Lab3.docx

samples and paper topics / By

2) Click on the Archive menu on the top menu. You will see the result screen similar to below:

There is a lot of information on defaced websites on this page, including the original URL and the hacked version of the website (on the mirror link at the rightmost column). Hacked versions of the websites give some clues on the motivations of the hackers; you can see political reasons, have some fun, or a basis to make cyberspace secure.

The legends M and R provide more insight on the defacement. M means mass defacement. If you click one of the M letters, you can see the defacements initiated from a specific IP address. Mass defacements are usually succeeded by the help of scripts. Hackers prepare the scanning and exploitation scripts, scan thousands of websites for a particular vulnerability, and exploit the ones that have the specific vulnerability.

3) Click on one of the M letters you spotted, and see the websites defaced from the same IP address. You can see the IP address in the address bar.

Note: You can perform a whois query to see the detailed information about the IP address you found, including contact information and geographical location.

4) To see a redefacement, you can click one of the R letters you spotted.

Below is an example screenshot of a redefacement, myschool.ng website has been defaced twice in two years.

5) You can click the ENABLE FILTERS link at the top and search for the websites with gov extension. You can see the result of this query below.

Section-2: Pastebin.com

A pastebin site hosts the text-based data such as source codes, code snippets, and anything worth sharing. Pastebin.com is the oldest pastebin site. Pastebin.com had been hosting the pastes of the hacktivist group, Anonymous. After pastebin.com started monitoring the site for illegally pasted data, Anonymous began to a new service: . This pastebin site is used for hacktivist purposes. Anybody can paste text here and -so-called- securely sent. You cannot search among pasted content.

There are many small and restricted pastebin sites on the dark web. A specific hacker group may share things like exploit codes, malicious payloads internally. They also use the pastebin services to share the information they stole like passwords, credit card numbers, etc.

You can see the public pastes in the pastebin website. Google indexes public pastes. You can perform the following searches on Google and check whether there are pastes in pastebin.com. Please review the search sites to get an idea of what kind of information is being shared among hackers in the pastebin.

· Exploit code site:pastebin.com

· Shellcode site:pastebin.com

· Malware code site:pastebin.com

· Keylogger code site:pastebin.com

Section-3: Interactive Threat Maps

There are many websites and services that provide threat intelligence data. Some of them provide information for free; most of them offer paid subscriptions.

These are two services from Cisco and SANS Institute, respectively.

: Shows the malicious hosts spreading malware and sending spam e-mail on the world map. You can check the reputation of the IP addresses and domain names on this serves as well.

: Shows the density of the different threat feed per country.

SANS Institute provides a FightBack service on this address: . They forward the strong cases to the ISPs after analyzing the logs and other evidence provided by the Internet user.

Last but not least, the following blog page provides the top 10 cyber-attack maps; it is worth reviewing as it gives the screenshots and a fair amount of information.

Section-4: Fighting with Spam and Malware

Thousands of phishing websites try to trick people into believing that they are on the official website so that they try to steal sensitive information like passwords, credit card numbers, SSNs. If you come up with such a website, you can submit it to Phishtank.org. Phishtank database has been used by reputation engines and virus scanners, such as virustotal.com. Therefore you help to secure cyberspace. The website of PhishTank is .

URLhaus does a similar thing for the websites that spread virus. The website of URLhaus is

You can review both web services. For example, enter the PhishTank website and see the recent submissions similar to below:

You can click on the ID numbers to see the phishing websites.

Section-5: Checking URLs

Below services are just two examples by which you can check websites:

: Check the website if it spreads malware, or it is a phishing website. Currently, VirusTotal makes the controls of the submitted URLs using ~80 different antivirus services.

: Check the website for malware and blacklisting.

You can choose some websites from PhishTank and URLhaus and scan them using VirusTotal and Sucuri’s SiteCheck.

Weekly Learning and Reflection 

In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.

image4.png

image5.png

image6.png

image1.png

image2.png

image3.png

Our customer support team is here to answer your questions. Ask us anything!
WeCreativez WhatsApp Support
Support Executive
Jacob
Available
WeCreativez WhatsApp Support
Support Supervisor
Brian
Available
Hi, how can I help?