Tag Archives: post

Some Crypto Notes

So here are some cryptography notes for myself for various tests and things I have to study for.

Terms to know:

Stream Ciphers – This is a class of cipher that encrypts one bit of data at a time. The length of the encrypted text is the same length as the plain text content.  Types of Stream cciphers: RC4, A5/I, E0, VEST, Salsa20, etc.

Block Ciphers -Encrypts data one block at a time. When the data given is an uneven length, then it is padded at the end to create an even block length. PKCS5 or PKCS7 are typically used to pad the data for any uneven blocks. Example Block ciphers: AES, DES, 3DES, Blowfish, Twofish, etc.

Block Cipher Modes:

  • Electronic Codebook
  • Cipher Block Chaining Mode – a plaintext block of data is XOR’ed with the output of the previous cipher text block before it is encrypted. This is an effort to add randomness to each encryption operation and prevent duplicate blocks.
  • Cipher Feedback
  • Output Feedback
  • Counter – A block cipher acting as a stream cipher in a small way. The IV is concatenated with a counter value that represents the input for the algorithm,



ent – pseudo random number sequence test  “sudo apt-get install ent

tcpick – This can track, reassemble and reorder TCP streams. Only TCP though, so maybe scapy is a better way to go.

DFIR 014 – Continuous IR

Nice little post here on continuous IR, and how it can feed into the program as a whole.

Making Incident Response a Security Program Enabler

The approach an organization can take to take incident response from a reactive process to proactive one involves the following steps:

– Improving an organization’s incident response capabilities
– Improving an organization’s root cause analysis capabilities
– Improving an organization’s security monitoring capabilities
– Influencing others to see incident response as a continuous process
– Operationalizing incident response information
– Collecting and documenting data for the organization’s incident response metrics
– Analyzing the organization’s incident response metrics to produce intelligence
– Presenting the intelligence to appropriate stakeholders

offsec training post 1

So this past weekend I started the Offensive Security Training course, Penetration Testing with Kali Linux, and so far so good. The course material was downloaded without any issues, but the VM took a little bit. I was able to get everything that first night though, and tested my connection to the lab environment, which worked without a single issue. Yeah!

Pentesting with Kali

The material is well done. Easy to follow,  and understand. I have gone through the first third so far at least once, a good chunk of it twice, and a some sections many more times. I have been taking notes as i go through material, so I can have steps and testing ideas handy when I hit the lab. This leads me to go back and repeat things, once or twice.

You might be able to tell that I have not been able to tackle anything in the lab just yet, other than testing my connection. I wanted to go through a good portion of the material first, and “sharpen my axe” so to speak. I did spend a large chunk of time with the external OSINT. I wanted to gather as much as I could externally, before getting started internally. This gave me some possible information I might be able to use in the lab environment. Maybe giving me some ideas of where I should first swing at the tree.

Their was a good portion of this weekend spent playing puzzles, or cars, or something with my daughter as well. Plus, chores, like laundry, shopping, and what not. I have the week off from work to really dig into the materials starting this morning, so we will see if I can pick up the pace a little. (I already this morning do not see much success with this, as my chat client is already exploding. Honestly had forgotten to turn it off. crap) Anyway,

Let me tackle that, and Get started on my course again!