-
Notifications
You must be signed in to change notification settings - Fork 468
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Chore(Cybersecurity): Adding new projects
- Loading branch information
1 parent
2f73e4b
commit 0be37a1
Showing
21 changed files
with
1,500 additions
and
47 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,133 @@ | ||
| ## Defuse | ||
|
|
||
| <center> | ||
| <img src="pictures/defuse-meme.jpg" style="width: 600px; height: auto;"> | ||
| </center> | ||
|
|
||
| ### Introduction | ||
|
|
||
| Malware analysis is a critical skill in cybersecurity, enabling analysts to understand and counteract malicious software. In this project, you will explore and neutralize a Windows-based malware sample in a controlled environment. The goal is to analyze the malware's behavior, develop a program to eradicate it and gather key details, including the attacker's IP address. | ||
|
|
||
| ### Objective | ||
|
|
||
| This project aims to help you gain hands-on experience with malware analysis and mitigation. You will set up a Windows-based virtual machine, analyze a malware sample, and create a program to remove it effectively. | ||
|
|
||
| By completing this project, you will: | ||
|
|
||
| - Understand the fundamentals of malware analysis and behavior. | ||
| - Learn to identify and eradicate malware persistence mechanisms. | ||
| - Develop a program to neutralize malware and prevent its persistence. | ||
| - Gain experience in reverse engineering and process debugging. | ||
| - Understand the importance of secure environments for malware research. | ||
|
|
||
| ### Role Play | ||
|
|
||
| As part of the project, you will participate in a role-play session where you will act as a **Malware Analyst** presenting your findings to a hypothetical team of stakeholders. Prepare to discuss: | ||
|
|
||
| - How did you analyze the malware and identify its behavior? | ||
| - The functionality of your program and how it eradicates the malware. | ||
| - The impact the malware could have if executed in an uncontrolled environment. | ||
| - Recommendations for mitigating similar threats in the future. | ||
| - Ethical considerations when handling and analyzing malware samples. | ||
|
|
||
| ### Project Requirements | ||
|
|
||
| #### Setup and Installation | ||
|
|
||
| Download the provided malware sample and set up a Windows virtual machine in VirtualBox or another virtualization software. | ||
|
|
||
| - **Malware Sample Download Link**: | ||
| - [Malware Sample](<./resources/Fynloski(ON VM ONLY).zip>) | ||
|
|
||
| > Ensure the malware is executed within a secure, isolated environment to prevent accidental spread or damage. | ||
| #### The Challenge | ||
|
|
||
| - **Develop a Program**: Using a programming language of your choice create a program that will: | ||
| - Kill the malware process. | ||
| - Remove the malware’s persistence mechanisms (e.g., from startup folders, and registry entries). | ||
| - Stop and completely remove the malware from the virtual machine. | ||
| - Extract and display the attacker's IP address. | ||
| - **Malware Analysis**: Study the malware's behavior, including persistence mechanisms and communication methods. | ||
|
|
||
| #### Malware Mitigation Report Email | ||
|
|
||
| Draft an email as if reporting the malware analysis results through a threat intelligence channel. The report should include a summary of the malware's behavior, proof of eradication, and a brief explanation of your program’s functionality. | ||
|
|
||
| **Your report should include:** | ||
|
|
||
| - **Subject Line**: "Malware Analysis Report: Mitigation of [Malware Name]" | ||
| - **Summary**: A concise description of the malware's behavior and impact. | ||
| - **Proof of Mitigation**: Evidence that the malware process was terminated and persistence mechanisms were removed. | ||
| - **Attacker Information**: Display the attacker's IP address. | ||
|
|
||
| **Example Email**: | ||
|
|
||
| --- | ||
|
|
||
| **To**: security@[organization].com | ||
| **Subject**: Malware Analysis Report: Mitigation of [Malware Name] | ||
|
|
||
| **Dear Security Team,** | ||
|
|
||
| I am writing to report the successful analysis and mitigation of [Malware Name] identified during an educational malware analysis exercise. Below are the details: | ||
|
|
||
| **Summary**: | ||
| The malware exhibited persistence mechanisms by adding to the Windows startup registry and communicating with a remote server. It was also running a process under the name `[ProcessName]`. | ||
|
|
||
| **Proof of Mitigation**: | ||
| The malware process was successfully terminated, and its persistence mechanisms were removed. Additionally, its file was deleted from the system. | ||
|
|
||
| **Attacker Information**: | ||
| The malware communicated with the following IP address: `192.168.X.X`. | ||
|
|
||
| Please feel free to reach out for further clarification or additional details. | ||
|
|
||
| **Best regards,** | ||
| [Your Name] | ||
| [Your Contact Information] | ||
|
|
||
| ### Documentation | ||
|
|
||
| Create a `README.md` file that includes: | ||
|
|
||
| - **Program Explanation**: Explain the functionality of your program and how it neutralizes the malware. | ||
| - **Walkthrough**: Describe the step-by-step process of how you analyzed and eradicated the malware. | ||
| - **Remediation**: Suggest ways to prevent similar malware infections. | ||
| - **Malware Mitigation Report Email**: Include your drafted report. | ||
| - **Ethical Hacking Report**: Discuss the ethical responsibilities when performing malware analysis. This report should cover the following points: | ||
| 1. The importance of a controlled environment for malware testing. | ||
| 2. The legal and ethical boundaries of malware analysis. | ||
| 3. The risks of executing malware outside of isolated environments. | ||
|
|
||
| ### Bonus | ||
|
|
||
| If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example: | ||
|
|
||
| - **Dynamic Analysis Automation**: Automate the detection and removal of malware persistence mechanisms. | ||
| - **Threat Intelligence Integration**: Use APIs to gather detailed information about the malware. | ||
|
|
||
| Challenge yourself! | ||
|
|
||
| ### Ethical and Legal Considerations | ||
|
|
||
| You are responsible for ensuring all malware analysis is conducted within a secure, isolated environment. Do not use or share the malware outside of this project. Any misuse of these techniques is strictly prohibited. | ||
|
|
||
| > ⚠️ Disclaimer: This project is for educational purposes only. Unauthorized use of these techniques is prohibited and may violate local laws. | ||
| ### Submission and Audit | ||
|
|
||
| Submit the following: | ||
|
|
||
| - The source code of your malware removal program. | ||
| - `README.md` containing your analysis and mitigation walkthrough and your report email. | ||
|
|
||
| Ensure VirtualBox or equivalent software is installed for the audit. | ||
|
|
||
| ### Resources | ||
|
|
||
| Some useful resources: | ||
|
|
||
| - [Microsoft Malware Encyclopedia](https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2fFynloski): Detailed analysis of malware behaviors. | ||
| - [Process Monitor](https://docs.microsoft.com/en-us/sysinternals/downloads/procmon): A tool for real-time file system, registry, and process/thread activity monitoring. | ||
| - [Registry Analysis Basics](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines): Understanding the Windows registry. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,107 @@ | ||
| #### General | ||
|
|
||
| ##### Check the Repo Content: | ||
|
|
||
| - The student's malware removal program source code. | ||
| - Detailed documentation in the README.md file explains how to use the program and includes the malware mitigation report email. | ||
|
|
||
| ###### Are all the required files present? | ||
|
|
||
| ##### Play the Role of a Stakeholder | ||
|
|
||
| Conduct a simulated scenario where the student plays the role of a **Malware Analyst** presenting their findings to a team of stakeholders. Evaluate their understanding, communication skills, and depth of knowledge. Suggested questions include: | ||
|
|
||
| - How did you analyze the malware and identify its behavior? | ||
| - Can you explain how your program works and the steps it takes to neutralize the malware? | ||
| - What impact could this malware have if executed in an uncontrolled environment? | ||
| - What measures would you recommend to prevent similar malware infections in the future? | ||
| - How did you ensure that the malware was analyzed and mitigated ethically within a secure environment? | ||
|
|
||
| ###### Did the student demonstrate a thorough understanding of the project and its concepts? | ||
|
|
||
| ###### Was the student able to communicate effectively and explain their findings? | ||
|
|
||
| ###### Did the student discuss the real-world impact of malware and their recommendations for mitigation? | ||
|
|
||
| ##### Review the Student Documentation | ||
|
|
||
| Verify that the `README.md` file contains: | ||
|
|
||
| - **Program Explanation**: Explain the functionality of your program and how it neutralizes the malware. | ||
| - **Walkthrough**: Describe the step-by-step process of how you analyzed and eradicated the malware. | ||
| - **Remediation**: Suggest ways to prevent similar malware infections. | ||
| - **Malware Mitigation Report Email**: Include your drafted report. | ||
| - **Ethical Hacking Report**: Discuss the ethical responsibilities when performing malware analysis. | ||
|
|
||
| ###### Does the README file clearly explain the program's functionality? | ||
|
|
||
| ###### Does the README include a walkthrough of the analysis and removal process and the remediation? | ||
|
|
||
| ###### Does the README file include the malware mitigation report email? | ||
|
|
||
| ###### Does the README file include the ethical hacking report? | ||
|
|
||
| ##### Set Up the Virtual Machine: | ||
|
|
||
| 1. Create a Windows virtual machine. | ||
| 2. Download the provided malware sample ([Malware Sample](<./resources/Fynloski(ON VM ONLY).zip>)). | ||
| 3. Add the malware sample to antivirus exceptions. | ||
| 4. Launch the malware executable. | ||
|
|
||
| > Ensure the malware is executed within a secure, isolated environment to prevent accidental spread or damage. | ||
| ###### Does the malware executable appear in the Task Manager? | ||
|
|
||
| ##### Launch the Student's Program: | ||
|
|
||
| Run the student's malware removal program. | ||
|
|
||
| ###### Does the program developed by the student terminate the malware process? | ||
|
|
||
| ###### Is the malware process removed from the Task Manager? | ||
|
|
||
| ###### Does the program remove the malware's persistence mechanisms from the system? | ||
|
|
||
| ##### Check Startup Persistence: | ||
|
|
||
| Open Task Manager using **CTRL+ALT+DEL** or **Windows key+R -> msconfig**. | ||
|
|
||
| ###### Is the malware removed from the startup programs? | ||
|
|
||
| Open the Registry Editor using **Windows key+R -> regedit**. Verify the following registry keys: | ||
|
|
||
| - **HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run** | ||
| - **HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce** | ||
| - **HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run** | ||
| - **HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce** | ||
|
|
||
| ###### Is the malware absent from all the above registry locations? | ||
|
|
||
| ##### Attacker's IP Address: | ||
|
|
||
| Confirm that the program extracts and displays the attacker's IP address. | ||
|
|
||
| The attacker's IP address is `127.0.0.1` | ||
|
|
||
| ###### Does the student's program display the attacker's IP address correctly? | ||
|
|
||
| ##### Review the Student's Malware Mitigation Report Email | ||
|
|
||
| Ask the student to present their **Mitigation Report Email**. Ensure that it includes: | ||
|
|
||
| - **Subject Line**: "Malware Analysis Report: Mitigation of [Malware Name]" | ||
| - **Summary**: A concise description of the malware's behavior and impact. | ||
| - **Proof of Mitigation**: Evidence that the malware process was terminated and persistence mechanisms were removed. | ||
| - **Attacker Information**: Display the attacker's IP address. | ||
|
|
||
| ###### Does the email contain a concise summary of the malware's behavior and impact? | ||
|
|
||
| ###### Does the email include proof of mitigation (e.g., terminated process, removed persistence mechanisms)? | ||
|
|
||
| ###### Does the email display the attacker's IP address? | ||
|
|
||
| #### Bonus | ||
|
|
||
| ###### + Did the student implement additional features, such as dynamic analysis automation or threat intelligence integration? | ||
|
|
||
| ###### + Is this project an outstanding project that exceeds the basic requirements? |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,140 @@ | ||
| ## Escalator | ||
|
|
||
| <center> | ||
| <img src="resources/escalator.jpg" style="width: 702px; height: 395px;"> | ||
| </center> | ||
|
|
||
| ### Introduction | ||
|
|
||
| Privilege escalation is a fundamental concept in cybersecurity, allowing attackers to elevate their privileges on a system to gain higher levels of access. In this project, you will explore and understand privilege escalation techniques using a virtual machine (VM) designed for this challenge. The goal is to gain root access to the system and retrieve a hidden flag. | ||
|
|
||
| ### Objective | ||
|
|
||
| The goal of this project is to help you gain hands-on experience with privilege escalation. You will install a provided VM locally, identify the IP address, enumerate the system for potential vulnerabilities, and ultimately escalate your privileges from a regular user to root. | ||
|
|
||
| By completing this project, you will: | ||
|
|
||
| - Develop a practical understanding of privilege escalation in Linux systems. | ||
| - Learn to identify and exploit vulnerabilities that can lead to unauthorized access. | ||
| - Gain experience in ethical hacking and penetration testing methodologies. | ||
| - Understand the importance of securing systems against privilege escalation attacks. | ||
|
|
||
| ### Role Play | ||
|
|
||
| As part of the project, you will participate in a role-play session where you will act as a **Penetration Tester** presenting your findings to a hypothetical team of stakeholders. Prepare to discuss: | ||
|
|
||
| - How you identified and leveraged the vulnerabilities. | ||
| - The impact these vulnerabilities could have in real-world scenarios. | ||
| - Recommendations for securing the system against privilege escalation. | ||
| - The importance of responsible disclosure and ethical hacking practices. | ||
|
|
||
| ### Project Requirements | ||
|
|
||
| #### Setup and Installation | ||
|
|
||
| Download the provided VM image and set it up in VirtualBox: | ||
|
|
||
| - **Download Links**: | ||
| - [VM Image - OVA Format](https://assets.01-edu.org/cybersecurity/local/01-Local.ova) | ||
| - For Apple Silicon or ARM architecture (e.g., M1, M2), use [VM Image - UTM Format](https://assets.01-edu.org/cybersecurity/local/01-Local1.utm.zip) | ||
| - **SHA1 Checksums**: | ||
| - `01-Local1.ova`: `f3422f3364fd38e8183740f8f57fa951d3f6e0bf` | ||
| - `01-Local1.utm.zip`: `d4a40ca50044778ddc01a57ac16382e4140000e0` | ||
|
|
||
| Ensure VirtualBox is installed and properly configured for the audit. | ||
|
|
||
| #### The Challenge | ||
|
|
||
| - **Achieve Root Access**: Your main objective is to escalate privileges and gain root access. | ||
| - **Find the Flag**: Once root access is achieved, locate and display the flag in `/root/root.txt`. | ||
| - **Document Your Process**: Keep thorough notes on your methodology for reporting purposes. | ||
|
|
||
| #### Guidances | ||
|
|
||
| - **IP Discovery**: Use network scanning tools to identify the IP address of the VM. | ||
| - **Enumeration**: Leverage system enumeration tools to gather information on running processes, services, and configurations. | ||
| - **Privilege Escalation**: Investigate user permissions, files, and services that could be used for privilege escalation. | ||
| - **Document Your Process**: Keep thorough notes on your methodology for reporting purposes. | ||
|
|
||
| #### Vulnerability Report Email | ||
|
|
||
| Draft an email as if reporting the vulnerability through a bug bounty program. The report should show proof of root access and include the flag without disclosing full reproduction steps. | ||
|
|
||
| **Your report should include:** | ||
|
|
||
| - **Subject Line**: "Security Vulnerability Report: Privilege Escalation in [System/Environment Name]" | ||
| - **Summary**: A concise description of the vulnerability. | ||
| - **Impact**: The potential risk and implications of the vulnerability. | ||
| - **Proof of Root Access**: Indicate root access and display the flag. | ||
|
|
||
| **Example Email**: | ||
|
|
||
| --- | ||
|
|
||
| **To**: security@[organization].com | ||
| **Subject**: Security Vulnerability Report: Privilege Escalation in [System/Environment Name] | ||
|
|
||
| **Dear Security Team,** | ||
|
|
||
| I am writing to report a potential security vulnerability identified during an educational penetration testing exercise. The vulnerability involves privilege escalation within [System/Environment Name]. Below are the details: | ||
|
|
||
| **Summary**: | ||
| The vulnerability allows an authenticated user to escalate their privileges to root due to [brief reason, e.g., misconfigured file permissions or an exploitable SUID binary]. | ||
|
|
||
| **Impact**: | ||
| If exploited, this could lead to unauthorized root access, compromising the system's integrity and exposing sensitive data. | ||
|
|
||
| **Proof of Root Access**: | ||
| I successfully gained root access and retrieved the flag: {flag} | ||
| <screenshot> | ||
|
|
||
| Please feel free to reach out for further details or clarification. | ||
|
|
||
| **Best regards,** | ||
| [Your Name] | ||
| [Your Contact Information] | ||
|
|
||
| ### Documentation | ||
|
|
||
| Create a `README.md` file that contains the following: | ||
|
|
||
| - **Walkthrough**: Describe the step-by-step process of how you exploited the vulnerability. | ||
| - **Remediation**: Suggest ways to fix or mitigate the vulnerability. | ||
| - **Vulnerability Report Email**: Include your drafted report. | ||
| - **Ethical Hacking Report**: Discusses the ethical responsibilities when performing security testing. This report should cover the following points: | ||
|
|
||
| 1. The importance of obtaining proper authorization before testing. | ||
| 2. The legal and ethical boundaries of vulnerability testing. | ||
| 3. How to report vulnerabilities responsibly and avoid causing harm. | ||
|
|
||
| ### Bonus | ||
|
|
||
| If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example: | ||
|
|
||
| - **Exploring Alternative Methods**: Document different privilege escalation paths. | ||
| - **Post-Exploitation Analysis**: Explain potential next steps after gaining root access. | ||
|
|
||
| Challenge yourself! | ||
|
|
||
| ### Ethical and Legal Considerations | ||
|
|
||
| You are responsible for following ethical hacking guidelines and only performing security testing in the provided VM environment. Do not use these techniques on unauthorized systems. | ||
|
|
||
| > ⚠️ Disclaimer: This project is for educational purposes only. All testing must be done ethically and following legal standards. Unauthorized use of these techniques is prohibited and may be illegal. | ||
| ### Submission and Audit | ||
|
|
||
| Submit the following: | ||
|
|
||
| - `README.md` with your walkthrough and vulnerability report email. | ||
| - Any scripts or files used during the project. | ||
|
|
||
| Ensure VirtualBox is installed for the audit. | ||
|
|
||
| ### Resources | ||
|
|
||
| Some useful resources: | ||
|
|
||
| - [Privilege_escalation](https://en.wikipedia.org/wiki/Privilege_escalation): Privilege escalation - Wikipedia. | ||
| - [Nmap](https://nmap.org/): A powerful network scanning tool for discovering hosts and services. | ||
| - [Dirsearch](https://github.com/maurosoria/dirsearch): A web path scanner useful for directory enumeration. |
Oops, something went wrong.