University of Cincinnati Logo

20-CS-6055 - Cyber Defense Overview
Electrical Engineering and Computer Science

Lecture Material and Notes Week
    Network architecture models/diagrams
Conceptual "attack landscape"
    Network Architecture and Topology (CK Slides) 24 Aug
Network Basics (wireshark, packets, etc.) 26 Aug
   WireShark 24 Aug
   Network Architecture and Topology 24 Aug
DMZ architecture (CK Slides) 24 Aug
   DMZ architecture 24 Aug
Hosted virtual machine architecture (CK Slides) 24 Aug
   Virtualizing I/O Devices on VMware Workstation's HVMM 24 Aug
Tools for Network Analysis
Nessus vulnerability scanner 24 Aug
Kali Linux 24 Aug
Security Onion 24 Aug
Lecture and demonstration by Doug Flick 24 Aug
Network traffic encryption and authentication
Secret-key and Public-key operation 31 Aug
Modular arithmetic 31 Aug
Generators 31 Aug
Merkel-Hellman encryption 31 Aug
Merkle-Hellman demo 31 Aug
Diffie-Hellman key exchange 31 Aug
Karn+Diffie-Hellman 31 Aug
Modular Inverse 31 Aug
Chinese Remainder Theorem 31 Aug
Fermat's Little Theorem 31 Aug
Roots Modulo N 31 Aug
Square Roots Modulo N 31 Aug
Prime Testing and Generation 31 Aug
RSA 31 Aug
AES 128 31 Aug
Hashing 31 Aug
Transmission in blocks 31 Aug
Authentication handshakes and pitfalls 31 Aug
Kerberos 31 Aug
Authentication Mechanisms    
Elliptic Curve Crypto 7 Sep
Password authentication, KDCs and CAs 7 Sep
Public Key Infrastructure 7 Sep
Authentication and federated identity 7 Sep
Cyber kill chain attack model
Cyber attack landscape 7 Sep
  Mandiant: Anatomy of an Attack 7 Sep
Cyber kill chain (LMCO) 7 Sep
  Alignment to cyber kill chain (CK notes) 7 Sep
  Intel-Driven Defense (LMCO) [pdf] 7 Sep
  Cyber kill chain (Nige Security Blog) 7 Sep
  Practicality 7 Sep
Passive network security monitoring systems
Logging systems 14 Sep
Network Security Monitoring (JF slides) 14 Sep
Bro network security monitor 14 Sep
Bro samples from JF txt file 14 Sep
Pcap files for the above samples 14 Sep
Bro exercises 14 Sep
Bro log file identifiers 14 Sep
Packet capture systems 14 Sep
Secure store-and-forward 14 Sep
Securing out-of-band architectures 14 Sep
Secure in-band wireless pairing 14 Sep
In-band vs. out-of-band solutions 14 Sep
Network Security Monitoring (CK Slides) 21 Sep
Security Onion Introduction 21 Sep
Security Onion VirtualBox Install 21 Sep
Active network security monitoring systems
Active Defense (CK Slides) 21 Sep
Firewall basics 21 Sep
IPTables configuration for Linux 21 Sep
IPTables rules to block common attacks 21 Sep
Securing Cisco routers 21 Sep
Firewalls, iptables (JF Slides) 28 Sep
iptables and DDoS? (JF Slides) 28 Sep
Proxy servers, vpn, configuration pitfalls (JF Slides) 28 Sep
Proxy servers for privacy and security 28 Sep
Securing email servers 28 Sep
Incident response organization and process
Computer Security Incident Response Teams (JF Slides) 5 Oct 
Organization and Process 5 Oct
Handbook for Computer Security Incident Response Teams 5 Oct
Organizational Models 5 Oct
How to create a CSIRT 5 Oct
NIST Computer Security Incident Handling Guide 5 Oct
Implementing a CSIRT in limited resource organizations 5 Oct
Incident Handler's Handbook 5 Oct
Best practices for victim response and reporting of cyber incidents 5 Oct
SANS Computer Incident Response Team 5 Oct
Immediate power down may cause problems 5 Oct
Example attack patterns
Cyber kill chain and attack patterns (JF notes) -- Sep
Example security incidents 12 Oct
Introduction to attack patterns 12 Oct
Attack patterns 12 Oct
Five most common attack patterns of 2014 12 Oct
Five most common cyber attacks of 2018 12 Oct
Attack patterns as a software assurance knowledge resource 12 Oct
SANS attack prevention 12 Oct
Attack vectors
OWASP Top 10 Attack Vectors for 2013 12 Oct
SQL-injection, watering hole, spear phishing (JF Slides) 12 Oct
SQL-injection 12 Oct
watering hole attacks 12 Oct
spear phishing 12 Oct
Internet-facing server considerations 12 Oct
Common Stealth Attacks 12 Oct
Tool and attack examples 12 Oct
Configuring apps and systems for defense 12 Oct
Container model of file structure
PDF vulnerabilities, Vtable exploits, Use-After-Free, REMnux (JF Slides) 19 Oct
pefile module for Python, to analyze Windows EXE/DLL files 19 Oct, by Didier Stevens 19 Oct against PDF CVE-2013-2729 vulnerability, by "" 19 Oct, by John Davison (unixfreak0037) 19 Oct
Analysis of CVE-2012-0158 exploit, RTF encoded OLE 19 Oct
Organizing a Security Operations Center
Security Operations Center (SOC) 19 Oct
McAfee: Creating & Maintaining a SOC 19 Oct
Defense in Depth
Intro to Defense in Depth (JF Slides) 26 Oct
Example IA security policies 26 Oct
Example IA security procedures 26 Oct
National Information Assurance Partnership (NIAP) 26 Oct
Information Assurance Directorate (IAD - need account) 26 Oct
Federal Interagency Security Committee (FISC) risk management process 26 Oct
Types of attacks 26 Oct
The Common Criteria
Intro to the Common Criteria (JF Slides) 26 Oct
The Common Criteria 26 Oct
The Common Criteria Introduction and General Model 26 Oct
The Common Criteria Security Functional Components 26 Oct
The Common Criteria Security Assurance Components 26 Oct
Microsoft Windows Security Target 26 Oct
US DoD firewall Protection Profile 26 Oct
SANS Institute Common Criteria Protection Profiles 26 Oct
Information sharing
Resources - Nov
  Glossary - Nov
Competitions - Nov
  Capture the Flag Competitions - Nov
  List of CTF opportunities - Nov
  Cyber Defense Exercise (CDX) - Nov
  National CCDC - Nov
Conferences - Nov
  RSA Conference - Nov
  Black Hat - Nov
  Black Hat YouTube Channel - Nov
  DEF CON - Nov
  What is a CTF? - Nov
Blogs/Periodicals - Nov
  Schneier Blog - Nov
  Matt Blaze - Nov
  The CyberWire - Nov
  The CyberWire Dispatch - Nov
Professional Societies - Nov
  IEEE Cyber Security - Nov
  IEEE Center for Secure Design - Nov
  IEEE Cipher News Letter - Nov
  Usenix (orig: Unix Users Group) - Nov
Cyber Security Databases - Nov
  Mitre Corporation - Nov
  CMU Software Engineering Institute, Computer Emergency Response Team - Nov
  National Vulnerability Database - Nov
  Veris Database - Nov
  Application Security Failures - Nov
  Indicator Feed & Database: (searchable) - Nov
  Feed & Tools: Collective Intelligence Framework - Nov
  Artifact Database: (searchable) - Nov
Private Companies - Nov
  Kaspersky Lab - Nov
  SANS Institute - Nov
  FireEye - Nov
  CrowdStrike Technical Analysis: Putter Panda Group - Nov
  Rapid7: Metasploit - Nov
Communities - Nov
  Open Web Application Security Project (OWASP) - Nov
  OWASP Top 10 - Nov
  Community: National Council of ISACs (industry-focused information sharing) - Nov
  Tools for finding malware in files - Nov
  Community: DeepEnd Research (& Yara Exchange) - Nov
  example yara rules - Nov
Reverse Engineering
Analyze software from captured laptop - Nov
Determine IED IP address from captured traffic - Nov
Decrypt key file to disarm IED - Nov
Generate one time key code - Nov
Use the one time key codes to disarm IEDs - Nov
Analyze code that overwrites the return address on the stack - Nov
Remove malware from malicious binary - Nov
Basic malware analysis
Malware analysis (JF slides) - Nov
Malware analysis guide - Nov
Introduction to malware analysis - Nov
Hashing algorithms to identify malware - Nov
Entropy algorithms to identify malware - Nov
Identifying malware and shellcode in apps
Obfuscation methods - Nov
Tools to detect tampering - Nov
Instructions for environment setup - Nov
Guide for securing Oracle Linux - Nov
Guide for hardening Ubuntu Linux - Nov
Ubuntu Security Notices - Nov
Impact of virtualization
The cloud, virtualization, and security - Nov
Secure virtualization for cloud computing - Nov
Event knowledge management
cyber intelligence storage, collection, retrieval
CRITs intelligence database - Nov
Will provide VM with CRITs - Nov
Tie historical data to emerging attacks - Nov
Important use-cases for knowledge management - Nov
Public and private communities - Nov
Evaluating solutions and services
Communities - OWASP, ISSA - Nov
Communities - Common Criteria - Nov
Aligning solutions against kill chain detectability - Nov
Resource Access Control
Introduction - Nov
Virtual Private Network (VPN) - Nov
VPN explained 'in plain English' - thanks Linda Garth - Nov
Digital Rights Management - Nov
Integration of detection, defense, KM tools
Discussion - Nov
+ Class is held only on Wednesday of this week.
Paul Erdos
Ladies on Campus
Oscar Robinson