University of Cincinnati Logo
 

20-CS-6055 - Cyber Defense Overview
Electrical Engineering and Computer Science

Lecture Material and Notes Week
    A history of cryptography    
    download the jar file for linux then click its icon

A linux version which includes a java runtime environment is here.

download the zip file for windows, open with windows explorer,
extract all, choose a reachable path to put everything - say
\user\name\Downloads - then double click run (batch file). A warning
message appears - click "More Info" - then click "Run Anyway"

Mac users will likely be successful by downloading the jar file and
clicking on it but you must have java and a text editor installed.

Puzzles:

 
  • decrypt one of the lines in caeser cipher applet (2 brownies for each unique solution)
  • decrypt one of the lines in substitution cipher applet (3 brownies for each unique solution)
  • decrypt this:
    XHYMSREQMXRMV'LLYVVMEZQMXHYMSREQMXRMKE,I'SYMESYMEITRVXMYNELXIFMXHYMVETY
    in the substitution applet (4 brownies to the first person that gets it)
  • find the keyword that decrypts this:
    XQPAJMFITBLSJAGMGMWYTVLOJESSQQFZYMSK
    to something readable (5 brownies to the first person that gets it)
  • 4 brownies - 1st person wins all Given the alphabet below showing frequency of occurrence in random strings find the entropy of the alphabet. Suppose all symbols of the alphabet have equal frequency of occurrence. What would the entropy be? What does the entropy mean in this case? The entropy of the alphabet with frequency as shown for each symbol is less. Can that fact be exploited in some way?

    Symbol    Freq (%)    Symbol    Freq (%)    Symbol    Freq (%)    Symbol    Freq (%)   
    A 8.496 B 2.072 C 4.538 D 3.384
    E 11.16 F 1.812 G 2.485 H 3.003
    I 7.544 J 0.196 K 1.102 L 5.489
    M 3.012 N 6.654 O 7.163 P 3.167
    Q 0.192 R 7.580 S 5.735 T 6.95
    U 3.63 V 1.007 W 1.289 X 0.290
    Y 1.778 Z 0.272

  • Second puzzle will arise Friday during discussion - 1st person wins 2 brownies
  • Third puzzle will arise Friday during discussion - 1st person wins 2 brownies
  • Fourth puzzle will arise Friday during discussion - 1st person wins 2 brownies
24 Aug
 
    Network architecture models/diagrams
Conceptual "attack landscape"
   
    Network Architecture and Topology (CK Slides) TBD
Network Basics (wireshark, packets, etc.) 18 Sep/28 Sep
   WireShark reference
   Network Architecture and Topology TBD
DMZ architecture (CK Slides) TBD
   DMZ architecture TBD
Hosted virtual machine architecture (CK Slides) TBD
   Virtualizing I/O Devices on VMware Workstation's HVMM TBD
 
Tools for Network Analysis
Nessus vulnerability scanner reference
Kali Linux reference
Security Onion reference
Lecture and demonstration by Doug Flick reference
 
Network traffic encryption and authentication
Secret-key and Public-key operation reference
Modular arithmetic reference
Generators reference
Merkel-Hellman encryption reference
Merkle-Hellman demo reference
Diffie-Hellman key exchange reference
Karn+Diffie-Hellman reference
Modular Inverse reference
Chinese Remainder Theorem reference
Fermat's Little Theorem reference
Roots Modulo N reference
Square Roots Modulo N reference
Prime Testing and Generation reference
RSA reference
DES, IDEA, AES reference
AES 128 reference
Hashing reference
Transmission in blocks reference
Authentication handshakes and pitfalls 14 Sep
Kerberos 18 Sep
IPSec 18 Sep
Lab 2 using NAT instead of Host-Only 18 Sep
 
Authentication Mechanisms    
Elliptic Curve Crypto 14 Sep
Password authentication, KDCs and CAs 7 Oct
Public Key Infrastructure 9 Oct
Authentication and federated identity reference
 
Cyber kill chain attack model
Cyber attack landscape 21 Sep
  Mandiant: Anatomy of an Attack 21 Sep
Cyber kill chain (LMCO) 21 Sep
  Alignment to cyber kill chain (CK notes) 21 Sep
  The cyber kill chain (JVF notes) 21 Sep
  Intel-Driven Defense (LMCO) [pdf] 21 Sep
  Cyber kill chain (Nige Security Blog) 21 Sep
  Practicality 21 Sep
 
Passive network security monitoring systems
Logging systems 21 Sep
Network Security Monitoring (JF slides) 21 Sep
    Security policy example 21 Sep
    Acceptable use policy example 21 Sep
    Security practices example 21 Sep
   --------------
    Suricata signatures 21 Sep
   --------------
    APNIC Tutorial 21 Sep
Zeek network security monitor 21 Sep
Zeek description and examples (JVF slides) 21 Sep
Zeek samples from JVF txt file 21 Sep
Pcap files for the above samples 21 Sep
Zeek exercises 21 Sep
Zeek log file identifiers 21 Sep
zeek binaries for linux 21 Sep
Packet capture systems TBD
Secure store-and-forward TBD
Securing out-of-band architectures TBD
Secure in-band wireless pairing TBD
In-band vs. out-of-band solutions TBD
Network Security Monitoring (CK Slides) 21 Sep
Security Onion Introduction 21 Sep
Security Onion VirtualBox Install 21 Sep
 
Active network security monitoring systems
Active Defense (CK Slides) 28 Sep
Firewall basics 28 Sep
IPTables configuration for Linux 28 Sep
IPTables rules to block common attacks 28 Sep
Securing Cisco routers 28 Sep
Firewalls, iptables (JF Slides) 28 Sep
iptables and DDoS? (JF Slides) 28 Sep
Proxy servers, vpn, configuration pitfalls (JF Slides) 28 Sep
Proxy servers for privacy and security 28 Sep
Securing email servers 28 Sep
 
Incident response organization and process
Computer Security Incident Response Teams (JF Slides) 5 Oct 
Organization and Process 5 Oct
Handbook for Computer Security Incident Response Teams 5 Oct
Organizational Models 5 Oct
How to create a CSIRT 5 Oct
NIST Computer Security Incident Handling Guide 5 Oct
Implementing a CSIRT in limited resource organizations 5 Oct
Incident Handler's Handbook 5 Oct
Best practices for victim response and reporting of cyber incidents 5 Oct
SANS Computer Incident Response Team 5 Oct
Immediate power down may cause problems 5 Oct
 
Example attack patterns
Attack patterns (JF notes) 12 Oct
Example security incidents 12 Oct
Introduction to attack patterns 12 Oct
Attack patterns 12 Oct
Five most common attack patterns of 2014 12 Oct
Five most common cyber attacks of 2018 12 Oct
Attack patterns as a software assurance knowledge resource 12 Oct
SANS attack prevention 12 Oct
 
Attack vectors
Attack Vectors (JF Slides) 12 Oct
OWASP Top 10 Attack Vectors for 2013 12 Oct
SQL-injection, watering hole, spear phishing (JF Slides) 12 Oct
SQL-injection 12 Oct
watering hole attacks 12 Oct
spear phishing 12 Oct
Internet-facing server considerations 12 Oct
Common Stealth Attacks 12 Oct
Tool and attack examples 12 Oct
Configuring apps and systems for defense 12 Oct
 
Container model of file structure
PDF vulnerabilities, Vtable exploits, Use-After-Free, REMnux (JF Slides) 19 Oct
pefile module for Python, to analyze Windows EXE/DLL files 19 Oct
pdf-parser.py, by Didier Stevens 19 Oct
XFABMPExploit.py against PDF CVE-2013-2729 vulnerability, by "binamuse.com" 19 Oct
officeparser.py, by John Davison (unixfreak0037) 19 Oct
Analysis of CVE-2012-0158 exploit, RTF encoded OLE 19 Oct
 
Organizing a Security Operations Center
Security Operations Center (SOC) 19 Oct
McAfee: Creating & Maintaining a SOC 19 Oct
 
Defense in Depth
Intro to Defense in Depth (JF Slides) 26 Oct
Example IA security policies 26 Oct
Example IA security procedures 26 Oct
National Information Assurance Partnership (NIAP) 26 Oct
Information Assurance Directorate (IAD - need account) 26 Oct
Federal Interagency Security Committee (FISC) risk management process 26 Oct
Types of attacks 26 Oct
 
The Common Criteria
Intro to the Common Criteria (JF Slides) 26 Oct
The Common Criteria 26 Oct
The Common Criteria Introduction and General Model 26 Oct
The Common Criteria Security Functional Components 26 Oct
The Common Criteria Security Assurance Components 26 Oct
Microsoft Windows Security Target 26 Oct
US DoD firewall Protection Profile 26 Oct
SANS Institute Common Criteria Protection Profiles 26 Oct
 
The CDX
Instructions for environment setup 1 Nov
Guide for securing Oracle Linux 1 Nov
Guide for hardening Ubuntu Linux 1 Nov
Ubuntu Security Notices 1 Nov
 
Reverse Engineering
Analyze software from captured laptop 1 Nov
Determine IED IP address from captured traffic 1 Nov
Decrypt key file to disarm IED 1 Nov
Generate one time key code 1 Nov
Use the one time key codes to disarm IEDs 1 Nov
Analyze code that overwrites the return address on the stack 1 Nov
Remove malware from malicious binary 1 Nov
Remove malware from malicious binary with Ghidra I (Gentily) 9 Nov
Remove malware from malicious binary with Ghidra II (Leyda) 9 Nov
Codebreaker Challenge discussion in CyDef chat 9 Nov
 
Basic malware analysis
Malware analysis (JF slides) 9 Nov
Malware analysis guide 9 Nov
Introduction to malware analysis 9 Nov
Hashing algorithms to identify malware 9 Nov
Entropy algorithms to identify malware 9 Nov
 
Identifying malware and shellcode in apps
Obfuscation methods 9 Nov
Tools to detect tampering 9 Nov
 
Cloud Security
Threats in the cloud 15 Nov
 
Impact of virtualization
Virtualization, especially in the cloud 15 Nov
Secure virtualization for cloud computing 15 Nov
 
Digital Rights Management, Digital Millennium Copyright Act, and Fair Use
DRM & DMCA & Fair Use 23 Nov
 
Information sharing
Resources - Nov
  Glossary - Nov
Competitions - Nov
  Capture the Flag Competitions - Nov
  List of CTF opportunities - Nov
  Cyber Defense Exercise (CDX) - Nov
  National CCDC - Nov
Conferences - Nov
  RSA Conference - Nov
  Black Hat - Nov
  Black Hat YouTube Channel - Nov
  DEF CON - Nov
  DEF CON CTF - Nov
  What is a CTF? - Nov
Blogs/Periodicals - Nov
  Schneier Blog - Nov
  Matt Blaze - Nov
  The CyberWire - Nov
  The CyberWire Dispatch - Nov
Professional Societies - Nov
  IEEE Cyber Security - Nov
  IEEE Center for Secure Design - Nov
  IEEE Cipher News Letter - Nov
  Usenix (orig: Unix Users Group) - Nov
Cyber Security Databases - Nov
  Mitre Corporation - Nov
  CMU Software Engineering Institute, Computer Emergency Response Team - Nov
  National Vulnerability Database - Nov
  Veris Database - Nov
  Application Security Failures - Nov
  Indicator Feed & Database: malc0de.com (searchable) - Nov
  Feed & Tools: Collective Intelligence Framework - Nov
  Artifact Database: virusshare.com (searchable) - Nov
Private Companies - Nov
  Kaspersky Lab - Nov
  SANS Institute - Nov
  FireEye - Nov
  CrowdStrike Technical Analysis: Putter Panda Group - Nov
  Rapid7: Metasploit - Nov
Communities - Nov
  Open Web Application Security Project (OWASP) - Nov
  OWASP Top 10 - Nov
  Community: National Council of ISACs (industry-focused information sharing) - Nov
  Tools for finding malware in files - Nov
  Community: DeepEnd Research (& Yara Exchange) - Nov
  example yara rules - Nov
 
Event knowledge management
cyber intelligence storage, collection, retrieval
CRITs intelligence database - Nov
Will provide VM with CRITs - Nov
Tie historical data to emerging attacks - Nov
Important use-cases for knowledge management - Nov
Public and private communities - Nov
 
Evaluating solutions and services
Communities - OWASP, ISSA - Nov
Communities - Common Criteria - Nov
Aligning solutions against kill chain detectability - Nov
 
Resource Access Control
Introduction - Nov
Virtual Private Network (VPN) - Nov
VPN explained 'in plain English' - thanks Linda Garth - Nov
Digital Rights Management - Nov
 
Integration of detection, defense, KM tools
Discussion - Nov
 
+ Class is held only on Wednesday of this week.
ERC
MainStreet
Paul Erdos
NIT
Ladies on Campus
Oscar Robinson