Cyber Security Body of Knowledge


language: EN

                  WEBVTT
That's it. Nice.
That's all.
And...
So...
That's great. So we can...
What we can tell you with the user agent is...
That he is using a...
Daniel, that's a question for you.
If you're willing to answer.
Like...
No pressure.
Sorry, sorry. I didn't hear you.
I was looking at the next question. What did you say?
Oh, right.
So by looking at the user agent,
what can you tell about the machine that...
that the...
that the administrator...
that the administrator was using?
So...
It was...
the internet...
and they're using Mac OS.
Mac OS. Mac operating system.
Yeah.
But then Intel Core. That means
that's an old model, not the M1 model or the M2 model.
Right?
Yeah. Right. That's great.
And they're working on Chrome and Safari both.
So...
That's good. Nice. Great work, Daniel.
I'll...
I'll move a few more into.
So I think our time is over.
I'll be sharing my screen and I'll...
I'll try to go through it.
with you guys.
Let's go through it together.
Okay.
We need this.
That's...
That's my calendar.
On my...
...
...
...
So we have the password.
Now we need to look for this one.
The user agent
of the administrator.
Now...
Sorry.
If you guys remember,
we also talked about that user agent can be found easily in the access log.
Because that is what it records.
So let's just open it.
Let's just get into the file explorer and open our access log.
Okay.
So we have this.
And...
But...
But we are looking for the administrator.
User agent of the administrator user.
So administrator...
And we also know that the first...
First one.
How can we uniquely identify that who is trying to do this?
The first one is the IP address.
So...
We can just go back.
We can just...
This one.
We can just go back to our...
This...
This page. And we can search and go for users.
We will try to look that...
This is the admin.
Let's just copy this stuff.
And let's go to our page.
Which is access room.
And well this is open on mousepad.
So that's the access room.
Ctrl F. Let's find.
Let's go and find the IP for this one.
And enter.
Okay.
So...
This is the one.
My bad.
Yeah.
This is the one.
Yeah. So...
We can see.
Let me zoom this.
So we can see that...
The administrator is using
Mozilla Firefox.
And he is on a Macintosh
with Intel Mac.
So the Intel Mac were discontinued after
2020 or something like that. I don't remember
exactly. But yeah.
And this one is old. And then
KHTML. It's Gecko.
Gecko might be some other service.
And he is using both Chrome and Safari.
So we get so much of information
by just looking at the user agent.
So we have that flag.
And it looks beautiful when it's completed.
Yeah.
Seven lines complete. Only
three more to go. So let's just
go straight through.
These are
on the easier end of the
scale. What time did...
What time did the contractor add
themselves to the administrator group?
So administrator group
is present in the forum.
You remember there was a group.
So let's see.
Let's go
and check the logs. Because
this is what it
kind of gets into.
When... What time did the
contractor add themselves? So
this information must have been logged.
Or it might... It is not
present in the configuration file.
Because configuration file is you configure
something in the end. And then you don't
usually change it. But
these kind of things, adding and
subtracting or deleting from the administrator
group, these kind of things go into
the log side, not the
configuration side. So
the LDAP password went to the
configuration side. This might easily
go to the log side.
I'm just speaking out loud so
that
my thought process of how I
reached that conclusion,
that is conveyed.
So let's go straight
forward and
let's... Yeah, it was
the logs. Logs,
logs, logs, logs.
And we have
this one.
Administrator.
You see? Log user
added. And where he is
added? He is added in the
administrators. And who is added?
Apol is added.
So that's an
alarm bell for all of us. I think
yeah. Let's see alarm
bell for the organization. You see
this one? So we have been asked
that what is a timestamp? Again,
nothing new. Just Ctrl C.
Go to the
epoch converter. Ctrl A,
Ctrl B. We just timestamp
it. And yeah, this is
the good tool.
And yeah,
yep.
We have that with us now.
Okay.
What time did the contractor
download the database backup?
Now I want you guys to try
the last two. Like, last two are
related. So if you do one, you have already
done the other one.
And then also we
did this lab for two hours. So
let's give five minutes to us
and let's see who figures this one out.
Last year it was
Janil who did the right one.
We did the seven. Before that it was
Lucy. I think
yeah. Let's see who gets this one.
Who gets this
time. So complete this one
last year.
Okay.
Just need to come in.
I'm going to
I have to jump off.
It's been really nice
going through the five days. So really
I appreciate everyone
spending all the time. And I'm actually super
surprised that our
attendance for the class did not drop
throughout the day
every day. Normally with these classes
there's somebody who
doesn't show up. At least one.
With this small group
as well. So at least two maybe even.
So I'm really surprised that
you've gone through the entire course.
And I see the engagement level is really
high as well. So well done
everyone. And yeah
I think we might see each other at some point.
So all the best.
I will be in touch with emails.
Abhay is still here for the next one hour
for you to go through the lab
and be on the email
support. If you can somehow manage
to come onto this Microsoft
channel then you can chat with us for the
next few days as well. I'll keep it open.
Otherwise it's going to be the email
channel for communication.
And yeah we will
be sending out the solutions
for these labs as well. So you can go and do
them again. And I did get a confirmation
with Manla that these
particular labs will be
available for all of
you for an extended
period of time. Normally it
isn't the case. It actually finishes right
on the day of the training.
So he's going to be extending it until
Tuesday. So you do have
like three or four days to play along with.
The other thing I wanted to add
to that. If you go to Hack the Box
or try Hack Me, there's
a attacker machine
and other machines that you can access
virtually right from within that platform.
And most of these labs are available
for free. I mean
at least the beginner levels and the other ones.
And then if you do feel like you want to get
into these and try a bit more
then there's a paid version on each of these
websites and they give you that environment.
So you don't have to be tied
down to what we are providing here.
This is just for the labs we have.
But then if you do want to continue, they have a
really good platform to go
through and try every single
scenario that they're presenting.
So all the best everyone.
Happy learning.
Thumbs up if you enjoyed.
And catch you all later.
Thanks so much.
It was really good.
Thank you.
Take care. Bye bye.

on 2024-01-26

Visit the Cyber Security Body of Knowledge course recordings page

United Arab Emirates - Cyber Security Body of Knowledge (CyBOK)

2 videos