Cyber Security Body of Knowledge Videos

2 videos • 📅 2024-01-22 09:00:00 Africa/Blantyre
2024-01-26 14:55:08
2024-01-26 15:14:26
Visit the Cyber Security Body of Knowledge course recordings page
United Arab Emirates - Cyber Security Body of Knowledge (CyBOK)
                WEBVTT

00:00:02.580 --> 00:00:13.520
Daniel, I think I am in your machine now, can you show me the, sorry, yeah, see, 7 complete

00:00:13.520 --> 00:00:29.980
lines, that's good, yeah, this is the correct one, that's good, yeah, this is the correct

00:00:29.980 --> 00:00:45.520
that's it, nice, that's all, and, so, that's great, so we can, what we can tell you with

00:00:45.520 --> 00:00:52.040
the user agent is that he is using Daniel, that's a question for you, if you're willing

00:00:52.040 --> 00:00:58.680
to answer, like, no pressure, only, sorry, sorry, I didn't hear you, I was looking

00:00:58.680 --> 00:01:05.160
at the next question, what did you say, right, so, by looking at the user agent, what can

00:01:05.160 --> 00:01:18.560
you tell about the machine that the administrator was using, so, it was the internet and they

00:01:18.560 --> 00:01:25.780
are using Mac OS, Mac OS, Mac operating system, yeah, but then Intel Core, that

00:01:25.780 --> 00:01:31.800
means that's an old model, not the M1 model or the M2 model, right, yeah, right, that's

00:01:31.800 --> 00:01:37.440
great, and they are working on Chrome and Safari both, so, that's good, nice, great

00:01:37.440 --> 00:01:47.300
work Daniel, so, I think our time is over, I will be sharing my screen and I'll try

00:01:47.300 --> 00:01:58.100
to go through it with you guys, let's go through it together, we need this, that's

00:01:58.100 --> 00:02:11.340
just my calendar on my school life, so, we have the password, now we need to look

00:02:11.340 --> 00:02:22.600
for this one, the user agent of the administrator, now, sorry, if you guys remember, we also

00:02:22.600 --> 00:02:26.760
talked about that user agent can be found easily in the access log, because that is

00:02:26.760 --> 00:02:31.000
what it records, so, let's just open it, let's just get into the file explorer

00:02:31.000 --> 00:02:38.140
and open our access log, okay, so, we have this, and, but, but, but, but we

00:02:38.360 --> 00:02:44.480
are looking for the administrator, user agent of the administrator user, so, administrator,

00:02:44.840 --> 00:02:49.680
and we also know that the first, first one, how can we uniquely identify that who is

00:02:49.680 --> 00:02:56.440
trying to do this, the first one is the IP address, so, we can just go back, we

00:02:56.440 --> 00:03:05.540
can just, we can just go back to our, this, this page, and we can search and

00:03:05.540 --> 00:03:10.920
go for users, we are trying to look that, this is the admin, let's, let's just copy

00:03:10.920 --> 00:03:16.720
this stuff, and let's go to our page, which is access log now, and well, this

00:03:16.720 --> 00:03:22.720
is open on mousepad, yeah, that's the access, Ctrl F, let's find, let's go and

00:03:22.720 --> 00:03:48.920
find the IP for this one, and enter, okay, so, this is the one, my bad, yeah, this is the one, yeah, so, we can

00:03:48.920 --> 00:03:56.780
see, let me, let me zoom this, okay, so, we can see that the administrator is using

00:03:56.780 --> 00:04:03.240
Mozilla Firefox, and he's on a Macintosh with Intel Mac, so, the Intel Mac were

00:04:03.240 --> 00:04:07.180
discontinued after 2020, or something like that, I don't remember exactly, but,

00:04:07.520 --> 00:04:12.840
yeah, and this one is old, and then, KHTML, it's Gecko, Gecko might be some

00:04:12.840 --> 00:04:17.520
other service, and he's using both Chrome and Safari, so, we get so much

00:04:17.520 --> 00:04:22.980
information by just looking at the user agent, so, we have that flag, and it looks

00:04:22.980 --> 00:04:28.900
beautiful when it's completed, yeah, seven lines complete, only three more to go,

00:04:29.320 --> 00:04:36.020
so, let's just go straight through, these are on the easier end of the

00:04:36.020 --> 00:04:41.720
scale, what time did, what time did the contractor add themselves to the

00:04:41.720 --> 00:04:46.780
administrator group, so, administrator group is present in the forum, you

00:04:46.780 --> 00:04:53.980
remember, there was a group, so, let's see, let's go and check the logs,

00:04:54.540 --> 00:05:00.520
because this is what it kind of gets into, when, what time did the

00:05:00.520 --> 00:05:04.400
contractor add themselves, so, this information must have been logged,

00:05:05.100 --> 00:05:08.400
or it might, it is not present in the configuration file, because

00:05:08.400 --> 00:05:11.920
configuration file is you configure something in the end, and then you

00:05:11.920 --> 00:05:15.980
don't usually change it, but these kind of things, adding and

00:05:15.980 --> 00:05:19.340
subtracting, or deleting from the administrator group, these kind of

00:05:19.340 --> 00:05:24.440
things go into the log side, not the configuration side, so, the LDAP

00:05:24.440 --> 00:05:28.640
password went to the configuration side, this might easily go to the log

00:05:29.220 --> 00:05:34.660
side, let's, like, I'm just speaking out loud, so that, so that my thought

00:05:34.660 --> 00:05:38.980
process of how I reached that conclusion, you know, that is conveyed,

00:05:40.280 --> 00:05:48.020
so, let's go straight forward, and let's, yeah, it was the logs, logs,

00:05:48.320 --> 00:05:55.480
logs, logs, logs, and we have, we have this one, administrator,

00:05:56.440 --> 00:06:02.700
yeah, you see, log user added, and where he is added, he is added

00:06:02.700 --> 00:06:08.960
in the administrators, and who is added, Apoli is added, so, that

00:06:08.960 --> 00:06:14.120
is an alarm bell for all of us, I think, yeah, that is the alarm

00:06:14.120 --> 00:06:18.240
bell for the organization, you see this one, so, we have been asked

00:06:18.240 --> 00:06:23.600
that what is the timestamp, again, nothing new, just control C, go

00:06:23.600 --> 00:06:28.640
to the epoch, converter, control A, control B, just timestamp it,

00:06:28.640 --> 00:06:39.400
and yeah, this is a good tool, and yeah, yep, we have that with us

00:06:40.660 --> 00:06:45.800
now, okay, what time will the contractor download the database

00:06:45.800 --> 00:06:49.480
backup, now, I want you guys to try the last two, like, last two

00:06:49.480 --> 00:06:53.240
are related, so, if you do one, you have already done the other

00:06:53.240 --> 00:06:58.760
one, and we have also been doing this lab to us, so, yeah, let's

00:06:58.760 --> 00:07:02.120
give five minutes to us, and let's see who figures this one

00:07:02.120 --> 00:07:06.220
out, last year, it was Daniel, who did the right one,

00:07:06.520 --> 00:07:10.360
we have the seven, before that it was Lucy, I think, yeah,

00:07:10.500 --> 00:07:15.140
let's see who gets it this one, who gets it this time, so,

00:07:15.160 --> 00:07:16.680
complete this one, last name.

00:07:19.580 --> 00:07:25.620
Okay, just need to come in, I'm going, I have to jump off,

00:07:25.940 --> 00:07:29.300
so, it's been really nice going through the five days,

00:07:29.480 --> 00:07:33.080
so, I really appreciate everyone spending all the time,

00:07:33.100 --> 00:07:36.660
and I'm actually super surprised that our attendance

00:07:36.660 --> 00:07:40.820
for the class did not drop throughout the day, every day,

00:07:41.020 --> 00:07:45.100
normally with these classes, there's somebody who doesn't

00:07:45.100 --> 00:07:48.620
show up, at least one, with this small group as well,

00:07:48.760 --> 00:07:52.120
so, at least two maybe even, so, I'm really surprised that

00:07:52.120 --> 00:07:55.580
you've gone through the entire course, and I see the

00:07:55.580 --> 00:07:58.380
engagement level is really high as well, so, well done,

00:07:58.400 --> 00:08:01.620
everyone, and, yeah, I think we might see each other

00:08:01.620 --> 00:08:05.400
at some point, so, all the best, I will be in touch with

00:08:05.400 --> 00:08:08.740
emails, I'll be still here for the next one hour for

00:08:08.740 --> 00:08:11.660
you, you know, to go through the lab, and be on the

00:08:11.820 --> 00:08:14.960
email support, if you can somehow manage to come on to

00:08:14.960 --> 00:08:18.040
this Microsoft channel, then you can chat with us for

00:08:18.040 --> 00:08:21.240
the next few days as well, I'll keep it open, otherwise,

00:08:21.420 --> 00:08:23.900
it's going to be the email channel for communication,

00:08:24.660 --> 00:08:28.520
and, yeah, we will be sending out the solutions for

00:08:28.520 --> 00:08:30.740
these labs as well, so, you can go and do them again,

00:08:31.080 --> 00:08:35.200
and I did get a confirmation that these particular labs

00:08:35.200 --> 00:08:40.380
will be available for all of you, for an extended period

00:08:40.380 --> 00:08:43.520
of time, normally, it isn't the case, it actually

00:08:43.520 --> 00:08:46.720
finishes right on the day of the training, so, he's

00:08:46.720 --> 00:08:49.420
going to be extending it until Tuesday, so, you do

00:08:49.420 --> 00:08:52.200
have like three, four days to play along with,

00:08:52.620 --> 00:08:55.400
the other thing I wanted to add to that, if you go

00:08:55.400 --> 00:08:59.680
to Hack the Box, or Try Hack Me, there is a attacker

00:08:59.680 --> 00:09:02.080
machine and other machines that you can access

00:09:02.080 --> 00:09:05.420
virtually right from within that platform, and most of

00:09:05.420 --> 00:09:08.140
these labs are available for free, I mean, at

00:09:08.140 --> 00:09:10.720
least the beginner levels and the other ones, and then

00:09:10.720 --> 00:09:13.060
if you do feel like you want to get into these and

00:09:13.060 --> 00:09:15.900
try a bit more, then there's a paid version on each

00:09:15.900 --> 00:09:17.620
of these websites, and they give you that

00:09:17.620 --> 00:09:20.580
environment, so you don't have to be tied down

00:09:20.580 --> 00:09:22.740
to what we are providing here, like this is just

00:09:22.740 --> 00:09:25.060
for the labs we have, but then if you do want

00:09:25.060 --> 00:09:27.180
to continue, they have a really good, you know,

00:09:27.340 --> 00:09:29.760
platform to go through and try every single,

00:09:29.760 --> 00:09:32.660
you know, scenarios that they're presenting, so,

00:09:32.920 --> 00:09:35.620
all the best everyone, you know, happy learning,

00:09:35.620 --> 00:09:39.640
thumbs up, if you enjoyed, and catch you all later,

00:09:40.780 --> 00:09:42.580
yeah. Thanks so much, it was really good.

00:09:44.480 --> 00:09:47.300
Thank you, take care, bye bye.

00:09:56.340 --> 00:09:59.660
Oh yeah, so that leaves us, let's try to

00:09:59.660 --> 00:10:02.420
finish this one off, and then I'm here for

00:10:02.420 --> 00:10:05.260
doubts across all the full labs, and if you

00:10:05.260 --> 00:10:07.480
want, then I can, yeah.

00:10:07.780 --> 00:10:12.840
Can you please go to my, to my VMS, I'm trying

00:10:12.840 --> 00:10:19.000
to close this one, okay, maybe.

00:10:22.960 --> 00:10:28.120
Okay, I'm in the, my audible, have I muted

00:10:28.120 --> 00:10:30.680
myself? Yeah, I can hear you.

00:10:30.900 --> 00:10:31.660
Okay, that's good.

00:10:35.440 --> 00:10:37.640
I don't know, can you see what's happening?

00:10:38.000 --> 00:10:40.520
Yeah, it is, it is showing that connection

00:10:40.520 --> 00:10:41.020
was reset.

00:10:43.200 --> 00:10:44.260
Oh, on my machine.