Violation Of Confidentiality, Of Integrity, Of Availability

Classify each of the following as a violation of confidentiality, of integrity, of availability. You may select only one of the three. Choosing more than one will result in zero points. If an attacker violates multiple properties, the answer is the property that would be violated by achieving the attacker’s goal, not the properties violated during the process of reaching the goal. Provide a single sentence explanation to justify your answers.   

1. Mallory sends hundreds of spoofed ARP packets that tell Alice that he’s Bob and that tell Bob that he’s Alice, redirecting all traffic from Alice and Bob through his machine. He searches the intercepted packets for passwords.

2.      Eve installs an internal skimmer into an ATM, retrieving bank account information of all users of that ATM.

3.      Bob sends Alice an attachment. When Alice opens the attachment, the ransomware inside encrypts her hard drive and asks for payment.

Identify which quadrant in the four-quadrant threat model that each of the threats describes below falls into. Give your answer by selecting Off-the-Shelf or Sophisticated for the vertical axis and Broad or Targeted for the horizontal axis.

1.A criminal sends sextortion email messages to thousands of users found from a database of password breaches. Each email contains the recipient’s username and password from that database. The message demands payment in bitcoin or the attacker will publicly post information about the recipient.

2. An employee uses inside information to compromise to infect one his employer’s critical servers with ransomware.

3. A criminal organization develops a custom piece of malware to obtain credit card numbers from point of sale systems used by a certain large retailer.

Use one of the EternalBlue exploits in Metasploit to exploit your Windows 7 VM and obtain a Meterpreter shell on that VM.

1. Include all commands used after starting msfconsole in your answer below. Do not include command output.

2.Copy the output of Meterpreter’s sysinfo command below.

Analyze the included PCAP file question4.pcap to identify the protocols found within. For the first packet found for each protocol, list the protocol name, client and server network address (IPv4, IPv6, or MAC for lower level protocols without an IP address), client and server ports (leave blank for link or network layer protocols), and Information for protocols without ports (ICMP type, ARP request, etc.).  Information includes items like ICMP message type, ARP message type, etc. Each protocol should be represented only once in the table.

Create a table as shown below with as many rows as needed.

Protocol Name Client addr Server addr Client Port Server Port Information
           
           
           

Analyze the included PDF file question5-1.pdf to answer the following questions:

1.  Which PDF version is this file?

2. Is this file a valid PDF file? If it is not, provide the command line used to determine this fact along with its output.

3.What program was used to create this PDF file?

4.Does this PDF file contain JavaScript? If it does, provide the object numbers of all objects containing JavaScript.

Analyze the included PDF file question5-2.pdf to answer the following questions:

1.Which PDF version is this file?

2. Is this file a valid PDF file? If it is not, provide the command line used to determine this fact along with its output.

3.What program was used to create this PDF file?

4.Does this PDF file contain JavaScript? If it does, provide the object numbers of all objects containing JavaScript.

Given the email headers shown below and a partial screenshot of mxtoolbox header analyzer output do you think this email is suspicious?
Received: from server.instabailapp.com (server.instabailapp.com [162.144.85.22])
(using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mail.dskbank.bg (DSK Bank Gateway) with SMTP id DF.15.10540.69BB0BD5; Wed, 23 Oct 2019 23:44:09 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=perdiem-pro.instabailapp.com; s=default; h=From:Content-Type:MIME-Version:
Message-ID:Subject:To:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=t+VdwsHpyrU08tW+LyHHKMyIXPx7WIWBen2CebtNyAM=; b=Pxrs2PRzjH5If4zbgRhel05Xp
EgmOsUWJNctIcPbB8az6FU9RFfkPGs/FyeCmkrPJv2e150j7jWnvGKuAJLV5PDF9mLrOjQSyYO1w4
uHYdFzIkSC6Wtyee6PhcUkHrX2CK4PIRCtxoDvE1itACoPCubXLJq1KlEE5CBBVX+gRunOQRmdJwM
KDn091T5r6+3tcFQWdjs2jZ2u3qQE9D/z8t8z+aLKaJOyIx8siCh/4V7XzcKAS3EDwMGLSvbam0iq
4rXBPYOKuUprLbRbx0vfVVMD9XtezuQFpjjLNgmRwykVCw/nkeThawe2ctpEa8910lJIP4VnEkGOe
yIKGQ1r0w==;
Received: from [94.128.144.235] (port=4289 helo=5.45.71.23)
by server.instabailapp.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.91)
(envelope-from <catherine@blog.betterpreneed.com>)
id 1iNLB1-00049N-VH
for anton.chirakov@dskbank.bg; Wed, 23 Oct 2019 18:16:25 +0000
Date: Wed, 23 Oct 2019 18:16:05 +0300
To: <anton.chirakov@dskbank.bg>
Subject: =?utf-8?B?UkU6UkU60J/RgNC+0YHRgNC+0YfQtdC90LAg0YTQsNC6?=
=?utf-8?B?0YLRg9GA0LAgTjk0OTk4MA==?=
Message-ID: <A59A0C6B81542B825E5C9E22CCBD2CE=__acf@blog.betterpreneed.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=”-==_1f53417eb8f135cc5db1513bb048332″
From: “boris.izidorov” <catherine@blog.betterpreneed.com>
Content-Language: en-us

Leave a Reply

Your email address will not be published. Required fields are marked *