Decode the Coding Interview

Preparing for a coding interview can be overwhelming. You might spend hours (or days!) watching videos, reading books, or scouring message boards to get some idea of what to expect.

decodeOur Decoding the Coding Interview series includes twenty scenarios that are commonly presented at big tech companies including Facebook, Zoom, Amazon Web Services  and Uber. After each project, we’ll show you the types of interview problems you’ll now be able to solve using the techniques you just applied. Today, we’re excited to launch this training in two additional languages:

  • Decoding the Coding Interview in C#
  • Decoding the Coding Interview in Go

 

These courses are the latest in a series of content pieces we’ve created to help you prepare for coding interviews. Be sure to check out the full Decoding the Coding library including Python, Javascript, Java, and C++:

Explore all Decoding the Coding Interview courses

Happy learning!

Detection and Response for LockFile and ProxyShell Activity

Earlier this week, the Cybersecurity and cloud Infrastructure Security Agency (CISA) released an urgent notice related to the exploitation of ProxyShell vulnerabilities (CVE-2021-31207CVE-2021-34473CVE-2021-34523).  By chaining these vulnerabilities together, threat actors are compromising unpatched Microsoft Exchange servers and gaining footholds into enterprise networks.

Adversaries exploit the above-mentioned vulnerabilities and attempt to install webshells – web content, served on-demand, that functions similarly to backdoors. Using these web shells, adversaries inherit the privilege level of the Exchange IIS web server to perform reconnaissance, harvest credentials and pursue post-exploitation behavior such as installing ransomware.

Vendors and researchers are also observing these attacks tied to post-exploitation behavior such as deploying ransomware to victim environments. Here are some of those findings and key takeaways to help you in your Detection and Response efforts:

Kevin Beaumont

Researcher Kevin Beaumont first spotted that ProxyShell was being exploited from 209.14.0[.]234 on August 13. In this post, Kevin shares that these vulnerabilities are worse than ProxyLogon, the Exchange vulnerabilities revealed in March — they are more exploitable, and organizations largely haven’t patched. This post also shows how you can identify systems and defend your organization.

The ProxyShell and LockFile link was also mentioned in this Twitter thread.

Image

 

Symantec
The Broadcom/Symantec threat hunter team indicates that the attackers gain access to victims’ networks via Microsoft Exchange Servers, and then use the incompletely patched PetitPotam vulnerability to gain access to the domain controller, and then spread across the network. It is not clear how the attackers gain initial access to the Microsoft Exchange Servers.

The attackers behind this ransomware use a ransom note with a similar design to that used by the LockBit ransomware gang (Figure 1) and reference the Conti gang in the email address they use – contact@contipauper[.]com.

Figure 1_0cy

 

Elastic Security
The Elastic Security team identified indicators of compromise (IoCs) indicating similar activity as reported by the industry. The details of this activity can be found in their Discuss forum.

Elastic observed unusual descendant processes (cmd.exe and poweshell.exe) of the Exchange IIS webserver process (w3wp.exe) that involved notable remote network indicators to high-numbered ports:

py

Process ancestry of Exchange server exploitation

If you use Elastic SIEM, you can use the below detection logic to aid in the detection of adversary activity within your hosting environment. Additionally, the provided defensive recommendations may be used to harden and defend vulnerable systems from the successful exploitation of this campaign.

Use the following detection in Elastic to identify this cluster of activity (ProxyShell):

Thank you for your time!

Replit specialized IDE

Welcome back to this edition of the Replit post! In this edition:

  • Build your own Replit
  • The July Changelog
  • Our summer hackathon!
  • How to build an alexa skill
  • Goodbye and emails

BTW, Replit is searching for engineers and business folks from all backgrounds! If you’re looking for work, you can view our career listings here!

Oh, and if you’re curious, the language used in this newsletter is… CoffeeScript.

Replit has so many use cases and features, one that’s less known is its ability to be a secure compute environment for specialized apps. This means you can use Replit to create a specialized IDE, or maybe a Continuous Integration service with automated tests! In a recent blogpost, our one and only Guillaume St-Pierre documents how you can go about creating the backend and frontend for this type of service, and how you can utilize certain Repl features like Nix to make it even easier. To learn more, you can read their fantastic blog post here.

console.log changelog

During the month of July Replit saw a ton of great improvements! These include:

  • Multiplayer presence is more felt
  • 11% of languages use Nix
  • Brand new fancy status page
  • .draw files can be embedded as images in markdown files
  • Stronger password requirements
  • ncreased repl description length
  • Bug fixes and many more!

If you have feedback or would like to see a more detailed explanation of some of these changes, you can find the original changelog here.

In case you missed it, Replit is having a summer hackathon! You have until August 31st at 11:59 PM PST to build an Alexa skill! The only criteria contestants will be judged on is how useful and applicable their skill is. The more creative you can be with that, the better! All you need to do is create an Alexa skill, and host it on Replit. Then you can submit your skill here, for a chance to win $3,000! Not sure where to get started? You can learn more about the hackathon here. If you don’t know how to build an Alexa skill, then keep reading…

 

Alexa, and all voice controlled assistants, are full of really cool technology. While creating a voice controlled AI may seem daunting, creating a skill for one is not! In Søren Rood’s tutorial, he goes over building an Alexa skill, and how to add your skill to your device! If you’ve got an Alexa, you could build a skill for free right now! You can find the tutorial and repl template here.

 

Thanks for reading this week’s edition of the Replit post! I hope you found it interesting and are planning on participating in the summer hackathon! Before you go, I must apologize to all our Gmail, iOS 14 dark theme readers out there. I tried to fix the colors but so far, this is the best I could do. If you don’t know what I’m talking about, then you should read our blog post on why emails are the wild west of the internet. Thanks once again and I can’t wait to see you next post!

As always, please feel free to comment on what you liked, or what you didn’t like on this post.