work and IT @ 29 Jun 2010 07:11 pm by ayoi
To be honest, I dun have any idea what to write here but I think the poster itself is self explanatory. Perhaps for this time the final year project exhibition should be more interesting than in ’08, the participants do participate in any forums/talks/presentation that are going to be held on that day by asking more useful and meaningful questions, and yeah.. More teams participate the Hack & Defense and Computer Forensic Challenge.
Talking about Computer Forensic Challenge, one of my colleagues ask my assistance on preparing the materials for the forensic challenge part. For time being, I’m quite running out of ideas especially for a competition that is going to be held for 12 freaking hours!! OK I do have some rough ideas but then I’m open for any other suggestions or opinions.
Perhaps because currently I’m quite full with new house renovation/decoration etc and other office stuff.. But I’ll take this task as an escapism from my daily task and of cause as a challenge to prepare challenging forensic challenge materials.
Anyway, you can obtain more information on this competition from their website here
Or just drop by to their facebook here
Oh yeah, anyway I need to update the Incident Handling & Response and Basic e-Forensic Training slides and materials.. Sigh
Later…
Mudah shj.
12 jam buat le ala2 Challenge of the Month.
Senario.
Enche Gayco seorang CTO yang berjaya. Baru-baru ini, Enche Gayco mendapati PCnya tersangat lembat. Dengan pertologan seorang technician IT, Enche Gayco telah mendapati PCnya telah dirogol oleh Enche XXX yang berkemungkinan ENche Pok, seorang saingan perniagaan. Technician Enche Gayco, telah memasang sniffer untuk mengesan punca serangan dan selepas seminggu Technician Enche Gayco telah berjaya mengumpulkan beberapa bahan bukti untuk dianalisis oleh pakar forensex.
Maka
1. Bagi image hdisk Enche Gayco suruh diorang buat (mount lo/Checksum/log trail).
2. Suruh diorang cari punca masalah (.history,log files,checksum binary,modified conf. files /etc/passwd yang ada extra id, /dev/yangtaksepatutnyawujud)
3. Bila selesai task 2, dan jumpa binary yang tak sepatutnya. Suruh reverse engineer. Cari apa yang ada dalam binary tu. (Binary tu boleh guna packer/antidebugger)
4. Kemudian bagi pcap file untuk diorang analisis. PCAP file ada covert channel dalam packet yang tak sepatutnya. PCAP file menunjukkan attacker mengumpul data sensitip ENche Gayco yang dilog oleh keylogger di SocialNetwork (FB/twitter).
Bonus – Bagi image file yang di ambil dari RAM. Say hello to volatile!
Fuh..layan..
i~hack 2010…….. mesti sesuatu menarik kali ni.
nanti jgn lupa upload materials ye
hehe cool.