Categories
Administration Development Security

Basic HoneyPot: in Python3.8 With asyncio

The internet is a dangerous place. There are malicious bots online, going through all IP Addresses (bruteforcing by pruning known IP Ranges) to find any vulnerable servers to attack. In this post we are creating a HoneyPot in Python with asyncio in order to bait them into attacking us to analyse their attacks.

The bots do this by sending specific payloads (requests with specific data) and checking if the expected response was received. In this post we will attempt to create a simple honeypot which listens to all ports from 2 to 65535 (which is the maximum port number). Port 0 and Port 1 will not be used by the HoneyPot.

Server – DigitalOcean

The HoneyPot will run on a DigitalOcean VM because some of their IP Ranges are known by attackers ref: https://ipinfo.io/AS14061. Port 1 will actually be used for SSH by us because we want to check attacks on port 22 (default SSH port). Attack against weak passwords should be common (note this is an assumption).

Quick Python 3.8 Setup

As mentioned by the title you will need to install Python3.8. If you are running Ubuntu 16.04 you can do the following:

sudo apt install software-properties-common
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt install python3.8
sudo apt-get install python3.8-venv
python3.8 -m ensurepip
sudo python3.8 -m easy_install pip
python3.8 -m pip install fire
ulimit -n 100000

Note that we have increased the limit on open files to 100,000. This is because every socket opened on Linux is an open file. You should only need 65535 but 100,000 just to be safe (for example logging is going to use one at least).

You should then also modify /etc/ssh/sshd_config and modify the port to 1. When you ssh on the client side then you can do for example:

ssh root@server_address -p 1

asyncio

Asyncio is used to execute multiple tasks at a time on a single thread. We are going to make use of coroutines (async def) which listen (asyncio.start_server) a specific port and log any requests received (file logger to honeypot.log). We then launch all the tasks at runtime(asyncio.gather). There are 3 parameters that can be passed through the command line (done with Fire): address, port_start and port_end.

For more information please read: https://docs.python.org/3/library/asyncio.html

The full source code for the basic honeypot: https://github.com/Lougarou/honeypot

import utils.formatters as formatters
import utils.handlers as handlers
from datetime import datetime

import asyncio
import logging
import fire

logger = logging.getLogger(__name__)

async def smiley_protocol(reader, writer):
  try:
    data = await reader.read(1024)
    message = ""
    try:
      message = data.decode()
    except UnicodeDecodeError:
      message = data
    addr = writer.get_extra_info('peername')
    print([str(datetime.now().strftime("%m/%d/%Y, %H:%M:%S")),message, str(addr[0])+":"+str(addr[1])])
    logger.info([str(datetime.now().strftime("%m/%d/%Y, %H:%M:%S")),(f"{message!r}"), f"{addr[0]!r}", f"{addr[1]!r}"])
    writer.write(b":D")
    await writer.drain()
    writer.close()
  except ConnectionResetError:
    pass #do nothing, not useful for data collection

async def launch_pot(address='127.0.0.1',port=8888):
  server = await asyncio.start_server(
    smiley_protocol, address, port)
  try:
    async with server:
      await server.serve_forever()
  except:
    logger.error("failed to start "+str(port))

async def main(address="127.0.0.1", port_start=1, port_end=2**16-1, log='honeypot.csv'):

  logger.setLevel(logging.DEBUG)
  loggingStreamHandler = handlers.CSVTimedRotatingFileHandler(filename=log,
															  header=["time", "payload", "from", "port"])  # to save to file
  loggingStreamHandler.setFormatter(formatters.CSVFormatter())
  logger.addHandler(loggingStreamHandler)
  tasks = []
  for i in range(port_start,port_end + 1):
    tasks.append(asyncio.create_task(launch_pot(address, i)))
  await asyncio.gather(*tasks)

if __name__ == '__main__':
  fire.Fire(main)

You can then run the honeypot with the following command:

python3.8 honeypot.py --port_start=2 --address=<insert-ip>

Please feel free to comment if you are having any trouble running it.

Next Step: Honeypot.log Payload Analysis

I have planned to collect sample attacks in the honeypot.log and to do another blog post to analyse each of them. Initially I had planned to run it for a whole week but to my surprise the server is receiving hundreds of attacks per minute already.

For example one common attack that I can notice right away is the following:

Received b'\x03\x00\x00+&\xe0\x00\x00\x00\x00\x00Cookie: mstshash=hello\r\n\x01\x00\x08\x00\x03\x00\x00\x00' from ('13.65.92.2', 59134)

Cookie: mstshash=hello is payload to access compromised Microsoft Remote Desktop servers.

Subscribe to the blog if you don’t want to miss Part 2 where we will analyse the attacks received! Update: part 2 is out! https://everythingtech.dev/2021/03/basic-honeypot-analysing-payload-and-attacks/

Categories
Ideas

A Better Alternative To Curriculum Vitae

The Problem: Curriculum Vitae

The usual way to recruit someone is to ask for a curriculum vitae and motivation letter. If you have been on the interviewer side like me you will realise that there are many candidates who only upload the same curriculum vitae and motivation letter as well, perhaps with a few changes.

This should be considered as spam really. In small teams where there is only one person interviewing, for example in a small company where it could the manager or team leader looking at the CVs in his/her spare time, it could become really challenging to go through all the CVs and decreases the bandwidth of time that be spent on real and deserving candidates.

Instead of just asking for a CV and motivation (and additional links for software related positions: like github link or website with portfolio) the job boards (may be) or the career page of the company’s website should have an additional layer of filter.

First Layer: Technical Question Multiple Choice

The first layer should something that can be easily automated and prune some of the unqualified candidates. This can be done with a multiple choice questionnaire with a time limit either for every answer of for the entire questionnaire. This forces the candidates to really possess the basic knowledge to apply to the job.

Ideally the questions should also be randomised every time the test is taken.

Second Layer: Question With Use Cases

Most people lie in their CVs and motivation letters. We need to make sure that they actually have the advertised skills. In this layer we should ask use cases and complicated questions related to the work that they will carry. For example if they are going to work as a Data Engineer then may be ask how they will architect around data pipelines, data collection and data processing to provide real past examples.

This also filters out people who are just spamming, for example “Easy Apply” on LinkedIn.

This step cannot be automated and should probably be timed but will at least give you a better idea of the candidate.

Actually we can almost entirely eliminate the use of CVs and Motivation letters with this step.

If you have heard of https://www.beapplied.com/ this is actually what they can do for you.

Categories
Ideas

Tips to Upgrade Your Chess Skills

Introduction

Do you know every chess player only wants one thing: to become a better player? Obviously, they are all different; they all have their temperament and own learning speeds. However, if you are one of those and want to improve your chess skills as a stronger player, then you have come to the right place!

This article will help you go through this process, irrespective of your chess level. The basic principle is that you practice each of the following steps during your preparation and use them.

The majority of the ways to improve is found on chess.com and we will be referencing it tons below.

So let’s start now!

Learn Chess Tactics

For the regular player, learning or improving chess can yield better results more easily than any other player. You can either win or lose a piece after a planned combination. In other words, variations of short-term combinations lead to material gains or a draw, for example, pins, forks, skewers, checkmates, etc.

Based on your ELO rating you can choose to read the following books https://www.chess.com/blog/SamCopeland/25-books-guaranteed-to-improve-your-chess

Study and practice pattern recognition

The same type of chess situation comes up again and again in several tactical themes. You only need to learn these spots when it’s your time to move and understand the moves of your opponent. During the game, it will give you great confidence. Spotting the move will save your time or give you a chance to have the upper hand over your opponent.

A handy trick again on chess.com is to practice Puzzles. Puzzles is a fast way to learn get muscle memory on how to handle different situations with the most optimal move. Hikaru himself mentioned that this is one of the best ways to develop intuition!

Vision

Learning how to quickly spot different tiles based on the tile numbers like a1, h2 etc will help you greatly when reviewing videos, livestreams or even reading on chess.

Tunnel Vision

During matches you will have the tendency to focus on only part of the board or part of the strategy for example only offensive moves or only defensive moves. You need to learn to take a step back and reevaluate your weaknesses and opportunities at every move.

Videos

Look at livestreams at https://www.twitch.tv/Chess they are usually commented by top level chess players. Their commentary will help you immensely with learning how to think and how to play. This is a kind of tutoring that is available free from the best.

Another advice on videos is to look for top chess players training Twitch streams for the Pogchamp tournament. They are coached on everything from openings to best practices to how to checkmate. An example video:

Learn How to Control the Center

The four squares in the middle of the board should be used properly. This is the crucial part of your tactics for the rest of the board, so you can move your pieces wherever you want. Please do not leave your king for a longer period in the board’s center; it exposes the all-important piece to attacks.

Endgame is crucial for winning. 

From my training at my beginner level, I’ve learned that I also need to spend more time on chess endings. There’s no reason for losing a match that you can easily win! The endgame is fun, full of twists that every player needs to know. It is crucial for winning the game.

Opening Basics

It is impossible to know all the openings, so basic learning of what opening you are in will greatly help you. It will help you to consider what types of steps and moves you should use. You need to study them closely.

Playing and Analyzing, Repeat the Cycle

This rule is very simple. The more you play, the more understanding you can have about the game. One part is about learning a new chess concept, and then the second part is the excellent execution of it in a game.

The third part is analysis. After any move played by your opponent, you can have a gap and ask this set of questions to analyze the step:

  • What is the point of this move?
  • Does it require any urgent action?
  • Is it a good or bad move, and why?

You can also go through the same set of questions, even though the moves seem to be clear. To sum up, (1) plan, (2) play, (3) evaluate, (4) play again, and repeat the process over and over again.

On chess.com you will be given the option to analysze the whole match with an AI which will evaluate and suggest the best moves at different points in time during the match.

Lastly, Be Motivated

After a certain level, the loss of passion, is one of the key challenges most players face. Motivation is the most critical component for progress in chess. You need to find the right inspiration to help you keep going.

Finally

You can always improve your game in chess. Getting better at chess can be both fun and simple with the right habits and mindset. You will only need to learn the rules, play a lot of games, analyze the game, study the endgame, not waste time on openings, and carefully play your moves to improve at chess.

Categories
Ideas Investing

How To Choose Stocks To Invest

Choosing to invest in stocks is similar to buying a piece of a company. Below is a checklist that I personally go through before investing in a company. This is based on 3 years only on investing but hopefully it will be helpful to you.

  1. Choose a trust-worthy broker. Ideally go to the bank that you currently have your account at and ask them if they have a department to help you buy stocks from the popular exchanges. The commission rates will usually be on the first purchase only.
  2. Invest over a long period of time and do not invest all your money at the same time. Investing smaller amounts over long period of times provides you with an additional layer of safety against crashes like the recent Covid-19 related crash. My recommendation is to invest at least over 5 years.
  3. Never Short any stock. This is one potential way you can be losing more money than what you have invested.
  4. Don’t use leverage. If ever you decide to use leverage please use a take profit and a stop loss with a ratio of 3:1 and make sure that the stop loss risks only 1% of your total account.
  5. Know the domain in which you are investing. For example if you decide to invest in Cloudflare: make sure you know about information technology and that you understand the value that they are providing to their customers.
  6. Check the company’s financials for the past 10 years if available. Ideally you want a company that is trending in positive profit from the last few years and with low debt. For example https://seekingalpha.com/symbol/NET/income-statement shows that the company is growing.
  7. Checking insider trading. Are people working at the company selling their stocks? This can be a red flag.
  8. Apart from seekingalpha, I also suggest taking a look at https://simplywall.st/ to find more useful information. (not sponsored it’s just useful)
  9. Reinvest dividends back into your account. This will have a cumulative effect on the growth of your portfolio.

Disclaimer

Note this guide is not incentivising to invest in Cloudflare. This is only being used as an example. Ideally you should only invest in stocks an amount that you are comfortable to spare.

Categories
Security

Tips: Protecting against malicious file uploads

Disclaimer: This post is not sponsored by Metadefender, Cloudinary or AWS S3 but is recommended as one simple solution.

File upload attacks occur in 2 stages. The first stage is to attempt to upload file which contains malicious code and the second stage is to find a way to execute malicious code from that file.

You can find a simple working example here: https://shahjerry33.medium.com/remote-code-execution-via-exif-data-im-dangerous-43557d7f3e7a

Risks

The risks associated with unrestricted file upload and eventual remote code execution range from anything between simple defacement of a website to a complete system takeover.

Tips To Protect Against File Upload Attacks

  1. You have to deny file listing , patch vulnerabilities and combinations of vulnerabilities in file listing that can allow the attacker to execute the uploaded payload.
  2. Find vulnerabilities in libraries that are handling your uploaded files
  3. Add more safeguards like checking content-type and file extension.
  4. Filter out special characters from filenames and extension.
  5. Follow the best security practices for your web server. For example for Microsoft IIS
  6. You need to make sure only authenticated users are allowed to upload files
  7. You need to ensure that you have a malware scanner or antivirus examine not only the file but also the file system and network for suspicious activity.
  8. You need to randomize the filename once they are uploaded to make it harder to be executed.
  9. Disable verbose errors on the web user interface and instead give simple errors when a file upload fails.

There many more ways in which attacks can be executed and be prevented. A more comprehensive documentation can be found at https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload

Simple Alternative

There are many ways in which you can be attacked and prevent the attacks. Keeping updated and providing securing file uploads can easily take up a massive amount of time for you as a developer or website owner. That is why you could alternatively use a third party service like Metadefender, AWS S3 and Cloudinary.

Of course, there are costs associated with using third party services but in reality it will take only one attack to cause more damage than the costs being paid to the third party services.

The developers working at those companies are continuously working on patching security vulnerabilities while you will be able to focus on improving your business.

Categories
Administration

Switching Between Mono Versions On MacOS

Note that this guide applies if you have installed Mono from the Mac Package (.pkg).

  1. Open up a terminal
  2. Find out where the mono installations are by executing:
    which mono
  3. This should output a path as follows:
    /Library/Frameworks/Mono.framework/Versions/Current/Commands/mono
  4. Navigate to the Versions folder: cd /Library/Frameworks/Mono.framework/Versions
  5. Run ls -la to find out which version Current is pointing and versions available at e.g. Current -> 6.10.0/ means that Current is pointing to Mono 6.10.0/
  6. Delete Current with: sudo rm Current
  7. Create a new link to the new Mono version (e.g.5.16):
    sudo ln -s 5.16.0/ Current
  8. Run mono –version to confirm the switch was successful

If you are having any trouble please feel free to comment and we will get back to you. You should make sure to list all the links with ls -la before deleting Current so that you can switch back to your old mono version in case of panic.