QUIZ 03
QUIZ 03
Say it if you know it
CVSS Temporal
Exploit Code Maturity
Exploit code maturity answers the question, “Is this exploit being used in the wild?” Many exploits are only theoretical in nature, and never actually get exploited by adversaries. Others get exploited, but code to operationalize those exploits never gets widely distributed, rendering it unusable to unskilled hackers, who represent the majority.
Exploit Code Maturity is rated at one of five levels:
Not Defined (X) – there is not enough information to assign one of the other values. This value does not impact the Temporal score.
High (H) – There is wide availability of reliable, easy-to-use, functional exploit code.
Functional (F) – Code that works is available and is at least somewhat reliable.
Proof-of-concept (P) – Code exists, but might not be reliable and might require a very skilled attacker to use successfully.
Unproven (U) – this applies when the exploit is only theoretical and/or no known exploit code exists.
Remediation Level
Remediation level refers to the availability and maturity of a fix or patch for the vulnerability. As remediation code matures, the Temporal score will decreased.
Remediation Level is rated at one of five levels:
Not Defined (X) – there is not enough information to assign one of the other values. This value does not impact the Temporal score.
Unavailable (U) – there is no mitigation or patch available for the vulnerability.
Workaround (W) – there is either an unofficial patch available, or configuration/setting that can mitigate the impact of the vulnerability.
Temporary Fix (T) – there is a vendor created, but temporary, fix or patch available.
Official Fix (O) – a fix for the vulnerability is available as either a permanent patch or as an upgrade from the vendor.
Report Confidence
This metric measures the confidence level that the vulnerability actually exists, as well as the details of the issue. For example, if the vendor publicly acknowledges that a vulnerability exists, there is a very high confidence level that the vulnerability is real.
Report confidence is rated at one of four levels:
Not Defined (X) – there is not enough information to assign one of the other values. This value does not impact the Temporal score.
Confirmed (C) – Either the vendor has confirmed that the vulnerability exists, reproduction of the vulnerability has been proven, or source code is available to confirm the issue.
Reasonable (R) – Details have been published, but the vulnerability has not been independently verified.
Unknown (U) – There are reports or rumors that the vulnerability exists, but there is some reason to question the validity of those reports or the vulnerability is not consistently reproducible.
MSF exploit ranking
Disclosure Date ~ Remediation Level
Rank ~ Exploit Code Maturity
Entropy
Entropy is a scientific concept, as well as a measurable physical property that is most commonly associated with a state of disorder, randomness, or uncertainty
In the movie Tenet (2020), the principle for ‘time-traveller’ is by changing the direction of entropy of a person / object,
In order to time travel (continuously) forward or backward.
( other concept in time traveller is a jump over time dimensions 5th dimension or above)
In information theory, the entropy of a random variable is the average level of “information”, “surprise”, or “uncertainty” inherent in the variable’s possible outcomes.
https://www.youtube.com./watch?v=2s3aJfRr9gE
Information entropy | Journey into information theory | Computer Science | Khan Academy
Try it yourself
In-class Lab – entropy
Date Generation
Generate Images
Generate RSA keys
Drag and drop any file
Data formatting
Base64 conversation
Compression
Change of encoding
Encryption
Copy / Paste
Hash Collision
MD5
d131dd02c5e6eec4693d9a0698aff95c 2fcab58712467eab4004583eb8fb7f89 55ad340609f4b30283e488832571415a 085125e8f7cdc99fd91dbdf280373c5b d8823e3156348f5bae6dacd436c919c6 dd53e2b487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080a80d1e c69821bcb6a8839396f9652b6ff72a70
d131dd02c5e6eec4693d9a0698aff95c 2fcab50712467eab4004583eb8fb7f89 55ad340609f4b30283e4888325f1415a 085125e8f7cdc99fd91dbd7280373c5b d8823e3156348f5bae6dacd436c919c6 dd53e23487da03fd02396306d248cda0 e99f33420f577ee8ce54b67080280d1e c69821bcb6a8839396f965ab6ff72a70
Two different Hex-stream above, Can you get MD5 hash 79054025255fb1a26e4bc422aef54eb4 ?
MD5 Collision Demo
https://www.mscs.dal.ca/~selinger/md5collision/
C:\TEMP> md5sum hello.exe cdc47d670159eef60916ca03a9d4a007
C:\TEMP> .\hello.exe Hello, world! (press enter to quit) C:\TEMP>
C:\TEMP> md5sum erase.exe cdc47d670159eef60916ca03a9d4a007
C:\TEMP> .\erase.exe This program is evil!!! Erasing hard drive…1Gb…2Gb… just kidding! Nothing was erased. (press enter to quit) C:\TEMP>
The method of Wang and Yu makes it possible, for a given initialization vector s, to find two pairs of blocks M,M’ and N,N’, such that f(f(s, M), M’) = f(f(s, N), N’). It is important that this works for any initialization vector s, and not just for the standard initialization vector s0.
Combining these observations, it is possible to find pairs of files of arbitrary length, which are identical except for 128 bytes somewhere in the middle of the file, and which have identical MD5 hash. Indeed, let us write the two files as sequences of 64-byte blocks:
M0, M1, …, Mi-1, Mi, Mi+1, Mi+2, …, Mn,
M0, M1, …, Mi-1, Ni, Ni+1, Mi+2, …, Mn.
Sha1 hash collision
https://shattered.it/
Code book
“Decryption” (暗号解読, Angō Kaidoku) episode 154 of the Naruto: Shippūden anime.
The numbers are a code, a code meant only for Naruto to decipher as he is the person closest to him. It’s a cipher based off of his book series that he’s been working on that gives some critical insight on how Pain works. In his last dying moments he fought like a true shinobi and ensured his enemies demise. The full message reads “The real one’s not among them”. And to resolve this conflict Naruto must train under the Toads and master sage mode.
https://www.crunchyroll.com/naruto-shippuden/episode-154-decryption-539336
Queue’s Cipher
Right: Mary’s letter to Babington
Bottom: The code book
What is this sound
Morse Code
Decode this sound
The Braille Alphabet
CyberChef Braille
http://www.unicode.org/charts/PDF/U2800.pdf
Diffusion
Diffusion means that if we change a single bit of the plaintext, then (statistically) half of the bits in the ciphertext should change, and similarly, if we change one bit of the ciphertext, then approximately one half of the plaintext bits should change. Since a bit can have only two states, when they are all re-evaluated and changed from one seemingly random position to another, half of the bits will have changed state.
The idea of diffusion is to hide the relationship between the ciphertext and the plain text.
This will make it hard for an attacker who tries to find out the plain text and it increases the redundancy of plain text by spreading it across the rows and columns; it is achieved through transposition of algorithm and it is used by block ciphers only.
Confusion
Confusion
Confusion means that each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two.
The property of confusion hides the relationship between the ciphertext and the key.
This property makes it difficult to find the key from the ciphertext and if a single bit in a key is changed, the calculation of the values of most or all of the bits in the ciphertext will be affected.
Confusion increases the ambiguity of ciphertext and it is used by both block and stream ciphers.
Enigma
Turing’s Enigma Problem (Part 1) – Computerphile
2:50 Enigma Design, ( rotate once for each key pressed, never return same key pressed , 3/3 in random order [6], 3/5 in random order[60] )
https://www.youtube.com./watch?v=d2NWPG2gB_A
5:50 – design of BOMBE, Initial setup (IV), known plaintext attack, padding oracle
GPU runs simple tasks in multiple core / threads
PCIe-x16 -> PCI-ex1
Blockchain & Merkle Tree
Always include hash from previous chain
Chain of trust
Ensure Integrity
Tx_root in format of Merkle Tree
Act as hash of hashes
transaction details as individual hashes
Nonce
padding to the block to be verified
ensure hash(current block + nonce) with leading N zeros
Hard to generate, easy to verify ( one-way function)
Key schedule
Both in DES and AES
Expand the original key
Have permutation on portion of key
Maintain the randomness of key
DES KS
AES KS
null
9848.164
/docProps/thumbnail.jpeg