Night Post - 30/09/2014

Evening readers!

Well todays been a bit of an interesting one as i've recently snaffled the training videos from my job's training files (with permission of course) and its a hell of a list so those will have to be watched at some point.

Today, i've also been manning the IT Service Desk email inbox solo which for someone who's been listening in on phone calls for a week, feels like a big deal :)
So, I've pretty much been responding to user queries, resetting passwords and checking that people have adequate permissions on AD which was pretty awesome, actually getting to use it first hand and as you saw a little bit from my previous post, i was checking that a user had the right permissions to view a shared drive.

Another update on something, i mentioned in a previous post that i've been trying to become a bit healithier by exercising a little more and thats kicked off properly tonight, i cycled for about 45 minutes. 45 mins you might be thinking is pretty lame but it's good if you consider the level of fitness i currently have which is -1 or something so yeah, go me :)

Finally! onto tonights SO post, you will remember from a few days back, assuming that you are a regular reader, that i was attempting SO Basic Level 3 and ended the post pretty damn stumped.
We're back on it today with the little bit of progress i've made on the matter so yeah here we go.

I spoke with my friend, the owner/writer of hackingtheperimeter.com and he recommended that i research the information that it actually gave me.
So in the case of SOBL3 - it told us that:

Wrong User Agent:

You are restricted from viewing this page due to your user-agent.

So the information that this level gives us is limited but the point my friend was making was run with what you've got and go from there. So, we now know that a Wrong User Agent is in play. This gives us an avenue to go down and we google, What is a user agent?
Obviously, we get millions of hits so we choose the most reputable (not wikipedia).

I chose a Microsoft site which has taught me that a user agent is pretty much what a server logs from your computer when you go there on a browser. So in case that wasn't clear because i tend to make sense only to myself, its like you visiting a website and the website server automatically logging that your using IE/Firefox/Chrome etc.

Its purpose is pretty much to tell the server the best way to present your information.
I THINK that as far as security goes, its something to do with identifying suspicious requests but i'm not entirely certain.
So, if my research is correct, i should be finding the user-agent string in the CSS part of a web page.
BTW - I'm using FireBug to inspect elements because i personally find it clearer but yeah, this is what i'm currently seeing so were on the same page here.

And i still can't find the freaking UA in the page, i'm exhausted and will get back to you all when i've asked my friend for some advise which will be tomorrow because we're celebrating our October Birthdays tomorrow so yeah.

Hold your breath follks, we'll figure it out.

I'm going to bed before i cry of tiredness,

Toodles!

Quick Update

Afternoon/Evening Readers! (yeah we're moving back to readers)

This is a quick update just to say that i had my first foray into using AD today, i was using it to check the permissions of a user.

I did this by finding the user, right clicking and selecting properties. This, as you would expect, shows you all the properties of a user on the system such as name, display name. In fact, look below and i will give you a security conscious peak at the tabs available to you on AD user properties.

The tabs above, essentially contain the holy grail of information about a user, from showing what groups they are a member of to the username and domain attached to it.


That's all for now but i will post later!

Toodles!!

My Technical To-Do List

Good day minions!

Well, today we're kicking off with completing some of my technical to-do list. Whats that you ask?
My Technical To-Do List is precisely that, a to do list of technology based things to learn. I'm completing this list because i want to be the best i can possibly be and know as much as i can about computing.  I have a list based within a 3 month time scale and i aim to complete it.

So for the first part of an inevitable number of posts today is Information Security - Confidentiality which is part of a CIA principle, not the American CIA but in IS - Confidentiality, Integrity and Availability.

So yeah, we're starting with Confideniality whcih is as you would imagine, preventing information from reaching people who have no right to it, a bit like medical records. You know, you and your doctors are supposed to see them but the random night shift cleaner or visitor isn't supposed to.
Operating under that principle, in computing terms, what would be the best way to prevent these random people looking at private files?

A good start to this is encrypting your files, there are many ways to go about this. If you remember my last post about ROT13, thats an encryption method, theres also Twofish, blowfish, AES, DES, RSA, MD5, SHA-1. My point being, is that there are many many ways to protect your data, to make it confidential.
For instance, one of my security-paranoid friends, i think encrypts his entire HDD and his files, plus everything on his USB stick for the sake of security. NOBODY is getting into his files, trust me on that one.

There are numerous different encryption programs available to make your data confidential, both free software and paid for, as is always the case but to name a few:

1. TrueCrypt
2. BitLocker

But there is also the methods i have previously mentioned if you want to do it by hand and you know, with a bit of googling, you can find your own software.

However, a further word on Confidentiality - Its not all about encryption, theres more to it than one small part of it. Its about general security, its making sure you use your physical locks, two factor authentication, actually using a password.

Also, on the subject of passwords,  its a subject near and dear to my heart really. Just don't be an idiot with a password. Don't sit there complaining that your email has been hacked or whatever when your password is Password01 or password123 or your name.
If you use a secure password, like many sites are forcing you to these days, its for a good reason. They are asking pretty much for the blood of your first born so that your data stays private and confidential. You could almost say that it is your duty or responsibility to keep your data and everyone elses secure.

Final note on passwords, for the love of all things intelligent - DO NOT LEAVE YOUR PASSWORD ON A POST IT ATTACHED TO YOUR COMPUTER!!!!

Just don't do it, don't be that person.

There will be other posts today so stay tuned folks!

Post for tonight on SO

Hey minions!

Sorry this post is a little later than i intended, i took the long way home with the whole keep fit thing but i'm home, warm and fed which is important since i forgot to take lunch today because i'm clever like that :)

Right, todays SO is on the decryption, (basic level 3 is on hold until i get a bright idea or desperate enough to google, either/or), the first level of the decryption is using ROT13.

This is quite nice for me because i've come across ROT13 before on my forensics course at uni, we were covering it for some reason that currently eludes me but anyway. The basics of this is that you take a letter, such as A and you substitute it as a letter 13 characters along, in this case N. So on and so forth :) pretty simple yes?

We kick off with this screen which contains the phrase you need to decrypt.

As you can see, there is a personalised string there that needs decrypting so for me
Now there are pretty much 2 solid ways to go about this, you can do it by hand (per se) or you can use an online ROT13 decryptor, which ever one tickles your fancy or floats your boat (thought I'd treat you to a little Yorkshire/British turn of phrase).

I'll do it by hand so we can get hang of it. We start by either counting forward or back 13 characters which takes us to b,and so on, eventually i get beth2472, what is Setec Astronomy. 
I enter it and i'm right, i should be for counting back and forth (FYI, count after the letter and not including it, like numpty here :)  )

Fabulous. This is ROT13 and thats all for now
Minions! i apologise for the short posts lately, as i've told you all numerous times, i've recently started my new job however it is also my first job and i'm still getting into the swing of the days and travelling home and trying to juggle stuff.
The point being that once i've adjusted, i will be back to normal :)

Quick Update - 24/09/14

Good Afternoon minions,

Sorry for the lack of a post yesterday, i've been pretty busy at work and as i'm also trying to get a bit fitter in amongst learning more stuff, i haven't had an awful lot of spare time. Anyway, enough of the excuses, i'm posting from my 10 min break at work to let you all know that i will be posting something this evening and have not, in fact abandoned you.

Toodles!

Beth

Today's Security Override

Right minions,

Todays SO is Basic Level 3 and this is what we shall be dealing with (currently a newbie in the whole security game so again NO JUDGING)

We kick off here:

So today we have no input field to assume we can get access to the page, you will probably be asking yourself the same question as i am, how in the name of Odin do we figure this out.......where do we even start.....

We start, my dear minions, by inspecting the elements like we always do and we shall see where that gets us.

At this point i have scanned through the source code and spot nothing so i'm somewhat at a loss as to what to do.

So ladies and gentlemen, i give up for tonight and i'm going to read a PDF i've been given :)

Good evening to you all and we'll pick this up when i have a better idea of what the hell i'm doing

Update on Work!

Evening minions!

Feels like i no longer have any spare time but i've pretty much just got in from work and i figured i'd update you,  firstly with what i've learned at work so far and then try my hand at an SO challenge before i head to bed to start another day. (For those thinking that i go to bed pretty early, i get up at 5.30am and don't get home till at least 7.45pm, so no judging!)

So yeah, Work - so far i've pretty much been learning the ropes on the help desk, to you guys, this is listening on calls to get a feel for the standard sorts of problems that get called in as well as listening and watching the guy who's training me solve the issue.
Its pretty amazing, to me at least, the amount of none IT based stuff that gets called into an IT helpdesk, like pretty spectacular.
The second thing i've learned from the calls is that apparently since we work on a help desk, we inhabit a world of magic and unicorns and miracles because we can seemingly solve every wrong in the world :P (yes that is sarcasm lol). Sometimes things break and you've got to be patient for us to fix the issue :) that is all.
Since i seem to be digressing a great deal, i'll bullet point what i've learned to shorten this (intended) brief post.

• Getting more competent using Novell Remote Help as well as Microsoft's Remote Tool
• Learning how to escalate calls and to which department
• Standard password resets
• How to deal with unreasonable customers in a friendly way
• Learning of course how to log issues 
• Been shown how to resolve standard issues
• Email resolution (We currently have a domain changeover and its messy)
• What chaos the cryptolocker virus wreaks on a system when supposedly smart people fall victim to spam emails
• Finally - how to restore files that have been backed up on a server 

AS promised: ADDITION!

My list stored on the work computer -

All little things but the little things collate to one big progress (one day at least :) )
And certainly loads of other things but currently my mind is blanking and i will add them in tomorrow on my lunch break because i have a list at work that on hindsight i should probably backup.

Some hypocritical advice at you right now minions! ALWAYS BACK YOUR STUFF UP
and if you don't already, back up your backup because hardware can fail
I personally use onedrive but there are plenty out there such as: 

• One Drive
• Dropbox
• Google Drive
• Mega Upload
• Spideroak (For the security Concious)

Anyway, thats it for the supposedly short work update. Next upping is the SO for tonight before i do some reading. Keep learning minions, its key in IT!

Security Override Basic 2

Evening minions!

We'll kick off this post with an update, i have been doing the security override challenges as previously discussed however i have been stuck on Basic 2 (no judgement here!) for longer than i care to admit.

I started off the way i solved the previous challenge, by inspecting the element and after almost literally fine tooth combing through the bloody code, i was back to the point where i had initially started off looking at. Now, i can pretty much hear you screaming through your monitors saying "Beth! you complete moron, it was so obvious!", i know. But the whole point of the basic challenges are to introduce a tiny bit of tech but to open your style of thinking up.

So after sitting there essentially staring at the same bit of code, i broke and had a quick search through the SO forums, all they pretty much told me was that the jedi i was looking for wasn't there and to translate that into none Beth-Speak, i was looking at the right part but the pure simplicity of the answer was yet to dawn on me. So in this particular area i was looking at this:

So i looked up the various input types, value types etc, really if i could have researched more, i'd have died with my eyes glued to the screen. I then tried the obligatory pass.html because i had a gut feeling that it was the major part in solving it.

You may be asking yourself at this point, "Beth, why on earth did you not just google it??"
Well minions, i'll tell you why. Because then i wouldn't have learned the lesson on how to figure it out, someone would have just told me how to do it and to me that's cheating because i haven't figured it out myself.

You may feel that that is a harsh view but ya know, that's my view, deal with it.

I'm not going to give any more hints than that because its dawned on me that i've been giving answers away and i'll be damned if i work out stuff so others don't have to.

But when it clicks into place for you minions, the feeling is great :D

BTW - If you want to check out a friend of mines blog, its totally worth reading for the tech content, its about 5 levels above my knowledge at least.

http://www.hackingtheperimeter.com/

Toodles minions!

18/09/2014 - Post 2

Continuing on from the previous post,
You can see in the challeges that theres loads to choose from.

This time, i've chosen Steganography and that my friends is the art of hiding stuff inside files so that its invisible unless you know its there or at least suspect!

For this one, your gonna need a hex editor. The one that i use is HxD and it allows you to add in photos and view the hex.

So we go to level 1 of Steganography:

So we need to download the image and add it into your Hex editor (FYI the hex editor is so you can see the innards of the file).

As you can see once you scroll through the code, there is the password to the next level embedded into the hex for you to find. We select it and put it into the box.....

And wouldn't you believe it! We're onto the next level!

Thats all for now folks,

Toodles!

Greetings!

Evening Minions,

I've not long got in from work (the new job i mentioned in previous posts), its going well incidently, i like the people i'm working with and the job seems interesting which is always a start :)

Anyway, because i haven't posted in a while i guess, tonight is a little bit of a catch up before i go to bed because ya know, work. (not missing the student life yet but the early nights are killing me!)

Today, i'm gonna catch you guys up on IT security site that a friend recommended to me which will teach you vital skills for computing, if your into that sort of thing of course.
So firstly, the site is http://securityoverride.org/news.php 
And you need to set yourself up with an account obviously, once your all logged in and whatnot. We progress to the challenges that i'm working my merry way through.

We kick today off with Level 1 of Reconnaissance, which the challenge is to find out the IP address of Security Override.

We could cheat but the aim of this site is to provide you with the skills to do this properly, so we open Command Prompt.
FYI: i'm sure we all know how to do that, if not.....Well then, there's no time like the present to find it!

 

So now you see what i see.

To do this, we kick off with pinging the website address. 

For those that don't know what pinging is, its when you tell your computer to send packets of data to a specific place (its also a good way to check whether your internet is busted). Packets, are what the data is sent in, the packets contain information that tell the data where to go. (for more detail, google it lazy!)

Back to the challenge, to find out the IP address we type in:

ping www.securityoverride.org

This command brings back the results that securityoverride.org has the IP address: 206.214.216.120

We enter this into the level 1 box and.......

Woo! Its right!

Onto the next post!!

 

Bad News

Evening minions,

My beloved cat Mister Boots got run over on Saturday and i won't be posting till i feel better.

Bye

Active Directory for Friday!

Well i'm back already minions!

This will 1 of 2 or 3 posts on AD today, depending on how I'm feeling but yeah, first upping.

In this post we're looking at OU's which are Organisational Units and these are logical containers. I hear you asking what the hell are those, Logical Containers are used within a domain to store objects so that they are in a convenient location for Administration and Access.

To access what you say? To access these i say (yeah I'm a little weird today but we're ignoring it because I'm in a good mood);

• Printers
• File Shares (folders on a network that store files people need to access)
• Users
• Applications

Given that AD is about the ease of maintaining network users, you want to be able to access these network resources easily in order to fix them quickly and efficiently. Say you've been assigned to a new project at work, you need to start right away. You don't want to be waiting around for hours for the AD admin to give you permission to the project folder. AD speeds up the process.

**BTW if your plotting/drawing your AD, triangles are for Domains and Circles for OU's

To clarify a few points - An object is ANY component in an AD environment

Anyway, in the previous AD post, i was going on about Schema which as i explained then, is pretty much a glossary of the objects, however what wasn't mentioned in the previous post is that the only people who can edit/modify the Schema are Schema Admins who are assigned upon the creation of the AD. They have specific privileges from being part of this group.

And to end this post, you may be wondering what is so great about AD since most help desk jobs ask for it, i certainly was, below are the 2 most important reasons people ask for it. Feel free to comment and i'll add your reasons.

• It allows better management of users through a centralized Database
• Its expandable: Its a solution that is as big or as small as your company needs, its perfect really because by its very design, it allows you to match it to your company needs.

Thats all for now, I'll check in later minions!

  

New Job!

Good Afternoon Minions!

This is gonna be a short post because its only about my new job, but yeah. Good news needs sharing.
I mentioned in previous posts that i had a job offer. Well, I've accepted it and i officially start on Wednesday. This will be my first real job and definitely my first step in my IT career. My job is pretty much help desking though officially its Service Delivery. I have to say, I'm really excited about starting my new job and i'll definitely be letting you guys know how it goes on Wednesday :)

I'll post up about AD today and probably some python tomorrow,

Enjoy the weekend minions! I know I'll be enjoying my freedom while it lasts!

09/09/2014: Python Post 2

And we're back Minions!

Just thought i'd add into the mix that i am now using the official Python intro guide, just to clarify since we're not using CA anymore so here's the link (https://docs.python.org/2/tutorial/introduction.html).

I've moved onto using the official python terminal to give it a go and no, its not as good as geany but for now i'm just getting a feel for the different ones out there.
The official one is a little boring in its colour scheme, it looks like a cmd window but less colour :)

However, back to business! This time were looking at concatenation, this is essentially adding another set of data to another. In this case, were using squared numbers. We kick off with the first 5 square numbers.
square = [1, 4, 9, 16, 25];
square + [36, 49, 64, 81, 100]

See below for example

At this point we're moving onto the 3.2 point of the document which shows us how to use python to deal with the Fibonacci sequence. Unfortunately at this point the python console was driving me crackers because i couldn't get it to work and i moved back to Geany. Lesson right there folks! if it ain't broke, don't fix it!

Thats all for now minions!

Back to Python!

Good evening minions!

Yes there is another post this evening, this is because i am also supposed to be mastering the art of Python and i can't get any better if i don't do any. As you will gather by now, if i'm learning then i'm also sharing the knowledge with you guys.

So, my last post regarding python essentially told you that i'm trying to teach myself offline because it's all fun and games on Code Academy until you need to actually remember the coding and if your anything like me, you've got a memory like a sieve so you won't remember CA's instructions.

I come to you live from my python lesson, like i said last time, im using Geany on Kali linux. See below















As you can see, i've somewhat jumped into the lesson but the program on the left is geany and on the right is a linux terminal (like command line from Windows).

In the above box, i have been testing the concept of adding onto a preassigned variable at the print stage, so in the code above, i'm telling python that the prefix is Py and in the print stage telling Python to add the word "thon" to the end of the variable, making the word Python. (You don't have to use the +, i just do it for my own mental workings).

The next mini lesson for the basics we're walking through atm is typing a sentence on multiple lines on Geany but it appearing as one sentence in Python. Watch and learn minions :)

The way we do this is that we begin like normal, text =, but this is where we change, because now we add in brackets so it becomes;
text = ('this sentence is going to go over 2 lines'
'but as long as we use the brackets and apostrophes, it'll be one sentence')
So you use the apostrophes like normal to show python that there is text you want to add but there are brackets at the start and finish. See below

We'll move onto a fresh post now because this is a little long..

**EDIT - This post is not to say that any one Python terminal is better than the other, its all about preference but if you want one that works on Windows with colours, Sublime Text owns it.

Active Directory: Part 2

Me again Minions!

This time we're continuing on learning about AD and what it does.
Last time, i pretty much told you what AD's general purpose was and now i'm going to explain how it does it in slightly more detail.

Well, the first thing to know is that in AD, a domain is considered to be A Group of Resources and what is meant by that is the resources share a common security and admin boundaries (like the example i gave in the previous post).

The second thing you should know about AD is that it has a selection of topologies (layouts) such as;

• Tree - its a grouping of domains in the same namespace (below is an example)
• Each tree has a root so in this context, if you look at the image upside down, the root would be in its traditional place (The image isn't mine so Thanks to the people who run mcmcse.com! Much appreciated! http://www.mcmcse.com/microsoft/guides/images/ad2.jpg )

• Another topology is the Forest - a forest topology like its namesake is a mass grouping of "trees" that have individual names but share a schema (formal definition of everything, like a glossary) and global catalog (searchable index of everything in the forest) As with above, here is an illustration from the nice people at mcmcse.org http://www.mcmcse.com/microsoft/guides/images/ad3.jpg

Thats all for now minions!

Learning New Stuff

Greetings to my blog readers!

The days are tending to shape up to be fairly excitable, as i mentioned on my previous post; i have a job offer for help desking and today i got a phone call from my soon to be Boss, inviting me into my future workplace in order to meet the team and see where I'll be working, so yeah, that's cool.

In the meantime however, i have begun reading an Active Directory book which i have VOWED (yes, I know its dramatic), to learn how to use/at least understand. You may find yourself asking why I have vowed to learn AD, the reason is simple.
In my many many many months of unemployment, I was of course job searching, and in the sort of jobs I was applying to, (help desk/1st line support), i found that among other requirements such as previous experience, AD was asked for. Well, having taken a purely academic route in life thus far, e.g. I went to high school > College > University, This left me in a conundrum, i needed these jobs to start my career in IT that would enable me to learn these things however, i needed to learn these things before an employer would even consider me.

Luckily, my new job is going to teach me these skills so that's bonus, though we may have to take a moment for a minor tirade on the job situation in the UK.
Employers, you ask for experience yet are not willing to provide it, if you all adopt this mentality then nobody gets employed or even the chance to become a worthy addition to your company because you are only allowing those with previous skill to get the jobs. Just something to think on!.

Anyway, back to the topic at hand, AD. Well, as I'm learning about this delightful new concept, so too shall you my minions (just decided, my blog readers are now my minions  :) because I'm awesome and weird like that).
So first upping; What is Active Directory?
Well, AD is essentially a great big database that lets system administrators (or whoever!) control the information that is stored on it. On AD, the info stored on there is about user accounts, printer access, group policies (access rights to certain things), log in rules and all manner of other things.
As an example, AD lets the Sys Admin dictate that the users from Payroll need to change there passwords every 14 days to a brand new one for security purposes.

I've just realised how long this post is and we shall resume on a new post!

Toodles for now minions!

08/09/2014 - Can't Think of a Title!

Greetings to the readers of this blog!!

I've had some excellent news today, I've been offered a help desking job which will be the beginning stepping stone of my IT career.

However, yesterday i was discussing my Python progress with a friend and we discovered that as code academy essentially tells you what to type, complete with hints. We thought that i'd actually gain more from learning offline using the linux program Geany which is fairly amazing i have to say.

I'll post more soon

More Strings and Outputs!: String Methods (len)

In this post, we will be looking at Pythons String Methods and Python seems to have 4 main types of string methods,

1. len()
2. lower()
3. upper()
4. str()

The first one, len() is pretty self explanatory, to me at least. Using this in your line of code means that you would like the length of the characters you choose to appear on screen.

On this one, CA has been helpful and given us instructions and a near blank screen as you can see.

 

The instructions read to create a variable named parrot and set it with the string Norwegian Blue the to use len(parrot) and add print so it prints the amount of characters in the string, see below.

As you can see, using the code: parrot = "Norwegian Blue"

print len(parrot)

It prints 14, which Norwegian Blue (including the space), is 14 characters long.

So you see, you create the variable and the string to go on with it, then on the next line you tell it to print the length of the variable named inside the brackets.

Hope you understood that, leave a comment if you didn't!

Strings & Outputs: Indexing By Number

And we continue on from the previous post, we are now looking at Access by Index which is essentially that each character in a string is assigned a number. As such, the numbering system begins at 0 so for instance; PYTHON is 5 characters long in terms of numbers because P = 0 and so on.

As you can see below, the code is trying to get us to print the 5th letter.

or in print if you prefer:

"""
The string "PYTHON" has six characters,
numbered 0 to 5, as shown below:

+---+---+---+---+---+---+
| P | Y | T | H | O | N |
+---+---+---+---+---+---+
  0   1   2   3   4   5

So if you wanted "Y", you could just type
"PYTHON"[1] (always start counting from 0!)
"""
fifth_letter =

print fifth_letter

For this activity, CA is wanting me to use the fifth letter from MONTY
The fifth letter in MONTY is Y
For the code to run, we add "MONTY"[4]
The quotation marks go in too otherwise it doesn't come up however, we have a new addition of [4] which using pythons indexing means that 4 tells it to print the Y.

See below to understand a little better (It puzzled me for a little so don't worry if you get stuck too)

Or the code if you prefer:

fifth_letter = "MONTY"[4]

print fifth_letter

Thats all for this post!

Strings and Console Output Continued

Good Evening Blog Readers!

I apologise for the delay in my blog posts, after completing my MTA exam and preparing a schedule for my next area of study, i decided to have a break so my brain didn't shut down with information overload!

Anyway, today we are continuing with the Strings and Console output on Code Academy.
The aim of the code shown below is to fix the code so it works again.

As you can see, the code:

'This isn't flying, this is falling with style!'

Isn't working, the reason for this is that Python is detecting the apostrophe in the middle of ISN'T as the end of the sentence.
The way to avoid this and to get the code working again is to use the \ as it tells python that an apostrophe is supposed to be there and to look elsewhere for the end of the sentence. See Below

 

 The code: 'This isn\'t flying, this is falling with style!'

This code now works and we pass onto the next lesson.

The next post coming after this one, will continue the lesson.

Toodles!