Codebreaker
Codebreaker is a challenge given by the NSA that consists of various tasks. The goal is to find the hacker who breached security measures and stole private data. I will explain each task and what I did to complete the challenge.
Task A1: Initial Access
In this task, we are given the VPN log to look through. The VPN log consists of the server logs for the week it took place. I had to look for anything suspicious and out of the ordinary. Since each employee can only log in once, I looked at multiple connections at the same time.
Task A2: Identifying the Attacker
Here, packet logs of detected intrusions, In the logs, they were able to find SSL sessions going to the staging server and it could have been the transfer of the attackers’ tools. In this task, I used a tool called ‘Wireshark’ to decrypt SSL sessions, find their tools, and extract them. Then I had to open the file in the hex editor to remove the headers and extract the username of the owner of the file.
Task B1: Information Gathering
In this task, we are given the attacker’s demands in exchange for the stolen files. The attackers left a website with their demands and an address to send ‘RansomCoin’(bitcoin). To finish this task, we have to look at the network traffic built into my browser such as the web dev tools, to find any other ransomware websites. and H! and Behold! We find external requests to other sites the attackers used.
Task B2: Getting Deeper
In this task, we have to analyze the backend website that we found in B1. I again used the web dev tools to analyze the website, upon analyzing I found a ‘.git’ directory. To get the directory, I had to use a tool called ‘GetTools’ to extract the directory by cloning it. Upon cloning the directory, we had to look at the server files to see if there was anything left behind. I had to carefully look at the codes in the server files to find clues as to figure out how each file connects to one another. This part was really tricky because I had to follow the functions and their parameters which returns another parameter that leads to pathkeys. Upon, finding the final return to the path key, I reused to backend webpage and added in the path key which led me to the login URL that the attackers used.
End of the Project
Unfortunately, we never got to finish the project because the other task required more experience and was a lot more complicated. So, our Professor only made us do the first four tasks. But, it was fun. I learned a lot of useful tools and experienced the process of cybersecurity. Check the link below for more information.