Anguished English

February 19, 2016 Leave a comment

 

Yaacov Apelbaum - Anguished English

“Thy sin’s not accidental, but a trade.” (from Measure For Measure)

Getting bombarded by Phishers is no fun but sometimes these communications offer some comic relief. This posting is dedicated to the anguished English and linguistic jewels they produce. May the tormented ghost of Shakespeare continue to sabotage their exploits.

Here are my top ten favorites:

1. Starting the message in one language and then switching to another as in “Dear Cliente,”

2. Getting subject verb agreement wrong as in “Your account just make…”

3. Poor punctuation as in “Due to concerns, for safety and the integrity…”

4. Nonsense content as in “Most of your date in our database were encrypted…”

5. Poor formatting as in missing a space after a period.that’s right.

6. Wrong capitalization as in “This is the Last reminder…”

7. Poor grammar as in “If this message sent as Junk or Spam, its just an error…”

8. Excessive use of exclamation marks as in “Update Required!!”

9. Poor spelling as in “It has come to out [our] attention that…”

10. Failure to do basic arithmetic accurately as in “$254.99 + $20.00 = $374.99”

 

Yaacov Apelbaum-Anguished English PayPal 1

 

Yaacov Apelbaum-Anguished English PayPal 2

 

Yaacov Apelbaum-Anguished English PayPal 3

 

Yaacov Apelbaum-Anguished English PayPal 4

 

Yaacov Apelbaum-Anguished English PayPal 5

 

Yaacov Apelbaum-Anguished English PayPal 6

 

Yaacov Apelbaum-Anguished English PayPal 7

Yaacov Apelbaum-Anguished English PayPal 10

Yaacov Apelbaum-Anguished English PayPal 8

 

Yaacov Apelbaum-Anguished English PayPal 9

 

© Copyright 2016 Yaacov Apelbaum, All Rights Reserved.

Categories: PayPal, Phishing, Pirates, scam Tags:

Capturing the Flag

Yaacov Apelbaum - Who Knows What Evil Lurks in the Heart of a Cyber Attacker

If you are a typical cyber sec manager, you most likely catch-up on the latest developments by visiting on-line sites like News Now, by reading various publications, and by periodically attending various vendor workshops.  For the majority of executives, the daily work grind and life/work balance challenges diminish the prospects of going back to school and plowing through in-depth training.

Over the past two decades, the corporate cursus honorum for IT executives has been the much coveted MBA degree. In a large number of Fortune 500s, having an MBA from a good school was considered a prerequisite for an executive promotion. an MBA attested that an individual possessed all the current business acumen and the polish needed to take on any future corporate responsibility, it was the ultimate professional merit endorsement.

This trend—other than having the end result of a glut of MBAs on the market—has also resulted in a shortage of highly technical managers. Consider some of the wholesale data breaches in some of the largest US retailers for 2014 alone. Check out the biographical backgrounds of some of the CISOs of the impacted companies. Not surprisingly, you will find no shortage of MBAs from top tier schools. What appears to be missing are individuals with vocational specializations in cyber security, and I’m not referring to rank an file CISSPs.

Of course, a common counter argument to this is that as a manager you are not supposed to know the ‘nitty gritty’ details of every technology in your corporate inventory and instead are expected to delegate to and draw on the expertise of others.

I personally don’t think that this is the case. Cyber security is almost entirely a technological and procedural play and as such, a manager should not have gaping holes in his knowledge or overly rely on subordinates to make sense of threats and counter measures. After all, you wouldn’t accept a commercial airline pilot to have gaping holes in his aircraft operations knowledge or his delegation of actual flight responsibility to the cabin crew.

I’ve recently had a chance to witness just how limited classical enterprise defenses have become. This is especially true when it comes to Advanced Persistent Threats. In one incident that eventually became the catalyst for me going back to school, I witnessed how one cyber attacker managed within minutes to defeat all of the traditional enterprise defenses and counter measures without even braking a sweat.

Amazingly, even after the debriefing and root cause analysis, I was no closer to understanding how a properly configured and maintained brand name FW and an IDS/IDPS failed to stop the attack, let alone even detect it.

If you are thinking that this could not happen to you, think again. In the incident that I just described, all target boxes were patched, there were strict access control measures in place, the network was sub-netted, and there were effective audit and password management systems in place.

After recovering from my momentary shock, I had an epiphany and realized that I urgently needed to re-hone my skills. I’ve heard about the SANS Institute from a number of colleagues and after checking it out, I decided to enroll in their Penetration Tester program. After juggling account my schedule and their course availability and selected the following four courses:

  1. SEC504 Hacker Techniques Exploits & Incident Handling
  2. SEC560 Network Penetration Testing and Ethical Hacking
  3. SEC575 Mobile Device Security and Ethical Hacking
  4. SEC617 Wireless Ethical Hacking, Penetration Testing, and Defenses

    The SANS courses tuition is on the expensive side, ranging from $6000-$8000 USD. Add travel and accommodations and you are looking at about $10K per class. Each course is delivered in about a week (40-60 hours of classroom activity).  Classes are divided into lectures and hands-on labs with heavy emphasis on getting down and dirty. 

Though it took me several months to complete the coursework, I have found the whole experience to be uplifting. In addition to getting access to practical, real-world expertise from some of the world’s best penetration testers, we learned the gray art of performing detailed reconnaissance on would-be targets including mining a social media, and infrastructure data from blogs, forums, search engines, social networking sites, and other Internet resources.

In each course, we used the latest cutting-edge attack vectors as well as the traditional low budget techniques that are still quite prevalent. The aim of the course was to push the envelope in each domain and not to merely teach a handful of hacks and tricks. Another great component was exploring various administrative questions such as legal issues associated with responding to computer attacks, employee monitoring, working with law enforcement, and the collection and handling of evidence.

Yaacov Apelbaum - SANS Capture the Flag Las Vagas 2015

When it came to performing the actual exploit, we got to use the best tools on the market. This included both, COTS components and custom written utilities and scripts. In each class we learned dozens of methods for exploiting target systems and how to gain access to the systems post-exploitation. Just to illustrate the extensive hands-on approach that SANS adapted in teaching Penetrating Testing, here is a list of tools and techniques that we used in just the SEC 504 course:

– RootKits and detection
– Hidden file detection with LADS
– HTTP Reverse Shells using Base64
– InSSIDer for Wireless LAN discovery
– Nmap Port Scanner and Operating System fingerprinting tool
– Nessus Vulnerability Scanner
– Windows Command Line Kung-Fu for extracting Windows data through SMB sessions
– Sniffers, including Tcpdump
– Sniffer detection tools, including ifconfig, ifstatus, and promiscdetect
– Netcat for transferring files, creating backdoors, and setting up relays
– Metasploit, Metasploit, Metasploit Lots of Metasploit
– ARP and MAC analysis for ARP cache poisoning attack detection
– Password cracking
– Cross-site scripting and SQL injection web application attacks
– Intercepting and forging session cookies
– Detecting and executing DoS attacks techniques
– Detecting backdoors with Netstat, lsof
– Covert channels using Covert TCP
– clandestine network scanning and mapping
– Exploitation using built in OS commands
– Privilege escalation
– Advanced pivoting techniques

The great thing about the SANS curriculum is that they go pretty far down into the rabbit hole. A few of the classes required hard core coding skills (we actually got to execute some buffer overflows). Other classes were procedural and got down to the wire in terms of the inner functioning of RFC and protocol. For example, in the Wireless Ethical Hacking we had comprehensive coverage of WiFi, cordless telephones, smart devices, embedded home devices, mash technologies like ZigBee and Z-Wave, Bluetooth, DECT, and NFCs.

In the Mobile Device Security we practiced reverse-engineering iOS binaries in Objective-C, reverse-engineering Android binaries in Java and Dalvik Bytecode, evaluating mobile malware threats through source-code analysis, defeating Apple FairPlay encryption for application binary access, and overcoming anti-decompilation techniques.

Yaacov Apelbaum - SANS Capture the Flag Washington DC 2015

The participants in the classes came from diverse backgrounds, including three letter agencies, incident handling team members, and administrators. The classes are well-suited for anyone with a good command of TCPIP and networking and they would also greatly benefit architects and technical leads involved in security operations and R&D.

The delivery of the material is completely immersive. You go from 0-90 in one second.  Each course is equivalent to a traditional graduate semester course of 4 credits so we had to complete an average of one textbook per day.  At times, I felt like I was drinking from a fire hose.

Taking good notes and hitting the books at night helped me stay afloat. It goes without saying that the instructors were outstanding; they offered unlimited tutoring and were always available—even during lunch and after hours—to help answer questions and work through the labs.

Yaacov Apelbaum - SANS SEC504 Yaacov Apelbaum - SANS SEC560 Yaacov Apelbaum - SANS SEC575 Yaacov Apelbaum - SANS SEC617

Several interesting sessions in each class revolved around learning how to avoid being caught through various tactics and strategies for covering your tracks such as: File and directory camouflage, piggybacking on existing user Internet sessions to avoid detection, event log pruning, and performing memory cleanups.

For me, the best part of each course was the final session called “Capture the Flag”.  There, in a culmination of all of the hard work, we got to practice everything we had learned over the previous week. Each class had different parameters for capturing the flag, but they tended to follow the same patterns. We needed to do some reconnaissance, reconstruct the network layout of our target, map our victim’s equipment and software inventory, and then proceed to execute the attacks. Once we breached the target, we would perform some additional exploits and start ‘living off the land”. The overall objective of this exercise was to collect flags that had been placed on various locations on the victims’ network by the instructor.  Some of these flags contained encrypted files or messages that we needed to decrypt and use as clues for other attacks, others involved passwords that were being sent over VOIP, in memory session information, or data hidden in binaries.

Yaacov Apelbaum - SANS Capture the Flag Boston 2015

      The capture the flag event usually lasts a full day and ends when one team successfully recovers all flags. At that point, the competition is stopped, the results are verified, and the winners are awarded the coveted challenge coins.

    Yaacov Apelbuam SANS 575 Capture the Flag Token  Yaacov Apelbuam SANS 617 Capture the Flag Token

    If you are a cyber practitioner, I highly recommend that you take all four courses. Even if you can only afford one, go for it. It will change your prospective on pen testing forever and help you take a proactive role in keeping your company safe and out of the negative limelight.

    Performing a good penetration test is much more than just hiring some outside help and rubber stamping an audit. Verifying the integrity of your corporate security, takes more than kicking the tires and lifting the hood these days. Anyone can throw a bunch of attacks against an organization and regurgitate the output of some automated tools in hundreds of pages of reports. Participating in this structured training will help you avoid this trap and allow you to fully grasp your company’s real security needs so that you can formulate the most appropriate plan of action to address these needs in the most cost effective and timely manner.

    Going through the meat grinder, you get to witness first hand the process of hot dog making.  It’s not a pretty sight, but its an informative one. One of my most profound takeaways from this whole experience was answering the existential question of the spoon. Yes, the spoon does exist, but only for the end-user, sysadmin, DBA, and auditors. There is no spoon if you are a proficient attacker. With the right attack strategy and tools, concepts such as access control, event log integrity, and passwords are meaningless and are but chaff before the wind.

    Yaacov Apelbaum - There is no Spoon

    I keep my hard earned challenge coins on my office bookshelf as a reminder that there is likely someone out there right now who is targeting my network through some kind a a clever attack. He has all the right tools and resources and he is as determined and hard working as I was to get his coins.

    And as far as my earlier MBA comment is concerned, if you are curious to know just how many executives attended the classes that I did, the answer is just one. None of the 20-40 participants in each classes had senior managerial responsibility. In fact most of the folks I spoke to were surprised that a CTO would take time from his schedule and opt to get his hands dirty instead of just delegating this to one of his directs.

    After all, ‘Isn’t that what a manager is supposed to do?’

     

    © Copyright 2015 Yaacov Apelbaum All Rights Reserved.

    How to be a Happy Cat

    Yaacov Apelbnaum - How to be a Happy Cat

    Based on the illustrations of Gay Jolliffe

    Several months ago, I was working on a UAV project that involved some sensor integration. After spending several sleepless nights figuring out the right power distribution by trial and a lot of error, I figured that there must be an easier way. It was time to hit the books. After some research, I found that two decent introductory books on the subject are the "’Make Electronics’ series and ‘Electronic Components’ by Charles Platt.

    I am still working through these books at present. Other than learning a lot on the subject and building some neat devices, I have also discovered that Mr. Platt is a prolific author; a true Renaissance man.

    I perused some of his other titles on Amazon and I picked up “How to be a Happy Cat”.  It’s a great family read especially if you have a cat and kids who will undoubtedly enjoy the satirical narrative and Gay Jolliffe’s illustrations.

    Professing to be the “first and only self-help guide for cats”, the book answers many existential questions—from the point of view of a cat—that have  boggled the minds of felines since the dawn of history.  Here a cat can find answers to problems such as how to live more than nine lives and how to find lasting romance.

    One of my favorite observation in the book is:

    “There are millions of humans just waiting to pamper us with gourmet food, indoor sanitation, and professional care.  It’s absurd not to take advantage of the situation.”

    As far as the Make Electronics books, they’re great!  The labs are well structured and they take you from zero knowledge to a decent proficiency on the subject while requiring hands-on work and learning by doing.

    Another reason to go with these books is the coverage that you can find in YouTube and  the author’s responsiveness to questions.  When I ran into a problem with one of the experiments and just couldn’t figure out the solution,  I posted a question the the book’s website.  To my pleasant surprise, I got a detailed response from the author who provided me with some troubleshooting guidance.

    So in the spirit of sharing the knowledge, here are several tips and resources that I found useful if you are planning to work through the book:

    Ingredients  – Don’t try to assemble the supplies for the experiment manually. Instead, get a pre-packaged kit (i.e., Electronics Components Pack 1 and Electronics Components Pack 2).

    Component Sources – If you do need to purchase replacement LEDs, transistors, or relays, get them on Amazon or Ebay.  Most of the US retailers charge comparatively exorbitant prices for these components.  For example, I paid $2.69 for a bag of 50 LED, which is the same price Radio Shack charges for a single one. Not a biggie, but disproportionate.

    Testing Equipment and Tools – Get the best tools you can afford.  Nothing is free in life, so don’t skimp on price or quality of your multimeter, oscilloscope, signal generator, power supply, soldering station, etc. If you don’t know where to start, check out Dave Jons’s EEV Blog for product reviews

    Specifically for experiments 14 and 15, here are several tips and resources that I found useful:

    Experiment 14
    The two capacitors used in the “Pulsing Glow” experiment should have their negative poles facing away from the LED.  You can tell the negative poles by the location of the vertical white strip on the capacitor.  Also, when inserting the LED into the female header make sure that the negative LED leg (the shorter leg) is close to the black negative wire.

    Yaacov Apelbaum - Experiment 14 Pulsing Glow

    Experiment 15
    When assembling the five transistors, pay attention to their type (i.e. BJT vs. PUT) and their orientation.  The two transistors under the speaker are PUT 2N-6027, the remaining three BJTs are 2N-222A.  Note the 180 degree difference in orientation for both types.

    Yaacov Apelbaum - Experiment 15 Intrusion Alam Revisted 

    When preparing the project enclosure, use the following drill hole patterns.  This template fits a 6” x 3” x 2” (15 mm x 7.5 mm) project enclosure box.  To use it, print it out (make sure that the size does not change during printing), tape it on the enclosure cover,  and mark the centers of each hole with an awl.  Also, don’t pre-drill all holes on the cover. The sizes of the holes for the SPDT on/off switch and DPDT pushbutton switch (2 largest holes seen on the left side of the template) will be determined by the size of your specific components.

    Yaacov Apelbaum - Experiment 15 Intrusion Alam Revisted Drill Pattern

    Leave your functioning breadboard design intact and don’t dismantle it when transferring the circuit to the perfboard.  This will require you to purchase some spare parts, but having a functional prototype that you can refer to during the transfer process and use to troubleshoot is invaluable.

    When soldering the components, use =<0.5 mm wire size and a conical-wedged tip. This will help you maintain fine control over the size of the solder joint. I also found that setting my solder temperature to 750F allowed me to complete each joint in about 4 seconds.

    Yaacov Apelbaum - Experiment 15 Intrusion Alam Revisted Enclosure

    When assembling the final components, temporarily attach them to their poles by bending their lead wires and using alligator clips. Make sure that the whole system works, including the power on, self test, and magnetic sensor functionality before you perform the final soldering.

    Yaacov Apelbaum - Experiment 15 Intrusion Alam Revisted Enclosure top

    One more note: if you have a cat, batten down the hatches! We found LEDs, wires, transistors, and capacitors all over the house. Apparently, our own “Happy Cat” following the advice in the book, has been catching up on his circuit design as well.

     

    © Copyright 2015 Yaacov Apelbaum All Rights Reserved.

    The Doors of Ubud

    Yaacov Apelbaum Ubud Lilipad Lake

     

    I’ve arrived to Bali for a short stay.  At the Ngurah Rai airport, I took a cab to Ubud, a small town of about 30,000 inhabitants located north of the airport and about ninety minutes away.

    After checking into my room, I went out for a stroll around town. Ubud is a major hub for all sorts of regional drifters and the cafes and restaurants brim with tourists from every corner of the world.  Riding on this wave of opportunity, the city sports numerous galleries and handcraft stores.  The main attractions are the wood carvings, Balinese textiles, and paintings.

    If you are interested in some wood or handmade crafts, the low currency exchange rate ($1= 11,910 Indonesian Rupiah) makes them very affordable.  I visited a wood carver’s workshop in a nearby town and was amazed to find out that a hand carved teak house entrance door with elaborate screen and door frames was selling for abut $200-300 USD.

    Before the trip, I had a mental image of Bali being a paradise. Turns out I wasn’t wrong. The island is a lush tropical forest that is full of monkeys, bubbling streams, waterfalls,  and hundred eighty degree panoramas of remote, semi-active volcanoes. Unparalleled scenic beauty aside, the highlight of my visit was the doors, hands down.

    The streets in town have not been modernized yet and hence are a mixture of small business and old residential buildings.  Because of the Hindu prominence, the island is covered with scores of temples which include large public structures like the Mother Temple of Besakih, small village temples, and endless family residential temples.

    The entrance to the family residences and temples has a standard architectural form: a brick or masonry wall that surrounds the property and terminates in a wooded entry door.  These doors are just magnificent and turned out to be the highlight of my trip. I must have seen dozens of them and as you can see all are equally awe inspiring in their detail and artistry.

    Yaacov Apelbaum The Doors of Ubud-1 Yaacov Apelbaum The Doors of Ubud-2Yaacov Apelbaum The Doors of Ubud-4Yaacov Apelbaum The Doors of Ubud-5 Yaacov Apelbaum The Doors of Ubud-6Yaacov Apelbaum The Doors of Ubud-7Yaacov Apelbaum The Doors of Ubud-8 Yaacov Apelbaum The Doors of Ubud-9Yaacov Apelbaum The Doors of Ubud-10Yaacov Apelbaum The Doors of Ubud-12 Yaacov Apelbaum The Doors of Ubud-13Yaacov Apelbaum The Doors of Ubud-11

    © Copyright 2014 Yaacov Apelbaum All Rights Reserved.

    Hiking in Narita

    Yaacov Apelbaum - Narita Village Temple Entrance

    The Far East is a wonderous place.  Over the past two years, I’ve spent a lot time there on business. When I’m not burning the midnight oil at work, I try to steal some time off on the weekends to go hiking.

    I recently stopped in Japan on the advice of a friend and visited Narita’s Shinshō-ji temple.

    Modern Japan is pretty industrialized by now, so it’s hard to find locations that confirm the romantic silk paintings that most of us associate with old Japan. Shinshō-ji, however, is a bona fide and beautiful vestige of the past.

    The temple is located about 20 minutes by train from the airport,so if you are between flights and have a few hours to spare, store your luggage at the airport and check out this place.  It is the poster child of pastoral Japan: a small village with traditional stores and houses, beautiful gardens, and breathtaking architecture.

    Yaacov Apelbaum - Narita Village Garden Yaacov Apelbaum - Narita Village Shop Yaacov Apelbaum - Narita Village Temple Tower
    Yaacov Apelbaum - Narita Village Temple Door Yaacov Apelbaum - Narita Village House Yaacov Apelbaum - Narita Village Temple Steps

    © Copyright 2014 Yaacov Apelbaum All Rights Reserved.

    World Cities Summit 2014 and the City Falcon

    Yaacov Apelbaum World Cities Summit 2014

    Yaacov Apelbaum WCS 2014 City Falcon Yaacov Apelbaum City Falcon in Flight

    Second day of the WCS and we have been demoing the City Falcon, an Unmanned Aerial Vehicles platform designed especially to operate in crowded urban environments.

     Yaacov Apelbaum City Falcon Propeller Yaacov Apelbaum City Falcon GCS

    Standard features include:

    1. Low RPM brushless motors
    2. All weather operational capability
    3. Fully autonomous flight and support for complex orchestrations
    4. Customization for multi radio frequencies
    5. Fire resistant design
    6. Long range flights (over 5 miles)

    In addition to all of the above, the UAV also supports specialty custom payloads like environmental, chemical sensors, and multiple types of cameras.

    Operational demonstrations included:

    1. Flight through high heat sources (Oil tank fire of over 450º F)
    2. Operating in high wind and high turbulence environments
    3. Evaluation of crowd formation and people flow
    4. Autonomous flights path and homing
    5. Stalking multiple targets of interest
    6. Patrolling and inspections of a chemical plant  and hazardous substances

    Yaacov Apelbaum City Falcon Performing Fire Inspection

    Yaacov Apelbaum City Falcon Pre Flight

    © Copyright 2014 Yaacov Apelbaum. All Rights Reserved.