Categories
Podcast Episodes Uncategorized

CyberKat cafe Podcast ep 3 on the Y2K crisis is out now!

Hello internet it is once again your friendly neighborhood Script Kitty here with another episode of our podcast, this time I cover the Y2K bug through a modern lens of Cybersecurity and Emergency management. Check it out here: https://anchor.fm/cyberkatcafe/episodes/Ep-3-The-Millennium-Bug–A-hackers-retrospective-on-Y2K-e1t0s3c

And with that said, this is Killer Kat signing off, stay safe out there and I’ll see you in the New Year!

Categories
Podcast Episodes Uncategorized

Tis the Season for Cybercrime: 5 Things you can do to protect yourself this holiday season.

Hello again internet, its me your host the Script Kitty: Killer Kat! Once again the holidays are right around the corner and I have a special gift for you, 5 things you can do to protect yourself from cyber crime this holiday season.

Whether you are looking under the tree for a new VR headset, a smart home device, or anything else WiFi enabled there is one thing for sure, black hat hackers are waiting for their own present, the thousands of unpatched devices that go online every year on December 25th. Every holiday season thousands of people receive new devices as gifts and in a rush to use their new devices many people, especially younger people skip installing device updates before connecting and using the device. To a hacker an unpatched device is a goldmine, many security updates contain fixes for well known security issues and when a device is left unpatched it allows hackers to gain easy access by exploiting well known security flaws. Because cyber criminals know lots of unpatched devices will go online on December 25th many of them search for and target these unpatched devices, but the good news is that knowledge goes both ways and that brings us to my first tip: Update and setup devices before gifting them. If you have a game console, computer, phone, or any other device you are planning to gift to someone this year (especially if that person is younger) take the time to install software updates and set up the device before hand. Not only will this protect the device from opportunistic cyber criminals but it will also save your loved ones valuable time spent waiting for software updates to download and install on Christmas morning.

Installing software updates will keep your devices from getting hacked through outdated software but what about more deceptive social engineering based attacks. Well its sad to say but the holidays are a prime time for cyber scams such as phishing, with many cyber criminals exploiting the chaos of the holidays to craft convincing looking emails or phone scams designed to trick you into loosing your valuable data. If you get an email that informs you of a problem (Usually with an online shopping order) and provides a link that then asks you to reenter your login information, then there is a good chance that you have fallen victim to a classic phishing scam. Lucky I have some tips to help you avoid these scams, if you are presented with a login page close that page of your browser and manually enter the website directly, this prevents hackers from using fake websites to steal your login information. Even though the idea of a fake website seems a little crazy at first glance, through a combination of almost identical URLs and exactly copying the original webpage’s HTML (Which is the information your web browser uses to show you what a website looks like) these fake websites have fooled even experienced Cybersecurity experts and high ranking government officials.

On the topic of shopping online, this next topic is something I’ll be exploring in future episodes so if you haven’t already please consider subscribing so you don’t miss out on those and all the rest of the fascinating content I have in store for the CyberKat Cafe! With that said our third topic is online shopping. Be it fake 5 star reviews, counterfeit and mislabeled goods, or even straight up scams the holiday season is rife with online shopping based cyber attacks. Some things to watch out for while shopping online are: Fake 5 star reviews, many online brands have been bribing regular users on sites like Amazon to leave 5 star reviews in exchange for free products and sometimes cash or gift card payments. While this goes against the rules of basically every online market place I have reported this behavior directly to amazon and they declined to comment, I’ll also note that as of time of writing they have also not taken visible action against the companies and people involved in this. So since Amazon is not going to take these reviews down, I’ll help you spot them. The first thing to look for are vague 5 star reviews that don’t really say anything about the product, usually something like “Its great!” or “I bought this for someone and they loved it!”, especially look out for “I haven’t received/used this yet but it looks great!” many of these fake 5 star reviews get a rebate on the purchased item that is only applied once they have left the review so they will often times leave a review before they actually get the product so they can get their rebates early. I’ll be going further in depth on my research into this issue so if that is something that interests you watch this space.

Another thing to look out for while shopping online is SEO or Search Engine Optimization. Now SEO by itself is not malicious, perhaps a little manipulative or deceptive but never the less a standard practice used by organizations to improve online visibility. SEO takes advantage of the way search algorithms work to make something appear more frequently or higher up in searches. Have you ever seen an amazon post with 30 different keywords in the product name before getting to what the item is actually called? Usually something along the lines of “| Gift for him | Gift for her | Travel |For home | gift for men ” etc. That is a classic example of SEO in action, because these keywords are so effective at getting visibility and selling products they are often combined with other scams such as the fake reviews mentioned above. Real companies with established brands don’t use SEO like this to grab attention, and while not every product with a word salad title is a scam the majority of them are low quality and not worth your money.

So you have your gifts bought online safely, software updates installed, you’re safe right? Well almost, there is one last way that black hat hackers take advantage of the holiday season and that’s through holiday apps with hidden malware. As reported by Barracuda Networks hackers are using holiday themed android applications to infect users phones with malware. Now malware on Android is nothing new, I even have an upcoming episode on the disturbing prevalence of Android malware. The best way to protect yourself against this malware is to only download apps from official market places such as the Google Play Store, however even the Play Store is rife with malware. Be cautious of downloading free apps and of apps that ask for unnecessary permissions. There are many kinds of malicious apps, some slow your phone down by using its resources to mine Cryptocurrency or to show you thousands of invisible ads to farm ad revenue. Some will steal your information or encrypt your phone. But no matter what kind it is, malware is certainly something you don’t want to get for Christmas.

My 5th and final tip is to share this with someone, Cybersecurity works best when everyone is informed and educated about best practices. The human element is often one of the easiest things for hackers to exploit but with proper education it can also be one of the greatest defenses. This holiday season take the time to share this with someone you love so they can be informed and protected against cyber criminals. And if you enjoyed this please remember to subscribe so you can be notified whenever new content is available.

And with that said, until next time this is Killer Kat signing off, stay safe out there, and don’t forget to have a merry Christmas and a happy New Year!

Categories
Uncategorized Write Ups

Sans Holiday Hack 2022 Dusty Giftwrap: Windows Event logs writeup.

Hello once again internet, it’s me your one and only peppermint flavored script kitty here to wish you a happy holidays and to talk about the Sans Holiday Hack 2022! As you may know every year the team at Sans put together an online event where you can watch informative talks, solve fun hacking puzzles and talk with the Infosec community. This year I’ll be doing write ups of some of the puzzles, now I should note that it is a policy of mine to never do write ups on currently active competitions or anything that could give someone an unfair advantage. Since the event is over the activities are purely educational and exist only for fun and learning. Since fun and learning are the two cornerstones of the Cyberkat Cafe lets boot up our Christmas Synthwave Playlists and hop right into one of the first challenges!

To start the challenge off we talk with an elf by the name of Dusty Giftwrap in the Tolkien Ring area. He lets us know there was a compromise of some administrator credentials by an attacker looking to steal the secret ingredients to the Lembahn bread. However PowerShell auditing was enabled and they have saved the logs to a flat text file for us to analyze. We complete this challenge by correctly answering a series of questions related to the attack.

Now straight away the terminal lets us know that grep (Global regular expression print) will be a very useful tool and links us a helpful page on grep usage. The most important options are -i for ignore case and -n for show line numbers.

The first question is “What month/day/year did the attack take place? For example, 09/05/2021.” and there are a couple of different ways we can go about answering this question. We could take the rather primitive method of using grep **/**/2022 to get a list of all the dates in the log-file and Brute-force all the different dates, however using some Blue Team knowledge we can take a more sophisticated approach. Since we already know that there was unauthorized activity we can search the log for event ID 4104 which is the execution of a remote PowerShell command (For more information on finding malicious activity in Windows logs I recommend you check out this excellent blog post by Liam Clearly). On its own event ID 4104 doesn’t mean there was a security incident however if we do grep -n 4104 powershell.evtx.log and take a look at the entries we will see a large amount of activity on 12/24/2022 and this anomalous activity lines up with our knowledge of the attack. Using this information we can answer the first question.

Now the second question “An attacker got a secret from a file. What was the original file’s name?” a good question and again there are multiple ways we can get our answer. They way I did this was by first using some information we already know, the attacker was looking for the secret ingredient to Lembanh bread so lets do a search: grep -n Lembanh powershell.evtx.log with this we can see two interesting pieces of information on line 20207 a user was writing text to the file mydiary.txt and further up we can also see some log entries referencing “Lembahn Original Recipe”. Since we know there is a user writing to text files lets take a look for more entries in the log using grep -n Lembanh powershell.evtx.log with this we can see the other diary entries as well as some activity happening to a recipe.txt using this information we can answer the second question.

The third question “The contents of the previous file were retrieved, changed, and stored to a variable by the attacker. This was done multiple times. Submit the last full PowerShell line that performed only these actions.” caused me a bit of difficulty because I was trying to use control-v instead of control-shift-v to submit my answer, but how did I get that answer? Well in our last grep search we can see the attacker is using a variable foo to replace honey with fish oil, so if we do a grep search for fish we can see on line 7997 $foo = Get-Content .\Recipe| % {$_ -replace 'honey', 'fish oil'}.

Question 4 is “After storing the altered file contents into the variable, the attacker used the variable to run a separate command that wrote the modified data to a file. This was done multiple times. Submit the last full PowerShell line that performed only this action.” and we know the variable is foo so by doing grep -n foo powershell.evtx.log on line 7462 we see $foo | Add-Content -Path 'Recipe'. and for question 5 “The attacker ran the previous command against a file multiple times. What is the name of this file?” We can just look at our previous grep to get the answer. For question 6 “Were any files deleted?” we already know the answer from one of our previous grep searches however we can also do another search grep -n del powershell.evtx.log to look for the delete command which we see on line 6568 & 6762 and using that we can answer question 7 “Was the original file (from question 2) deleted? (Yes/No)”

Question 8 “What is the Event ID of the log that shows the actual command line used to delete the file?” Well if you remember from our first search we were looking for Event ID 4104 to see if there were many remote PowerShell commands on a certain date, this provides us with the answer to this question. Question 9 “Is the secret ingredient compromised (Yes/No)?” Is pretty simple because we already know the answer from answering question 3. And finally question 10 “What is the secret ingredient?” is also known to us because of our answer for question 3.

And with that we have completed the challenge and are rewarded 10 KringleCoin’s to spend on hats for our avatar! I hope you enjoyed this write up and this challenge, I know I learned a few tricks for analyzing windows logs and I also really enjoyed the challenge! As always if you did anything different or have any questions please let me know in the comments down below. And if you like this content please consider following my blog so you can be notified whenever I have a brand new piece of educational content to share with all you 1337 hax0rs and script kiddies out there surfing the information superhighway!

This is your one and only resident Script Kitty signing off, stay safe out there and remember never reuse your email password and have a happy holiday season!

Categories
Uncategorized

A hackers perspective: Understanding Emoji, Character encoding and why Chipotle only lets you have 3 welsh flags. 🏴󠁧󠁢󠁷󠁬󠁳󠁿

Hello Internet! It’s me once again your resident Script Kitty, here to bring you another post that I have had on my back burner for awhile now but have chronically postponed due to my ADHD and executive functioning difficulties.

Today’s topic is something that I have been researching for awhile now, as someone in the Cybersecurity world I enjoy learning about how various systems and technology work and then thinking about how different scenarios and interactions would effect or break the systems. Which brings us to our main topic today Emoji! What are they?, How do they work?, and Why is this one 🏴󠁧󠁢󠁷󠁬󠁳󠁿 so special?

To explain emoji we have to look way back, at how computers display text in the first place, you see your computer is not storing the actual words or even the letters that make up the words. Instead because all information inside a computer is ultimately comprised of binary data (strings of 1’s and 0’s) computers use something called Character Encoding. You have probably even heard of one of the most impactful character encoding scheme ASCII or American Standard Code for Information Interchange, or as the IANA (Internet Assigned Numbers Authority) prefers it to be called US-ASCII (Source). The reason why you have probably heard of ASCII before is from the term ASCII art, the practice of arranging different ASCII characters to form images. Before Emojis this was the only way to convey symbolic information through text, but how does ASCII and by extension Emoji work?

ASCII and other character encoding schemes work by translating the binary information stored in your computer into different characters. For example the capital A is 065 and the space (and yes even things we would not normally think of as characters such as space need to be included in digital text) is 032. But the astute among you may have realized a discrepancy I said that the characters were stored as 1s & 0s but 65 and 32 don’t have either. In the computer these numbers are stored as binary numbers also known as base 2. 65 would be 1000001 and 32 would be 100000. In computer memory these numbers are stored as groups of 8 Binary Digits also known as bits, with a group of 8 bits being called a byte (and a group of 4 bits being called a nibble!). Because of this encoding schemes even convert numbers, with 1 in ASCII being 0110001 and 2 being 0110010 3 as 0110011 and so on. You may be thinking something like “Well that’s nice KillerKat but how does this relate to Emoji and Chipotle?” and to answer that we have to look at the limitations of ASCII, its all well and good if you want to say something like 1001000 1000101 1001100 1001100 1001111 (HELLO) but what if you want to say something like “¿Dónde está el gato de Internet?” or “ネット猫大好き” well in that case you would run into a problem. ASCII doesn’t support Spanish accent marks (not even ñ) or Japanese Kanji, however as evidenced by that fact you are reading this our modern systems can.

This is where Unicode comes in, it allows users to bridge the gap of different languages and have all computers be capable of displaying all supported languages. To quote Wikipedia (Yes I know an academic sin but this article is an overview not a research paper) “Unicode and its parallel standard, the ISO/IEC 10646 Universal Character Set, together constitute a modern, unified character encoding. Rather than mapping characters directly to octets (bytes), they separately define what characters are available, corresponding natural numbers (code points), how those numbers are encoded as a series of fixed-size natural numbers (code units), and finally how those units are encoded as a stream of octets. The purpose of this decomposition is to establish a universal set of characters that can be encoded in a variety of ways.” -Wikipedia. This may sound complicated at first glance but the important part to understand for our purposes is that characters are no longer 1 byte (a set of 8 binary digits) but are instead defined as possible characters within a standard shared set of characters, again an oversimplification but we just need to know 2 things: 1. Not every computer/system will support all Unicode characters 2. Unicode characters can be multiple bytes or “characters” long.

Now at this point you may have already guessed that Emojis are part of Unicode, unlike previous emoticons found in IM applications or cellphones that only worked on the same platform Emojis are part of the Unicode standard. Being part of the Unicode standard means that you can send Emojis to different platforms, but you may notice that many emojis look different between platforms. This is because the Unicode standard simply describes what the emoji is, and its up to the platform to create the Emoji images themselves. This also means that not every platform supports every Emoji, if you use an old Android device you may notice it doesn’t support newer emoji. This is one of the key behaviors observed with my experiment, a second thing to note is that not all Unicode characters are visible some such as the space do not show up as characters themselves but instead influence the spacing and design of other characters. However to a platform that does support these invisible characters they would appear just as any other unknown character, usually a ?, a box, an emoji of an alien, or something to that effect.

When Unicode added support for variations in Emojis such as different skin colors or genders they did not create entirely new Emojis, instead they used these invisible characters to specify these attributes after the original Emoji. If you have a platform that does not support these changes it would still be able to show you the original Emoji allowing for backwards compatibility and limited support for lightweight systems. Indeed that may be why this: 🏴󠁧󠁢󠁷󠁬󠁳󠁿 Emoji appears as a black flag instead of the flag of Wales. Because instead of adding an entirely new Emoji for the flags of the UK Unicode extends the black flag. All of the flags for countries do this, which meant that in older versions of Twitter they would count for 2 characters. However after complaints following the introduction of the skin color emojis Twitter fixed the issue so that emojis only counted as a single character. The reason why Twitter was counting these emojis as multiple characters is because they are comprised of multiple invisible characters and the emoji in question, and to a computer it looks exactly the same as a string of multiple characters.

Now if you are a hacker like myself (White hat of course) then you may have already had the same thought I did. If these Emojis are comprised of multiple characters of information but act like a single character can you use them to cause buffer overflows? Yes, I can confirm that indeed you can. At one point I added an Emoji to my name on a Chipotle online pickup order, and I noticed that it printed out 2 ?s on the label. This made me ask 2 questions, firstly can I cause a buffer overflow and secondly what is the Emoji with the most amount of characters? Well it turns out that the answer is yes, and our friend the Welsh flag Emoji!

Putting these two pieces of information together I created a new online order and found that any more than 3 welsh flags will overflow and return an error code, the limit seems to be around 39 or so “characters”. Below you can see an example of what prints out if you put 3 welsh flag emojis into the order field, the label maker seems to run out of space before it prints all of the characters. This presents the opportunity for a future test where I attempt to place in a string of valid characters and see if it gets cut off as well.

A Chipotle order label showing many ? characters because 3 welsh flags were interred into the order name field. Copyright KillerKat 2022

The next obvious step was to research if someone else has done any similar attacks and a quick google search reveals that yes, Similar Emoji Buffer overflows have been performed. As with most of my good ideas, great minds think alike and there is a quite staggering amount of minds out there ready to have the same ideas as you. Since the concept has been proven I plan to test a few different fields in various places (All above board of course).

I hope to be posting more here soon, I’ve been doing a lot of exciting things lately. The next project I hope to cover is a soldering kit for a Bluetooth-speaker / radio combo. And if you have any stories related to buffer overflows or Chipotle please leave them down in the comments below.

With that this is KillerKat once again signing off, Stay safe out there and remember to always check your input fields!

Categories
Uncategorized

Windows is slowing down your PC! : 30 Windows services you can disable right now.

Hello Internet, soy tu gatito guion residente. And today I have a topic that effects the majority of computer users and that is windows overhead wasting system resources. This is a topic that many in the tech sphere have covered before and indeed you can even download a PowerShell script that will disable many of these services and telemetry functions. However the problem with this one size fits all approach is that there may be a legitimate reason you want to run one or more of these services or features.

Knowledge is power so today I am going to describe some of the most common of these services, what they do, and why you might want to keep them. I’ll also include a brief guide on how to disable these services so that you can configure your computer to your preferences. Without further ado lets begin; There is a menu on your computer called “Services” the easiest way to access this menu is to simply search for “Services” in your windows search bar. You should see a window that looks like this:

The windows services menu.

Once you’re here the process for disabling a service is as easy as right clicking on a line item, clicking properties and then changing the startup type to disabled in the drop-down menu seen here:

Now that you know how to disable these services lets talk about what they do and why you might want to disable them. Here is a short list of some of the most commonly disabled services and what they do.

  1. Xbox services: These services all pertain to the Xbox functionality integrated into windows 10. You should see 3-4 services that start with Xbox and if you are using your computer for work there is no reason to leave them enabled as they will waste system resources.
  2. Bluetooth services: These services pertain to the Bluetooth protocol, if your system does not have the hardware required to use Bluetooth they can be safely disabled.
  3. Certificate Propagation: The certificate refers to cryptographic certificates used as a form of authentication, however this particular services handles smart cards and if you aren’t using them it is safe to disable.
  4. Connected User Experiences and Telemetry: The astute among you may associate the world Telemetry with Spyware and honestly that assessment is far from wrong, while Telemetry does have legitimate uses in software many companies Microsoft included have gone beyond the stated purpose of Telemetry to instead collect data on users that is then sold to interested parties. At the risk of never being hired by Microsoft I have to say if there is one thing on this list everyone should disable its this.
  5. Downloaded Maps Manager: Exactly what it says on the tin, this service handles mapping data for applications that need it. If you don’t use windows map apps and instead use google maps in a browser then you don’t need this service.
  6. Fax: Another self explanatory service, this handles faxing allowing you to send and receive digital facsimiles of various documents provided you have the appropriate hardware. Depending on what you use your PC for depends on if you need this or not.
  7. GameDVR and Broadcast User Service: This contains functionality for recording game footage, the majority of people will never use this. You may encounter difficulty disabling this service in which case you would need to go into the Registry and change some settings, unless you are already familiar with the Windows Registry its better to just leave things alone than risk causing an issue by attempting to modify the Registry.
  8. Geolocation Service: This is somewhat polarizing, if you value privacy you will most likely want to disable this, which will then prevent windows apps like Weather, Maps, Etc from knowing your location. However if you don’t see the harm in sharing your location and wish to have the convenience of this feature then firstly you probably aren’t a frequent reader of my blog, Welcome! And secondly you’re going to want to leave this enabled.
  9. Microsoft Account Sign-in Assistant: This allows users to sign in with their Microsoft Account, If you’re here reading this I hope you’re using a local user account to log into your PC but if for some reason you are not then you would want to leave this enabled.
  10. Netlogon: Netlogon is used for networking in larger organizations, for home users you’re not going to need this unless for some reason you have a domain. For work computers you shouldn’t be changing your settings based on the advice of a Tech Enthusiast blog without talking with your IT department first and if you are the IT department let me know if you’re hiring.
  11. Parental Controls: This service manages parental controls for child accounts in windows, without it you cant use the parental controls.
  12. Payments and NFC/SE Manager: This is a another hardware/use case specific one, NFC stands for Near Field Communication, its that thing that lets you tap your credit card to pay at the store or link an Amiibo to your Nintendo Switch. If your PC has the hardware and you want to use NFC technology then you should leave it enabled, but this service runs in the background by default and on a gaming PC its a waste of system resources.
  13. Phone Service: This is another weirdly specific one, if you wanted to and you have the right hardware you can connect your phone to your windows PC. For some business users this is a useful feature but many will find it unneeded.
  14. Print Spooler: A Print Spooler holds print jobs in your computers memory and then sends them to the printer when its ready to print. If you want to use a printer then you need this service, however if you do not own a printer or have no intention of printing things from your gaming PC then this is another one that is safe to disable.
  15. Remote Registry: The Windows Registry is a database of configuration options and settings used by various low level parts of your computer, its incredibly powerful if you know how to use it because its working much closer to your computers hardware than most settings options. What this service allows is for remote users to modify registry settings on the computer, there are legitimate applications that use this service but the majority of them are enterprise level applications you would not be running on your home PC. Unless you’re running some kind of software that needs this I would highly recommend disabling it.
  16. Retail Demo Service: If you have ever been to a Bestbuy and tried using one of the display computers then you have seen what this service does. You should disable it unless for some reason you want to use your PC as a retail display.
  17. Smart Card: Smart Card and the two other Smart Card services handle the use of Smart Cards with your PC. This is a very useful security feature for enterprise users however most home PC do not have smart card readers or a need for them so it can be safely disabled.
  18. TCP/IP NetBIOS Helper: This provides support for the NetBIOS over TCP/IP service. What does that mean? Well in non technical terms NetBIOS is what allows you to use networked printers, share files and log on remotely to other computers on your network. NetBIOS is a historically insecure protocol however it is also a useful protocol. If you only have a single PC on your network you use for something like gaming then you can disable this service without issue however if you do want the features NetBIOS provides then you should leave it running.
  19. Telephony: This is used for certain VOIP applications, Faxing, Dial-up modems, some DSL providers, Some VPN’s and various other things related to phone lines. Depending on your circumstances you may be able to disable this without issue but I would not recommend it as it does not run in the background by default and its likely you will find yourself in a position where you need it.
  20. Touch Keyboard and Handwriting Panel Service: This is another hardware specific service, if you have a touchscreen or stylus then this service will be needed to operate properly. However many desktop PC do not have this hardware and can safely disable this service.
  21. WalletService: Honestly I cant find any documentation on this, I believe its related to Microsoft Wallet which has been rebranded as Microsoft Pay. I’ll let you decide for yourself how you feel about this one as I cannot confirm at this time that its safe to disable (although it probably is)
  22. Windows Biometric Service: If you have biometric devices on your PC this is needed to use them. For example a fingerprint reader or face unlocker. If you don’t then you can disable this to free up some system resources.
  23. Windows Error Reporting Service: This service generates error reports and makes log files when programs stop working or responding. It can be safely disabled but then you will not get logs which could be useful in attempting to remedy the problem.
  24. Windows Image Acquisition (WIA): This is used by scanners and cameras, if you don’t use either it can be safely disabled.
  25. Windows Insider Service: This is needed to use the Windows Insider Program, if you don’t use it then you can safely disable this service.
  26. Windows Media Player Network Sharing Service: This uses the UPnP (Universal Plug and Play) protocol to share your Windows Media Player libraries to other networked devices/media players. If you don’t use Windows Media Player then you can disable this.
  27. Windows Camera Frame Server: This allows multiple clients to access video from connected cameras. If you disable it your webcam may stop working, if you don’t have a webcam then its safe to disable.
  28. Windows Connect Now – Config Registrar: This is used for Windows Connect Now, which is Microsoft’s implementation of the notoriously insecure WPS (WiFi Protected Setup) protocol, This can safely be disabled as you should NEVER have WPS enabled on your router because if you do you are literally allowing anyone with a basic knowledge of computers the ability to hack your WiFi. Its dangerous and you cannot afford to be caviler about this.
  29. Windows Mobile Hotspot Service: Just as your phone can use its cellular data connection to allow other devices into the internet so can a cellular enabled windows PC. If you don’t have a cellular enabled computer then this is safe to disable.
  30. Windows Search: Last on our list is Windows Search, if you don’t want to use Windows Search then you can disable this service. However I would highly recommend simply altering your firewall to disable certain features of windows search instead of entirely removing the search bar from your computer. Stay tuned as that is a topic that I hope to cover in the future.

And there you have it folks, that’s Killer Kat’s non exhaustive list of 30 windows services you can disable. Now if you read this far into the article then you’re a Web-Scraper script according to my analytics page, however if you are a human being then you may have noticed that many of these features are not currently running and instead only a handful are running on your PC currently. The reason why is that many of these services will only run if something prompts them to, the automatic ones are usually hardware based because its easier to waste RAM running touchscreen support on all computers than attempt to troubleshoot it when computers with touchscreens aren’t running it.

Windows is designed to run with minimal tech knowledge or user input, and this comes at two costs: One the literal cost of system resources being used by unneeded features thus driving up your electricity bill (and perhaps making users buy stronger computers to compensate), and the second being that Microsoft makes quite a bit of their revenue by collecting and selling information on their users, this is why Windows is so inexpensive and often ships preinstalled on many computers. Selling user data to cover costs is nothing new, most social media sites operate in a similar manner. however selling user data is also the reason why Microsoft really really wants you to use a Microsoft account; It helps them keep track of all of your user data much more efficiently, they aren’t going to spend money hosting the infrastructure for something like the Microsoft account if its going to loose money.

Let me know if you have any questions or if I got anything wrong, the comments below are always open for discussion. If you liked this then consider subscribing to get more content like this delivered to your inbox for free, and with that this is your Resident Script Kitty, Killer Kat signing off stay safe out there in this Cyberpunk dystopia we call home!

Categories
Uncategorized

The Holiday Season, How it Effects Cybersecurity and What You Should do About it.

Hello once again internet, its me your favorite (and only) Script Kitty here to wish you some holiday cheer as we talk about the holidays and what that means for Cybersecurity.

Every year during the holiday season hundreds of people go online to purchase Christmas gifts for their family members, and this influx of activity has some risk associated with it. Always remember to practice good internet hygiene as holiday themed Phishing attacks are a common occurrence as well as less than reputable sellers hawking counterfeit goods. Just because the amazon listing says it has good reviews or its a name brand product doesn’t mean it is and Amazon knows that but doesn’t care; Pro Tip always make sure you know exactly what you’re buying or at least have a look at the seller page to see if its shady.

I have 2 related articles coming out soon exposing how companies pay Facebook users to leave fake amazon reviews and how Etsy is knowingly selling fake “Handmade” goods and the proof I collected as well as their refusal to remove these products. In the mean time if something seems too good to be true it probably is, don’t risk it.

But what about once all the shopping is over? Does the risk stop once you gather with your loved ones to exchange gifts? No sadly as one big thing to be on the lookout for this holiday season as someone who is informed about Cybersecurity is configuration of new devices. It happens after someone unwraps their new smart toaster, VR headset that makes maps of your house, RGB enabled smart face mask , or something less cyberpunk like a new laptop or smart phone. Every Christmas there is a large influx new poorly secured devices coming online and the attackers know it. Many people rush to set up these devices as fast as possible and overlook important security controls thus creating this attack surface which in turn shows the true spirit of Christmas by gifting Cyber Criminals with the gift that keeps on giving. This year if you know tech gifts are coming up take the time to discuss with the gift giver beforehand and the recipient afterwards and make sure that best practices are followed and everyone stays safe this Christmas.

And of course no December would be complete without the annual SANS Holiday Hack. As they say on their website:

Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges where you learn new skills, help Santa defeat cybersecurity villains, and save the whole holiday season from treachery. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.

I would highly recommend everyone to check it out even if you’re new to the Infosec community there are lots of great talks by people in the industry, last year I watched a great talk by Josh Wright about open S3 buckets which I highly recommend watching as could security is still as relevant as ever perhaps even more so with more webdevs using cloud based tools. Click this hyperlink to get more information or to start playing and a big thank you to SANS for hosting this event every year. I hope to see you there this year readers, if you see me feel free to say hello.

And with that its Killer Kat signing off until next time happy holidays, stay safe out there and keep tuned for those articles exposing Amazon and Etsy for knowingly allowing fraud on their platforms.

Categories
Uncategorized

Weekend project: C++ Rock Paper Scissors console app.

Hello Internet, its your premiere Script Kitty Killer Kat here to share the details of my latest fun project. Although its not actually something I made on a weekend I’m going to use this moniker anyway, my ADHD means that I often get Hyperfocused on projects and then completely forget to write about them afterwords, but stay tuned for more regular updates as I am looking to change that.

Today’s project is something quick and fun I made to keep my C skills sharp, I saw Alpha Phoenix’s video on Snake AI and while I would love to make a Snake AI of my own its a little bit beyond my current Computer Science skill-set however I was inspired to make something involving at least a rudimentary AI. My C skills had been rusting somewhat after I paused work on my Unity game so I decided to write a C++ console app that would allow you to play Rock Paper Scissors against a AI opponent. Here is the Github Permalink to the project.

So to start, we need an AI that we can play against. This first AI is just random, with no logic behind their choices. To start we need a random number generator, for this use case I chose to use a pseudo random number generator seeded with the current time. In a more serious use case where security is a concern this would be a bad idea as it would be trivial to bypass the generator and get the same output, however in this instance all that would accomplish is cheating at RPS so it was not a design consideration. Next we add some text to the console to tell the player what app they are running and how to use it. So far our main() function looks like this:

//seeds the pseudo random number generator with the time, not the best choice but it works well enough for this use case.
srand((unsigned)time(0));

std::cout << "Wellcome to Rock Paper Scissors C++ Edition!\n";
std::cout << "This app made by Killerkat on 9/22/2021 find me on Github or Checkout my blog!\n";
std::cout << "0 for Rock 1 for Paper and 2 for Scissors\n";

Next we need a way for the player to choose their move and a way to have the computer generate its move, for this I create a new class called CPUData that stores variables related to the Computer Player and methods to determine how the Computer Player acts. I have made two AI’s based on the RNG from before and used switches to announce their moves, the int that stores the move is part of the class itself. The class looks like this:

class CPUData { //Creates a class so we can store the varibles we need in an object that can be passed when needed.
public:
    int CPUChoice;
    std::string CPUChoiceMessage;
    bool debugMessageToggle;

    void RandomOpponent() {

        //Random mode
        CPUChoice = (rand() % 3);
        if (debugMessageToggle) {
            std::cout << "DEBUG: CPU CHOICE (Random) IS " << CPUChoice << "\n";
        }
        switch (CPUChoice) {
        case 0:
            CPUChoiceMessage = "CPU Chose Rock";
            break;
        case 1:
            CPUChoiceMessage = "CPU Chose Paper";
            break;
        case 2:
            CPUChoiceMessage = "CPU Chose Scissors";
            break;
        default:
            CPUChoiceMessage = "CPU Had an Invalid Choice\n";
        }

    };
    void RockLoverOpponent() {
        //Rock mode
        CPUChoice = (rand() % 3);
        if (debugMessageToggle) {
            std::cout << "DEBUG: CPU (Rocky) CHOICE IS " << CPUChoice << "\n";
        }
        switch (CPUChoice) {
        case 0:
            CPUChoiceMessage = "CPU Chose Rock";
            break;
        case 1:
            CPUChoice = (rand() % 2);
            switch (CPUChoice) {
            case 0:
                CPUChoiceMessage = "CPU Chose Rock";
                break;
            case 1:
                CPUChoiceMessage = "CPU Chose Paper";
                break;
            default:
                CPUChoiceMessage = "CPU Had an Invalid Choice\n";
            }
            break;
        case 2:
            CPUChoiceMessage = "CPU Chose Scissors";
            break;
        default:
            CPUChoiceMessage = "CPU Had an Invalid Choice\n";
        }
    };
};

Now that we have a way to get the Computer Players move how do we play against it? Well we stored this inside this class so that we can create an object in our main() function and pass the object to a second function PlayGame. The PlayGame function takes our object as an argument, gets the players move and then compares the data from the object to the players move and returns either true for a win or false for a tie/loss. The PlayGame() function looks like this:

bool PlayGame(CPUData Opponent) {

    int PlayerChoice = 3; //3 is null 0 is Rock 1 is Paper and 2 is Scissors
    std::cout << "Make Your Move!\n";
    std::cin >> PlayerChoice;
    switch (PlayerChoice) {
    case 0:
        std::cout << "You Chose Rock and " << Opponent.CPUChoiceMessage << "\n";
        if (Opponent.CPUChoice == 0) {
            std::cout << "The game ends in a tie!\n";
            return false;
        }
        else if (Opponent.CPUChoice == 2) {
            std::cout << "You win!\n";
            return true;
        }
        else {
            std::cout << "CPU wins!\n";
            return false;
        }
        break;
    case 1:
        std::cout << "You Chose Paper and " << Opponent.CPUChoiceMessage << "\n";
        if (Opponent.CPUChoice == 1) {
            std::cout << "The game ends in a tie!\n";
            return false;
        }
        else if (Opponent.CPUChoice == 0) {
            std::cout << "You win!\n";
            return true;
        }
        else {
            std::cout << "CPU wins!\n";
            return false;
        }
        break;
    case 2:
        std::cout << "You Chose Scissors and " << Opponent.CPUChoiceMessage << "\n";
        if (Opponent.CPUChoice == 2) {
            std::cout << "The game ends in a tie!\n";
            return false;
        }
        else if (Opponent.CPUChoice == 1) {
            std::cout << "You win!\n";
            return true;
        }
        else {
            std::cout << "CPU wins!\n";
            return false;
        }
        break;
    default:
        std::cout << "Invalid Choice\n";
        return false;
    }
}

Now all we have to do is capture that return value in our main() function and use it to increment a score counter if we won! But wait we still cant change the AI we are playing against, what if we want to play against Dwayne Rocky JSONson the rock loving, paper hating AI that when it chooses paper has a 50% chance to choose rock instead? Well for that we use another switch statement at the end of the game to allow the player to either play again, quit, or open the options menu. Then we just add some dialog to inform the player of the game state and settings, tie in a clear() function we got from Stack Overflow so we don’t have to create a security risk by passing commands to the windows command interpreter and then we are done. The finished main() function looks like this:

 void main()
    {
        //seeds the pseudo random number generator with the time, not the best choice but it works well enough for this use case.
        srand((unsigned)time(0));

        static int gameScore;
        static int gameMode;
        static bool debugMessage;
        int optionsMenu; // used for the options menu switch
        CPUData CPUPlayer; //Obj we use to hold the data for the CPU player for easy use between functions
        CPUPlayer.debugMessageToggle = debugMessage;

        std::cout << "Wellcome to Rock Paper Scissors C++ Edition!\n";
        std::cout << "This app made by Killerkat on 9/22/2021 find me on Github or Checkout my blog!\n";
        std::cout << "0 for Rock 1 for Paper and 2 for Scissors\n";
        
        
        switch (gameMode) { //Game mode selector
        case 0:
            CPUPlayer.RandomOpponent();
            std::cout << "Current Mode Random\n";
            break;
        case 1:
            CPUPlayer.RockLoverOpponent();
            std::cout << "Current Mode Rock Lover\n";
            break;
        default:
            break;
        }

        if (gameScore > 0) { //Simple way to track game wins
            std::cout << "You have won " << gameScore << " times!\n";
        }
        //passes the Computer player object to the game playing function so it can generate a game, if the Playgame function returns true it increases the score.
        if (PlayGame(CPUPlayer)) {
            gameScore++;
        }
        int pasta; //because its spaghetti code.
        std::cout << "Play again? 1 = Yes 0 = No (Close Game) 2 = Open options menu\n";
        std::cin >> pasta;
        switch (pasta){
        case 0 :
            break;
        case 1 :
            clear();
            main();
            break;
        case 2:
            clear();
            std::cout << "OPTIONS MENU: Select an option\n 0 : Set opponent to Random mode.\n 1 : Set opponent to Rock Lover mode.\n 2 : Toggle Debug Mode.\n";
            std::cin >> optionsMenu;
            switch (optionsMenu) {
            case 0:
                gameMode = 0;
                break;
            case 1:
                gameMode = 1;
                break;
            case 2 :
                debugMessage = !debugMessage;
                if (debugMessage) {
                    std::cout << "Debug mode is on.\n";
                }
                else {
                    std::cout << "Debug mode is off.\n";
                }

                break;
            default :
                break;
            }
            clear();
            main();
            break;
        default:
            clear();
            main();
            break;
        }
        
    } 

And that’s the end of the project, I also added a debug option that tells you the AI’s move before you make yours. I hope you learned something today, even if that something was that I know C++ well enough to make a small game. If you have any questions about how this code works, thoughts on my technique or general thoughts and questions please leave them in the comments down below and I’ll be sure to answer them.

If you have any suggestions for future topics/projects let me know and until next time this is your favorite (and only) Script-Kitty Killer Kat signing off.

Categories
Uncategorized

Why I chose Infotainment, and how I think it could help shape our future.

Hello Internet! Once again its me, your resident script kitty here to talk about something meta.

As you are aware I chose to run my InfoSec blog as an infotainment platform and you may be wondering why, I would like to share my thoughts on the matter and how I think more Infotainment could help the industry as a whole.

Now right off the bat I would like to acknowledge some inspirations of mine, The SANS Holiday Hack challenge is probably the best example of infotainment in the Cyber Security sphere at time of writing. I personally enjoy it every year and I know when I was first starting out it helped make many of the complex ideas and discussions around Infosec less intimidating.

I would also like to spotlight some excellent Infosec Youtubers. LiveOverflow & PwnFunction come straight to my mind as excellent examples. Youtube as a platform as really brought infotainment into the mainstream as a medium and as someone who loves a lot of what these YouTubers are doing, and they ways they are making complex topics easy to understand and engage with while also providing free access to education content I think they deserve respect.

PBS digital studios, Game Theory and other independent creators have really spearheaded this trend and what we have seen is a massive increase in both interest and engagement in many topics often considered difficult or dry. I think the Infosec community could benefit greatly from a similar culture. How many times have you had someone say they “Just cant understand all this computer stuff” or “I don’t need to worry about my password or account security that’s what we have you for!” because they don’t understand and/or don’t want to learn even the fundamentals of Cyber Security because they view it as complex or uninteresting.

I think we all know, the human layer is the weakest part of security. This is why user awareness training is so important and why we as an industry invest so heavily into it. If you look around in the modern organization everyone is blueteam, each employee has the potential to either cause a security incident or strengthen the overall security landscape through their actions and knowledge. The future of blue team is going to involve making sure every person on board is aware of the nature of Cyber Security and the risks and potential warning signs that they may encounter.

I feel the next logical step is to move from user awareness training (Which often falls into the infotainment category itself) into a larger infotainment environment. While it may not appeal to everyone creating this media will bring these topics into conversation and provide an easy entry point for anyone who is interesting in learning more about InfoSec who may not have the resources or prior knowledge to learn through more traditional measures.

By taking something important and making it fun we can create a culture of learning and knowledge that will provide benefits to everyone involved. I truly believe that humanity is on the precipice of a new era and that educating people so they are better prepared to face the challenges of our ever evolving digital world is more important than ever.

And that is why I say: Until next time, this is your resident Script Kitty signing off!

Categories
Uncategorized

HackTheBox Delivery User own Write-up.

Hello Internet, its your resident script kitty here to talk about how I got my first own on a HTB machine. Now that Delivery is retired I can share with you the details of exactly how I got user and the interesting process that it involved.

Interestingly the largest challenge for me to overcome was that I did not initially realize that I would have to manually add the server to my hosts file because of the architecture of the lab environment. For those who are confused like I was allow me to explain, because the HTB boxes are not connected to the internet in order to resolve subdomains you must add the ip and subdomain manually to your hosts file. On Linux its as simple as just doing sudo nano /etc/hosts and making the changes, without this you may repeat my mistake of getting stuck because the subdomain wont load and going down a rabbit hole looking for the solution.

Now with that out of the way lets begin our examination, when first scanning with Nmap we see that there are only a few ports open. 22,80, and 8065. With a open port 80 its pretty obvious our first move, we connect to the server with out web browser and sure enough its a website(Pictures not included sadly as I forgot to take them at the time and I don’t have the premium subscription so I cant get back into retired machines). A cursory examination of the landing page reveals that they have a help desk page, this is where adding the subdomain to your hosts file is important. But perhaps more interesting is that they have a Mattermost server that only requires a @Delivery.htb email address, but how would we get one?

Now this next step took me awhile because as previously mentioned I was unaware of the need to add the subdomain to the hosts file. Once you check out the help desk site you notice 2 things right away, the first is that it generates you an email address based on your ticket number that you can email to update the ticket and the second is that you don’t need any authentication to submit a ticket.

From here the solution is pretty obvious however I did get stuck for a second because when viewing the ticket you have to use the exact same email address you used to submit it, otherwise it wants you to create an account and verify your email address which is impossible because the server is isolated from the internet. I don’t know if this is a quirk of Firefox or if I just didn’t see a space or something but when it auto-filled for me the site would reject the email, I had to manually copy paste the email in.

Now that we have a ticket we can open a new tab and direct our browser to 10.10.10.222:8065 and see the Mattermost page, when creating a new account it sends an email with a link that validates your account however how can we view the email? Simply have it send the email to the ticket updating email we got in the last step, once sent you can see it updates the ticket and you are able to click the link and login.

Now that we are in the Matermost server we can see that the admin has left a few messages that give us exactly what we need, the login for a user with standard privileges and instructions for what we need to do if we want to get root on the box.

The next step is as simple as logging into the server via SSH on port 22 and doing cat user.txt and submitting the hash. Now I wont be covering root here today as I don’t currently have access to the retired machines, but if you’re interested the official walk though has been posted now that the machine is retired.

That’s all I have for you in this one, but if you liked this write-up please consider subscribing so you can get even more Infosec content like this, and if you have any thoughts or questions you can leave them in the comments below. Until next time, this is your resident script kitty signing off.

Categories
Uncategorized

Introducing The Raspberry S.Pi.D.E.R

Hello once again my fellow hackers and tech enthusiasts, once again its time for the Internets resident script kitty to show you what I have been working on.

The Raspberry S.Pi.D.E.R is a project I have been working on for quite some time now on and off. Its a handheld raspberry Pi tablet that uses a RTL SDR to create a portable SDR. Now I know that there are already several commercial grade portable SDR devices on the market however I still had 2 reasons for working on this project.

The first reason is cost, A good SDR will set you back quite a bit and I hoped that my DIY solution would be affordable and easy to start, in following the spirit of RTL SDR.

And the second reason is as always I enjoy the challenge and I enjoy learning, this is a great opportunity to learn quite a bit of useful and interesting skills and as with any DIY project put my own spin on things. (Including plans to create a multi functional hacking tablet but that’s another story).

For more info on the project you can check out my Github where I am tracking its progress: https://github.com/Killer-Kat/S.Pi.D.E.R-SDR

The Tablet:

The S.Pi.D.E.R is currently in prototype form, its a Raspberry Pi 4, connected to the official touch screen and running GQRX with a RTL-SDR receiver. Currently its in a Touchscreen case I got for free off of Amazon however I have plans to 3d print a custom case further on in the project.

Its currently running Raspbian or as its now known Raspberry Pi OS. This is for compatibility with the Raspberry Pi version of GQRX and the Touch Screen as pictured below.

The S.PI.D.E.R showing a custom background I made.

Currently the S.Pi.D.E.R is functional however I have been having issues with the battery pack that I decided to use so its only fully functional when plugged into wall power.

My future plans include having the tablet fully battery powered and portable, I also plan to add custom analog controls as using the touchscreen with GQRX is a little cumbersome.

You can follow my progress and get all the updates about the project over on my Github page: https://github.com/Killer-Kat/S.Pi.D.E.R-SDR. And for all the best Cyber Security and Technology discourse remember to read the Buf-fur Overflow blog!