This Saturday I am taking the Systems Security Certified Practitioner (SSCP) Exam which is pretty much the mini Certified Information Systems Security Professional (CISSP). I was originally going to take the Security+ test, but it ended up my job wouldn't pay for that so instead I ended up with this. Throughout the week I will continue to prepare for the exam and put any useful material I find helpful in preparing as well as update this after I take it to give my perspective on the exam. I have been reading materials and taking practice exams throughout the last month so this is the home stretch for me. Fingers crossed that I'll pass. From what I hear others say about it I hear its a doozy.
***UPDATE***
I passed! Below are some sources that I found helpful. Overall I didn't think it was that tough, but I also have some background in it.
RESOURCES:
ISC2 SSCP Candidate Information Bulletin
This is a handout the ISC2 has of what the exam will be covering. Found it helpful just to review this to match my reading to the area that the exam was going to test on.
SSCP Systems Security Certified Practitioner All-in-One Exam Guide by Darril Gibson
My biggest resource used. Read this a couple times through and did all the quizzes as well as the Master Exam that you can download with it.
Quizlet, Skillport, any other place that you can get practice questions
One thing that I did that I thought was really helpful is just took as many practice tests as possible to see the most questions. Nothing I saw was a great comparison to the exam I took, but just seeing a bunch of questions and having to answer them helped me greatly in being prepared.
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Monday, September 30, 2013
Tuesday, June 4, 2013
Sophos Puzzle 2013
So one of my friends sent me a link to the Sophos puzzle which was a cryptogram to be solved.
The rules are below or you can go here:
So you can solve this year's AusSHIRT #sophospuzzle straight from the shirt, using nothing but pencil, paper and intellect.
Of course, you can still throw some home-hacked scripts at the problem if you want: a little bit of brute force goes a long way, and you can leave your scripts running while you attend the conference parties.
How to get started
The puzzle is a cryptogram, which means that the letters on the cube have been scrambled using an encryption algorithm.
Encryption algorithms usually rely on a mixture of substitution, where one letter is changed into another, though not necessarily always into the same one, and transposition, where two letters are switched around, like an anagram.
The easy part in this puzzle is that the substitution always replaces each decrypted letter with the same encrypted letter.
And the letters in the answer appear in the same left-to-right, top-to-bottom order that they do on the cube.
The only transposition you need to worry about is to put the three faces in the right order, so there are only six possible combinations to worry about.
Usually, a straight letter-for-letter substitution is called a Caesar cipher.
The cipher gets its name because it was considered state-of-the-art back in 55BC, when J. Caesar first invaded Britain. He just shifted every letter two places along in the alphabet, writing C for A, D for B and so on. At the end, he wrapped round, so Y became A and Z turned into B.
Caesar ciphers are easy to solve because of repeated letters: the encrypted text shows the same bias (e.g. in English, that ETAOIN are more common than JKXQZ) as normal text.
So we've made this slightly harder than that, as follows:
Letters appearing more than once in the puzzle are all shifted by the same fixed amount (obviously, the shift is somewhere from 1 to 25). Each letter that appears just once in the puzzle is shifted by a different amount, with one letter shifted by 9, another by 8, and so on down to a shift of 1. By the way, the Sophos Shield icons are just for decoration - they don't count as letters in the puzzle.
How to get hints
Follow @Sophos_ANZ on Twitter, and keep your eye on the hashtag #sophospuzzle.
Oh, and bear in mind that a dictionary attack probably wouldn't hurt, so you might like to start out by trying to guess at text that is likely to appear in the solution.
I solved it by first brute forcing the key space of 26 to find out what key shift the multiple letters were using. After finding that out I pen and papered it to find out the solution. I decided to script the ability to give every possible combination for the single letters which then could be sifted through to find the correct solution. Both the solution and code can be found after the jump or you can go here to read the nakedsec solution.
How to get started
The puzzle is a cryptogram, which means that the letters on the cube have been scrambled using an encryption algorithm.
Encryption algorithms usually rely on a mixture of substitution, where one letter is changed into another, though not necessarily always into the same one, and transposition, where two letters are switched around, like an anagram.
The easy part in this puzzle is that the substitution always replaces each decrypted letter with the same encrypted letter.
And the letters in the answer appear in the same left-to-right, top-to-bottom order that they do on the cube.
The only transposition you need to worry about is to put the three faces in the right order, so there are only six possible combinations to worry about.
Usually, a straight letter-for-letter substitution is called a Caesar cipher.
The cipher gets its name because it was considered state-of-the-art back in 55BC, when J. Caesar first invaded Britain. He just shifted every letter two places along in the alphabet, writing C for A, D for B and so on. At the end, he wrapped round, so Y became A and Z turned into B.
Caesar ciphers are easy to solve because of repeated letters: the encrypted text shows the same bias (e.g. in English, that ETAOIN are more common than JKXQZ) as normal text.
So we've made this slightly harder than that, as follows:
Letters appearing more than once in the puzzle are all shifted by the same fixed amount (obviously, the shift is somewhere from 1 to 25). Each letter that appears just once in the puzzle is shifted by a different amount, with one letter shifted by 9, another by 8, and so on down to a shift of 1. By the way, the Sophos Shield icons are just for decoration - they don't count as letters in the puzzle.
How to get hints
Follow @Sophos_ANZ on Twitter, and keep your eye on the hashtag #sophospuzzle.
Oh, and bear in mind that a dictionary attack probably wouldn't hurt, so you might like to start out by trying to guess at text that is likely to appear in the solution.
I solved it by first brute forcing the key space of 26 to find out what key shift the multiple letters were using. After finding that out I pen and papered it to find out the solution. I decided to script the ability to give every possible combination for the single letters which then could be sifted through to find the correct solution. Both the solution and code can be found after the jump or you can go here to read the nakedsec solution.
Tuesday, November 13, 2012
SSID Switcher
I am taking a wireless security class and one of the projects I was working on is to defend a wireless network. I thought it would be cool to create some program that would switch the SSID of the router at a set time interval. This combined with not broadcasting your SSID should make it hard for a hacker to break your WLAN. I used a pool of 5 SSID's and had them already loaded on my computer to see how practical this would be. It seemed to be fine with longer time intervals, but I think a designated computer would need to have a physical line to the router to run the program. Anyway the code and a better write up are given after the break.
Tuesday, May 29, 2012
OINK OINK
Some progress has been made on the Snort GUI including the general template of the GUI as well as the ability to make a rule and save a list of rules. For the first version I just want a simple edit rules interface that is clean and usable with the ability to save and load the rules as needed. Below is a picture of how it looks right now. I need to clean some of it up, but I think you will get the idea of what goes where if you've ever written a Snort rule.
Subscribe to:
Posts (Atom)