The second hidden data challenge again related to an image, in this case the Scottish flag below: In addition to adding data to a file via known metadata, it is also possible to hide information (particularly text) inside a file in a none-obvious way. This is often done by lying about details of file size. So, for example, a file format may start with a number which means “The actual image starts at X bytes in and all the stuff
Category: CyberFirst
CyberFirst Challenge
Hidden Data – Challenge 1
In this challenge we were presented with the photograph below: The question was “Where did the cat go on holiday?” In this simple challenge all that was needed was to know that digital photographs contain meta-data in a format called EXIF (Exchangeable image file format). Metadata is “data about data” and in this case is additional information about the image. Exactly what information is included depends on the camera used, but things like exposure and whether the flash was fired
Some notes on Thursday’s training session
On Thursday evening we experimented with using SQL injection to attack the deliberately vulnerable Damn Vulnerable Web App running on a Raspberry Pi. The web app can be found here: http://www.dvwa.co.uk/ The instructions we followed can be found here: https://computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson6/index.html Unfortunately, the final stage of brute forcing the recovered password hashes failed because of problems with the John the Ripper application installed on the Pi. Subsequently running it on the server resulted in the following successful output after less than
Some useful Youtube videos for CyberFirst
Ladies, I recommend watching these Youtube videos: Topic 1: SQL Injection How SQL injections basically work – https://www.youtube.com/watch?v=_jKylhJtPmI Running an SQL injection – https://www.youtube.com/watch?v=ciNHn38EyRc Topic 2: Cross Site Scripting Introduction to Cross Site Scripting – https://www.youtube.com/watch?v=L5l9lSnNMxg Topic 3: Passwords: Hashing – https://www.youtube.com/watch?v=7U-RbOKanYs How to crack them – https://www.youtube.com/watch?v=7U-RbOKanYs How to choose good ones – https://www.youtube.com/watch?v=3NjQ9b3pgIg Basically, nearly all Computerphile videos are excellent.