In this Linux lab, as a security analyst for Lucky Duck Casino, the objective was to investigate and mitigate significant losses at the roulette tables on March 10, 12, and 15. Suspecting collusion between a player and a dealer, I utilized command-line skills to navigate, modify, and analyze the casino's database. The goal was to swiftly identify the rogue duo and prepare evidence files for potential prosecution, given the casino's financial constraints. The urgent findings were summarized for Lucky Duck's management, aiming to expose and prevent further fraudulent activities.
- BASH
- Linux Terminal
- Apache Guacamole on Ubuntu VM
Using basic command-line skills, I uncovered the identities of the rogue casino player and dealer colluding to scam Lucky Duck out of thousands of dollars. These steps were conducted on my Ubuntu VM hosted on Apache Guacamole provided by UT Austin's Cybersecurity Bootcamp team.
- Navigate to your HOME directory
- cd /home/sysadmin
- Make a single directory titled Lucky_Duck_Investigations then navigate to this new directory.
- mkdir Lucky_Duck_Investigations
- cd Lucky_Duck_Investigations
- In the Lucky_Duck_Investigations directory, create a directory for this specific investigation titled Roulette_Loss_Investigation.
- mkdir Roulette_Loss_Investigation
- In Roulette_Loss_Investigation, create the following directories:
- Player_Analysis to investigate the casino player. - mkdir Player_Analysis
- Dealer_Analysis to investigate the dealers. - mkdir Dealer_Analysis
- Player_Dealer_Correlation to summarize your findings about the collusion. - mkdir Player_Dealer_Correlation
- Create empty files called Notes_.txt under each subdirectory to store investigation notes.
- touch Player_Analysis/Notes_Player_Analysis.txt
- touch Dealer_Analysis/Notes_Dealer_Analysis.txt
- touch Player_Dealer_Correlation/Notes_Player_Dealer_Correlation.txt
Launch the utility:
In this task, I moved evidecne from the specific dats on which Lucky Duck experience heavy losses at the roulette tables using the following commands:
- Navigate to your HOME (/home/sysadmin) directory where you created the Lucky_Duck_Investigations directory and run the following command to set up the evidence files:
- cd /home/sysadmin/
- wget "https://drive.google.com/uc?id=1ZLY_fuFu3wz7tOlxf-GUrnvp3htuGKSa" -O 3-HW-setup-evidence && chmod +x ./3-HW-setup-evidence && ./3-HW-setup-evidence
- After running this command, your current directory should have the following subdirectories:
- Dealer_Schedules_0310: Contains the dealer schedules.
- Lucky_Duck_Investigations: Contains the investigation directories and notes files you created.
- Roulette_Player_WinLoss_0310: Contains the data for player wins and losses.
- The Dealer_Schedules_0310 and Roulette_Player_WinLoss_0310 directories contain the dealer schedules and win/loss player data from the roulette tables during the week of March 10.
- Since the losses occurred on March 10, 12, and 15, move the schedules for those days into the directory Dealer_Analysis.
- Move the files for those days into the directory Player_Analysis.
In this next task, I correlated the large losses from the roulette tables with the dealer schedule. This helped to determine which dealer and player are colluding to steal money from Lucky Duck.
- Navigate to the Player_Analysis directory.
- Use grep to isolate all of the losses that occurred on March 10, 12, and 15.
- Place those results in a file called Roulette_Losses.txt.
- Preview the file Roulette_Losses.txt and analyze the data.
- Recorded the following in the Notes_Player_Analysis.txt file:
- The times the losses occurred on each day.
- Whether there is a certain player who was playing during each of those times.
- The total count of times this player was playing. > Hint: Use the wc command to find this value.
Next, I completed the following steps for Dealer Analysis
- Navigate to the Dealer_Analysis directory.
- This file contains the dealer schedules for the various Lucky Duck casino games: Blackjack, Roulette, and Texas Hold 'Em.
- Preview the schedule to view the format and to understand how the data is separated.
- Using my findings from the player analysis, I then created a separate script to look at each day and time that I determined losses occurred. I used awk, pipes, and grep to isolate out the following four fields:
- Time
- a.m./p.m.
- First/Last name of roulette dealer
- Run all of the scripts and append those results to a file called Dealers_working_during_losses.txt.
- Preview your file Dealers_working_during_losses.txt, and analyze the data.
- Recorded the following in the Notes_Dealer_Analysis.txt file:
- The primary dealer working at the times where losses occurred.
- How many times the dealer worked when major losses occurred.
- Completed the player/employee correlation
- In the notes file of the Player_Dealer_Correlation directory, add a summary of your findings noting the player and dealer you believe are colluding to scam Lucky Duck.
In this step, I've been tasked with building a shell script that can easily analyze future employee schedules. This script will then be used to determine which employee was working at a given time in the case of future losses.
- Remaining in the Dealer_Analysis directory, I developed the following shell script called roulette_dealer_finder_by_time.sh that can analyze the employee schedule to easily find the roulette dealer at a specific time.
- Insert picture of shell script here