major project-2

This is the continuation of this post.

We were able to find a mailing-list for STAT development in sourceforge[dot]net. The source code for few STAT based IDS were also available there, like NetSTAT, USTAT, etc. This finding actually has reduced the effort that we had put down in writing a compiler for STAT Language. It was a like a bonus that we were also able to find a STAT editor to graphically represent the attack scenario and obtain the stat file corresponding to the figure. This STATed was implemented in Java. The compiler could convert a STAT Language source to C-source file.

While installing STATL compiler and the STATed – STAT scenario editor we faced a few difficulties with the dependencies. I had put those in the corresponding mailing list. Still the problem, while installing the Winstat(IDS) persists. But the STATL compiler and the STATed were installed successfully.

Advertisements

major project starts

Here starts the next major step in my academic life: Major Project. I like to see this work to be very important but I have also seen people who don’t want to do even this. They just want to get into some group and just survives there by utilizing the energy of other teammates.

As always when I start off a project I have lot of expectation about it. Completion then developing it, putting it in the public domain and allowing others to improve the work. But most of these don’t work out… :D. But this time I really want to make a change to it. And I will.
This time I going with a project on Intrusion Detection System. We are planning to make it on top of STAT framework. There would be a need to implement a compiler for STAT Language* also. We actually has no materials other than few (old)papers relating to it. But we took this project only because we felt it would be very interesting to modal an attack on the basis of a new frame work. Initially after making a compiler for a subset of the language we would like to give Proof of Concept for few attack signatures. Then we would be able to assert that this compiler could be extended to detect many more different attack patterns.

In the first phase we have to identify which all attacks are we modeling and also should decide on the method to implement the compiler for STATL and we also need to decide on the subset of STATL that would help us represent the identified attack sequences.

I will update this post as it goes.

EDIT: Continuation of this post is added here.

*Similar existing language would be Snort.

Hacking at InCTF-Part2

This post a continuation of my older post Hacking at InCTF-Part1.

When the organizers of the event called us for announcing the winners, they requested that one person from each team to talk about our experience at InCTF. I was the person who went from my team. Actually I had many thing to say but when I got there I didn’t talk much. Out of 11-13 teams participated we were able to make it to the fifth position. The first thought that came to me when I write this post is that this event had given me a good experience in a totally different field which altogether changed my interests.

Final round of InCTF was conducted at Amrita College, Amritapuri Campus for two days, on June 1, June 2.  First of all it was a great experience reaching there. I took the tickets and was waiting for my friends in front of the train. But they got into the train before calling me and the train started. When the train was at a distance that I could not catch I called them up and said that I didn’t get and made them jump back to the platform :P. Then we had to catch a bus to Kayamkulam and we reached very late, on the last bus to the college.

Next day was a practice session where we were given a vulnerable Ubuntu image. First we had to bypass the login and change the root password. As we were newbies in this area we were only able to bypass this login. But inside we had to start few custom made services and exploit its vulnerabilities. There were three services that we had to start. The source code of the vulnerable services were also provided. It would basically be written in either of Python, C, and C++. We could actually understand what will be the work flow of the program. But even with our basic understanding that we should use a buffer-overflow attack to retrieve whatever data we need, we could not put that into practice. This was when I really felt that our seniors could have helped us a bit more. I don’t want to put blame on them because they were the people who intimated us that there is a competition like this is being conducted. I am really thankful to them for it.

After the first round we three team members did run behind the organizers to give give us some tips on how and what to do. They were very helpful and gave us tips on how to crack this competition. I think we utilized all the chance that we got to talk to the organizers especially Bithin. Seshagiri Prabhu, Aravind S Raj. More than the competition we had a friendly conversation and exchanged our views on various topics not like professionals but as people who want to learn new things.

That night we decided that we read some related materials. But the the situation was against us. No range to get Internet connection… tiredness due to travel… everything came together :(. Even then we sat for some time just talking on what to do the next day. From the inspiration from our seniors and the fact that they were the winners last time, we were looking to forward to doing a good performance at the event.
On the second day when we started there was only one method that was in our mind to get a remote connection, SSH. But the irony was that we could not use it as the password was reset at the beginning. It may be that we did not have knowledge on how bypass it. Initially nobody did get any points. But later one started to score. After sometime we got a different method of attack and we were able to use it effectively. From what my seniors have told, automating the task could fetch us more points. So we automated the task. With this we were in the top three for about half of the event.

But everything reversed within a few minutes…. Some guy used the vulnerability in the service to inject “rm -rf” command to the root directory of the service. By the time we solved this issue by copying files from the backup we had… we lost many points for lagging behind and we came down the scoreboard. Even then we were confident that we could make it to the top by the end of the day. Again problem came in. We could not make the script run correctly. The original one was not backed-up. Solving this issue was like a NP-Hard problem for us at that time. By the time we figured out few new methods time was finished and we had to wind the event. We had to satisfy with fifth position in the event. This was decided on the basis of our performance in both second and the final round.

Even though we could not win the competition, it was a great learning opportunity and a chance to meet many new people. I would like to recommend students or people who are interested in security field to attend this kind of CTF competitions. This could give you a exposure to different kind of techniques and methods that other experts use. And an opportunity to talk to them as well.
Anyway now I am hopping to be a part of future verions of InCTF and many other events of similar kind. 🙂

New link can be found at abijith-kp.github.io