Tuesday, March 29, 2016

SANS Work-Study

My contract with my current employer won't be renewed for now.  I may still be hired for future opportunities with my current employer.  It's ok.  I like my job, but sometimes there simply isn't enough work for one to do.  I appreciate the experience that I gained, and that I had an excellent employer.  I look forward to working with my current employer in the future.

I recently received some exciting news.  SANS offers a work-study program.  I signed up for several opportunities.  I've been getting some declined notices.  I did get one acceptance letter.  I'll be a Facilitator for SEC 301 at SANS Security West.  I'm excited and a little nervous.  That's next month.

The Work-Study program is a great resource for people just starting out.  The course is given at a discounted rate($900 at the time of this writing-it will increase to $1,100 after April 1st, 2016-and may increase in the future), in exchange for the person volunteering to assist SANS employees at the conference.  The hours are long, potentially 6:30 AM-7:00 PM, but I think that it's worth it.  Currently, the Facilitator gets the course that they were assigned to-you pick from a list of courses that you're interested in-then SANS tells you which one you get from that list.  The Facilitator also gets the On-Demand version of the course in case they are called out of class for any reason.  The Facilitator may be "required" to sit in a couple of SANS@Night events.  I put required in quotes because I will attend as many as I can, anyway.  The SANS@Night events are interesting, valuable resources.  The Facilitator gets a certification attempt if they stay in the same hotel as the conference.  At the time of this writing-if one lives near the conference or has friends/family that they will be staying with, that requirement to get the certification attempt may be waived.  NetWars may be available for an extra fee, if one is interested in trying NetWars.  Facilitators must pay their own travel expenses, if the conference isn't near their home.  I like the opportunity to network and learn.  Here's the website for more information:  https://www.sans.org/work-study

Friday, March 25, 2016

BBC.com Cyber Security Article-Partial Solution

I saw a retweet of an article titled, "Do You Have The Brains for CyberSecurity? http://www.bbc.com/news/technology-34312697  I decided to give it a whirl.  The answers will be revealed next week.  If you would like to try to solve the puzzles, do not read any farther.  Update 2:  The official solutions have been posted.  http://www.bbc.co.uk/news/technology-35929741

Challenge One:

This first puzzle is pretty straightforward. You even get the key. Use it to decipher the questions and then choose the right answer.
Decoded:

Where was the centre of CODE BREAKING during WW2?

Bletchley- the answer was stated earlier in the article.

The man who designed the machine that CRACKED the ENIGMA CODE was?

Turing-This information was in the SANS Holiday Hack Challenge 2014.

The fundamental BUILDING block of ELECTRONIC devices is the?

Transistor

Challenge Two

This time there is no key to help decipher this short string of numbers, so it is a bit harder. However, here is a hint - once deciphered the string will reveal the name of a famous maths code that uses numbers.
5 8 1 14 13 0 2 2 8 18 4 16 20 4 13 2 4
The solution to this puzzle was a straight forward substitution cipher where A = 0, B = 1, C = 2, etc.  The answer is Fibonacci Sequence.

Challenge Three

Code-breaking was practised in Roman times: Julius Caesar was known to use a code to securely send messages to his armies. This message uses a type of cipher named after the general to conceal its meaning. When you crack it you will find out where he kept his armies. 
X S K L V V O H H Y L H V
This is referring to a Caesar Cipher.  I simply used a Caesar Cipher decoder tool to help me to solve this one.  The key was 23 and the answer was UP HIS SLEEVIES.

Challenge Four

Now the puzzles get more tricky. This code does not use numbers and letters to hide what it says. Instead, it swaps those familiar characters for symbols. Once cracked, the following message reveals who famously made use of this type of enciphering and the name of the technique. Here is a hint: it requires a code that shares its name with a place where a smelly farm animal is kept.



Symbol-based code
This is a pigpen cipher.  I found this image via a Google search.  It was on cyt-prasanna.blogspot.com.  One you figure out the cipher, it's another substitution cipher-substituting symbols for letters.

The answer is "IN THE 18TH CENTURY, FREEMASONS USED PIG PEN CIPHERS TO KEEP THEIR PRIVATE RECORDS."
Challenge Five
This one is a real step up in difficulty. It can probably be done by trial and error, but it will be quicker to work out the rules governing the substitution and apply them. The key to cracking the message is elementary and you may find it easier to sit at a table rather than a desk to crack it.
Breaking the cipher will reveal a question. The solution is the answer to that question.
81, 1, 68, 59, 68, 86, 53, 76, 105, 53, 24, 22, 89, 5, 57, 68, 77, 50, 89, 81, 85, 4, 113, 71, 95, 86, 47, 44, 45, 33, 11, 64, 99, 12, 63, 10, 73, 8, 87, 52, 67, 68, 24, 72, 63, 25, 77, 6, 13, 3, 68, 57, 63, 101, 99, 60, 43, 14, 76, 88, 64, 47, 7, 53, 50, 99, 66, 76, 60, 22, 1, 99, 5, 47, 62, 53, 106, 8, 9, 81, 2, 68, 53, 75, 89, 52, 8, 25, 77, 27, 28, 113, 42, 4, 63, 75, 34, 63, 71, 63, 27, 52, 88, 76, 11, 17, 8, 11, 26, 77, 32, 113, 45, 13, 52, 77, 76, 11, 14, 13, 11, 66, 44, 63, 6, 115, 44, 37, 77, 7, 31, 6, 67, 63, 42, 77, 17, 13, 57, 84, 45, 8, 15, 63, 86, 43, 77, 68, 62, 74, 68, 23, 63, 92, 14, 68, 66, 53, 22, 52, 8, 24, 44, 68, 13, 81, 63, 18, 17, 53, 46, 72, 68, 44, 83, 39, 92, 62, 77, 28, 31, 52, 67, 63, 53, 28, 77, 43, 53, 13, 3, 3, 68, 65, 43, 63, 45, 34, 8, 26, 73, 67, 63, 68, 3, 63, 42, 68, 60, 65, 21, 4, 92, 73, 52, 74, 8, 57, 68, 65, 43, 63, 44, 38, 20, 13, 10, 52, 5, 63, 92, 50, 68, 66, 74, 67, 13, 81, 33, 75, 68, 81, 80, 63, 70?
The clue was given in the picture below this in the article.  They also state that you may want to do this at a table rather than a desk-they're referring to the periodic table.  The answer is that every number corresponds to an element on the periodic table.  Number 1 is Hydrogen, for instance.  So, you take the first letter of that element.  I wrote a program to solve it for me, in Java.  It's not the neatest program because I haven't programmed in a while.
public class PeriodicTableEncoding {

public static void main (String[] args) {

int[] encodedtext = {81, 1, 68, 59, 68, 86, 53, 76, 105, 53, 24, 22, 89, 5, 57, 68, 77, 50, 89, 81, 85, 4, 113, 71, 95, 86, 47, 44, 45, 33, 11, 64, 99, 12, 63, 10, 73, 8, 87, 52, 67, 68, 24, 72, 63, 25, 77, 6, 13, 3, 68, 57, 63, 101, 99, 60, 43, 14, 76, 88, 64, 47, 7, 53, 50, 99, 66, 76, 60, 22, 1, 99, 5, 47, 62, 53, 106, 8, 9, 81, 2, 68, 53, 75, 89, 52, 8, 25, 77, 27, 28, 113, 42, 4, 63, 75, 34, 63, 71, 63, 27, 52, 88, 76, 11, 17, 8, 11, 26, 77, 32, 113, 45, 13, 52, 77, 76, 11, 14, 13, 11, 66, 44, 63, 6, 115, 44, 37, 77, 7, 31, 6, 67, 63, 42, 77, 17, 13, 57, 84, 45, 8, 15, 63, 86, 43, 77, 68, 62, 74, 68, 23, 63, 92, 14, 68, 66, 53, 22, 52, 8, 24, 44, 68, 13, 81, 63, 18, 17, 53, 46, 72, 68, 44, 83, 39, 92, 62, 77, 28, 31, 52, 67, 63, 53, 28, 77, 43, 53, 13, 3, 3, 68, 65, 43, 63, 45, 34, 8, 26, 73, 67, 63, 68, 3, 63, 42, 68, 60, 65, 21, 4, 92, 73, 52, 74, 8, 57, 68, 65, 43, 63, 44, 38, 20, 13, 10, 52, 5, 63, 92, 50, 68, 66, 74, 67, 13, 81, 33, 75, 68, 81, 80, 63, 70};
String[] decodedtext = new String[246];
for (int x = 0; x < encodedtext.length; x++){
if (encodedtext[x] == 1)
decodedtext[x] = "H";
else if (encodedtext[x] == 2)
decodedtext[x] = "H";
else if (encodedtext[x] == 3)
decodedtext[x] = "L";
else if (encodedtext[x] == 4)
decodedtext[x] = "B";
else if (encodedtext[x] == 5)
decodedtext[x] = "B";
else if (encodedtext[x] == 6)
decodedtext[x] = "C";
else if (encodedtext[x] == 7)
decodedtext[x] = "N";
else if (encodedtext[x] == 8)
decodedtext[x] = "O";
else if (encodedtext[x] == 9)
decodedtext[x] = "F";
else if (encodedtext[x] == 10)
decodedtext[x] = "N";
else if (encodedtext[x] == 11)
decodedtext[x] = "N";
else if (encodedtext[x] == 12)
decodedtext[x] = "M";
else if (encodedtext[x] == 13)
decodedtext[x] = "A";
else if (encodedtext[x] == 14)
decodedtext[x] = "S";
else if (encodedtext[x] == 15)
decodedtext[x] = "P";
else if (encodedtext[x] == 16)
decodedtext[x] = "S";
else if (encodedtext[x] == 17)
decodedtext[x] = "C";
else if (encodedtext[x] == 18)
decodedtext[x] = "A";
else if (encodedtext[x] == 19)
decodedtext[x] = "K";
else if (encodedtext[x] == 20)
decodedtext[x] = "C";
else if (encodedtext[x] == 21)
decodedtext[x] = "S";
else if (encodedtext[x] == 22)
decodedtext[x] = "T";
else if (encodedtext[x] == 23)
decodedtext[x] = "V";
else if (encodedtext[x] == 24)
decodedtext[x] = "C";
else if (encodedtext[x] == 25)
decodedtext[x] = "M";
else if (encodedtext[x] == 26)
decodedtext[x] = "F";
else if (encodedtext[x] == 27)
decodedtext[x] = "C";
else if (encodedtext[x] == 28)
decodedtext[x] = "N";
else if (encodedtext[x] == 29)
decodedtext[x] = "C";
else if (encodedtext[x] == 30)
decodedtext[x] = "Z";
else if (encodedtext[x] == 31)
decodedtext[x] = "G";
else if (encodedtext[x] == 32)
decodedtext[x] = "G";
else if (encodedtext[x] == 33)
decodedtext[x] = "A";
else if (encodedtext[x] == 34)
decodedtext[x] = "S";
else if (encodedtext[x] == 35)
decodedtext[x] = "B";
else if (encodedtext[x] == 36)
decodedtext[x] = "K";
else if (encodedtext[x] == 37)
decodedtext[x] = "R";
else if (encodedtext[x] == 38)
decodedtext[x] = "S";
else if (encodedtext[x] == 39)
decodedtext[x] = "Y";
else if (encodedtext[x] == 40)
decodedtext[x] = "Z";
else if (encodedtext[x] == 41)
decodedtext[x] = "N";
else if (encodedtext[x] == 42)
decodedtext[x] = "M";
else if (encodedtext[x] == 43)
decodedtext[x] = "T";
else if (encodedtext[x] == 44)
decodedtext[x] = "R";
else if (encodedtext[x] == 45)
decodedtext[x] = "R";
else if (encodedtext[x] == 46)
decodedtext[x] = "P";
else if (encodedtext[x] == 47)
decodedtext[x] = "A";
else if (encodedtext[x] == 48)
decodedtext[x] = "C";
else if (encodedtext[x] == 49)
decodedtext[x] = "I";
else if (encodedtext[x] == 50)
decodedtext[x] = "S";
else if (encodedtext[x] == 51)
decodedtext[x] = "S";
else if (encodedtext[x] == 52)
decodedtext[x] = "T";
else if (encodedtext[x] == 53)
decodedtext[x] = "I";
else if (encodedtext[x] == 54)
decodedtext[x] = "X";
else if (encodedtext[x] == 55)
decodedtext[x] = "C";
else if (encodedtext[x] == 56)
decodedtext[x] = "B";
else if (encodedtext[x] == 57)
decodedtext[x] = "L";
else if (encodedtext[x] == 58)
decodedtext[x] = "C";
else if (encodedtext[x] == 59)
decodedtext[x] = "P";
else if (encodedtext[x] == 60)
decodedtext[x] = "N";
else if (encodedtext[x] == 61)
decodedtext[x] = "P";
else if (encodedtext[x] == 62)
decodedtext[x] = "S";
else if (encodedtext[x] == 63)
decodedtext[x] = "E";
else if (encodedtext[x] == 64)
decodedtext[x] = "G";
else if (encodedtext[x] == 65)
decodedtext[x] = "T";
else if (encodedtext[x] == 66)
decodedtext[x] = "D";
else if (encodedtext[x] == 67)
decodedtext[x] = "H";
else if (encodedtext[x] == 68)
decodedtext[x] = "E";
else if (encodedtext[x] == 69)
decodedtext[x] = "T";
else if (encodedtext[x] == 70)
decodedtext[x] = "Y";
else if (encodedtext[x] == 71)
decodedtext[x] = "L";
else if (encodedtext[x] == 72)
decodedtext[x] = "H";
else if (encodedtext[x] == 73)
decodedtext[x] = "T";
else if (encodedtext[x] == 74)
decodedtext[x] = "W";
else if (encodedtext[x] == 75)
decodedtext[x] = "R";
else if (encodedtext[x] == 76)
decodedtext[x] = "O";
else if (encodedtext[x] == 77)
decodedtext[x] = "I";
else if (encodedtext[x] == 78)
decodedtext[x] = "P";
else if (encodedtext[x] == 79)
decodedtext[x] = "A";
else if (encodedtext[x] == 80)
decodedtext[x] = "H";
else if (encodedtext[x] == 81)
decodedtext[x] = "T";
else if (encodedtext[x] == 82)
decodedtext[x] = "P";
else if (encodedtext[x] == 83)
decodedtext[x] = "B";
else if (encodedtext[x] == 84)
decodedtext[x] = "P";
else if (encodedtext[x] == 85)
decodedtext[x] = "A";
else if (encodedtext[x] == 86)
decodedtext[x] = "R";
else if (encodedtext[x] == 87)
decodedtext[x] = "F";
else if (encodedtext[x] == 88)
decodedtext[x] = "R";
else if (encodedtext[x] == 89)
decodedtext[x] = "A";
else if (encodedtext[x] == 90)
decodedtext[x] = "T";
else if (encodedtext[x] == 91)
decodedtext[x] = "P";
else if (encodedtext[x] == 92)
decodedtext[x] = "U";
else if (encodedtext[x] == 93)
decodedtext[x] = "N";
else if (encodedtext[x] == 94)
decodedtext[x] = "P";
else if (encodedtext[x] == 95)
decodedtext[x] = "A";
else if (encodedtext[x] == 96)
decodedtext[x] = "C";
else if (encodedtext[x] == 97)
decodedtext[x] = "B";
else if (encodedtext[x] == 98)
decodedtext[x] = "C";
else if (encodedtext[x] == 99)
decodedtext[x] = "E";
else if (encodedtext[x] == 100)
decodedtext[x] = "F";
else if (encodedtext[x] == 101)
decodedtext[x] = "M";
else if (encodedtext[x] == 102)
decodedtext[x] = "N";
else if (encodedtext[x] == 103)
decodedtext[x] = "L";
else if (encodedtext[x] == 104)
decodedtext[x] = "R";
else if (encodedtext[x] == 105)
decodedtext[x] = "D";
else if (encodedtext[x] == 106)
decodedtext[x] = "S";
else if (encodedtext[x] == 107)
decodedtext[x] = "B";
else if (encodedtext[x] == 108)
decodedtext[x] = "H";
else if (encodedtext[x] == 109)
decodedtext[x] = "M";
else if (encodedtext[x] == 110)
decodedtext[x] = "D";
else if (encodedtext[x] == 111)
decodedtext[x] = "R";
else if (encodedtext[x] == 112)
decodedtext[x] = "C";
else if (encodedtext[x] == 113)
decodedtext[x] = "U";
else if (encodedtext[x] == 114)
decodedtext[x] = "F";
else if (encodedtext[x] == 115)
decodedtext[x] = "U";
else if (encodedtext[x] == 116)
decodedtext[x] = "L";
else if (encodedtext[x] == 117)
decodedtext[x] = "U";
else if (encodedtext[x] == 118)
decodedtext[x] = "U";
else
decodedtext[x] = "Error";
}
for (int i = 0; i < decodedtext.length; i++){
System.out.println(decodedtext[i]);
}
}
}
The answer is THE PERIODIC TABLE IS A TABULAR ARRANGEMENT OF THE CHEMICAL ELEMENTS ORGANIZED ON THE BASIS OF THEIR ATOMIC NUMBERS, ELECTRON CONFIGURATIONS, AND RECURRING CHEMICAL PROPERTIES.  WE'VE USED IT TO CREATE A CIPHER BY USING THE INITIAL LETTERS OF THE ELEMENTS, BUT TWO LETTERS CAN'T BE USED.  WHAT ARE THEY?
The answer is J and Q, the only two letters of the alphabet that are not initial letters on the periodic table.

Challenge Six

Good work if you have got this far. This final challenging set of puzzles has three parts; when each one is completed it will reveal a quote from a well-known work of literature, whose author loved intellectual games of all kinds. Can you find all three? 
Bear in mind while you are working on these that each puzzle is not necessarily just a cipher - there are some computer science basics mixed in. Each one is designed to be solved independently so if one of the puzzles defeats you then move on. Here's one final clue: Alice fell down a rabbit hole and left clues so Bob could find her...
I've only solved the first part of this one so far.

Challenge Six images


Puzzle Number One is hex encoded.  Decoding the hex, you get a weird phrase.
"Jr'er nyy znq urer. V'z znq. Lbh'er znq." "Ubj qb lbh xacj V'z znq?" fnvq Nyvpr. "Lbh zhfg or," fnvq gur Png, "be lbh jbhyqa'g unir pbzr urer."
This looks like it could be English text, given the apostrophes could be contractions.  I've seen similar text in rotation ciphers, like rot13.  This one just happens to be a rot13 cipher.  I used a rot13 tool to solve this puzzle.
The answer is "WE'RE ALL MAD HERE.  I'M MAD. YOU'RE MAD." HOW DO YOU KNOW I'M MAD? SAID ALICE.  "YOU MUST BE," SAID THE CAT, "OR YOU WOULDN'T HAVE COME HERE."

Update:

Challenge 6 Part 2:

I think that this may be a VIC cipher/Straddling Checkerboard Cipher.  I haven't been able to decipher it yet.  I have to figure out the key and which numerals are left empty.  I found the image below here:  I'm not sure if the link is safe or not, so don't click on the link.  I used a LiveCD VM to find it.  http://crypto.interactive-maths.com/uploads/1/1/3/4/11345755/777166.jpg&imgrefurl=http://crypto.interactive-maths.com/straddling-checkerboard.html&h=88&w=226&tbnid=0btk2h9aeOLT2M:&docid=gSXf53kT4ebHNM&ei=Zub6VpntGYO5Ubr8pOgL&tbm=isch&ved=0ahUKEwiZuIHx3ubLAhWDXBQKHTo-Cb0QMwgfKAIwAg

Usually the key is estoniar, which are the most commonly used letters.  Sometimes, it's different though.  Two of the numerals in the top part of the cipher need to be left blank.  They are the numerals used on the left.  Those numerals on the left hand side signify that those letters are represented by two digits instead of one digit.  So, E would be represented by 0 in this case, F would be represented by 10, and M would be represented by 70.  The letters on the 3rd and 4th rows are the characters that were not used in the second row.  They can be placed in order, or jumbled up.  Note, that some positions need to be left blank or have some form of punctuation in them.

This can be used alone or along with another step to make the cipher more difficult to break.



When I use the numerals 0, 8 as blank, and order the letters, estoniarbcdfghjkmpquvwxyz, part of it is deciphered to "I see one star".  Maybe that is just a happy accident though?  The rest looks jumbled.  Not really sure what all the rules are with this cipher.  I'll do more research.
Challenge 6 Part 3:

I was overthinking 6:3.  I was looking for ciphers that involved bishops.  Andrew Welham kindly told me in the comments that Challenge 6 Part 3 was Morse Code.

I tried his solution, and he was correct.  Thank you.

I used dashes for the white bishops and dots for the black bishops.  So I got:

--- ..-. ..-. .-- .. - .... - .... . .. .-. .... . .- -.. ... which translates to "OFF WITH THEIR HEADS"