Tag: cyberstorm.mu

Cybersecurity Event Mauritius: Firewalls: back, now, then

Have you missed one of the most important cybersecurity events which recently took place in Mauritius? I wrote a blog post to announce the event. Well, in case you miss it, you might be interested in this article to catch up with the event. It was held on the 10th of September 2017 at Voila hotel conference room at Bagatelle, Mauritius. Several students from the University of Mauritius, professionals, and members of MOSS – Mauritius Open Source Society were also present on that day.

 

Philipp Buehler During his presentation.
Philipp Buehler During his presentation.

The cyberstorm.mu team which is the first group of Linux and BSD developers in Mauritius invited Philipp Buehler, an international cybersecurity expert. He spoke about his experience in cybersecurity and gave recommendations for people interested in the field or just want to learn new skills in that area. He also emphasized heavily on Network and Security infrastructure, Firewalls, IPS, IDS, and several other components. You can view the slide here :

Mru2017 Talk by P.B of OpenBSD for cyberstorm.mu event by Anonymous olxMjXje4 on Scribd

It was an open talk. Several topics such as Fragmentations and Protocol issues were tossed from the audience. One of the interesting topics was on IPS – Intrusion Prevent System. Philipp explains how most of the time if wrongly configured the system does not prevent an attack but instead legitimate packets. Typically, since it is an automated system and usually we have Crons which run at night and based upon some patterns by the IPS, same is interpreted as an attack and finally, several IPs are banned and finally, we land in a debug session. He pointed out about putting it back to an IDS – Intrusion Detection System. Support of IPV6 to several IDS was proposed as one example for University projects. It was amazing how Philipp re-drew the OSI diagram in a practical way and mentioned the “8th layer”. Another interesting diagram explaining how the Kernel interacts with the CPU, Memory, and Disk to illustrate the Userland, the Kernel, and the hardware.

In case you are looking forward to more security events in Mauritius, please keep in touch on our Twitter Page and Facebook group. The cyberstorm.mu also credits the PHP User Group of Mauritius for its kind sponsorship of the event and credits to Akasha Lilith for the nice pictures taken during the event  🙂

 

cyberstorm.mu mesmerising speech at the DevConMru 2017

The message was clear and direct at the DevConMru 2017. Painted with a humorist approach, Loganaden Velvindron #2 of cyberstorm.mu bridged the gap between students who were mainly in the audience to reach their goal in the IT industry and Linux in Mauritius.

The DevConMru is a yearly event to bring together developers, beginners, students and professionals. The goal is to bring more craftsmen under the same roof. “Mauritius has been branded “Cyber Island” in the Indian Ocean… Opinions in those matters vary but with this conference we strive to improve the general attribution of our island. Mauritius has great political stability and economical advantages for foreign investors, and the most precious resource Mauritius has to offer is people’s knowledge. The ICT sector in Mauritius is growing since years and maturing as the fourth pillar of our economy. With its geographical position Mauritius is also welcome as a business and knowledge hub between Africa and Asia.”MSCC.

In today’s Mauritius IT industry, everyone wants to have a better standard of living. But how? How to build a successful IT industry? Are we moving in the right direction? Are foreign investors attracted by the quality of the Mauritius IT industry? Logan did not miss those points to bring the audience on the track.

cyberstorm.mu mesmerising speech at the DevConMru 2017 1

After giving a brief intro to the cyberstorm.mu team, Logan explained the requirements and life cycles of IT companies and their profits as to whether they are in the same line of fresh IT graduates and professionals. A vivid example is by analyzing the statistics of Github accounts in Mauritius, the quality and quantity of code contribution compared with Singapore. Students were encouraged to publish their coding exercise on GitHubs, create a blog and take part in Google Code-in.

Indeed, cyberstorm.mu work towards such goals, for example, participation and mentoring for the Google Code-in. Several hackathons were organized. Contributions in the real world applications such as Pfsense, OpenSSH, OpenSSL, OpenBSD, LibArchive, Firejails, Linux and others… This list is long. An award was also received during the IETF 98 Hackathon.

Logan at the DevConMru 2017
Logan at the DevConMru 2017

 

I was impressed with how Avinash Meetoo, hacked the audience and shed some light to boost the students. Avinash mentioned himself about his passion for blogging and the importance of projecting his personality with the right vision.

At cyberstorm.mu, we invite many to join us, but one has to work hard to attain a certain level of professionalism.  After the presentation, many came to congratulate us for the job done. We were around chatting with many sharing our work and job experience as well as the passion for coding. I once read a phrase in an old book as follows “You are what you eat”.  But things have change now because You are what You CODE!!

cyberstorm.mu team celebrating at Flying Dodo!

Yesterday, Logan ping me to join the team for beer and pizza at Flying Dodo Bagatelle. Its been since some days though that the team is meeting for a beer. Reaching there, Logan and Anoop were already present. Some interesting topics about careers in Mauritius were tossed out. We had a long talk on tools and tips in the world of IT such as automation, chef, and other tools. A tool that Anoop point around is Shavlik which is used to automate tasks for Windows servers. 

By the time, the whole team showed out and i was impressed by the seafood pizza. That taste is superb 🙂  The tradition at cyberstorm.mu is to meet over a table for Pizza and Beer!

13873187_10154399110637365_2648976970717708427_n

We had some interesting topics such as future plans for cyberstorm.mu including ISOC, IETF, Podcasts, Hackathons etc.. Several other plans have been forecast already for the cyberstorm.mu team. Of course, there will be the arrival of new members. 

As usual, Logan seized the opportunity to show us the hilarious Mauritian video on youtube which made us laugh a lot.

 

 

Operation WTF Hackathon by cyberstorm.mu – Day 2

After having set up our network environment for the operation WTF, cyberstorm.mu team started working on several vulnerabilities around WordPress content management system. It started on Saturday the 14th of May where several proofs of concept (POC) were established. I was shocked to see how come it is easy to exploit a WordPress website. For security purpose, we have to blank parts of  URLs before posting on social networks. No wonder, Loganaden Velvindron of cyberstorm.mu did not hesitate to give his opinion on Medium.com“Many bloggers use it, because it is both easy to set up, and there is a rich ecosystem of WordPress plugins. WordPress has often been criticized due to its security record. What is more worrying is the varying quality of the WordPress plugins.” 

POC - Vulnerability found !
POC – Vulnerability found !

Operation WTF – WordPress Tiny flaws end up on Sunday the 15th of May 2016 after lines of codes were fixed up from many WordPress plugins. We can also notice how dangerous it is if a proper audit is not carried out on WordPress before putting a website to production. Here is another example where the /etc/passwd was retrieved by hackers Mauritius.

CiZlRQFXEAA7Qbq

Patches were also written to fix up bugs. However, it is to be noted that for security reasons patches are not disclosed for the time being as at cyberstorm.mu we follow ethical rules and the aim to stay within the grey line is of paramount importance. 

Operation WTF Hackathon by cyberstorm.mu – Day1

If you have been following the recent activities of cyberstorm.mu those days, you would surely notice a new hackathon organized by the same team – Operation WTF with the aim to hack around WordPress security vulnerabilities. The event happened at Pereybere.

Though we did not have any network connection, the guys started with the setting up of the network cables. We used the Emtel WIFI Plus. The team set up the Antenna on top of the building as we did have a DNS issue. We then used a router with OpenWRT to boost our connection and a WIFI extender to boost the signal.

Screenshot from 2016-04-22 21-30-38At the time I am writing this article, the hackathon is still going on. Keep in touch to follow our activities.