Class 8

During this week we talked about other vulnerabilitys and exploits that occur but one of the vulnerabilities that we focused during this class was the “BUFFER OVERFLOW”. During this week I found it to be an interesting topic, professor talked about various parts that go along vuln and exploits such as the following:

Buffer overflow

Format string

Memory leak

Race Condition

Spoofing

To explain all of these concepts it would take me pages and pages of writing, so I will just give a light briefing on it:

All of the term that I have written down are some of the vulnerabilities that a hacker could use to gain either access to your computer or any type of files or passwords stored in it.

How could this be done? Well if a program is using a protocol and the protocol isn’t safe, or it is just open for connection then guess what??? The attacker will take advantage of that protocol open and try to gain access to your computer. Same any type of software if there is any kind off flaw this is a big risk for the user.

This is a subject that anyone could talk to forever since there are many things that can go with it!

Class 7!! - CSRF

During our 7^th class of the semester it made me realize how dangerous the internet can be, but I am talking about browsing websites, if I were to access a random website trying to search for something and if I were not protected very well with my firewalls and antivirus products, the website itself could be downloading tool to run silently in the background to monitor everything I am doing, as well as it could grab all my internet cookies were some of my passwords might be stored. This is kind off what we talked about in class but mostly it was more about Cross site forgery, I find it hard to explain myself but I will give it a try, being able to write a code into the webpage and having the “permission” or a way to be able to input data into that site.

This is one interesting topic that should be mention to the general population, since people out there don’t really know this stuff at all, internet is very helpful and you can accomplish lots of stuff with it but then again it is extremely dangerous and anyone who does not know which website they accessing or viewing might be getting into some trouble!

Class 6 - Malware!!!

During this week we played with a Malware that we had to download, the malware is called Sasser.M, this malware was very interesting, I say this because I fix computer on my spare time to my own personal clients, and I get malwares and viruses that are not as tough as this one, well that is what I think,  this malware just completely took over the pc, I mean I couldn’t access taskbar, I couldn’t open my computer, I could not open other software in the OS. I tried using wireshark from my host OS and looked if it would try to access other ports but indeed it was going crazy on wireshark trying to open network connections, open some IP addresses, I thought this was amazing just how a malware like this could do so much to the Operating system. The system changes that I noticed were the following: I notice the Taskbar, start meny, programs failing to start “.exe” it took over basically everything!

I tried to remove to Malware by using my personal antivirus but it just wasn’t the same as before there were a few registry stuff missing and it just wasn’t 100 percent running so what I did was just go back to a snapshot I had from before.

I feel this lab was intended for us to learn how an aggressive malware could do so much damage to a computer and how it can propagate to another system really quick and easy without any protection.

Class 5 - TEST TIME!!! :-0

This week we had an online test, i usually work all fridays and try to stay all day at work, so I take my lunch and go to quiet place to listen to the class. so i went up to do my test and I honestly though the test wasnt hard i answer every question, and i was hoping to get good grades on that test atleast a 70 percent since i knew most answer and pretty much wrote them all down. the test was based the stuff we did from week 1 to week 4, taked about malware, python stuff and etc. test took me a bit less than 2 hours and after i finish i felt good thinking i did well on it and went back to work.
once i received my grade i was dissapointed since i honestly thought i did better, but once i asked my school peers what they got that relieved me since i wasnt the only that got low marks and there were people that got even worse marks than i got.
i dont know if its just because its an online class but test markign shouldn't be mark tough, it should be mark same any test.

hopefully on the next test i do much better and get a good mark.

Class 4 - Immunity Debugger!!!

On this class we learned something very interesting, we played with a program called immunity debugger, we ran a few programs that were provided by the professor, it was tough to understand the program and the stepts it takes to get it to work, we had a set of instruction but i would off like to have a smore detail display on class, i think we went to fast on it, on the steps that we were provided i followed them they were very detail but it was detail on how to get the first password, as for the second password we needed to get even though the teacher said it would be easier but i found it to be even harder to get, the steps we had for the first one were not helpful to get the second one.
I find that program to be cool jsut the way you can figure out the password but for each program and password there is a different algorithm so that is the tough part to figure out what algorithm it is to figure out the password.

i didn't really sign up but i used this website and put a comment on it
http://themostboringblogintheworld.wordpress.com/2007/08/08/free-download-for-hackers-immunity-debugger/.

I think this is a good tool to play around and just to get to know how processing the password works and just how it goes through RAM.

i am sure there other programs or tools that will do similar things but this one really impressed me when i was able to get the first password out of it!

just like on the last question of the lab it asks us if i would be interested on learning more programs that does similar things like immunity debugger and ofcourse i would be, i found this to be extremely interesting and this is a great way to learn the whole process on how the program is being use in the computer how it goes through each step and it gets to the RAM.  I wish we could spend more time using this type of tools :-(