2000s)
The Era of Major Breaches – Information Security is now considered as
Separate Industry with revolutionary improvements in Solution (Tools),
Services & Structure. (2010s)
The Era of Threat Intelligence & Skill Assessment – Prevention is now an
Old Concept, Proactive Detection & Response with focus on skills
improvement. (Early 2020s)
You Say Trend, I Say Threat……
Cyber Attacks
Active Attacks Passive Attacks
The attacker aims to alter, corrupt, or destroy The attacker’s goal is to steal
Objective data, or disrupt normal operations. information or observe system
behavior without being detected.
• Denial-of-Service (DoS) Attacks • Eavesdropping
• Man-in-the-Middle (MitM) Attacks • Traffic Analysis
Examples • Data Encryption • Foot printing
• Data Destruction • Side-channel attacks
• Malware Injection
Often easier to detect because they typically More challenging to detect because
cause noticeable effects, such as system they don’t cause direct harm or
Detection slowdowns, data corruption, or service noticeable changes in the system.
outages.
Cyber Threats Classification &
Probability
MITRE ATT&CK Framework

Introduction
CTFs
CTF competitions are cyber security competitions where participants
demonstrate their technical ability in different cyber security fields.
Jeopardy-style CTFs has a couple of questions (tasks) in range of
categories. For example, Web, Forensic, Crypto, Binary or something else.
Team can gain some points for every solved task. More points for more
complicated tasks usually.
Attack-Defense is another interesting kind of competitions. Here every
team has own network(or only one host) with vulnerable services. Your team
has time for patching your services and developing exploits usually. So, then
organizers connects participants of competition and the wargame starts! You
should protect own services for defense points and hack opponents for attack
points.
CTF Terminologies
Challenge
Challenges are the questions that you have to solve to get points.
Every Challenge has a description, Difficulty level, category and number of points to solve.
Flag
Some sort of text/MD5 hash that you submit to CTF portal to get the challenge points.
Flag Example: b1a1f2855d2428930e0c9c3ce10600d6 flag{I_am_the_key}.
Flag Example: flag{congr4tz_y0u_4r3_th3_b35t}
Write up
This is a document or article describing the solution of a certain challenge.
Reading write-ups is one of the main ways to get introduced to CTFs.
Required Skills & Rules
Skills
Problem Solving Skills
Know how to GOOGLE stuff
Persistence and keep trying mentality
Rules
It is prohibited to attack the platform
No external help
Take care of time
Follow the CTF Masters / organizers rules .
Learning Security through CTFs
Continuous Practicing : you don’t have to learn a full course to start practicing
Brand yourself
Less theoretical and more practical
Fun ( gamification)
Access to large community
Cheaper way to proof skills instead of certificates
CTF Challenges Categories
Network Security
Web Security
Malware Reverse Engineering
Digital Forensics
Cryptography
Open Source Cyber Intelligence
General Knowledge
Others
CTF Resources
http://captf.com/practice-ctf/
http://ctfs.github.io/resources/
https://resources.infosecinstitute.com/
https://ctftime.org/writeups
https://ippsec.rocks
 Cryptography
Cryptography is the practice and study of techniques for securing communication and data in the
presence of adversaries. It involves the use of mathematical principles to transform information,
making it unreadable to unauthorized parties.
Key Concepts
• Plaintext: The original, readable message or data that needs to be protected.
• Hash Function: Produce a fixed-size hash value (irreversible) from input data. Used for integrity checking.
• Ciphertext: The transformed, unreadable message that results from encryption. Cipher text is reversible
into plain text given the key is provided.
• Encryption: The process of converting plaintext into ciphertext using an algorithm and a key.
• Decryption: The reverse process, converting ciphertext back into plaintext using a key.
• Key: A secret value used by an algorithm to encrypt or decrypt data. The security of cryptography relies on
the secrecy of the key, not the algorithm.
 Some Traditional Ciphers
Mechanical Ciphers
Caesar Ciphers
ROT13 Cipher
Atbash Cipher
Vigenère Cipher
Rail-fence Cipher
Morse Code
Types of Cryptography
Symmetric Key Cryptography Asymmetric Key Cryptography
Uses the same key for both encryption & Uses a pair of keys—a public key for
Description decryption. encryption and a private key for decryption.
• AES (Advanced Encryption Standard) • RSA (Rivest, Shamir, Adleman) Algorithm
• DES (Data Encryption Standard) • Digital Signature Standard (DSS)
• IDEA (International Data Encryption • ECC (Elliptic Curve Cryptography) Algorithm
Algorithms Algorithm) • Diffie-Hellman Exchange Method
• Blowfish (Drop-in replacement for • TLS/SSL protocol
DES or IDEA)
• Rivest Cypher (RC4, RC5, RC6)
Fast and efficient for large amounts of Solves the key distribution problem, as the
Strengths data. public key can be openly shared.
Key distribution is challenging since both Slower & computationally more expensive
Weaknesses parties need to securely share the key. than symmetric cryptography.
 Cryptanalysis
The art of defeating cryptographic security systems & gaining access to contents of encrypted
messages without being given the cryptographic key.
Ciphertext-only attack
Chosen-ciphertext attack
Known-plaintext attack
Chosen-plaintext attack
Tools for Hash Bypass &
Cryptanalysis
https://www.dcode.fr/
https://cryptii.com/
https://crypto.interactive-maths.com/frequency-analysis-breaking-the-code.html
https://quipqiup.com/
https://crackstation.net/
https://www.md5online.org/
https://hashkiller.io/
https://gchq.github.io/CyberChef/
https://morsecode.world/international/decoder/audio-decoder-adaptive.html
Quantum Cryptography
Quantum cryptography (also known as quantum encryption) refers to various cybersecurity
methods for encrypting and transmitting secure data based on the naturally occurring and
immutable laws of quantum mechanics.

Types:
Quantum Key Distribution (QKD)
Quantum Coin Flipping
Position-based quantum cryptography
Device-independent quantum cryptography
Kek protocol
Y-00 protocol
Post Quantum Cryptography
The goal of Post Quantum Cryptography is to develop cryptographic systems that are secure
against both quantum and classical computers, and can interoperate with existing
communications protocols and networks.

Primary Areas:
Lattice-based cryptography
Multivariate cryptography
Hash-based cryptography
Code-based cryptography
Isogeny-based cryptography
Symmetric key quantum resistance
 Applications of Cryptography
Data Confidentiality: Ensuring that information is only accessible to those authorized to access it
i.e., through Data Encryption
Data Integrity: Verifying that data has not been altered i.e., through Hashing
Non-Repudiation: Ensuring that a party cannot deny the authenticity of their signature on a
document or a message i.e., through digital signatures
Secure Communication: Cryptography is widely used to secure communication channels, such as
emails, instant messaging, and voice-over-IP (VoIP) calls.
Blockchain & Cryptocurrency: Asymmetric Encryption & Hashing Techniques are used in
Blockchain ledgers for ensuring decentralization & Pseudo-anonymity which are the basic principles
of block chain & Cryptocurrency.
 Networking Fundamentals
Networking fundamentals are the basic principles and concepts that underpin computer networking, enabling
devices to communicate with each other.
Network: A collection of interconnected devices (such as computers, servers, printers, etc.) that share
resources and communicate with each other.
Types of Networks:
LAN (Local Area Network): A network confined to a small geographic area, like a building or campus.
WAN (Wide Area Network): A network that spans a large geographic area, such as cities or countries, often
connected by routers.
PAN (Personal Area Network): A network for personal devices, usually within a range of a few meters (e.g.,
Bluetooth).
MAN (Metropolitan Area Network): A network that covers a city or large campus.
Network Topologies
 Concepts of IPv4 Addressing
IPv4: A 32-bit address format (e.g., 192.168.1.1) with approximately 4.3 billion
unique addresses.
IPv6: A 128-bit address format (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334)
designed to replace IPv4, offering a vastly larger address space.
Subnetting: The practice of dividing a network into smaller sub-networks
(subnets) to improve performance and security.
NAT (Network Address Translation): A method that allows multiple devices on a
private network to share a single public IP address.
Types of IPv4 Addressing
IPv6 Addressing
IPv6 Address Types
 Common Network Protocols
TCP (Transmission Control Protocol): A reliable, connection-oriented protocol that ensures data
is delivered in the correct order without errors.
UDP (User Datagram Protocol): A connectionless, faster protocol that does not guarantee
delivery, used for real-time applications like streaming.
HTTP/HTTPS (Hypertext Transfer Protocol / Secure): Protocols used for transmitting web pages
over the internet.
FTP (File Transfer Protocol): A protocol for transferring files between computers on a network.
DNS (Domain Name System): Translates human-readable domain names (like
www.example.com) into IP addresses.
OSI Model & TCP/IP Model
 Firewall Types
Firewall Type Working Methodology
Packet Filtering Examines packets at network layer & compares them against set of rules.
Firewall
Stateful Inspection Track the state of active connections and make decisions based on the state of the connection
Firewall as well as the rules
NGFW Advanced firewalls that integrate traditional firewall technology with additional features like
deep packet inspection, intrusion prevention systems (IPS), and application awareness.
FaaS Firewalls deployed in the cloud, providing protection for cloud-based infrastructure, platforms,
and applications.
Proxy Firewall Also known as application-level gateways, these firewalls act as an intermediary between end
users and the services they access, filtering traffic at the application layer.
UTM Firewalls A type of NGFW that bundles multiple security functions into a single device, including
firewalling, VPN, antivirus, intrusion detection/prevention & more.
WAF A specialized firewall that protects web applications by filtering and monitoring HTTP/HTTPS
traffic between a web application and the internet.
Intrusion Detection System (IDS)
 Intrusion Prevention System (IPS)
Intrusion Prevention System (IPS) is a network security technology that monitors and analyzes network traffic
to detect and prevent malicious activities, such as attacks, intrusions, or unauthorized access. An IPS is
designed to identify potential threats in real-time and take immediate action to block or mitigate them, thus
preventing damage to the network or system.

Detection Features of IPS Prevention Features of IPS Response Features of IPS

Signature-Based Detection: Identifies Blocking: Automatically blocks traffic that Immediate Action: Unlike Intrusion
known threats by comparing network traffic matches a known attack signature or Detection Systems (IDS), which only detect
against a database of known attack deviates from normal behavior. and alert, an IPS can take proactive
signatures or patterns. measures to stop threats as they are
detected.
Anomaly-Based Detection: Detects unusual Throttling: Slows down traffic from Integration with Firewalls: Often works
behavior by comparing current network suspicious sources to prevent overwhelming alongside firewalls to enforce more granular
activity against a baseline of normal the network. security policies and provide a layered
behavior. defense strategy.
Heuristic-Based Detection: Uses algorithms Shunning: Temporarily blocks traffic from a Guided Response: Give analysts guided
to identify potentially malicious activity specific IP address or network that is response cheat sheets/playbooks to deal
based on the behavior of network traffic. deemed suspicious. with advanced attacks
 Wireless Networks Essentials
IEEE 802.11 Standard: The most common standard for wireless networking, also known as Wi-Fi. Variants include 802.11a, b,
g, n, ac, and ax, each offering different speeds, ranges, and frequencies.

Frequencies: Wireless networks typically operate on the 2.4 GHz or 5 GHz bands. The 2.4 GHz band offers broader coverage but
is more prone to interference, while the 5 GHz band offers faster speeds and less interference but shorter range.
Access Points (APs): Devices that allow wireless devices to connect to a wired network. APs transmit and receive radio waves,
facilitating communication between devices on the network.

Wireless Router: Combines the functions of a router, switch, and wireless access point. It routes traffic between the internet
and the local network, enabling multiple devices to connect wirelessly.

SSID (Service Set Identifiers): The network name broadcast by an access point, allowing devices to identify and connect to
the correct wireless network.
Channels: Wireless networks operate on specific channels within the frequency bands. Proper channel selection can reduce
interference from other networks or devices.
Roaming: The ability for a device to move between different access points on the same network without losing the connection.
MIMO (Multiple Inputs, Multiple Outputs): A technology used in newer wireless standards (e.g., 802.11n, 802.11ac) that
uses multiple antennas to transmit and receive data, improving speed and range.
 Wireless Security Protocols
WEP WPA WPA2 WPA3
Introduction Wired Equivalent Wi-Fi Protected Access: Introduced in 2004 as the Released in 2018 as the latest and most
Privacy: One of the Introduced in 2003 as an successor to WPA, providing secure wireless security protocol
first security protocols interim improvement stronger security
introduced for Wi-Fi over WEP
networks in 1997

Encryption Uses RC4 encryption Uses the Temporal Key Uses the Advanced Encryption Uses AES encryption with stronger 192-
with 40-bit or 104-bit Integrity Protocol (TKIP), Standard (AES) with the bit cryptographic suites (for WPA3-
keys, combined with a which dynamically Counter Mode Cipher Block Enterprise) and Simultaneous
24-bit initialization changes keys for each Chaining Message Authentication of Equals (SAE) for a
vector (IV) packet, making it more Authentication Code Protocol more secure handshake process.
secure than WEP (CCMP).

Security Level WEP has significant WPA addressed many of WPA2 is much more secure WPA3 offers enhanced protection
vulnerabilities, WEP's weaknesses but than WEP and WPA, with against brute-force attacks, better data
including weak IVs and still has vulnerabilities, robust encryption that protection on public networks, and
key management particularly related to protects against most common forward secrecy (ensuring that if one
issues, making it easily TKIP attacks session key is compromised, it doesn’t
crackable. affect previous or future sessions).

Current Status Obsolete & not Largely replaced by The most widely used security The latest and recommended standard
recommended for use WPA2 but still used in protocol today, though some for securing wireless networks, though it
some legacy systems vulnerabilities (e.g., KRACK) is still being adopted widely.
have been discovered
 Common Attacks (1/4)
Attacks on Open Networks (No Encryption)
Vulnerability: Networks that do not use encryption allow any device within range to connect without authentication.
Data transmitted over these networks is unencrypted, making it easy for attackers to capture and analyze.
Exploitation: Attackers can perform man-in-the-middle (MITM) attacks, intercepting and manipulating data, stealing
login credentials, or injecting malicious content.

Attacks on WEP Protocol

Vulnerability: WEP encryption is easily crackable due to its use of weak initialization vectors (IVs) and predictable keys.
Tools to crack WEP are readily available and can break the encryption in minutes.
Exploitation: Attackers can crack WEP keys to gain unauthorized access to the network, allowing them to eavesdrop on
communications, access internal resources, or launch further attacks from within the network.

Attacks on WPA/WPA2 Protocols

KRACK Attack: Exploits a vulnerability in the WPA2 handshake process, forcing the reinstallation of an already-in-use
key, which can be used to decrypt traffic.
Dictionary Attacks: Attackers can capture the WPA/WPA2 handshake and perform offline dictionary or brute-force
attacks to guess the pre-shared key (PSK).
 Common Attacks (2/4)
Rogue Access Points
Vulnerability: A rogue access point is an unauthorized wireless access point set up by an attacker or even an insider. It can be
used to lure users into connecting to it instead of the legitimate network.
Exploitation: Attackers use rogue APs to perform MITM attacks, capture sensitive information, or distribute malware. Users
unknowingly connect to the rogue AP, thinking it’s a legitimate network.

Evil Twin Attack

Vulnerability: Similar to a rogue AP, an evil twin is a malicious access point that mimics a legitimate wireless network's SSID
(network name). Users may connect to it, especially in public spaces like cafes or airports.
Exploitation: Once users connect to the evil twin, attackers can intercept traffic, steal login credentials, or distribute malware.

Mac Address Spoofing

Vulnerability: Wireless networks often use MAC address filtering as a security measure, allowing only specific devices to
connect. However, MAC addresses can be easily spoofed.
Exploitation: Attackers can spoof the MAC address of an authorized device to bypass MAC filtering and gain unauthorized
access to the network.
Common Attacks (3/4)
DE authentication Attack
Vulnerability: Wireless networks are susceptible to deauthentication attacks, where an attacker sends deauthentication frames
to disconnect users from the network. (Compromise of Availability in CIA Triad)
Exploitation: Attackers use deauthentication attacks to force a user to disconnect from the legitimate access point and
reconnect to a malicious one. This is often a precursor to a MITM attack or an evil twin attack.

Man-in-the-Middle (MITM) Attacks

Vulnerability: In MITM attacks, an attacker intercepts and possibly alters the communication between two parties without their
knowledge.
Exploitation: Attackers can use various techniques, such as ARP spoofing, DNS spoofing, or SSL stripping, to intercept data. This
allows them to steal sensitive information, inject malicious content, or manipulate communication.

Wireless Jamming
Vulnerability: Wireless networks can be disrupted by jamming attacks, where an attacker overwhelms the network with
interference, preventing legitimate communication.
Exploitation: Attackers use jamming devices to disrupt network availability, leading to denial of service (DoS) attacks. This can
be particularly damaging in critical environments like hospitals or industrial control systems.
 Common Attacks (4/4)
Misconfigured Access Points
Vulnerability: Poorly configured access points, such as those with default settings, weak passwords, or no encryption, pose a
significant security risk.
Exploitation: Attackers can easily exploit these misconfigurations to gain unauthorized access, launch attacks, or use the
network for illegal activities.

Wireless Sniffing
Vulnerability: Wireless sniffing involves capturing data packets transmitted over a wireless network. If the network uses weak
or no encryption, the captured data can be easily read.
Exploitation: Attackers use tools like Wireshark to capture and analyze wireless traffic, potentially revealing sensitive
information like passwords, emails, and financial data.
 Bluetooth Vulnerabilities
Bluetooth, another wireless technology, has its own set of vulnerabilities, such as Bluejacking,
Bluesnarfing, and Bluebugging.

Exploitation:
Bluejacking: Sending unsolicited messages to Bluetooth-enabled devices.
Bluesnarfing: Unauthorized access to information on a Bluetooth-enabled device.
Bluebugging: Taking control of a Bluetooth-enabled device, allowing the attacker to listen in on conversations or send
messages.
Thank You!