Student ID:

Cyber concepts and techniques

Portfolio
Table of Contents
Introduction...........................................................................................................................................2
Exercise 01: Software Security...............................................................................................................2
Buffer Overflow:...............................................................................................................................4
Protection/Mitigation.....................................................................................................................4
Stack Overflow:.................................................................................................................................4
Protection/Mitigation:....................................................................................................................5
Hard-coded Password in the Binary:.................................................................................................5
Protection/Mitigation:....................................................................................................................5
Other Issues:......................................................................................................................................5
Protection/Mitigation:....................................................................................................................5
Exercise 02: 2a:.....................................................................................................................................6
2b. ASLR (Address Space Layout Randomization) in Linux:................................................................7
2c: Passive Information Gathering:...................................................................................................8
Usefulness in Active Scanning and Exploitation:..............................................................................8
Exercise 5: Listening, Snooping, Interception.......................................................................................9
Exercise 6: Design and Implementation of Secure Networking in Amazon VPC:...............................11
References...........................................................................................................................................13
Introduction
Cybersecurity is a vital part of information technology that involves the knowledge in
programming as well as core threats and advanced cyber security tools. This portfolio
addresses learning objectives without which practical exercises and written reports would not
demonstrate competence in programming from a cybersecurity angle. The four exercises that
are featured in this portfolio introduce several aspects of cybersecurity, ranging from software
security vulnerabilities to memory models passivity information gathering network protocol
exploitation and finally security auditing.

In Exercise 1, we analyze a provided binary executable and its C source code that correspond
to it identifying software vulnerabilities like the buffer overflow one along with hard-coded
passwords. In Exercise 2, memory models and the effects of ASLR in Linux are investigated.
Passive data collection is the subject of Exercise 3 in which we look at public sources and
collect useful information regarding a computer science department. Exercise 4 analyzes the
process of security auditing to find out differences in logging approaches between Windows
and Linux, which is then followed by a hands-on lab with log file creation and rotations on a
Linux VM.

Exercise 01: Software Security

The given C code is prone to various software vulnerabilities. Let’s discuss each one and
suggest possible protections or mitigations:

Buffer Overflow:
 The buffer array has 15 characters that are used by the scanf function in order to read
data from a user. If the user enters more than 14 characters, this may lead to a buffer
overflow.
 An attacker may supply a string that is much longer than buffer size, overwriting
adjacent memory and changing program control flow.

Protection/Mitigation
 Provide safer input functions like fgets which only read a limited number of
characters.
 Validate the input length to make reject or truncate if it exceeds buffer size.
 Write in safer programming language or use libraries that deal with the buffer
overflows more safely.
Here is a diagram that shows the buffer overflow vulnerability:

Stack Overflow:
 Vulnerability is the buffer array is placed on the stack, and a stack overflow may
happen if there are too many inputs.
 Exploit an adversary might use too long a string that may lead to either system crash
or arbitrary code execution.

Protection/Mitigation:
 Use dynamic memory allocation (heap) for sensitive data.
Carry out appropriate bounds checking on user input.
 Use contemporary programming practices like employing safer string handling
functions.

Hard-coded Password in the Binary:

Vulnerability: The source code contains hardcoded password “passw0rd” which is a security
risk.
Exploit: The attackers may analyse the binary and then get hold of hard-coded password
enabling them to log in unauthorized.

Protection/Mitigation:
  Store passwords safely, preferably using the high-grade encryption.
 Use a password management system that is safe.
 Do not encode passwords as they are; instead, use reliable authentication tools.

Other Issues:

Vulnerability: Use scanf without field size may cause unexpected behaviour to accept more
characters than the buffer.

Exploit: Akin to the buffer overflow vulnerability, an attacker could supply a large string in
order to influence program functioning.

Protection/Mitigation:

 Include a field width in the scanf function to restrict the number of characters read.
 The use of input functions that are safer to allow control over the length of the inputs.
Exercise 02: 2a:
When it is run, the program works within a process that takes place in memory of computer.
Here’s a simplified memory model:

Text Segment: Contains the compiled program code. It is normally tagged as read-only to
prevent any unintentional changes.

Data Segment: Stores initialized global and static variables. Values are mutable at runtime.
BSS Segment: Has uninitialized global and static variables. Memory is allotted but not
initialized to zero.

Shared Libraries: Code and data shared among multiple programs.

Heap: The allocation of memory in this section is dynamic. The size can also increase and
decrease during runtime.

Stack: It saves local variables, function call information including return addresses and base
pointers which are used for controlling procedure calls.
2b. ASLR (Address Space Layout Randomization) in Linux:

ASLR Enabled:

Randomized base addresses: ASLR dynamically reorganizes the basic addresses of all memory areas
for each execution. This hinders attackers from knowing hard-coded locations for the attacker so as
to carry out targeted attacks such as buffer overload or code instantiation.
Dynamic memory allocation: When the operating system sorts out a process to be executed, it
randomly takes addresses from all available memory area. Such randomness is responsible for the
different layout of memory for any instance.
Security benefit: Thus, ASLR makes memory locations unpredictable; by rendering the addresses of
locations in the program where buffers are to be stored inconsistent and unexpected, this system
significantly increases the attacker’s adversity often situations.
2. ASLR Disabled:
Fixed base addresses: In the case of ASLR’s option disabling, O/S is always applying same
addresses into himself to allocate memory regions for each execution process. This
predictability reduces the effort attackers might have to put in attempting their exploitation of
the system.
Static memory allocation: In case of a fixed layout, the attackers are quickly able to access
the base addresses for all types of memory regions with ease and very easily lead to take
advantage using known offsets.
Security risk: The system’s defence to memory-based attacks is severely weakened by
disabling ASLR; this will be further highlighted in the attack path equilibrium chapter.
2c: Passive Information Gathering:
When conducting passive information gathering in a tertiary education setting, a penetration
tester might collect the following information from public sources:
University Website:
Know the Computer Science department structure, faculty details and their positions as well
as contacts.
Identify ongoing research areas and projects.
Social Media:
Investigate LinkedIn on lecturer’s, senior lecturer and administrator profiles.
Obtain more information regarding their skills, contacts and passions.
Research Publications:
Look for publications, conference papers, and faculty-led research initiatives.
Understand the vulnerable areas and focus points on their research.
News Articles:
Try to find any news stories regarding the department, such as partnerships, successes or had
been involved in problems.
Online Forums and Blogs:
Take part or view forums of computer science education.
Blogs can be personal opinions or give details about the department.

Usefulness in Active Scanning and Exploitation:

The gathered information can be useful in the following ways:
Spear Phishing: Design tailored phishing emails reflecting faculty interests or current
activities.
Social Engineering: Use personal information for social engineering attacks, like posing as a
trusted contact.
Exploitation: Use knowledge about current research to determine possible weaknesses in the
software or systems being developed.
Password Attacks: Information about the staff can be used for password guessing attacks,
especially in case workers reuse their credentials.
Physical Security: Physical security defects may be subverted using stored department
administrators and technicians information.
It is necessary for organizations to know information publicly accessible about them and put
the security mechanisms in place that prevent exploitation based on this information.
Exercise 5: Listening, Snooping, Interception
Here is a brief survey of the kind of network and application traffic that an intruder may find
useful for the purpose of further compromise into the network or the systems thereof:
1. DNS Traffic: Intruders may detect DNS traffic in order to find out internal hostnames and
IP addresses. This information can be exploited by initiating attacks on specific systems such
as web servers and file servers.

2. DHCP Traffic: With DHCP traffic, the number of devices that are connected to a network
as well their IP addresses can be determined. This knowledge allows to carry out ARP
spoofing and IP Spoof attack. The intruder sends ARP spoofed packets that connect the MAC
address to another device’s IP. This, in turn, may enable an intruder to snuff traffic or
impersonate another device.
3. Web Traffic: For an intruder, web traffic can be a great resource of information. Through
web traffic monitoring, the intruder can determine which types of applications are being used
by the company and know login credentials along with even figure out sensitive data that not
transferred encrypted. An attacker could perform a MITM to eavesdrop on web traffic or
modify the content of pages served from websites.
4. File Server Traffic: File server traffic can expose the location of confidential files and
permissions assigned to these files. This information can be used by intruders to carry out
attacks of types like brute-force attack or privilege escalation attack.
5. Print Server Traffic: The way in which a print server communicates may contain
sensitive information such as usernames, passwords, and documents. This traffic could be
intercepted by an intruder to steal this information.
Passive Attack Example
A possible passive attack on this network is a DNS reconnaissance. In such an attack an
intruder would monitor the DNS traffic to identify internal hostnames and IP addresses of
company’s systems. Such information could then be utilized during targeted attacks on those
systems.
Active Attack Example
A specific active attack on this network is the ARP spoofing. In this action, an attacker would
send false ARP packets that attempt to associate its MAC address with the IP of another
device on a network. This would enable the intruder to intercept traffic or masquerade as
another device.
Security Critique
For several reasons, this network’s security is weak. Second, there is only one subnet under
which all the network devices are visible to each other. This simplifies the launch of attacks
on any device present in a network. Second, there is no firewall or intrusion detection system
that would serve as a mechanism for monitoring and blocking malicious traffic. Lastly, the
network does not seem to be segmented; thus, if an intruder has hacked into a system they
could easily gain access of other systems on this same network.
Here are some recommendations for improving the security of this network:
Division the network into several different subnetworks for devices of various kinds.
Put in place a firewall and an intrusion detection system to filter out malicious traffic.
Adopt strong passwords and use multi-factor authentication of all accounts.
Train employees in security awareness.

Following these guidelines will help the company make their network more secure and less
susceptible to attack.
Exercise 6: Design and Implementation of Secure Networking in Amazon VPC:

VPC Creation:
First, create a new VPC in the target AWS region. Specify the IP address range for the VPC.
Subnet Configuration:
Create two subnets within the VPC: one public subnet for the webserver and another private
subnet to host database.
Link the public subnet to a route table that has an implicit outbound traffic routed into
Internet Gateway.
Internet Gateway:
Make an Internet Gateway and connect it with the VPC.
For the webserver, associate the public subnet with Internet Gateway to provide internet
access for general users.
Routing Tables:
Establish routing tables for the public and private subnets.
Public Subnet Routing: Permit traffic to the internet using Internet Gateway.
Private Subnet Routing: For the use of internet, permit outbound traffic through an NAT
Gateway if needed.
NAT Gateway:
In the private subnet, set up and configure a NAT Gateway in the public subnet so that
resources in the private can also have outbound traffic to the Internet.
Security Groups:
Create different security groups for the webserver and database.
Webserver Security Group: Enable inbound traffic over HTTP/HTTPS ports (e.g., 80, 443)
while limiting outgoing connections based on the principle of least privilege.
Database Security Group: Restrict outbound traffic and ensure that only inbound traffic
comes from the security group of webservers on port for example MySQL 3306.
Network ACLs (Access Control Lists):
Create Network ACLs for both the public and private subnets.
Public Subnet ACL: Allow inbound HTTP/HTTPS traffic and limit other incoming and
outgoing connections.
Private Subnet ACL: Enable inbound traffic from the webserver subnet and
established/related outbound network. Limit other incoming and outgoing traffic.
Launch Instances:
Run the webserver instance in a public subnet and assign it an Elastic IP (EIP) for its static
public address.
Start the database instance in a private subnet.
Elastic Load Balancer (Optional):
If high availability and scalability is needed for the webserver, consider setting up an Elastic
Load Balancer (ELB) in Public Subnet as well as distribute traffic across various instances.
Monitoring and Logging:
Use AWS CloudWatch to monitor network performance and logs. Establish CloudWatch
Alarms pointing to unusual network activity.
Encryption (Optional):
Encrypt data in transit and at rest. For instance, allow SSL/TLS for the webserver
communication and enable encryption of data storage in the database.
IAM Roles and Policies:
Configure the IAM roles and policies to provide secure access for AWS resources.
Regular Audits and Updates:
It is advisable to carry out security audits, change configurations and update resources
depending on the new security requirements or weaknesses. With this design, the webserver
is available online yet its database remains private and isolated. Security groups and network
ACLs offer granular control as for the traffic, while NAT gateways improve security
regarding outbound traffic from private subnet. Ongoing security is facilitated with periodic
monitoring and updates.
References
Jain, C. and Thenmozhi, M., INCORPORATING CYBER SECURITY AND
INFORMATION TECHNOLOGY TO IMPROVE LEARNING. ARTIFICIAL
INTELLIGENCE LANGUAGE LEARNING AND COMMUNICATION: EXPLORING THE
INTERSECTION OF TECHNOLOGY AND EDUCATION, p.52.

Florackis, C., Louca, C., Michaely, R. and Weber, M., 2023. Cybersecurity risk. The Review
of Financial Studies, 36(1), pp.351-407.

Al-Hawawreh, M., Aljuhani, A. and Jararweh, Y., 2023. Chatgpt for cybersecurity: practical
applications, challenges, and future directions. Cluster Computing, 26(6), pp.3421-3436.

Insani, P.P., Kanedi, I. and Al Akbar, A., 2023. Implementation of Snort as a Wireless
Network Security Detection Tool Using Linux Ubuntu. Jurnal Komputer, Informasi dan
Teknologi (JKOMITEK), 3(2), pp.443-458.