CS计算机代考程序代写 chain Hive algorithm dns QUIZ

QUIZ

QUIZ 04
Cryptography/
Information Gathering

Recap

Key terms (Symmatric)

Key Terms ( Asymmetric)
Also called “Public-key cryptography”
One-way-function (trapdoor)
Easy to perform in one way but not the opposite
Measure by big O notation, it must be quadratic O(n2) or above
Factoring a number is consider ‘hard’
RSA (Rivest–Shamir–Adleman)
First (and standard) asymmetric crypto-system
Generation: prime p, q, generate λ(p*q), and λ(p)=p-1 / λ(q)=q-1 are pairs
Distribution: p, q are discarded,

Public Key Cryptography: RSA Encryption Algorithm

1:20 Separation of lock / key ,
2:05: D-H key exchange,
4:30 RSA function,
6:10, One-way function,
8:16, Factorization into primes
9:15 , Euler’s totient function
aφ(n) ≡ 1 (mod n)
13:15, RSA operation

14:18: (DANGOURS, too small e)

Steganography
Hide message ( not necessary encrypted) from regular file
In file header / Metadata
Part of image
Single frame in video
Also work as watermark

.onion

.onion is a special-use top level domain name designating an anonymous onion service, which was formerly known as a “hidden service”
reachable via the Tor network. Such addresses are not actual DNS names, and the .onion TLD is not in the Internet DNS root, but with the appropriate proxy software installed, Internet programs such as web browsers can access sites with .onion addresses by sending the request through the Tor network.

Cicada 3301: An Internet Mystery
https://www.youtube.com./watch?v=I2O7blSSzpI
0:00-4:30 story of Cicada, 12:10
DEF CON 2020 CTF Quals Welcome
Flag format ooo{xxxx,xxxx,xxxx}

Say it if you know it

CMYK

RGB
#RRGGBB

CMYK

CMYK
Easy to verify,
Hard to separate

PortSwigger CA

Let’s Encrypt

Let’s Encrypt
A nonprofit Certificate Authority providing TLS certificates to ANY websites.
Many malware sites are now signed with Let’s encrypt
Try this:
https://ssl1.hkuspace.net
https://ssl2.hkuspace.net

Sample Valid, Revoked and Expired SSL/TLS Certificates

X.509

X509 and PKI

Root CA

Issued by CloudFlare, trusted by Baltimore CyberTrust
Issued by Let’s Encrypt, trusted by DST
Fake Certificated issued by BurpSuit CA
Self-signed certificates

Root-CA for HK – HKPost

Similar as DNS
Chain of trust
Limited number of Root CA (DNS root)
All Intermediate CA should be trusted by CA
All Certificate should be signed then issued by Issuer
Certificate / Intermediate CA may be revoked by its parent trust

Superfish

Lenovo poisoned its own PCs with Superfish adware

Tutorial for SSL decryption on wireshark
https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/

PEM

PEM format (Privacy-Enhanced Mail)
The PEM format solves this problem by encoding the binary data using base64.
PEM also defines a one-line header, consisting of “—–BEGIN “, a label, and “—–“, and
a one-line footer, consisting of “—–END “, a label, and “—–“.
The label determines the type of message encoded. Common labels include “CERTIFICATE”, “CERTIFICATE REQUEST”, “PRIVATE KEY” and “X509 CRL”.
PEM data is commonly stored in files with a “.pem” suffix, a “.cer” or “.crt” suffix (for certificates), or a “.key” suffix (for public or private keys)

Certificate example
% openssl s_client -connect ssl2.hkuspace.net:443
Certificate chain
 0 s:/CN=ssl2.hkuspace.net
   i:/C=US/O=Let’s Encrypt/CN=R3
 1 s:/C=US/O=Let’s Encrypt/CN=R3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3

Server certificate
—–BEGIN CERTIFICATE—–
MIIFKDCCBBCgAwIBAgISA6bdGFm4UrrympZdh+8op3uAMA0GCSqGSIb3DQEBCwUA

eAAUi3hoxX5ONnOlR9XnDSCwHJXGu57QrhSTZIQHHd0Ew69MempK7jOG62RfjWjL
trefh29yWMYpsy/Tkj8Mm8uLTM5tVI34sbkJSQ==
—–END CERTIFICATE—–

subject=/CN=ssl2.hkuspace.net
issuer=/C=US/O=Let’s Encrypt/CN=R3

OCSP

The Online Certificate Status Protocol (OCSP)

inurl:

https://cdn-cybersecurity.att.com/blog-content/GoogleHackingCheatSheet.pdf

APINIC

RIR

the Regional Internet Registries (RIRs) were established to assume this regional allocation and management role in cooperation with IANA. Today, there are five RIRs – APNIC, ARIN, RIPE NCC, LACNIC, and AFRINIC.

17.0.0.0/8

All IPv4 class A block assignment
https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml

Apple Owns 17.0.0.0/8
Class A network

It contains max of
256 * 256 * 256 = 16777216
16 Millions IPv4 addresses

https://stats.apnic.net/

IPv4 address exhaustion

The raise of CDN and hosting / Cloud computing (AWS, Azure, GCP, AliCloud)
Corporates use intensely with NAT to save IPv4 addresses

Archive.org

https://web.archive.org/web/*/hkuspace.hku.hk

Github

Act as ‘archive’ for wiki pages and others

DNS SOA

SOA
A Start of Authority record (abbreviated as SOA record) is a type of resource record in the Domain Name System (DNS) containing administrative information about the zone, especially regarding zone transfers

dig notexist.hkuspace.net

AUTHORITY SECTION:
hkuspace.net. 1799 IN
SOA jake.ns.cloudflare.com.
dns.cloudflare.com. 2036592492 10000 2400 604800 3600

MX

MX is responsible for INCOMING emails
A mail exchanger record (MX record) specifies the mail server responsible for accepting email messages on behalf of a domain name

DNS TEXT

TXT records are a type of Domain Name System (DNS) record that contains text information for sources outside of your domain. You add these records to your domain settings. You can use TXT records for various purposes. Google uses them to verify domain ownership and to ensure email security.

Used as service checking / additional functions
DNS record is up to 253 chars, TXT is usually the longest

_amazonses.dnscheck.co “yAbMEC/HCY7VBhG2KA4cBwQ2I+T7raTN3o5XnMKxOd8=”

 % dig _amazonses.dnscheck.co txt

#dig @

dig
Specify getting IP resolution by a specific server
What is the default output of #dig ?
How to perform dig over other protocols (HTTP)

1.1.1.1
/ 8.8.8.8
/ 114.114.114.114

List of public DNS
Cisco OpenDNS: 208.67.222.222 and 208.67.220.220;
Cloudflare 1.1.1.1: 1.1.1.1 and 1.0.0.1;
Google Public DNS: 8.8.8.8 and 8.8.4.4;
Quad9: 9.9.9.9 and 149.112.112.112.
China: 114.114.114.114 
Aliyun: 223.5.5.5, 223.6.6.6 
Baidu Yun: 180.76.76.76 
360 DNS: 101.226.4.6 , 123.125.81.6, 101.226.4.6, 101.226.4.6

ASN

https://bgp.he.net/

ASN = autonomous system
~= one service provider on internet

How the world reaches the internet via BGP

Peering map from ASN9381 (HKBN Biz)

List of IPv4 with PTR set

https://bgp.he.net/AS131279#_graph4

Peering map from AS131279 (North Korea)

It peers with AS20485 (TTK, Russia)

And AS134544, (cenbong, HK) /
AS4837 (China Unicom 169, CN)

Korea, Democratic People’s Republic of
         

HKIX

https://www.hkix.net/hkix/participant.htm

Most of the world-wide service providers peers with HKIX to offer fast response time, and save overseas bandwidth

RouteView

http://www.routeservers.org/
Mostly are read-only routers / virtual rotuers
% nc route-views.sg.routeviews.org 23

Hello, this is Quagga (version 0.99.22.4).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
??????”??route-views.sg.routeviews.org> show ip bgp 8.8.8.8
show ip bgp 8.8.8.8
BGP routing table entry for 8.8.8.0/24
Paths: (18 available, best #9, table Default-IP-Routing-Table)
137831 15169
    27.111.229.144 from 27.111.229.144 (10.100.165.2)
      Origin IGP, localpref 100, valid, external
      Last update: Tue Feb 23 06:12:55 2021

Looking Glass

https://lg.telia.net/

API

Application Programming Interface (API) 
Data gathering automations

Automations (eq. to CLI)

OSINT

Open-source intelligence (OSINT) is a multi-methods (qualitative, quantitative) methodology for collecting, analyzing and making decisions about data accessible in publicly available sources to be used in an intelligence context

Most of those are passive information gathering are OSINT
Search engine: Google, Baidu, Yandex
Network: DNS, IP, ASN
Social Media (Twitter, FB, Instagram, Weibo)
IM ( Whatsapp, WeChat, Telegram, Signal, etc)
Repository ( Github,

/docProps/thumbnail.jpeg