The Importance of Private Social Media during COVID19 and Forward

This week, CityU’s Center of Information Assurance Education (CIAE) proudly presents a US Army veteran, David has studied multiple different areas of STEM and eventually returned to his passions in Cyber and Information Security, in which he is currently pursuing his Baccalaureate in Computer Science here at CityU. 

For his project during COVID-19, David is practicing his skills in an online network lab called HackTheBox. This allows for people of all skill sets to be able to practice ethical hacking without attacking anyone. For this lab, David decided to exploit the information found on social media accounts. Connect with David Yi on LinkedIn.

 

 

Step 1:  Update Virtual Machine

 

 

Step 2:  Login into HacktheBox.eu and check the attack map

 

 

Step 3:  Check for new OSINT challenges (Open Source Intelligence) This is synonymous with linux servers and other open source software that a lot of computers are using.

 

 

Step 4:  pick a project. For this project there was external research done as it required information about ‘Evil Corp LLC’ specifically about social media.

 

Step 5: Check Twitter, Facebook, Instagram. A hit on Twitter and Instagram was found. Twitter: ERR HTB{s is part of the flag that is being looked for. 

Instagram seems to redirect to a LinkedIn page

 

 

Step 6: Realize that LinkedIn doesn’t take us anywhere, but Instagram has the flag that was being looked for. 

 

 

Step 7: Go back and insert the flag.

 

 

Step 8: Check to see if complete (will show if correct).

Since everyone is teleworking from home, there have been more cyber attacks/phishing attempts on people. David is honing his skills to ensure that in whatever future work he may do,  he will have the skills necessary to detect/protect people from these types of attacks. He also will be able to warn companies of vulnerabilities and ensure that they are protected in case a mass telework event like this were to ever occur again. David states that although this “puzzle” didn’t involve any hacking per se, this “puzzle” was synonymous with what hackers would do to gather information about their intended target and utilize public social media accounts to gain said information.

More about David: https://smartandsecurecomputing.org/davidyi/  and https://www.linkedin.com/in/davidhyi/ 

COVID-19 Challange
STC Thursday Byte