Posts

Note: this was converted from LaTeX to Markdown using ChatGPT 4.1. The original PDF can be found here along with the bibliography. Secure data storage on Windows Laboratory protocol Exercise 8: Secure data storage on Windows Figure: Grouplogo Subject: ITSI Class: 3AHITN Name: Stefan Fürst, Justin Tremurici Group Name/Number: todo/12 Supervisor: SPAC, ZIVK Exercise dates: 14.02.2025 | 21.02.2025 | 28.02.2025 | 7.02.2025 Submission date: 14.3.2025 Table of Contents Task definition Task Overview Summary Exercise Execution Introduction Explaining the first script Changing the execution policy Installing BitLocker Changing the Hostname Downloading the second script Enabling Remote Desktop Creating a Scheduled Task The second script Creating Users and Adding Them to Groups Resizing the Disk and Creating a New Partition Creating Directories Populating the Directories Creating Users and Groups Verifying the Creation of users and groups Managing NTFS Permissions Using icacls Sharing the Directories via SMB Encrypting the Volume using BitLocker References Task definition Task Overview The goal of this exercise is to set up a secure and structured data storage system on a Windows Server, ensuring proper access control and encryption. The tasks include installing the operating system, configuring users and groups, setting up a folder structure, and securing access with permissions. ...

Note: this was converted from LaTeX to Markdown using ChatGPT 4.1. The original PDF can be found here along with the bibliography. Ethical hacking of a CTF-VM Laboratory protocol Exercise 7: Ethical hacking of a CTF-VM Figure: Grouplogo Subject: ITSI Class: 3AHITN Name: Stefan Fürst, Justin Tremurici Group Name/Number: todo/12 Supervisor: SPAC, ZIVK Exercise dates: 17-19.1.2025 Submission date: 20.1.2025 Table of Contents Task definition Summary Complete network topology of the exercise Exercise Execution Setting up the virtual machines Reconnaissance: Scanning the Network Reconnaissance: Exploring the websites Weaponization: Evaluating the needed tools Exploitation: Using Hydra to break HTTP basic authentication Exploitation: Using Hydra to brute force SSH login Exploring the system Listing all the files Investigating the listening service Investigating the process flag Further investigating the webserver Investigating secret_flag.txt Exploring the new user Finding the history flag It should be over now, right? Privilege escalation on Linux Using a smart enumeration tool Trying a kernel level exploit Trying to get privileges using Metasploit and Meterpreter Getting root access through editing the GRUB boot options Obtaining the final flag References Task definition This task is based on a Capture the Flag (CTF) challenge, where multiple flags are hidden across an environment and can be found either through exploits or by navigating the system. Two virtual machines are provided: an Ubuntu server, which hosts the flags, and a Kali Linux machine for offensive actions. Both machines operate in a Host-only network, meaning they can communicate with each other but not with the external internet or other devices. ...

Note: this was converted from LaTeX to Markdown using ChatGPT 4.1. The original PDF can be found here along with the bibliography. Exercise 6: GNU/Linux - Securing active components Laboratory protocol Exercise 6: GNU/Linux - Securing active components Figure: Grouplogo Subject: ITSI Class: 3AHITN Name: Stefan Fürst, Marcel Raichle Group Name/Number: Team 7/7 Supervisor: SPAC, ZIVK Exercise dates: 6.12.2024, 13.12.2024, 20.12.2024, 3.1.2025, 4.1.2025, 5.1.2025 Submission date: 4.1.2025 Table of Contents Task definition Task 0 - Preparation Task 1 – Installing a Web Server Task 2 – Securing with Basic Authentication Task 3 – Encrypting with HTTPS Bonus Task – Local DNS Setup (Optional) Summary Complete network topology of the exercise Exercise Execution Preparation Testing the SSH connectivity Changes to the Docker setup Installing an active component Setting up PHP-FPM with Nginx Securing Nginx with Basic Authentication Creating a Password File Configuring the authentication in Nginx and testing it Configuring HTTPS with Self-Signed Certificates Adding a Domain References Task definition Task 0 - Preparation Ensure your server from Exercises 4 and 5 is configured with SSH. Verify that you can connect to the server via SSH using a client with a GUI. ...

Note: this was converted from PDF to Markdown using pdftotext and manual formatting. The original PDF can be found here along with the bibliography. GNU/Linux - Securing access Laboratory Protocol GNU/Linux - Securing access Figure: Grouplogo Subject: ITSI|ZIVK Class: 3AHITN Name: Stefan Fürst, Marcel Raichle Group Name/Number: Dumm und Dümmer/7 Supervisor: ZIVK Exercise dates: 22.11.2024, 26.11.2024, 29.11.2024 Submission date: 1.12.2024 Table of Contents Task Definition Summary Exercise Execution Privileged rights Explanation of the sudo command Granting and restricting users’ sudo access Password policies Setting up a password policy sed Basics Harden SSH Changing the ssh port Adding OTP authentication Logging in as the users References List of Figures Attachments Task Definition This exercise focuses on enhancing security and user management in GNU/Linux. Participants configure SSH authentication using public keys, manage user privileges with sudo (e.g., granting specific permissions to edit files or create users), and set up password policies requiring strong, unique passwords. Additional tasks include changing the SSH port to secure the system, identifying open ports, and implementing two-factor authentication with Google Authenticator. Each step is documented and tested to ensure proper configuration and security. ...

Note: this was converted from LaTeX to Markdown using manual formatting. The original TeX file can be found here along with the bibliography. GNU/Linux - Setting up a multi-user environment Laboratory Protocol GNU/Linux - Setting up a multi-user environment Figure: Grouplogo Subject: ITSI|ZIVK Class: 3AHITN Name: Stefan Fürst, Marcel Raichle Group Name/Number: Dumm und Dümmer/7 Supervisor: ZIVK Exercise dates: 25.10.2024, 1.11.2024, 3.11.2024, 6.11.2024 Submission date: 6.11.2024 Table of Contents Task Definition Summary Exercise Execution Creating the Container Testing Connectivity It works, but why? Creating and managing users Login as the users Set directory privileges Setting up ssh Logging On to the SSH Server Enabling keypair authentication Disable password authentication References List of Figures Attachments Task Definition Setting up a headless Linux installation with multiple users, adding them to a group, and setting permissions over a directory structure. You will also need to set up an ssh server for which you will need to set up key pair authentication. ...