Wednesday 29 January 2014

Project 3, Session 8

Task 3 - File repository

Keep the use of text to a minimum, use graphs and images where possible.  Reminder: Include all references at the bottom of the report and state if there are any direct citations.

 Resources required to run the website
File Provence - MD5 Checksum of the file available plaintext on the website
Admin Page with details of user payments
Authentication Log in email - Containing key (as well as passwords)
Security aspects - Lock account after 3 login attempts              

Priten -
Design the website
Create the website - Layout, forms, etc etc Deadline 7.02.2014
Flow chart of the processes involved - How the user receives the end product Complete for website

Jack - Compiling the Report
Design the website Complete
Database - Username, Password,  DOB, Email Address
                  Decryption Key, Book information, etc etc   Under design, Awaiting Server for construction
Flow chart of the processes involved - How the user receives the end product Complete for website

Kirran - 
Research Payment system - Paypal with automated email sending to the customer once product has been purchased Deadline 7.02.2014
Specification of the project requirements Extended to 31.01.2014
WORK ADDED FOR TASK 1 (Do that first)

Abdul - 
Comparison of different encryption techniques (Less text, use bar graphs to compare) -
Strength, Speed of encryption, Read speed, Write Speed, Reliability Deadline 3.02.2014
Set up the Virtualbox image (Debian Web-Server) - Include PHPMyadmin Deadline 31.01.2014
SECURE and DOCUMENT WEB SERVER ^

 Hisham - 
Encoding website entry Deadline 03.02.2014
Database protection (Protection from SQL Injections) Deadline 05.02.2014
Concept Design PHP that locks out user after 3 passwords attempts (Blocks IP Address temporarily) Deadline 07.02.2014


Read more »
Posted by at No comments:
Labels: ,

Monday 27 January 2014

Project 3, Session 7

Task 3 - File repository

Keep the use of text to a minimum, use graphs and images where possible.  Reminder: Include all references at the bottom of the report and state if there are any direct citations.
Resources required to run the website
File Provence - MD5 Checksum of the file available plaintext on the website
Admin Page with details of user payments
Authentication Log in email - Containing key (as well as passwords)
Security aspects - Lock account after 3 login attempts                

Priten -
Design the website  - Possibly Dynamic rather than static? Deadline 29.01.2014
Create the website - Layout, forms, etc etc Deadline 7.02.2014
Flow chart of the processes involved - How the user receives the end product Deadline 29.01.2014

Jack - Compiling the Report
Design the website - Possibly Dynamic rather than static? Deadline 29.01.2014
Database - Username, Password,  DOB, Email Address Deadline: Awaiting Server Setup
                  Decryption Key, Book information, etc etc  Deadline: Awaiting Server Setup
Flow chart of the processes involved - How the user receives the end product Deadline 29.01.2014

Kirran - 
Research Payment system - Paypal with automated email sending to the customer once product has been purchased Deadline 7.02.2014
Specification of the project requirements Deadline 29.01.2014
WORK ADDED FOR TASK 1 (Do that first)
Did Not Attend

Abdul - 
Comparison of different encryption techniques (Less text, use bar graphs to compare) -
Strength, Speed of encryption, Read speed, Write Speed, Reliability Deadline 3.02.2014
Set up the Virtualbox image (Debian Web-Server) - Include PHPMyadmin Deadline 31.01.2014
SECURE and DOCUMENT WEB SERVER ^
Hisham - 
Did Not Attend
Assigned work upon attendance to session


Read more »
Posted by at No comments:
Labels: ,

Wednesday 22 January 2014

Project 3, Session 5

This project is a mixture of individual and group work.

Task 1 - Create educational material about the basics of cryptography
  • Target is 12-13 year old children
For task 1, all members will create a small document of research.  This document will teach the other members of the group the topic.

Possible choices: (Minimum 2 slides, Maximum 4 slides.  Size 14-16 Font)
  • What is cryptography? (Introduction)
  • Substitution Ciphers
  • Hashing
  • Symmetric Key encryption
  • Public key encryption
  • Why we encrypt data?
  • History of cryptography
  • Legal Aspects Regarding Cryptography

Jack
Task 1
Symmetric Key encryption Complete,  Needs Checking
Symmetric Key encryption Research (In a report) Complete,  Needs Checking
History Of Cryptography Complete,  Needs Checking
History Of Cryptography Research (In a report) Complete,  Needs Checking

Priten 
Task 1
Compile the Presentation
Public Key encryption Complete,  Needs Checking
Public Key encryption Research (In a report) Complete,  Needs Checking
Why we encrypt data? OVERDUE 22.01.2014
Why we encrypt data? Research (In a report)OVERDUE 22.01.2014

Kirran
Task 1
Substitution Ciphers  OVERDUE 17.01.2014
Substitution Ciphers Research (In a report) OVERDUE 17.01.2014
Did Not Attend

Abdul
Task 1
What is cryptography? (Introduction) Complete,  Needs Checking
What is cryptography? (In a report) Complete,  Needs Checking
Hashing Complete,  Needs Checking
Hashing Research (In a report) OVERDUE 22.01.2014

Hisham
Did Not Attend
Assigned work upon attendance to session



Once work has been completed, inform Jack which work will replace the completed work (so we don't get multiple members working on the same slide)
Posted by at No comments:
Labels: ,

Friday 17 January 2014

Project 3, Session 3

This project is a mixture of individual and group work.

Task 1 - Create educational material about the basics of cryptography
  • Target is 12-13 year old children
For task 1, all members will create a small document of research.  This document will teach the other members of the group the topic.

Possible choices: (Minimum 2 slides, Maximum 4 slides.  Size 14-16 Font)
  • What is cryptography? (Introduction)
  • Substitution Ciphers
  • Hashing
  • Symmetric Key encryption
  • Public key encryption
  • Why we encrypt data?
  • History of cryptography

Jack
Task 1
Symmetric Key encryption Complete,  Needs Checking
Symmetric Key encryption Research (In a report) Complete,  Needs Checking
History Of Cryptography Deadline 22.01.2014
History Of Cryptography Research (In a report) Deadline 22.01.2014

Priten 
Task 1
Compile the Presentation
Public Key encryption Complete,  Needs Checking
Public Key encryption Research (In a report) Complete,  Needs Checking
Why we encrypt data? Deadline 22.01.2014
Why we encrypt data? Research (In a report)Deadline 22.01.2014

Kirran
Task 1
Substitution Ciphers  OVERDUE 17.01.2014
Substitution Ciphers Research (In a report) OVERDUE 17.01.2014
Did Not Attend

Abdul
Task 1
What is cryptography? (Introduction) Complete,  Needs Checking
What is cryptography? (In a report) Complete,  Needs Checking
Hashing Deadline 22.01.2014
Hashing Research (In a report) Deadline 22.01.2014

Hisham
Did Not Attend
Assigned work upon attendance to session



Once work has been completed, inform Jack which work will replace the completed work (so we don't get multiple members working on the same slide)
Posted by at No comments:
Labels: ,

Wednesday 15 January 2014

Project 3, Session 2

This project is a mixture of individual and group work.

Task 1 - Create educational material about the basics of cryptography
  • Target is 12-13 year old children
For task 1, all members will create a small document of research.  This document will teach the other members of the group the topic.

Possible choices: (Minimum 2 slides, Maximum 4 slides.  Size 14-16 Font)
  • What is cryptography? (Introduction)
  • Substitution Ciphers
  • Hashing
  • Symmetric Key encryption
  • Public key encryption
  • Why we encrypt data?
  • History of cryptography

Jack
Task 1
Symmetric Key encryption Deadline 17.01.2014
Symmetric Key encryption Research (In a report) Deadline 17.01.2014

Priten 
Task 1
Compile the Presentation
Public Key encryption Deadline 17.01.2014
Public Key encryption Research (In a report) Deadline 17.01.2014

Kirran
Task 1
Substitution Ciphers  Deadline 17.01.2014
Substitution Ciphers Research (In a report) Deadline 17.01.2014
Did Not Attend

Abdul
Task 1
What is cryptography? (Introduction)Deadline 17.01.2014
What is cryptography? (In a report)Deadline 17.01.2014

Hisham
Did Not Attend
Assigned work upon attendance to session



Once work has been completed, inform Jack which work will replace the completed work (so we don't get multiple members working on the same slide)
Posted by at No comments:
Labels: ,

Monday 13 January 2014

Project 3, Session 1

This project is a mixture of individual and group work.

Task 1 - Create educational material about the basics of cryptography
  • Target is 12-13 year old children
For task 1, all members will create a small document of research.  This document will teach the other members of the group the topic.

Possible choices: (Minimum 2 slides, Maximum 4 slides.  Size 14-16 Font)
  • What is cryptography? (Introduction)
  • Substitution Ciphers
  • Hashing
  • Symmetric Key encryption
  • Public key encryption
  • History of cryptography
Jack
Task 1
Symmetric Key encryption Deadline 17.01.2014
Symmetric Key encryption Research (In a report) Deadline 17.01.2014

Priten 
Task 1
Compile the Presentation
Public Key encryption Deadline 17.01.2014
Public Key encryption Research (In a report) Deadline 17.01.2014

Kirran
Task 1
Substitution Ciphers  Deadline 17.01.2014
Substitution Ciphers Research (In a report) Deadline 17.01.2014

Abdul
Left before we could assign work

Hisham
Did Not Attend
Assigned work upon attendance to session

Once work has been completed, inform Jack which work will replace the completed work (so we don't get multiple members working on the same slide)

Posted by at No comments:
Labels: ,

Project 2, Final Attribution post


Jack:
  • Consent forms (scanning)
  • Default Vulnerability Exploit consent form
  • Data encryption (open source & closed source) (securing the data) (truecrypt)
  • Email encryption (encrypting plain-text emails) (encrypting attached files) (complete encryption)
  • Preparing for the attacks (armitage introduction) (armitage network scan) (armitage attack scan)
  • Exploit 1 - Permissions form
  • Exploit 1 - sort_mode information disclosure
  • Exploit 1 - mitigation
  • Exploit 2 - Permissions form
  • Exploit 2 - Tomcat webserver
  • Exploit 2 - mitigation
  • Exploit 3 - Permissions form
  • Exploit 3 - SQL injection on wordpress
  • Exploit 3 - Mitigation
  • Exploit 4 - Permissions form
  • Exploit 4 - VMC Server Password
  • Exploit 4 - Mitigation
  • Exploit 9 - Theoretical physical access exploit
  • Armitage (armitage introduction) (armitage network scan) (armitage attack scan)
  • System machine stats

Priten:
  • Setting up the pi (setting up the backdoor) (operating system used) (walkthrough) (encrypting the pi)
  • Exploit 5 - Permissions form
  • Exploit 5 - FTP
  • Exploit mitigation
  • Exploit 6 - Permissions form
  • Exploit 6 - Windows Server SMB
  • Exploit mitigation
  • Exploit 7 - Permissions form
  • Exploit 7 - Corpserver
  • Exploit mitigation 
  • Exploit 8 - Permissions form
  • Exploit 8 - Unreal Internet Relay Chat
  • Exploit mitigation 
  • NMAP tutorial

Kirran:
  • Legal
  • Ethics 
Abdul:
  • Research on various port scanners (NMAP) (OPENVAS) (Nessus) (Core impact) (Nexpose) (Metasploit) (Comparisons)

Hisham:
  • Introduction

Harry:
none due to no attendance for the duration of the second project
Posted by at No comments:
Labels: ,

Wednesday 8 January 2014

Project 2, Session 14

Project 2, we have to essentially SSH into a Pi, scan the network and highlight all the vectors in which we can attack the network.

Group Leader - Priten
Compiling the report - Jack

Kirran [6]
Legal implications, Ethics & case studies  
Proof-read By: Jack Hall, Corrections to be made - Include laws: Data protection, Fraud act, RIPA 2000. OVERDUE - 11.12.2013
Tutorial on how to statically configure IP address on Kali Linux OVERDUE - 11.12.2013

Priten [2]
Setting up Pi as secure backdoor - Report
Proof Read: Corrections Confirmed, COMPLETE- Added to compiled report (with references)
Create the group presentation (all slides, based on what members have written)
Perform Nmap scans & explain screenshots
Teach Jack how to run armitage
Exploit regarding FTP on MAC:08:00:27:18:BC:29 - Paperwork & Permissions

Abdul [3]
Research how to use the Nmap, OpenVas and Nessus & (3 others) Plus comparisons
Proof Read: Corrections confirmed, more information to be added OVERDUE - 11.12.2013

Jack [1]
Method of encrypting stored information  
Proof Read: Corrections Confirmed, COMPLETE- Added to compiled report (with references)
Tutorial on how to email encrypted messages for communication
Proof Read: Corrections Confirmed, COMPLETE - Added to compiled report (with references)
Securing sensitive data 
Proof Read: Corrections Confirmed, COMPLETE - Added to compiled report (with references)
Creation of the vulnerability exploration consent form
Proof Read: Corrections Confirmed, COMPLETE - Added to compiled report (with references)
Creation of the scanning consent form
Proof Read: Corrections Confirmed, COMPLETE - Added to compiled report (with references)

Explore password recovery exploit
Explore payload to open the FTP port

Harry [4]
Creation of the consent forms - Moved to Jack's responsibility due to lack of attendance
Did Not Attend

Hisham [5]
Assigned to write report introduction
Proof Read: Corrections confirmed, COMPLETE - Added to compiled report


Posted by at No comments:
Labels: ,

Monday 6 January 2014

Project 2, Session 13

Project 2, we have to essentially SSH into a Pi, scan the network and highlight all the vectors in which we can attack the network.

Group Leader - Priten
Compiling the report - Jack

Kirran [6]
Legal implications, Ethics & case studies  
Proof-read By: Jack Hall, Corrections to be made - Include laws: Data protection, Fraud act, RIPA 2000. OVERDUE - 11.12.2013
Tutorial on how to statically configure IP address on Kali Linux OVERDUE - 11.12.2013

Priten [2]
Setting up Pi as secure backdoor - Report To Be Proof-read By: Jack Hall 
Create the group presentation (all slides, based on what members have written)
Perform Nmap scans & explain screenshots
Teach Jack how to run armitage

Abdul [3]
Research how to use the Nmap, OpenVas and Nessus & (3 others) Plus comparisons
Proof Read: Corrections confirmed, more information to be added OVERDUE - 11.12.2013

Jack [1]
Method of encrypting stored information  
Proof Read: Corrections Confirmed, COMPLETE- Added to compiled report (with references)
Tutorial on how to email encrypted messages for communication
Proof Read: Corrections Confirmed, COMPLETE - Added to compiled report (with references)
Securing sensitive data 
Proof Read: Corrections Confirmed, COMPLETE - Added to compiled report (with references)
Creation of the vulnerability exploration consent form
Proof Read: Corrections Confirmed, COMPLETE - Added to compiled report (with references)
Creation of the scanning consent form
Proof Read: Corrections Confirmed, COMPLETE - Added to compiled report (with references)

Explore password recovery exploit
Explore payload to open the FTP port

Harry [4]
Creation of the consent forms - Moved to Jack's responsibility due to lack of attendance
Did Not Attend

Hisham [5]
Assigned to write report introduction
Proof Read: Corrections confirmed, COMPLETE - Added to compiled report
Did not attend

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)