Week 9 Status Report

Summary

Great progress this week. I have posted all my materials and have started a top-down review of all research, attack vectors, and transition pages.  I’ve finished editing, producing, and publishing the three videos.  I have asked several peers to review the website and provide feedback on grammar and sentence structure.  I’ve made several edits based on their feedback.  It’s actually been great re-reviewing sections that where originally created in the first few weeks of class.  As my knowledge has grown several edits have been necessary to ensure good flow and consistency between pages.

I’m currently torn with a desire to include a great deal more content, and feeling pleased with the amount of work and content that I have.  Nevertheless the project has been fun and quite educational.  I’ve also developed a few relationships in the process with people from the Raspberry Pi Foundation, Kali Linux, and the creator of Wireshark.

I look forward to the Capstone Fair!

Deliverable Tasks

  • Produced SSLStrip & Wireshark videos
  • Added visuals around MitM attacks
  • Added assumptions on the attack to the about the attack page
  • Developed  transition pages for The Components, The Attack, Preparing, and Execution

Forecasted Tasks

  • Attend Captstone Fair

Week 8 Status Report

Summary

It’s all in the details!!  The amount of work necessary to clean up the details consumed the majority of the week.  After successfully publishing the page for the Wireshark attack I started a top-down review of my project, pages, status reports, research, etc.  In an effort to focus on the mundane I converted all the APA citations to Footnotes.  I would have never guessed the length of time it took to convert the citations and add the HTML markup.  I’m glad I decided to start the cleanup early.

The recording of both the Wireshark attack and the SSLStrip attack took a good amount of time as well.  After several retakes I’m finally happy with my results.  The focus this week will be on producing the videos and posting them on the website.  In addition there are several transition pages that need to be drafted and published.

My goal is to have the project primarily complete by next Monday.  This will give me a solid 4 days to review, tweak, and edit the site for any errors before the capstone fair.  This semester has been the fastest semester yet.  I’m sure happy I had so much fun during the process.

Deliverable Tasks

  • Continue the creation of draft visuals for website
  • Publish Wireshark attack vector
  • Recorded SSLStrip attack video
  • Recorded Wireshark attack video
  • Added footnote citations

Forecasted Tasks

  • Edit and produce SSLStrip & Wireshark videos
  • Create informative visual around MitM attacks
  • Post assumptions on the attack description
  • Develop all transition pages – The Components, The Attack, Preparing, and Execution
  • Continue to proof and apply updates to all research pages

Week 7 Status Report

Summary

The project is really starting to come together. I have almost all draft information posted, and have refined my Home, Preparing the Attack, and About Me pages. I spent a good deal of time adding several graphics around SLLStrip. With a little refinement this section will be complete this week. The Wireshark attack draft is complete and will be posted on the site this week. I’m very excited that I have also recorded my introduction video and have published the finished product. I hope to record and publish two more this week.

One area that I did not scope in my project outline was an area to describe MitM attacks. I think this is necessary to transition from the History pages to the Preparing and Executing pages.  Additional graphics are needed to better communicate the process. This is additional work that I originally did not originally plan on. With only two weekends left and a total of three weeks before the Capstone fair I plan on having the finished product by the end of the week.

Please note that I am still behind on my reading. I have caught up with my previous weeks reading, but with the limited time I could not fully catch up with the current week.

Deliverable Tasks

  • Posted step-by step process on executing the SSLStrip attack
  • Drafted Wireshark attack
  • Finished Home/Introduction
  • Finished About Me
  • Finished Preparing the Attack
  • Posted finished introduction video

Forecasted Tasks

  • Continue the creation of draft visuals for website
  • Publish executing the attack – Wireshark
  • Record SSLStrip Attack
  • Record Wireshark Attack

Week 6 Status Report

Summary

This has been a busy week working on the website.  I’m happy I spent the extra time at the start with the layout and design.  This has allowed me to focus on publishing the work that I have completed thus far. I have updated the Home Page and posted my work for Preparing the Attack.  There are still some tweaks that must be done in these areas, but the majority of the work is complete.  I spent a great deal more time on publishing the webpage than I thought it would take.  Getting images and text to line up correctly was a bit of a chore.  Publishing the remainder of my work is going to take some time.  I need to focus on getting the information up this week, even in its draft form.

I also spent time working on the second attack vector.  As previously stated in my status report I had to use SSLStrip to obtain the log-in credentials from Facebook due to SSL encryption.  I have now completed the PoC on using Wireshark to steal credentials from an unsecure website, bahansen.info.

Week6StatusReport

 

I had fun starting the video dialog for my home page and the necessary action steps for the animations.  I was hoping to have the video recorded this week, but simply ran out of time.

Please note that I am still behind on my reading.  I have caught up with my previous weeks reading, but with the limited time I could not fully catch up with the current week.

Deliverable Tasks

  • Published How-To-Prepare for the attack
  • Draft executing the attack – SSLStrip
  • Work on draft visuals for the website
  • Updated Home/Introduction
  • Completed Proof of Concept for using Wireshark and capturing WordPress credentials
  • Created dialog for home page video

Forecasted Tasks

  • Continue the creation of draft visuals for website
  • Publish executing the attack to website
  • Draft executing the attack – Wireshark

Week 5 Status Report

Summary

This was a soft but good week.  I had a family emergency that took all my time up during the week and only left the weekend to accomplish my task list.  That said, I am very pleased with my draft on preparing for the attack.  This involves setting up the Raspberry Pi, downloading Kali Linux, installing, updating, and configuring.  This draft also includes the majority of the visuals I plan on using for the webpages.  This has put me in good standing with my goal to start draft visuals.  I also finished my draft research pages.  However, I hope to have some extra time at the end of my project to make the research more robust.  I know this is not the focus of my project.  I am starting to hope that the work I have done may be used by others on the internet as a reliable resource.

Please note that I am still behind on my reading.  I have caught up with my previous weeks reading, but with the limited time I could not fully catch up with the current week.

Deliverable Tasks

  • Finish history/research pages
  • Start to publish draft research pages on website
  • Create How-To – Preparing the attack – draft
  • Start draft visuals

Forecasted Tasks

  • Create How-To – Executing the attack – Draft
  • Continue the creation of draft visuals for website
  • Publish draft pages to website

Week 4 Status Report

Summary

I had mentioned that I sent an email out to Offensive Security team for some background information on Kali Linux.  I’ve developed a small relationship with one of the developers MUTS who pointed me to an older site where BackTrack used to be hosted.  I’ve been using the Wayback Machine at arcive.org to do some timeline searching on the history of Kali/BackTrack.  This process was quite tedious and took me much longer than expected.  I had to read through many different pages that were archived at different times.  That said, I’m very happy with the accurate information I was able retrieve.  I also developed a pretty good, in my opinion, graphic timeline of the project history.  Please see my draft research for a draft.

During my research I was surprised that MUTS was the original developer of BackTrack and posted most of the updates.  During my email exchanges MUTS also expressed interest in reviewing my final project once complete.  I look forward to his input at the end of the semester.

I have executed a Proof of Concept (PoC) on capturing login credentials for Facebook.  However, due to TLS encryption I was not able to capture the session cookies using Wireshark.  As we discussed during our last meeting this was to be expected.  With a little research I used a tool called sslstrip while placing myself as a Man in the Middle (MitM).  The sslstrip program intercepts the TLS connection and converts the traffic to straight HTTP traffic.  Websites that do not force a pure SSL connection can fall victim to such an attack.  (Note: Walsh College’s online courses are fully protected and do NOT succumb to the attack)

POC_Week4_StatusReport

I have now split my attack into two separate attack vectors; the above listed attack, and one that attempts to capture session cookies using Wireshark.  I have noted that my project website does not use TLS/SSL to protect the login process.  My goal is to demonstrate that my own website can fall victim to a MitM attack.  I have NOT executed a PoC on this attack as of yet.

Combining all three research areas I would estimate that I am about 75% complete in the composition.  I have also developed the outline for my attack preparation and execution pages.  With the current research and the successful proof of concept I am very excited to work through the rest of my project.

Deliverable Tasks

  • Create How-To outline
  • Develop Proof of Concept (PoC)
  • Draft history/research pages
  • Research draft; Raspberry Pi, Wireshark, Kali Linux

Forecasted Tasks

  • Finish history/research pages
  • Publish draft research pages on website
  • Create How-To – Preparing the attack – draft

Week 3 Status Report

Summary

I had a lot of fun this week digging into my project outline.  This process prompted me to do some initial research on the Raspberry PI, Wireshark, and Kali Linux.  In an effort to find more information on the history of Kali Linux, which is BackTrack Linux, I reached out to the Offensive Security group.  I started to develop a relationship with one of their contributors, Muts.  Muts have helped me in the past on the Kali IRC channel working with my wireless cards on the Pi.  I also have reached out to the creator of Wireshark to ask for permission to use the Wireshark logo on my project webpage.  I have yet to hear back, but I’m hoping for the best.

I have developed a research/history outline for the three components to my attack; Raspberry Pi, Wireshark, and Kali Linux.  I am a bit worried that I will get bogged down with the amount information that I have found.  I need to focus on my current scope and ensure that the history information I provide is more topical.  I do feel that I may revisit these topics some day in the future and provide a comprehensive history of each.  However, additional research falls out of the scope of this project.  That said, the amount of information available can be quite inconclusive.  Open Source projects are designed to offer the collaborative effort of software development, rather than to keep a perfect history of their evolution.

In addition, the website layout design is complete, and I have already translated this into static pages on the website.  This was actually scheduled for next week, giving me a slight early start.

Deliverable Tasks

  • Design website layout
  • Purchase backup Raspberry Pi
  • Implement project backup plans including website backup
  • Research draft outline; Raspberry Pi, Wireshark, Kali Linux
  • Publish Draft Home/Introduction Page
  • Publish static framework pages on website
  • Find and install WordPress theme & images

Forecasted Tasks

  • Compile draft research/history pages
  • Create how-to outline
  • Develop proof of concept

Week 2 Status Report

Summary

This week was another productive week.  I great deal of my time was spent planning my project on MS Project.  I quickly became overwhelmed with the amount of work that included research on the Raspberry PI, Kali Linux, and Wireshark.  My main goal is to provide an extensive tutorial on the penetration attack.  Since the core of my project will consume a great deal of my time I must start my research early, and focus only on the educational benefits.  Knowing that I will enjoy the research I cannot let myself get bogged down with it.  I also want to produce a few videos on the attack to present during the virtual capstone fair.  I have given myself only one weekend to accomplish this, this concerns me.  With that said, visual aids are going to be essential in the process.  I need to make sure I spend time creating these along the way.

Deliverable Tasks

  • Interview with professor
  • Submit Project Proposal
  • Plan and scope full project on MS Project
  • Learn Camtasia
  • Research APA footnote method/syntax
  • Research WordPress footnote plugins
  • Research WordPress backup solutions

Forecasted Tasks

  • Design website layout
  • Purchase backup hardware
  • Implement website backup plan
  • Develop research outline for PI, Kali, Wireshark, MiM
  • Publish Home/Introduction page on website

Week 1 Status Report

Summary

This week was a very productive week. Time was invested on project planning with a focus on learning MS Project.  During this time several project management concepts also had to be researched. The majority of the time was attributed to narrowing my focus on the project goals, developing the project scope, and planning the first few weeks on MS Project.

Deliverable Tasks

  • Take Microsoft online MS Project tutorial courses
  • Start research on APA footnote standards
  • Meeting with Professor
  • Develop risk assessment draft
  • Draft first two weeks of project on MS Project
  • Passed draft of Project Proposal to peer for review

Forecasted Tasks

  • Learn APA method of proper footnoting for website citation
  • Plan out remainder of project on MS project
  • Ask Work Peers to review my Project Plan and ask for input
  • Incorporate feedback from Professor & Peers and finalize Project Proposal