University of Cincinnati Logo

20-CS-6055 - Cyber Defense Overview
Electrical Engineering and Computer Science

Lecture Material and Notes Week
    A history of cryptography    
    download the jar file for linux then click its icon

A linux version which includes a java runtime environment is here.

download the zip file for windows, open with windows explorer,
extract all, choose a reachable path to put everything - say
\user\name\Downloads - then double click run (batch file). A warning
message appears - click "More Info" - then click "Run Anyway"

Mac users will likely be successful by downloading the jar file and
clicking on it but you must have java and a text editor installed.


  • decrypt one of the lines in caeser cipher applet (2 brownies for each unique solution up to 3 solutions)
  • decrypt one of the lines in substitution cipher applet (3 brownies for each unique solution up to 3 solutions)
  • decrypt this:
    in the substitution applet (4 brownies to the first person that gets it)
  • find the keyword that decrypts this in the vigenere applet:
    to something readable (5 brownies to the first person that gets it)
  • 4 brownies - 1st person wins all
    Given the alphabet below showing frequency of occurrence in random strings find the entropy of the alphabet. Suppose all symbols of the alphabet have equal frequency of occurrence. What would the entropy be? What does the entropy mean in this case? The entropy of the alphabet with frequency as shown for each symbol is less. Can that fact be exploited in some way?

    Symbol    Freq (%)    Symbol    Freq (%)    Symbol    Freq (%)    Symbol    Freq (%)   
    A 8.496 B 2.072 C 4.538 D 3.384
    E 11.16 F 1.812 G 2.485 H 3.003
    I 7.544 J 0.196 K 1.102 L 5.489
    M 3.012 N 6.654 O 7.163 P 3.167
    Q 0.192 R 7.580 S 5.735 T 6.95
    U 3.63 V 1.007 W 1.289 X 0.290
    Y 1.778 Z 0.272

23 Aug
    Network architecture models/diagrams
Conceptual "attack landscape"
    Network Architecture and Topology (CK Slides) TBD
Network Basics (wireshark, packets, etc.) 17 Sep/27 Sep
   WireShark reference
   Network Architecture and Topology TBD
DMZ architecture (CK Slides) TBD
   DMZ architecture TBD
Hosted virtual machine architecture (CK Slides) TBD
   Virtualizing I/O Devices on VMware Workstation's HVMM TBD
Tools for Network Analysis
Nessus vulnerability scanner reference
Kali Linux reference
Security Onion reference
Lecture and demonstration by Doug Flick reference
Network traffic encryption and authentication
Secret-key and Public-key operation reference
Modular arithmetic reference
Generators reference
Merkel-Hellman encryption reference
Merkle-Hellman demo reference
Diffie-Hellman key exchange reference
Karn+Diffie-Hellman reference
Modular Inverse reference
Chinese Remainder Theorem reference
Fermat's Little Theorem reference
Roots Modulo N reference
Square Roots Modulo N reference
Prime Testing and Generation reference
RSA reference
DES, IDEA, AES reference
AES 128 reference
Hashing reference
Transmission in blocks reference
Authentication handshakes and pitfalls 13 Sep
Kerberos 17 Sep
IPSec 17 Sep
Lab 2 using NAT instead of Host-Only 17 Sep
Authentication Mechanisms    
Elliptic Curve Crypto 13 Sep
Password authentication, KDCs and CAs 6 Oct
Public Key Infrastructure 6 Oct
Authentication and federated identity reference
Cyber kill chain attack model
Cyber attack landscape 20 Sep
  Mandiant: Anatomy of an Attack 20 Sep
Cyber kill chain (LMCO) 20 Sep
  Alignment to cyber kill chain (CK notes) 20 Sep
  The cyber kill chain (JVF notes) 20 Sep
  Intel-Driven Defense (LMCO) [pdf] 20 Sep
  Cyber kill chain (Nige Security Blog) 20 Sep
  Practicality 20 Sep
Passive network security monitoring systems
Logging systems 20 Sep
Network Security Monitoring (JF slides) 20 Sep
    Security policy example 20 Sep
    Acceptable use policy example 20 Sep
    Security practices example 20 Sep
    Suricata signatures 20 Sep
    APNIC Tutorial 20 Sep
Zeek network security monitor 20 Sep
Zeek description and examples (JVF slides) 20 Sep
Zeek samples from JVF txt file 20 Sep
Pcap files for the above samples 20 Sep
Zeek exercises 20 Sep
Zeek log file identifiers 20 Sep
zeek binaries for linux 20 Sep
Packet capture systems TBD
Secure store-and-forward TBD
Securing out-of-band architectures TBD
Secure in-band wireless pairing TBD
In-band vs. out-of-band solutions TBD
Network Security Monitoring (CK Slides) 20 Sep
Security Onion Introduction 20 Sep
Security Onion VirtualBox Install 20 Sep
Active network security monitoring systems
Active Defense (CK Slides) 27 Sep
Firewall basics 27 Sep
IPTables configuration for Linux 27 Sep
IPTables rules to block common attacks 27 Sep
Securing Cisco routers 27 Sep
Firewalls, iptables (JF Slides) 27 Sep
iptables and DDoS? (JF Slides) 27 Sep
Proxy servers, vpn, configuration pitfalls (JF Slides) 27 Sep
Proxy servers for privacy and security 27 Sep
Securing email servers 27 Sep
Incident response organization and process
Computer Security Incident Response Teams (JF Slides) 4 Oct 
Organization and Process 4 Oct
Handbook for Computer Security Incident Response Teams 4 Oct
Organizational Models 4 Oct
How to create a CSIRT 4 Oct
NIST Computer Security Incident Handling Guide 4 Oct
Implementing a CSIRT in limited resource organizations 4 Oct
Incident Handler's Handbook 4 Oct
Best practices for victim response and reporting of cyber incidents 4 Oct
SANS Computer Incident Response Team 4 Oct
Immediate power down may cause problems 4 Oct
Example attack patterns
Attack patterns (JF notes) 11 Oct
Example security incidents 11 Oct
Introduction to attack patterns 11 Oct
Attack patterns 11 Oct
Five most common attack patterns of 2014 11 Oct
Five most common cyber attacks of 2018 11 Oct
Attack patterns as a software assurance knowledge resource 11 Oct
SANS attack prevention 11 Oct
Attack vectors
Attack Vectors (JF Slides) 11 Oct
OWASP Top 10 Attack Vectors for 2013 11 Oct
SQL-injection, watering hole, spear phishing (JF Slides) 11 Oct
SQL-injection 11 Oct
watering hole attacks 11 Oct
spear phishing 11 Oct
Internet-facing server considerations 11 Oct
Common Stealth Attacks 11 Oct
Tool and attack examples 11 Oct
Configuring apps and systems for defense 11 Oct
Container model of file structure
PDF vulnerabilities, Vtable exploits, Use-After-Free, REMnux (JF Slides) 17 Oct
pefile module for Python, to analyze Windows EXE/DLL files 17 Oct, by Didier Stevens 17 Oct against PDF CVE-2013-2729 vulnerability, by "" 17 Oct, by John Davison (unixfreak0037) 17 Oct
Analysis of CVE-2012-0158 exploit, RTF encoded OLE 17 Oct
Organizing a Security Operations Center
Security Operations Center (SOC) 17 Oct
McAfee: Creating & Maintaining a SOC 17 Oct
Defense in Depth
Intro to Defense in Depth (JF Slides) 25 Oct
Example IA security policies 25 Oct
Example IA security procedures 25 Oct
National Information Assurance Partnership (NIAP) 25 Oct
Information Assurance Directorate (IAD - need account) 25 Oct
Federal Interagency Security Committee (FISC) risk management process 25 Oct
Types of attacks 25 Oct
The Common Criteria
Intro to the Common Criteria (JF Slides) 25 Oct
The Common Criteria 25 Oct
The Common Criteria Introduction and General Model 25 Oct
The Common Criteria Security Functional Components 25 Oct
The Common Criteria Security Assurance Components 25 Oct
Microsoft Windows Security Target 25 Oct
US DoD firewall Protection Profile 25 Oct
SANS Institute Common Criteria Protection Profiles 25 Oct
Instructions for environment setup 1 Nov
Guide for securing Oracle Linux 1 Nov
Guide for hardening Ubuntu Linux 1 Nov
Ubuntu Security Notices 1 Nov
Reverse Engineering
Analyze software from captured laptop 1 Nov
Determine IED IP address from captured traffic 1 Nov
Decrypt key file to disarm IED 1 Nov
Generate one time key code 1 Nov
Use the one time key codes to disarm IEDs 1 Nov
Analyze code that overwrites the return address on the stack 1 Nov
Remove malware from malicious binary 1 Nov
Remove malware from malicious binary with Ghidra I (Gentily) 8 Nov
Remove malware from malicious binary with Ghidra II (Leyda) 8 Nov
Codebreaker Challenge discussion in CyDef chat 8 Nov
Basic malware analysis
Malware analysis (JF slides) 8 Nov
Malware analysis guide 8 Nov
Introduction to malware analysis 8 Nov
Hashing algorithms to identify malware 8 Nov
Entropy algorithms to identify malware 8 Nov
Identifying malware and shellcode in apps
Obfuscation methods 8 Nov
Tools to detect tampering 8 Nov
Cloud Security
Threats in the cloud 15 Nov
Impact of virtualization
Virtualization, especially in the cloud 15 Nov
Secure virtualization for cloud computing 15 Nov
Digital Rights Management, Digital Millennium Copyright Act, and Fair Use
DRM & DMCA & Fair Use 22 Nov
Information sharing
Resources - Nov
  Glossary - Nov
Competitions - Nov
  Capture the Flag Competitions - Nov
  List of CTF opportunities - Nov
  Cyber Defense Exercise (CDX) - Nov
  National CCDC - Nov
Conferences - Nov
  RSA Conference - Nov
  Black Hat - Nov
  Black Hat YouTube Channel - Nov
  DEF CON - Nov
  What is a CTF? - Nov
Blogs/Periodicals - Nov
  Schneier Blog - Nov
  Matt Blaze - Nov
  The CyberWire - Nov
  The CyberWire Dispatch - Nov
Professional Societies - Nov
  IEEE Cyber Security - Nov
  IEEE Center for Secure Design - Nov
  IEEE Cipher News Letter - Nov
  Usenix (orig: Unix Users Group) - Nov
Cyber Security Databases - Nov
  Mitre Corporation - Nov
  CMU Software Engineering Institute, Computer Emergency Response Team - Nov
  National Vulnerability Database - Nov
  Veris Database - Nov
  Application Security Failures - Nov
  Indicator Feed & Database: (searchable) - Nov
  Feed & Tools: Collective Intelligence Framework - Nov
  Artifact Database: (searchable) - Nov
Private Companies - Nov
  Kaspersky Lab - Nov
  SANS Institute - Nov
  FireEye - Nov
  CrowdStrike Technical Analysis: Putter Panda Group - Nov
  Rapid7: Metasploit - Nov
Communities - Nov
  Open Web Application Security Project (OWASP) - Nov
  OWASP Top 10 - Nov
  Community: National Council of ISACs (industry-focused information sharing) - Nov
  Tools for finding malware in files - Nov
  Community: DeepEnd Research (& Yara Exchange) - Nov
  example yara rules - Nov
Event knowledge management
cyber intelligence storage, collection, retrieval
CRITs intelligence database - Nov
Will provide VM with CRITs - Nov
Tie historical data to emerging attacks - Nov
Important use-cases for knowledge management - Nov
Public and private communities - Nov
Evaluating solutions and services
Communities - OWASP, ISSA - Nov
Communities - Common Criteria - Nov
Aligning solutions against kill chain detectability - Nov
Resource Access Control
Introduction - Nov
Virtual Private Network (VPN) - Nov
VPN explained 'in plain English' - thanks Linda Garth - Nov
Digital Rights Management - Nov
Integration of detection, defense, KM tools
Discussion - Nov
+ Class is held only on Wednesday of this week.
Paul Erdos
Ladies on Campus
Oscar Robinson