PRINCIPLE OF IT SECURITY

Lab#1: Social Engineering

​ VIDEO TUTORIAL: Phishing Analysis (Part 1)

​ URL
​ >> Tools:
1. VirusTotal Scanner:
- https://www.virustotal.com/gui/
2. Domain/IP Lookup:
- https://centralops.net/co/
- https://www.digwebinterface.com/
- https://www.whatismyip.com/ip-address-lookup/
3. https://www.onworks.net/programs/vm-online
​ >> Goals:
To analyze the malicious URLs and domains in order to get the following
information:
1. Geo-location (Country)
2. Domain Registration Information

VIDEO TUTORIAL: Website Cloning (Part 2)

URL
>> Tools:

1. HTTrack Web Copier: https://www.httrack.com/

2. Canary Token: https://canarytokens.org/generate
>> Goals:

To learn BOTH roles of Social Engineering attack: Attacker and Defender

1. Black Hat - Attacker (Offensive)

● Clone a website by using the HTTrack Web Copier
2. White Hat - Defender (Defensive)
● Detect and trace a cloned website by using the Canary Token
Lab#2: Encryption & Steganography

​ VIDEO TUTORIAL: Hashing

​ URL
​ To use HashCalc to do the following:
1. Calculate file hashes
2. Verify file integrity
3. Check file similarity

VIDEO TUTORIAL: Cipher

URL
1. https://rot13.com/
2. https://gchq.github.io/CyberChef/

VIDEO TUTORIAL: Steganography

URL

Part 1 Quick Stego and S-Tools :

Part 2 MP3steno/MP3stego steganography:

Part 3 spam mimic and morse code:

Lab#3: Malware Analysis

​ Video Tutorial: Static Analysis by Using Virus Total

​ URL
​ In this video, we learn three things about VirusTotal:
1. How to upload a file >> get any files in the artifact folder here
2. How to submit the URL to know if it is malicious >> get the URL from artifact
folder here. Filename: droiddreamUNIQ_anubis_anubis.txt
3. How to search for the File/URL by using the Hash Value >> get the hash value
from artifact folder here. Filename: hash value.txt

Note: Get the artifacts from the Tools and Artifacts folder here

Video Tutorial: Decoding Encrypted Malware URLs

In this video, we learned how to decode the encrypted URLs by using the Cipher ROT
technique and Base64 (with a customized index table).

1. List of URL: https://italeemc.iium.edu.my/mod/resource/view.php?id=50586

2. Python Code to Decode encrypted URL:
https://italeemc.iium.edu.my/mod/resource/view.php?id=50587
3. Python Online Editor: https://www.jdoodle.com/python-programming-online/

​ Dynamic Analysis by Using Hybrid Analysis

​ URL
​ 1. Follow the link to get the list of strings from the malware sample
​ 2. Decrypt the suspicious strings by using base64 (customized index table). Use the
same script.

​ List of URL extracted from Malware Sample

​ File

​ Python Code to Decode Encrypted Strings/URLs

​ File
Lab#4: Network Traffic Analysis

​ Video Tutorial: Network Analysis using Wireshark

​ URL
​

​ Video Tutorial: Decrypting Message from a PCAP

​ URL
​

​ Video Tutorial: Finding Malware from a PCAP

​ URL

​ Download Network PCAP here

​ File
​
​ Download 3 PCAP files for the following tasks:
● Extracting Username and Password from PCAP streams
● Decrypting Message from PCAP stream
● Finding Malware from a PCAP
​

​ REFERENCE: List of Service Name and Port NumberURL

​ Service names and port numbers are used to distinguish between different services
that run over transport protocols such as TCP, UDP, DCCP, and SCTP.
​