Cybersecurity Unit 3 - Cryptography & Command Line Tools

What are transistors?

tiny switches can be turned off or on

How do computers work?

Computers contain a large number of transistors which can each be turned off or on

What are bits?

Each transistor in a computer is either flipped on or off

Each flip of the switch is known as a “bit” or binary digit

All communications to the computer processor happen through bits

What does 0 represent for bits?

An OFF state

What does 1 represent for bits?

1 represents an ON state

What are some key ideas behind talking to a computer?

Key Idea 1:

• Computers only understand electrical signals going through their transistors. These signals are known as bits

• When we use only two numbers- 1 and 0- it is called binary number system

• When we combine lots of bits into binary numbers we can create code that delivers text, videos, applications and so much more

Key Idea 2:

• Humans don’t know how to communicate in binary so our computer needs to figure out a way translate our language to bits

What are the steps to converting code to bits?

1. I write some code using a language that humans understand → such as with Python, Java, etc.

2. Computer language includes a compiler which takes my code and converts instructions into machine language

Machine language

Machine language is in binary numbers which my computer understands

Computers are designed to use groupings of _____ bits which is referred to as a _____

8, byte

In a computer, one byte represents _________

single addressable storage location

What do four bits refer to?

a nibble

What is ASCII? How does it work?

• operating system includes the ASCII code which uses binary numbers to represent keyboard characters

• Process:

  • You press character on keyboard

  • ASCII code recognizes the key to correspond with a certain number (say 66)

  • Translates that number into the binary number version in machine language

What is the decimal number system?

base 10 because there are 10 possible digits (0 through 9)

to make numbers larger than 9 we use the position of a digit to determine its value as each position is a multiple of 10

What is the binary number system?

called base 2 because there are two possible digits that can be used (0 and 1)

To make numbers larger than 1 we use the position of a digit to determine its value. Each position a multiple of 2.

Converting digits from binary to decimal

multiply each value by 2^x starting from x=0 for the place value

Converting digits from decimal to binary

Start dividing the decimal number by 2, track the remainder, and repeat the process until you get to 0

then reverse the remainder list to get binary number

What is the hexadecimal number system?

base 16 because there are 16 possible digits that can be used

• 0 through 9

• A(10), B(11), C(12), D(13), E(14), F(15)

To make numbers larger than 15 we use the position of a digit to determine its value. Each position is a multiple of 16

Converting digits from hexadecimal to decimal

multiply each value by 16^x starting from x=0 for the place value

Converting digits from decimal to hexadecimal

Start dividing the decimal number by 16, track the remainder, and repeat the process until you get to 0

then reverse the remainder list to get binary number

Why do computers need to use hex? Ugh, why another number system?

Efficiency and ease of use for both the computer and humans

• binary takes 8 bits - i.e. 8 binary digits - to write a number. If there are multiple binary numbers, it can take up a lot of space. also kind of hard to remember binary numbers

• However, in hexadecimal we can write the same number using 2 hex digits. One hex digit can be used for every 4 bits so it takes up less space

How are hex numbers often indicated?

0x, \x, or #

eg. (don’t memorize j know)

Basic computer instructions – aka assembly language: 0x014B4820

Memory locations in error messages: 0xF95C

Colors in HTML for websites: #0000FF

MAC addresses in networking: E6-B3-18-C7-53-2B

What is encoding?

any process used to convert data into a specified numerical format

• eg. ascii to binary

What is the difference between encoding and encryption?

NOT THE SAME THING

For encoding, the data is just represented by computer in a different form than our usual alphabet, so humans may not recognize them easily. 

However, unlike encryption, there’s nothing secret (no key/guarantee of security). Its just a translation of format

Encoding using binary?

Use ASCII to convert number to decimal and then convert to binary

Encoding using hexadecimal?

designated with 0x, \x, or #

Use ASCII to convert number to decimal and then convert to binary to hexadecimal or directly from decimal to hexadecimal

Encoding using Base64?

• Uses 64 printable characters to represent binary in 6-bit chunks

• Typically uses these characters (sums up to 64): A-Z, a-z, 0-9, +, /

• Sometimes, appends these characters to the end: =, ==

• used to encode image/sound files (nontext) for embedding into text-based documents

• convert with Base64 encoder/decoder program

Encoding using hashing

Review of hashing: applying an algorithm to data input

• no key is used so the hash can be repeatably encoded by anyone using the correct hashing algorithm

• hashing algorithms always produce same size output regardless of input size

• can use online or command line tool to encode

• ** can’t decode

What are some hashing algorithms?

MD5, SHA1, SHA256, RIPEMD

How can encoding be used by threat actors to hide information

encoding isn’t encryption so it can’t be used to protect confidentiality

but… can be used to hide info:

• obfuscation

• exfiltration

Obfuscation

hiding of intended meaning in communication, making communication confusing, willfully ambiguous, and harder to interpret

Exfiltration

unauthorized transfer of data from a computer to smuggle information out of an organization

Cryptography

scrambling data so that it looks like babble to anyone except those who know the trick (ie. key) to decode it

Algorithm (aka Cipher)

precise set of instructions that tell programs how to scramble and unscramble data using key)

Plaintext

decrypted or unencrypted data

Ciphertext

data that has been encrypted

Cryptanalysis

Attempting to break a cryptographic system and return encrypted message to plaintext

What are the two traditional methods for encryption?

1. substitution: replacement of a character with a different character

2. transposition: changing the order of items

Monoalphabetic cipher

same letter is used as a substitute every time

What is the Caesar Cipher?

• rotation/shift cipher

• contains an algorithm and key

  • algorithm: offset alphabet either to the right (forward)/left (backward)

  • key: how many letters the offset should be (the traditional key is to shift forward by 3)

What is a cipher wheel?

tool to encrypt/decrypt shift ciphers

Polyalphabetic ciphers

substitution based on multiple alphabets using a system to switch between them

How does a viganere cipher work?

1. create an alphabet grid where A-Z for rows and A-Z for columns

2. Have a plaintext and a password

3. Match plaintext to password (eg. with Plaintext=SCHOOLS and Password=LEARN, matching would be SCHOOLS=LEARNLE

4. Go along grid with column for plaintext and row for password and find encoded letters

What is a possible way to solve substitution ciphers?

can often be solved through frequency analysis

• use knowledge about frequency of letters and groups of letters used in a language and then look for this pattern in the ciphertext

basically pattern-matching most frequently used letters in language with ciphertext most frequent letters

Most frequently used letters in English

E and T

How can transposition ciphers be cracked?

Say the cipher text is Ciphertext: AXD WLNA IOI MLSRVUIINTINNFTHNEEE G and our key is 6

we can arrange the letters into 6 columns to find the original plaintext

What is the One-Time Pad (OTP)?

Definition: encryption method where pre-shared key is used only once. capturing or stealing key is useless since it will not be used again to encrypt

What are pros of the One-Time Pad?

statistically unbreakable representing the beginning of provable secure encryption

Cons of one-time pad

Dependent on random pad generation

requires both parties to have the identical pad and start from the same point on the pad

impractical for most common applications:

• large pads required

• hard to generate truly random numbers

• hard to get pad to both parties

Historic vs modern cryptography?

Historic:

• Uses a mix of scrambling and substitution techniques

• Security based on how hard it “looks” to decipher message

• designed to work with written language

• typically used for secrecy and also should only be used for fun

Modern:

• uses strong mathematics and scientifically-studied principles

• security based on rigorous proofs

• designed to work with numbers and digital data

• can be used in many ways to provide confidentiality and integrity

• should be used to protect sensitive data

For a Vigenere Cipher, does increasing the length of the key make a difference in how well the message is hidden? Why or why not?

yes, because letters won’t repeat as much so hackers will have a harder time deciphering patterns

You can use the Vigenère tool to apply a traditional Caesar cipher! What key should you use?

one-letter key

for traditional (shift forward of 3 → D)

t/f Linux is case-sensitive

true

How to avoid retyping long commands?

using up/down arrow keys

What can TAB be used for?

autocomplete typing filenames

How to go back to an empty command prompt?

clear

What is the grep command used for?

powerful search tool that can be used with many options

What are some possible ways to use the grep command?

1. Can be used to find a word inside a file (grep keyword text.txt)

2. Can use the -i option which ignores capitalization so it’ll find keyword or Keyword (grep -i keyword text.txt)

3. use single quotes ‘ ‘ = search for a phrase or pattern (grep ‘any group of words’ text.txt)

4. grep -v: display lines that do NOT match

5. grep -n: precede each matching line with the line number

6. grep -c: prints only the total count of matched lines

t/f can use multiple options of grep at the same time (eg. grep -ivc)

True

What does it mean to specify a file or directory as a relative path?

means you are specifying where it sits relative to the directory you’re in right now. Command on the file will only work if that file exists in the current directory.

What does it mean to specify a file or directory as a absolute path?

means you are specifying where it sits on the computer in absolute terms, starting from the top level (/)

if you use an absolute path, the command will do the same thing no matter what directory you are in when you execute the command

What is the difference between absolute and relative paths?

absolute paths start with a slash

relative paths don’t start with a slash

What if you want the results of a command to be saved to file instead rather than for them to be displayed on the screen

can use the “greater than” redirect symbol after the command and give it a file name

ls > listoffiles.txt

How to add data from a command to an existing file?

can use the append symbol

» = append standard output to file

eg. cat animals.txt >> fruit.txt

What is the sort command?

sort command will sort data on the screen or in a wile

What are some ways to use the sort command?

sort: Sorts alphabetically

sort -r: Sorts in reverse alphabetic order

sort -R = Sorts into a random order

Can use

• Wildcard =* - represent ‘anything’ (eg. sort *.txt)

• pipe = | - takes the output from one command and sends it as an input to a second command (ls | sort)

Why do we need all this command line?

When there is a suspicion of malware or a data breach in a network, investigators will need to perform an initial assessment of whether a specific system ahs been affected

There’s a small set of Linux commands which can be used to quickly investigate the filesystem and activity on a computer or device (file, find, history, tree or ls -R)

Scripts are used to perform small tasks on computers. These can be created by IT administrators for valid purposes, but often they are included as part of a malware infection

How to investigate what files are on my device?

tree or ls -R: get a listing of the entire directory structure of folders and files

• shows everything that is contained ina. folder and its subfolders

• listing will start from current folder

(tree is a program that must be instlaled)

these commands are useful as threat actors often bury “bad” files deep in a directory to avoid detection. Instead of typing ls for every directory in a system, these commands make it easier to skim through large number of folders/sub-folders

How to investigate what file this is?

file <filename> = will output information about the file format such as text, jpg, doc, mp3, exe, etc. Often it will even include what software and version used to create the file.

Windows OS relies on the file extension -.txt or .jpg- to decide what application to use in opening the file. Threat actors take advantage of this by changing extensions on files like executables or zip files to avoid suspicion

Linux OS doesn’t care about file extensions. It instead uses data in the file properties to correctly identify the file format type. Using the file command makes it easy for an IT administrator to spot files that have incorrect extensions

How to check if a specific file is on my device and if so where?

use the file command

find <directory> <option> <item> allows you to find a file by its name or by the username who owns it or by another option

<option> can be either -name or -user

eg. sudo find /home/adminuser/Documents -name secret.txt

recommend using sudo when running the find command or else there will be a lot of “permission denied” listings in the rest”

How to investigate what activity has recently taken place on my device?

every user has a hidden file in their home folder called .bash_history

history will display the command history of the current active user

to display the history of another user without being logged in as them you can do: sudo cat /home/<username>/.bash_history

history -c will clear the current command history

How many commands are saved in the history for the Ubuntu VM

1000 commands

What is /var/log/

contains many program logs which you can use grep on

What is the shell?

command line interface based on an operating system and specific scripting language syntax

opening a terminal window on PC will start the shell for that operating system

What are the two shells offered by Windows?

• DOS or PowerShell

  • don’t use same commands and syntax but there is some overlap

What does Linux use by default?

BASH

What are scripts/batch files?

in command line, you can create small working programs without knowing a full programming language like Python or C++. Depending on your shell, it is called a batch file or script

• Scripts often used by IT professionals to automate small tasks like starting a service at a certain time or making changes to a large number of files. This makes it easier and faster to perform repetitive and tedious tasks

• Scripting does have some security risks as it can make it easier for threat actors to run commands on a target system. They create malware that can open a shell and execute scripts to perform malicious actions like stealing files or opening a backdoor.