Lab 8

Lab 8

This lab followed on from Lab 7 with using certificates, though this one was more involved. I had to deploy a certificate, and also make it possible to recover a private key if it is lost.

Exercise 1

In this exercise, I had to set up a key recovery agent. This went smoothly up to the point where I had perform an advanced certificate request using the web interface. After some searching, I discovered that the web site was only compatible with the ancient IE9. To get around any issues, I had to open the site in IE11 add it in the compatibility view settings, then add it to trust sites. Before applying these settings the site would look like this:

After applying the settings, I get the right options:

I was then able to submit the certificate request which can be seen in the snapshot below. I then issued the certificate:

\

As we can see here, the certificate was successfully issued, then I managed to install the certificate:

Lastly for this exercise, I had to archive the key recovery certificate:

Exercise 2

In this exercise I set up the publishing of certificates. This works through group policy and automatically issues certificates to the right users. 

Exercise 3

In this exercise, I encrypted some files and secured them with a certificate

Encrypted files. As shown, the certificate has the recovery certificate set up:

Thumbprint of Sam's certificate:

Exporting the certificate:

Sam's certificate is deleted:

Exercise 4

In this exercise I managed to recover Sam's encrypted files using the key recovery agent.

As we can see the files are encrypted and inaccessible:

Thumbprint of Sam's newer certificate:

Recovering the key:

Recovering the key cont:

Accessing the encrypted files with the recovered certificate:

Critical Thinking

This lab went very smoothly without issues.

In terms of business use, certificates are very useful for securing networks so they are used commonly. If a certificate is lost, that can cause damage if important files are unable to be recovered, so it is important for businesses to take the measures and to make sure that the network is secure, but also able to recover from incidents.

Lab 5

Lab 5

This lab continued from lab 4 with using Kali Linux to scan on a network. This lab focused on using Wireshark to scan packets/frames on the network and see the contents of that traffic.

Exercise 1

This exercise covered setting up the VMs in the lab environment. The lab suggests to use port mirroring, but for my environment I will be using a switch with promiscuous mode enabled. This will allow the Kali VM to see all the traffic on the network regardless of whether the traffic is directed at the Kali VM or not. I also had to set up the Kali machine with a static IP

Exercise 2

This exercise involved scanning the network for frames using Wireshark. 

Here is a DNS frame being sent to 10.1.0.100 which is a Windows VM from 10.1.0.1 which is the DC. The frame is a response frame:

Next I had a look at a TCP stream of SMB frames:

Exercise 3

In this exercise I made a share with a file in it, then I accessed the share from another machine while scanning with Wireshark. The frames that the share was sent with were not encrypted so I was able to see the contents of the file that was accessed in cleartext.  This makes it clear that using basic share settings is not secure and even though permissions are required to access the share, the data sent over the network is fully open for malicious intervention. Using some form of encryption would make data exchanges much more secure and resistant to being intercepted maliciously.

Making the share:

Unencrypted frame with cleartext password:

Exercise 4

This exercise covered sending a file through a backdoor using Netcat.
With the first attempt to send the file, it failed. The reason this didn't work is because the port that Netcat was using was not open on the firewall this meant that there was an attempt to connect, but no response. Changing the firewall settings to open the port allowed the connection. When the file was sent, it was possible to see the file in cleartext like in exercise 3.

Attempt to connect with no response because the port is closed:

determining the port which Netcat uses:

Cleartext file in a frame after opening the port and transferring the file:

Critical Thinking

This lab showed how unsecure file shares can be, and the importance of securing traffic with encryption. I also was reminded of the importance of least privilege, because by keeping permissions locked down and only having ports that are needed open, you can greatly reduce the risk of backdoors and other unwanted behaviour on the network.

Lab 7

Lab 7

This lab looked at cryptography and how to use digital certificates with Windows.

Exercise 1

In this first exercise, I had a look at what is contained in a certificate and roughly how certificate management works in Windows Server.

Here are some screenshots as I went through the exercise:









This exercise consisted entirely of examining. There was no actual working with the systems, so not much to note.

Exercise 2

This exercise involved working with Windows Server to issue a certificate, then revoke the certificate. 

First off I had to create a certificate in the domain. Here is the resulting certificate:

Next, I had to bind the certificate to the default site. As you can see in the screenshot below, the SSL certificate is bound to the https port of the site.


Here, we get a certificate error:


And here we successfully connect to the site with the proper URL using HTTPS:


Now that we successfully created and used the certificate, we can revoke the certificate so it cannot be used anymore:


Certificate revocations get put on CRLs (Certificate revocation list) Which get published at specific intervals. This determines how quickly a certificate will be revoked:

Critical thinking

Certificates are used to secure traffic and ensure that traffic is coming from the right place. Knowing how to use certificates is important. Usually certificates are used to make web pages secure so that users accessing the pages can be sure that the site is legitimate, and that the traffic is encrypted.

There wasn't much different that I could have done in this lab. It was a fairly easy having not many steps, and I didn't run into any issues.