Posts on My Portfolio

Cyber Security Portfolio Index

Mon, 17 Jul 2023 20:19:48 -0700

Google Cybersecurity Professional Course

Security Audit: Conduct a security audit
Incident Report: Use the NIST Cybersecurity Framework to respond to a security incident
Linux Commands: Use Linux commands to manage file permissions
SQL Queries: Apply filters to SQL queries
Vulnerability Assessment: Conduct a vulnerability assessment based on NIST SP-800-30
Incident Handler’s Journal: Documenting of incident responses
File handling in Python: Using Python to maintain a security related file (allow-list_

How-to articles

Wazuh XDR and SIEM

Improving Security Posture With Wazuh

Sat, 12 Aug 2023 09:36:19 -0700

This post is continued from previous entry, Zero Cost Home Cybersecurity with WSL2 and Wazuh. We have installed Wazuh service on WSL2 and its agent on Windows. Now we are able to see various suggestions from the scan result.

Where we are

First, we want to know where we are. NIST Cybersecurity Framework defines following 5 steps to improve security posture. We want to address each steps with the activity with Wazuh.

Zero Cost Home Cybersecurity with WSL2 and Wazuh

Fri, 11 Aug 2023 10:01:43 -0700

There are many cybersecurity solutions for home usage in combination with endpoint security and network intrusion detection or prevention systems. Some of them are software packages such as McAfee and others may be provided by your ISP, such as Xfinity xFi Advanced Security which comes with ISP-specific hardware. However, it is unclear to the end users what they do, and sometimes pricy.

It is also common to network enthusiasts to set up a white-box approach with plenty of hardware equipment for a home cybersecurity stack. For example, there are many YouTube videos about how to set up a router to mirror all the traffic into IDS in a virtual machine, so that all network traffic can be monitored. However, in my humble opinion, hosting a VM that can monitor all the network traffic in and out is a very much luxury for most people.

Algorithm for File Update in Python

Wed, 26 Jul 2023 10:16:50 -0700

Back to index

Project description

This project describes an activity of updating a text file, based on the necessity of the business.

It is designed for a process to maintain allow-list-based access control list. In order to restrict access of unauthorized users, businesses are required to review the list and remove access privileges on a need-to basis. With a given list of IP addresses, the program will remove them from the allow-list and write IP addresses back to the text file.

Incident Handler's Journal

Wed, 26 Jul 2023 09:48:13 -0700

Back to index
Entry 1: Analyzing ransomeware incident
Entry 2: Analyzing phishing email
Entry 3: Following up with playbook
Entry 4: Review on incident final report
Entry 5: Using Splunk to analyze malicious logins
Entry 6: Using Chronicle to analyze phishing attempts

Entry 1

Date: 07/19/2023

Description

Ransomeware damaged a clinic.

A small U.S. health care clinic experienced a security incident on Tuesday at 9:00 a.m. which severely disrupted their business operations.

Vulnerability Assessment

Wed, 26 Jul 2023 09:21:06 -0700

NIST SP 800-30 Rev.1

Guide to assessing risk

NIST SP 800-30 is a publication that provides guidance on performing risk assessments. It outlines strategies for identifying, analyzing, and remediating risks. Organizations use NIST SP 800-30 to gain insights into the potential likelihood and severity of risks—helping them make informed decisions about allocating resources, implementing controls, and prioritizing remediation efforts.

SQL Queries

Tue, 18 Jul 2023 18:05:51 -0700

Scenario

You are a security professional at a large organization. Part of your job is to investigate security issues to help keep the system secure. You recently discovered some potential security issues that involve login attempts and employee machines.

Your task is to examine the organization’s data in their employees and log_in_attempts tables. You’ll need to use SQL filters to retrieve records from different datasets and investigate the potential security issues.

Linux Commands

Tue, 18 Jul 2023 18:05:44 -0700

Scenario

You are a security professional at a large organization. You mainly work with their research team. Part of your job is to ensure users on this team are authorized with the appropriate permissions. This helps keep the system secure.

Your task is to examine existing permissions on the file system. You’ll need to determine if the permissions match the authorization that should be given. If they do not match, you’ll need to modify the permissions to authorize the appropriate users and remove any unauthorized access.

Incident Report

Tue, 18 Jul 2023 11:00:53 -0700

Project Setup

Review the scenario below. Then complete the step-by-step instructions.

You are a cybersecurity analyst working for a multimedia company that offers web design services, graphic design, and social media marketing solutions to small businesses. Your organization recently experienced a DDoS attack, which compromised the internal network for two hours until it was resolved.

During the attack, your organization’s network services suddenly stopped responding due to an incoming flood of ICMP packets. Normal internal network traffic could not access any network resources. The incident management team responded by blocking incoming ICMP packets, stopping all non-critical network services offline, and restoring critical network services.

Security Audit

Mon, 17 Jul 2023 20:21:09 -0700

Project Setup

Summary

Perform an audit of Botium Toys’ cybersecurity program. The audit needs to align current business practices with industry standards and best practices. The audit is meant to provide mitigation recommendations for vulnerabilities found that are classified as “high risk,” and present an overall strategy for improving the security posture of the organization. The audit team needs to document their findings, provide remediation plans and efforts, and communicate with stakeholders.

CTFLearn RSABeginner

Fri, 25 Aug 2023 10:40:22 -0700

Solve RSA decoding problems when e is small enough.

Problem link | RSA Beginner

Compute factor $q$ and $p$

In order to decode RSA, we need to compute $p$ and $q$ as factor of $n$. Generally, it requires a lot of computating but we have a good resource: stored factor list.

Pip package factordb-python is useful:

import factordb.factordb import FactorDB

f = FactorDB(n)
f.connect()
factors = f.get_factor_list()

Compute $d$

$d$ is defined using $\phi$:

CTFLearn Substitution Cipher

Thu, 24 Aug 2023 01:38:00 -0700

A problem to solve substitution cipher, which as Dancing Man by Sir Authur Conan Doyle.

Problem link

The given encrypted text is:

MIT YSAU OL OYGFSBDGRTKFEKBHMGCALSOQTMIOL. UTFTKAMTR ZB DAKQGX EIAOF GY MIT COQOHTROA HAUT GF EASXOF AFR IGZZTL. ZT CTKT SGFU, MIT YSACL GF A 2005 HKTLTFM MODTL MIAF LMADOFA GK A CTTQSB LWFRAB, RTETDZTK 21, 1989 1990, MIT RKTC TROMGKL CAL WHKGGMTR TXTKB CGKSR EAF ZT YGWFR MIT EGFMOFWTR MG CGKQ AM A YAOMIYWS KTHSOTL CITKT IGZZTL, LMBST AOD EASXOF, AMMAEQ ZGMI LORTL MG DAKQL, “CIAM RG EGFMKGSSOFU AF AEMWAS ZGAKR ZGVTL OF MIT HKTHAKTFML FADT, OL ODHWSLOXT KADHAUTL OF CIOEI ASCABL KTYTKTFETL MIT HALLCGKR, CIOEI DGFTB, AFR MITB IAR SOMMST YKGFM BAKR IOL YKWLMKAMTR EGSGK WFOJWT AZOSOMB COMI AFR OFROLHTFLAMT YGK MTAEI GMITK LMWROTL, AKT ACAKRL ZARUTL, HWZSOLITR ZTYGKT CTSS AL A YOKT UKGLL HSAFL CTKT GKOUOFASSB EIAKAEMTKL OF MIT LMKOH MG CIOEI LTTD MG OM CITF MTDHTKTR OF AFR IASSGCOFU MITB’KT LODHSB RKACOFU OF UOXTL GF” HKOFEOHAS LHOMMST ROLMGKM, KTARTKL EGDOEL AKT WLT, CAMMTKLGF MGGQ MCG 16-DGFMIL AYMTK KTLOLMAQTL A DGKT EKTAM RTAS MG EASXOF GYMTF IGZZTL MG ARDOML “LSODB, “ZWM OM’L FADTR A FOUIM GWM LIT OL HGOFM GY FGM LTTF IGZZTL MIT ZGGQL AM MIAM O KTDAOFOFU ZGGQ IADLMTK IWTB AKT AHHTAKAFET: RTETDZTK 6, 1995 DGD’L YKADTL GY EASXOF UOXTF A CAUGF, LGDTMODTL MIAM LG OM’L YAMITKT’L YADOSB FG EAFETSSAMOGFLIOH CAL HKTLTFML YKGD FGXTDZTK 21, 1985 SALM AHHTAK AZLTFET OF AFGMITKCOLT OM IAHHB MG KWF OM YGK MIOL RAR AL “A SOMMST MG MGSTKAMT EASXOF’L YADOSB RKACF ASDGLM EGDDTFRTR WH ZTOFU HTGHST OFLMAFET, UTM DAKKOTR ZB A RAFET EASXOF’L GWMSAFROLOFU MIT FTCLHAHTK GK MAZSGOR FTCLHAHTK ZWLOFTLL LIGC OL GF!” AFR LHKOFML GY EIOSRKTF’L RAR’L YKWLMKAMTR ZB MWKF IWDGK, CAL HWZSOE ROASGU MITKT’L FGM DWEI AL “‘94 DGRTKFOLD” CAMMTKLGF IAL RTSOUIML GY YAFMALB SOYT CAMMTKLGF LABL LTKXTL AL AF AKMOLML OL RTLMKWEMOGF ZWLOFTLL, LHAETYAKTK GY MIT GHHGKMWFOMOTL BGW ZGMI A MGHOE YGK IOL IGDT MGFUWT-OF-EITTQ HGHWSAK MIAM OM CAL “IGF” AFR JWAKMTK HAUT DGKT LHAEOGWL EAFETSSAMOGF MIT HAOK AKT ESTAKSB OF HLBEIOE MKAFLDGUKOYOTK’L “NAH” LGWFR TYYTEM BGW MIOFQTK CAMMTKLGF ASLG UKTC OFEKTROZST LHAET ZWBL OF EGDDGFSB CIOST GMITKCOLT OM’L FADT OL FGMAZST LMGKBSOFT UAXT MIT GHHGKMWFOMOTL BGW EAFETSSAMOGF MIT “EASXOF GYYTK MG DAQT IOD OFEGKKTEM AFLCTKL CAMMTK AKMCGKQ GMITK GYMTF CIOEI OL TXORTFM MG GMITK LMKOH OL MG MITOK WLT GY KWSTL MIAM LIGCF GF LAFROYTK, CIG WLTL A EKGCJWOSS ZT LTTF “USWTR” MG MIT GFSB HTKL AFR IOL YAMITK LWHHGKM OL SWFEISOFT UAXT MITLT MIOF A BTAK OF DWSMODAMTKOAS AFR GZMAOF GF LAFMALB, IOL WLT, CAMMTKL ROASGUWT OL AF “AKMOLM’L LMAMWL AL “A ROD XOTC OF MIT TLLTFMOASSB MG DAQT IOD LTTD MG OFESWRTR MIAM EASXOF OL AF GRR ROASGUWT DGLM GY MIT ESWZ IAL TVHKTLLOGF GWMLORT AXAOSAZST MG

CTFLearn Leak Me

Tue, 22 Aug 2023 16:00:42 -0700

A problem to exploit the stack with format string attack.

Problem link

When I access the program, it

prompts a question
and it takes user input
then prints the input

$ nc rivit.dev 10003
What is your favorite format tag? some_text
some_text

The problem comes with the program source code and its binary.

#include <stdlib.h>
#include <stdio.h>

int main() {
    setvbuf(stdout, NULL, _IONBF, 0);
    setvbuf(stdin, NULL, _IONBF, 0);

    char flag[64], buffer[64];

    FILE *f = fopen("./flag.txt", "rt");
    if (f == NULL) {
        puts("No flag.txt found, contact an admin");
        return 1;
    }

    fgets(flag, 64, f);
    fclose(f);

    printf("What is your favorite format tag? ");
    fgets(buffer, sizeof(buffer), stdin);
    printf(buffer);

    return 0;
}

Since it takes user input and print, it might be a problem for buffer overflow. Let’s examine their addresses with Cutter.

CTFLearn Reykjavik

Fri, 18 Aug 2023 14:31:08 -0700

A standard problem to find the flag by dynamic reverse engineering a x64 ELF binary.

Problem link

With given executable binary, first we want to extract text from it. However, all possible text from strings command are false flags.

Let’s examine the bahavior of the program. It prompts the usage.

$ ./Reykjavik
Usage: Reykjavik CTFlearn{flag}

OK, let’s give it an another try.

$ ./Reykjavik CTFlearn{flag}
Welcome to the CTFlearn Reversing Challenge Reykjavik v2: CTFlearn{flag}
Compile Options: ${CMAKE_CXX_FLAGS} -O0 -fno-stack-protector -mno-sse

Sorry Dude, 'CTFlearn{flag}' is not the flag :-(

From all the external observation, we can assume the code is something like following psuedo code.If the original program is structured like this, we can obtain the flag from the memory when it compares with parameters.

CTFLearn Impossible Equation

Fri, 18 Aug 2023 09:44:48 -0700

A problem to exploit the input guard using math.

Problem link

The problem statement is:

$ nc rivit.dev 10011
X * 212103456793011 = 183057226632645
X = ?

It seems we want to compute the number of x:

$$ x = \frac{183057226632645}{212103456793011}$$

If you compute it, it should be something like 0.8630563094088945586. However, it won’t give you the flag because x must be an integer. That said we need to overflow.

$$ 212103456793011x = 183057226632645 \mod{2^{64}} $$

CTFLearn AndhraPradesh

Thu, 17 Aug 2023 10:04:41 -0700

A problem to reverse engineer and find the correct condition.

Problem link

In this challenge, I have to change the value of con1~~con5 in order to pass tests in _start~~test4.

; Andrha Pradesh Assembler Challenge for CTFLearn
; This challenge focuses on cmp, je and jne

section .data
    welcome db "Hello CTFlearn Andhra Pradesh Assembler Challenge!",0x0a,0x00
    noflag db "Sorry no flag for you :-(",0x0a,0x00
    alldone db "All Done!",0x0a,0x00
    baddata db "Baad Data!",0x0a,0x00
    congrats db "Congrats!! You found the flag!!", 0x0a, 0x00
    data    dw 0xbb35,0xbb4c,0xbb3a,0xbb54,0xbb5b,0xbb57,0xbb66,0xbb52,0xbb5d,0xbb30,\
               0xbb5f,0xbb5c,0xbb5b,0xbb66,0xbb57,0xbb56,0xbb57,0xbb5c,0xbb41,0xbb4c,\
               0xbb5b,0xbb54,0xbb6b,0xbb59,0xbb6b,0xbb63

;   ###################################################################
;   Change the values of these five constants to solve the challenge
    con1 db ??? ; C syntax for hex constant
    con2 db ???  ;
    con3 db ???
    con4 db ????h   ; this form for hex constants is popular among assembly language programmers
    con5 db ????h
;   ####################################################################
;   Do not change any code below here

section .bss
    buffer resb 32

section .text
    global _start

_start:
    xor r8, r8      ; init the exit status to 0

    mov rax, 1      ; sys_write system call
    mov rdi, 1      ; stdout (write to screen)
    mov rsi, welcome   ; memory location of string to write
    mov rdx, 51     ; number of characters in string to write
    syscall

    xor rax, rax    ; clear the rax register
    mov al, [con1]  ; move the value of con1 to the low byte of rax
    cmp al, 0xab
    je _test2

    mov r8, 1       ; exit status
    jmp _noflagforyou

_test2:
    xor rax, rax
    mov al, [con2]
    cmp al, 0xcb
    jne _test3

    mov r8, 2       ; exit status
    jmp _noflagforyou

_test3:
    mov r8, 3       ; exit status
    xor rax, rax
    mov al, [con3]
    cmp al, 0x20
    ja  _noflagforyou

    mov r8, 4       ; exit status
    xor rax, rax
    mov al, [con3]
    cmp al, 20h
    jb _noflagforyou

_test4:
    ; https://en.wikibooks.org/wiki/X86_Assembly/X86_Architecture
    mov r8, 5h      ; exit status
    xor rax, rax
    mov al, [con4]
    mov ah, [con5]
    cmp ax, 0baadh
    jne _noflagforyou

    mov r8, 6h      ; exit status
_checkflag:
    xor rdx, rdx    ; clear the rdx register
    xor rcx, rcx    ; init the rcx counter to zero
    xor rbx, rbx    ; clear the rbx register
    mov bl, BYTE [con1]
    add bl, BYTE [con3]
    mov dl, BYTE [con4]
    mov dh, BYTE [con5]

_Loop1:
    xor rax, rax
    mov ax, WORD [data+rcx*2]
    sub ax, dx

    xor rax, rbx

    cmp rax, 32
    jb _baddata
    cmp rax, 126
    ja _baddata

    mov [buffer+rcx], BYTE al
    inc rcx
    cmp rcx, 26
    jb _Loop1
    mov [buffer+rcx], BYTE 0x0a

_printcongrats:
    mov rax, 1      ; sys_write system call
    mov rdi, 1      ; stdout
    mov rsi, congrats ; memory location of string to write
    mov rdx, 32     ; number of characters in string to write
    syscall

_printflag:
    mov rax, 1      ; sys_write system call
    mov rdi, 1      ; stdout
    mov rsi, buffer ; memory location of string to write
    mov rdx, 27     ; number of characters in string to write
    syscall

    mov r8, 0h      ; exit status
    jmp _alldone

_baddata:
    mov rax, 1      ; sys_write system call
    mov rdi, 1      ; stdout
    mov rsi, baddata ; memory location of string to write
    mov rdx, 11     ; number of characters in string to write
    syscall
    jmp _alldone

_noflagforyou:
    mov rax, 1      ; sys_write system call
    mov rdi, 1      ; stdout
    mov rsi, noflag ; memory location of string to write
    mov rdx, 26     ; number of characters in string to write
    syscall

_alldone:
    mov rax, 1      ; sys_write system call
    mov rdi, 1      ; stdout
    mov rsi, alldone ; memory location of string to write
    mov rdx, 10     ; number of characters in string to write
    syscall

_byebye:
    mov rax, 60     ; exit system call
    mov rdi, r8     ; return code saved in register r8
    syscall

The following table shows each conditional instruction work.

CTFLearn Programming a Language

Wed, 16 Aug 2023 15:46:18 -0700

A problem to implement a stack machine.

Problem here

This problem asks to program a stack machine. My Python3 answer is below. The size of stack is unchecked.

from collections import deque
import sys

class StackLang:
    def __init__(self):
        self.stack = deque()
        self.stack.append(0)
    def run(self, filename):
        with open(filename, 'r') as file:
            txt = file.read()

        for i in txt:
            if i == '-':
                self.minus()
            elif i == '+':
                self.plus()
            elif i == '>':
                self.gt()
            elif i == '<':
                self.lt()
            elif i == '@':
                self.at()
            elif i == '.':
                self.dot()
            elif i == '€':
                self.euro()

    def minus(self):
        value = self.stack.pop()
        value = value - 1
        self.stack.append(value)

    def plus(self):
        value = self.stack.pop()
        value = value + 1
        self.stack.append(value)

    def gt(self):
        value = self.stack.popleft()
        self.stack.append(value)

    def lt(self):
        value = self.stack.pop()
        self.stack.appendleft(value)

    def at(self):
        value1 = self.stack.pop()
        value2 = self.stack.pop()
        self.stack.append(value1)
        self.stack.append(value2)

    def dot(self):
        value = self.stack.pop()
        self.stack.append(value)
        self.stack.append(value)

    def euro(self):
        ls = [ chr(i) for i in self.stack]
        print("".join(ls))


def main(argv, arc):
    print(argv)
    machine = StackLang()
    machine.run(argv[1])

if __name__ == '__main__':
    main(sys.argv, len(sys.argv))

Takeaways

This is an quintessential problem to building a stack machine. First I thought I should write it in Scala because it would make the code clearer with (1) case class will comply to the BNF, (2) the parser combinator will help DSL construction with the separation of instructions and parser.

CTFLearn Tone Dialing

Wed, 16 Aug 2023 10:53:23 -0700

A problem that encodes the flag into wave file.

Problem here

This problem consists of two parts:

Obtain the code from wav file
Decode

Obtain the code from wav file

I used dtmf-decoder that extract the tone dialing as decimal.

I already have Python3 environment and I don’t want to mess it up. I made a modification of its installation.

$ git clone https://github.com/ribt/dtmf-decoder.git
$ cd dtmf-decoder/
$ python3 -m pip install -r requirements.txt --upgrade
$ chmod +x dtmf.py
$ cp dtmf.py ~/bin/dtmf

Then I simply run the command and obtain the code.

Vulnerability Assessment Report

Wed, 26 Jul 2023 09:13:34 -0700

Back to Vulnerbility Assessment

System Description

The server hardware consists of a powerful CPU processor and 128GB of memory. It runs on the latest version of Linux operating system and hosts a MySQL database management system. It is configured with a stable network connection using IPv4 addresses and interacts with other servers on the network. Security measures include SSL/TLS encrypted connections.

Scope

The scope of this vulnerability assessment relates to the current access controls of the system. The assessment will cover a period of three months, from June 20XX to August 20XX. NIST SP 800-30 Rev. 1 is used to guide the risk analysis of the information system.

Apply Filters to SQL Queries

Tue, 18 Jul 2023 18:39:54 -0700

Back to SQL Queries

Project description

This project is for investigating security issues to help keep the system secure. Based on findings that some potential security issues involve login attempts and employee machines. We use SQL filters to retrieve records from different datasets and investigate potential security issues.

In order to list all after-hours failed logins, which are suspicious in this case, we performed a SQL query as follows. Since hour regular hour ends at 18:00:00, we set the condition accordingly.

File Permissions in Linux

Tue, 18 Jul 2023 18:10:51 -0700

Project description

This project repairs file permissions to its appropriate status.

Check file and directory details

After performing the command, ls -la in the /home/researcher2/projects/ directory, we found the following status.

Describe the permissions string

In the /home/researcher2/projects directory, there are five files with the following names and permissions:

project_k.txt: -rw-rw-rw-
- User = read, write
- Group = read, write
- Other = read, write
project_m.txt: -rw-r-----
- User = read, write
- Group = read
- Other = none
project_r.txt: -rw-rw-r--

Incident Report Analysis

Tue, 18 Jul 2023 10:55:20 -0700

Back to incident report

Incident report analysis

Instructions

As you continue through this course, you may use this template to record your findings after completing an activity or to take notes on what you’ve learned about a specific tool or concept. You can also use this chart as a way to practice applying the NIST framework to different situations you encounter.

Summary

The organization recently experienced a DDoS attack, which compromised the internal network for two hours until it was resolved.

Stakeholder Memorandum

Mon, 17 Jul 2023 21:04:23 -0700

Back to Security Audit

Stakeholder memorandum

TO: IT Manager, Stakeholders
FROM: Kazuhiro Funakoshi
DATE: 07/13/2023
SUBJECT: Internal IT Audit Findings and Recommendations

Dear Colleagues,

Please review the following information regarding the Botium Toys internal audit scope, goals, critical findings, summary and recommendations.

Scope

The following systems are in scope: accounting, endpoint detection, firewalls, intrusion detection system, security information and event management (SIEM) tool.
Ensure current user permissions, controls, procedures, and protocols in place align with necessary compliance requirements.

Compliance Checklist

Mon, 17 Jul 2023 21:00:47 -0700

Back to Security Audit

[ ] The Federal Energy Regulatory Commission - North American Electric Reliability Corporation (FERC-NERC)

The FERC-NERC regulation applies to organizations that work with electricity or that are involved with the U.S. and North American power grid. Organizations have an obligation to prepare for, mitigate, and report any potential security incident that can negatively affect the power grid. Organizations are legally required to adhere to the Critical Infrastructure Protection Reliability Standards (CIP) defined by the FERC.

Controls Assessment

Mon, 17 Jul 2023 20:52:21 -0700

Back to Security Audit

Controls Assessment

Current assets

Assets managed by the IT Department include:

On-premises equipment for in-office business needs
Employee equipment: end-user devices (desktops/laptops, smartphones), remote workstations, headsets, cables, keyboards, mice, docking stations, surveillance cameras, etc.
Management of systems, software, and services: accounting, telecommunication, database, security, ecommerce, and inventory management
Internet access
Internal network
Vendor access management
Data center hosting services
Data retention and storage
Badge readers
Legacy system maintenance: end-of-life systems that require human monitoring

Administrative Controls

Least Priviledge: Needs to be implemented; High
Preventative; reduces risk by making sure vendors and non-authorized staff only have access to the assets/data they need to do their jobs
Disaster recovery plans: Needs to be implemented; Medium
Corrective; business continuity to ensure systems are able to run in the event of an incident/there is limited to no loss of productivity downtime/impact to system components, including: computer room environment (air conditioning, power supply, etc.); hardware (servers, employee equipment); connectivity (internal network, wireless); applications (email, electronic data); data and restoration
Password policies: Needs to be implemented; Medium
Preventative; establish password strength rules to improve security/reduce likelihood of account compromise through brute force or dictionary attack techniques
Access control policies: Needs to be implemented; High
Preventative; increase confidentiality and integrity of data
Account management policies: Needs to be implemented; High
Preventative; reduce attack surface and limit overall impact from disgruntled/former employees
Separation of duties: Needs to be implemented; High
Preventative; ensure no one has so much access that they can abuse the system for personal gain

Technical Controls

Firewall: Preventative; firewalls are already in place to filter unwanted/malicious traffic from entering internal network
Intrusion Detection System (IDS): Detective; allows IT team to identify possible intrusions (e.g., anomalous traffic) quickly
Encryption: Needs to be implemented; Medium
Deterrent; makes confidential information/data more secure (e.g., website payment transactions)
Backups: Needs to be implemented; Medium
Corrective; supports ongoing productivity in the case of an event; aligns to the disaster recovery plan
Password management system: Needs to be implemented; Medium
Corrective; password recovery, reset, lock out notifications
Antivirus (AV) software: Needs to be implemented; High
Corrective; detect and quarantine known threats
Manual monitoring, maintenance, and intervention: Needs to be implemented; Medium
Preventative/corrective; required for legacy systems to identify and mitigate potential threats, risks, and vulnerabilities

Physical Controls

Time-controlled safe: Needs to be implemented; Low
Deterrent; reduce attack surface/impact of physical threats
Adequate lighting: Needs to be implemented; Low
Deterrent; limit “hiding” places to deter threats
Closed-circuit television (CCTV) surveillance: Needs to be implemented; High
Preventative/detective; can reduce risk of certain events; can be used after event for investigation
Locking cabinets (for network gear): Needs to be implemented; High
Preventative; increase integrity by preventing unauthorized personnel/individuals from physically accessing/modifying network infrastructure gear
Signage indicating alarm service provider: Needs to be implemented; Low
Deterrent; makes the likelihood of a successful attack seem low
Locks: Needs to be implemented; Low
Preventative; physical and digital assets are more secure
Fire detection and prevention (fire alarm, sprinkler system, etc.): Needs to be implemented; High
Detective/Preventative; detect fire in the toy store’s physical location to prevent damage to inventory, servers, etc.

Posts on My Portfolio

Cyber Security Portfolio Index

Google Cybersecurity Professional Course

How-to articles

Improving Security Posture With Wazuh

Where we are

Zero Cost Home Cybersecurity with WSL2 and Wazuh

Algorithm for File Update in Python

Project description

Incident Handler's Journal

Entry 1

Description

Vulnerability Assessment

NIST SP 800-30 Rev.1

Guide to assessing risk

SQL Queries

Scenario

Linux Commands

Scenario

Incident Report

Project Setup

Security Audit

Project Setup

Summary

CTFLearn RSABeginner

Compute factor $q$ and $p$

Compute $d$

CTFLearn Substitution Cipher

CTFLearn Leak Me

CTFLearn Reykjavik

CTFLearn Impossible Equation

CTFLearn AndhraPradesh

CTFLearn Programming a Language

Takeaways

CTFLearn Tone Dialing

Obtain the code from wav file

Vulnerability Assessment Report

System Description

Scope

Apply Filters to SQL Queries

Project description

Retrieve after hours failed login attempts

File Permissions in Linux

Project description

Check file and directory details

Describe the permissions string

Incident Report Analysis

Incident report analysis

Instructions

Summary

Stakeholder Memorandum

Stakeholder memorandum

Scope

Compliance Checklist

[ ] The Federal Energy Regulatory Commission - North American Electric Reliability Corporation (FERC-NERC)

Controls Assessment

Controls Assessment

Current assets

Administrative Controls

Technical Controls

Physical Controls