The first section of Lab-11 will be different than what you have been doing in the Labs till today. You will search your junk e-mail folder to find a spam/phishing e-mail and provide insights on the discovered e-mail. Please be careful and don’t click in the links in the e-mail you found. The second section of the lab is a simulation of a physical security breach. It shows how things can be more comfortable for malicious users and especially for an insider when physical security is not strong.

Phishing e-mails are considered spam/junk e-mail by most e-mail service providers such as Gmail and Outlook.

Advanced and targeted phishing e-mails may harm your computer, even if you haven't clicked on any link in the e-mail, meaning that just opening the e-mail might harm your computer. These kinds of phishing e-mails use the browser or e-mail client's vulnerabilities on which you open the e-mail.

Important: Before starting this lab, make sure that your browser and e-mail client is up-to-date. Check your antivirus definition database to confirm that it is up-to-date. You can also consider using Kali VM on your computer for this lab; the only thing is that you will have to log in to your e-mail service from the browser.

After completing all of these pre-checks:

1) Go to your spam/junk e-mail folder

2) Find a phishing/spam e-mail

Be cautious and don’t click any link as it may contain links to malicious websites and files

3) Take a screenshot of the phishing/spam e-mail

4) Explain why it is a spam e-mail

Section-2: Physical Security Lab

Physical security can be considered as an essential aspect of cybersecurity. From a technical perspective, it is usually easier to steal information from a physically not secured device/environment than from a physically secured device/environment. In addition to conventional physical security countermeasures, computer hard drives should be fully encrypted. BIOS access should be restricted by a password. Computers should be configured not to boot from external media such as a USB. Otherwise, attackers with physical access can boot the system from his/her media and perform malicious acts such as stealing information, installing rootkits, and wiping hard drive.

Assume that you access the physical premises of a company by exploiting the vulnerabilities in physical security procedures. You bring your laptop with you (Kali Linux on Netlab environment) and plug it to the company network. You assign an IP address to your computer and finally access to the network. The target is one of the Windows 7 computers in the network. Your motivation is to steal the password hash of the Administrator account on that computer. Because you know that the company has been using the same password in different systems. You already know the password of the ms user on Windows 7.

Now follow the following steps to steal the password hashes.

1) Log in to Kali Linux on the Netlab Environment

Assume that this is your laptop, and you already gained access to the company network.

This command will open a remote desktop connection to Windows 7 Target and map the Desktop of root account on Kali to Windows 7 Target so that as the attacker, you will be able to copy the file with password hashes to the attacker computer (Kali) easily.

3) Type yes for the “Do you trust this certificate?” question

4) You will see the login screen of the Windows 7 Target

5) Click Other User

6) Type username as ms and password as ms

7) Click the start menu, right-click on Command Prompt icon, click on Run as administrator, and click on Yes

8) Type reg save HKLMSAM c:SAM and press enter

Reg is a built-in Windows command that helps system administrators automate register administration tasks (such as view, query, delete, import, export, change). At the hands of an attacker, this tool can turn into a weapon like many other system administration tools.

In this specific command, you export the portion of the registry that stores username and password hashes of the accounts. But it has an encryption layer, and you have to decrypt it to see the usernames and password hashes.

9) Type reg save HKLMSYSTEM c:SYSTEM and press enter

In this command, you export yet another critical portion of the registry. In our context, you will get the syskey from this file and use it to decrypt the SAM file you export in the previous step.

10) Double click Computer icon on the desktop, open C drive and confirm that SAM and SYSTEM files have been created.

12) Revert to My Computer view as performed in Step-10. You will see the Desktop of the root account on Kali is mapped as tmp, as shown below.

14) Log out of Windows 7 Target

15) Confirm that SAM and SYSTEM files are on the desktop of Kali

16) At the terminal windows, type cd Desktop to change the directory to the Desktop (Notice that D is capital)

Take a screenshot of the terminal window showing the account information.

Weekly Learning and Reflection 

In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.