Posted by Sulaiman Alhasawi on Apr 14, 2014 in North Wales Guide
Its Easter holiday now for the kids, so no school. I took them to South Stack LightHouse in Anglesey. The journey was fun and its cool to discover new history about Wales. We went inside the lighthouse and went up.They did not allow my daughter Amina inside because she was shorter than 1 meter She had fun in the kids playing room. There was a museum showing historic information and equipments. I noticed that lighthouses in UK are controlled and automated by computers. This can raise a warning flag about cyber threats! We enjoyed it very much , oxygen level was high and getting to the Lighthouse was like a fitness exercise because we had to walk a 400 meter stair . My wife’s friend’s kids came with us and had fun with my kids.
Posted by Sulaiman Alhasawi on Apr 14, 2014 in Football
, kuwaiti students uk
Last week I went to Liverpool to watch a match between Everton and Arsenal at Goodison park Stadium. It was my first time to be at this stadium and my first time to watch those teams LIVE ! The stadium was packed with Everton fans all wearing blue Evertonian stuff. I managed to find the gate easily and my seat. The moment the match started and all seats were taken and I felt the intense electricity of cheering and shouting from the fans. Fans were men, women and kids.Old and young people. I felt the love those fans have toward Everton. You see their passion in their voice and faces. They heartily welcome and salute the players . They also show their anger towards Arsenal players and its fans. So i felt the hot emotions that combine joy,fear and anger. I’m taking my family on May 3rd to watch Everton Vs Manchester City !
Posted by Sulaiman Alhasawi on Feb 20, 2014 in ICS
, Sulaiman Alhasawi
I’m now looking for the latest solutions regarding SCADA security in case I have missed some since I started my journey in this field. I will make a series of solutions regarding the topic – small and simple.
Most control systems such as SCADA are old systems and incapable to face the danger of the current risks and attacks. The time when control systems were designed functionality was the only goal, nobody cared about security because most of those systems were closed in a LAN or in a room .Perhaps Internet was not there as well. The problem raised when control systems were connected to the Internet. The lack of secure design and poor hardware and capability/performance brought problems. In short most of control systems lagged in comparison to average modern system in term of design and performance. So when typical security people interfered to help fix the security problems of control systems the result was not good. One of the reasons is those systems can not handle the pressure that typical security scanners can put on targeted machines such as Nessus or Nmap. There are many other reasons but I want to keep this topic short , remember
Nessus the famous security scanner was adjusted to help scan control systems. They added a new feature in Nessus with the cooperation with Digitalbond to scan control systems with little or no pressure. The feature is called ” nessus-credentialed-scanning” . This feature can be used after being authenticated by the target in order to use netstat command of the target and send the results back to Nessus ! The advantage of such feature is what I already mentioned that is minimizing the load .However they are already aware of some drawbacks such as if the target control machine is already – for example - infected by a Rootkit which the correct number of ports is manipulated by the later !
Oh well there are other issues that a good hacker ca use to play with, but the above solution is a good start. I wont bore you with details but I at least I gave you what I promised
Posted by Author on Feb 16, 2014 in Entrepreneur
Above all else, stay far from the lowest part level plan Kilimanjaro trips. Yes, your companions may have had an incredible experience with a plan driver. Some individuals additionally win lotto. However a lotto ticket fetches a couple of bucks, a Mt. Kilimanjaro tour fetches a couple of thousand with flights and what not.
In the event that the excursion sucks and you don’t even make it to the summit, is that truly cash spared? It’s squandered! In the event that all the stars adjust accurately a plan specialist may well guide you to the summit effectively, however you need a great risk in any climate! Furthermore you need to realize that you will live, regardless of what happens on that mountain.
It’s challenging to provide for you value rules (I provided for a few recommendations on the expenses page), in light of the fact that there are such a large number of variables. Beginning stage, way, number of days on the mountain, booking through an operator or straightforwardly… as you begin looking around you will get a feel for the costs soon enough. Burrow through the sites of the administrators you think about.
What amount of data do they impart? Contact them and request more data. It is safe to say that they are open and transparent about how they run things? If not, ask yourself for what good reason not. Somebody who has loads of experience and learning, fabulous supplies, an extraordinary saftey record and incredible victory rates might not conceal that, right? What’s more I discover there is no preferable path over to generally contact tour administrators to get a feel for the extent to which they truly think about their customers. Tragically a lot of people exceedingly proficient Kilimanjaro trekking organizations that treat their customers to a great degree well, still keep their costs aggressive at the out of pocket of the doormen. To verify a Kilimanjaro tour driver truly thinks about you as well as about their staff, check the accomplice project of the International Mountain Explorers Connection. The IMEC is behind the doormen support extend in Kathmandu, Nepal, and additionally the Kilimanjaro Porters Assistance Project (KPAP) in Moshi. The organizations recorded as accomplices not just consented to treat their doormen as proposed by the undertaking and to pay them a reasonable compensation.
They likewise consented to be examined and assessed by the KPAP on a standard support. Checking if your picked Kilimanjaro tour driver or organization is recorded on that page is one imperative thing you can do to enhance the circumstances of the Kilimanjaro doormen. (A global organization may not be recorded on that page, yet the Tanzanian specialist they use on the ground is. So if booking universally, discover what the name of the organization is that will really be managing you on Kilimanjaro.) There is an added profit to picking a capable accomplice. Do you imagine that a specialist who sets an illustration regarding the matter of caring for even the least staff parts, might then disregard the security and welfare of their customers? I don’t think so. Truth be told, numerous organizations recorded on that page are doubtlessly in the top closure of the value range, yet there are likewise some that are sensibly competitive. Still, when you need a great Kilimanjaro tour, you can just go so low in the cost
Posted by Sulaiman Alhasawi on Feb 13, 2014 in Kuwaiti students North Wales
, kuwaiti students uk
Finally the electricity is back ! It went off since yesterday’s noon . First of all let me tell you how it feels to live without power in North Wales this time of year. The wind so bad yesterday ( as fast as 100 mph) the blew up the power lines and disconnected more than 80,000 properties in UK. My landlord who I rent the his house (he is 86 old) told me he never saw a wind like that in his life. It was cold 2-5 C ! So my house was dark and freezing for more than 24 hrs . Th power came back about 6 pm today. The kids and I hated it because we also were bored we had no internet and no games ! Life is really different when you are disconnected from the world (the internet) and w/o electricity.However it was peaceful and I had fun with the kids playing with the candles at night. Of course my computer was switched off so I could not do any phd research . It is expected to have strong winds tomorrow 60-70 mph .
Posted by Sulaiman Alhasawi on Feb 12, 2014 in kuwaiti students uk
I was interested to know about security assessment and penetration testing as part of my phd study.So I installed MetaSploit in order to give a shot. The idea of my interest came when I was in Kuwait last Christmas holiday. I was brainstorming of the possibility to do an online business while im a student – something I like and have fair knowledge about. I was thinking about testing my friends’ websites security, I liked the idea.BUT ! This would me -maybe- in trouble with the hosts providers because most of the people I know they use other companies servers (sharing). So I stopped doing this unless one of my friends owns that server. MetaSploit is a well known tool for such a task and there others of course.However Metasploit framework is nicely done and contains many of the well known vulnerabilities unlink if you get individual tools such as Nmap and do things manually which will take sometime and research effort. Its nice to have an automated tool that is based on an up-2-date vulnerability database and let the tool do the job and reporting. This business model is well established in many current security companies and to my knowledge most have their own tools designed for different purposes. Oh well I still thinking for my own business model
Posted by Sulaiman Alhasawi on Jan 28, 2014 in CrossFit
Here I come to UK after a 1 1/2 month holiday in Kuwait. My cousin told me about CrossFit because we were discussing martial arts. I told him that I have not trained for a while and my fitness is not that good. He suggested to me CrossFit and to be honest I never heard about it before. I did some search about it and it looked good to me becuase they combine strength and stamina and thats the ultimate goal for fighters and myself too. So I found a place in NorthWales very near my house in Gaerwen. It takes 5 minutes to drive there. So I gave it a try and I liked it. So I enrolled in the basic movements course (2 days) to learn the 9 basic movements. So far so good. The place is nice , nice people and friendly coach Phil. They have a website http://www.thecrossfitplace.co.uk/ and a facebook page. I have 1 1/2 year left in Uk and then the journey will be over and back to Kuwait for good. Its been a wonderful experience full of memories. I have learned about my self a lot more than that I would have learned otherwise at home. Today we did the below workout ( an hour) and my scores were medium :
1 min Squats
2 min Lat Jumps
3 min push ups
4 min back extension
5 min pull ups
Posted by Sulaiman Alhasawi on Nov 23, 2013 in P.hd.
How to setup your own hacking / penetration testing lab for free ?
Tools required :
- Damn Vulnerable Web App (DVWA)
- A computer with a built-in [Linux, Mac or Windows):)
That's it Simple and easy !
Now Lets explain the above software :
XAMMP contains Apache, MySQL ,TomCat and others in one pack, so its convenient not to bother with downloading and setting up those servers. So in essence those servers is what you need to practice or leanr security skills. Most websites contain HTML , PHP or a database and many of running applications on those websites have bugs or vulnerabilites, this will lead me to the next application.
DVWA will use XAMMP servers in order to function as most files in DVWA are written in PHP and you will need MySQL to hack its database. The great things about DVWA is it teaches you learn critical and common attacks in the internet such as (As mentioned by DVWA document and in their wording) :
- Brute Force: HTTP Form Brute Force login page; used to test password brute force tools and show the insecurity of weak passwords.
- Command Execution: Executes commands on the underlying operating system.
- Cross Site Request Forgery (CSRF): Enables an ʻattackerʼ to change the applications admin password.
- File Inclusion: Allows an ʻattackerʼ to include remote/local ﬁles into the web application.
- SQL Injection: Enables an ʻattackerʼ to inject SQL statements into an HTTP form input box. DVWA includes Blind and Error based SQL injection.
- Insecure File Upload: Allows an ʻattackerʼ to upload malicious ﬁles on to the web server.
- Cross Site Scripting (XSS): An ʻattackerʼ can inject their own scripts into the web application/database. DVWA includes Reﬂected and Stored XSS.
- Easter eggs: Full path Disclosure, Authentication bypass and some others. (ﬁnd them!). "
The above vulnerabilities are classified by OWASP as one of the top vulnerabilities in the web. Of course they are not the full list in OWASP but the 8 skills supported by DVWA is an excellent start for any one who wants to learn penetration testing. There are 3 levels of security you can choose from : low , medium or high. Low means its weak and vulnerable while high means secure. The good thing about that classification is you can the choose for each security level and learn what it takes to secure your web application of course not in a deep way but to show you the idea. Its not recommended to upload DVWA to your real host/webserver as the application contains many bugs and you don't want some one to mess with your host.
How to setup things ?
- After you install XAMPP , open its control panel and start Apache and MySQL.
- Extract the contents of DVWA i inside XAMPP folder under /htdocs .
- In your browser type: http://127.0.0.1/DVWA_folder and you will be taken into the setup phase. If you get a database error like "can not connect to database .." open a file under DVWA/config/config.inc.php and make sure the following fields look like this :
$DVWA[ 'dbuser' ] = ‘root’;
$DVWA[ 'dbpassword' ] = ”;
$DVWA[ 'dbdatabase' ] = ‘dvwa’;
That’s it and the hacking lab is ready to run, you get any tool you want or follow the guides that DVWA has put under each attack. Plenty to read and a lot of learning I know Well that what makes a real hacker! Have Fun !
P.S. There are of course other methods and tools into setting up a hacking tools, I’m currently in the process of compiling them especially my Emulab testbed that im preparing for my Ph.D. I will make sure to show you my progress in the future.
Posted by Sulaiman Alhasawi on Oct 15, 2013 in Uncategorized
Posted by Sulaiman Alhasawi on Oct 6, 2013 in Kuwaiti students North Wales
, kuwaiti students uk
It seems that the issues that I mentioned in my last topic about UK visas are taken seriously and its now no longer for Kuwaiti citizens to queue up in the British visa centers in Kuwait in order to get a visa . Its free for tourists. We can get a 6-month visa once we land on UK lands like the old days. This only applies to visitors only. Students have to request a visa , but I hope they (UK Embassy) don’t take all the money if an applicants make a mistake. I have noticed that the websites are not updated yet from both sides and there still shows that Kuwaiti needs a UK visa. C’mon web admins !! If you read Arabic, you can read the approval Letter that was sent by the British authorities.