Lecture Material and Notes Week
A history of cryptography

A linux version which includes a java runtime environment is here.

clicking on it but you must have java and a text editor installed.

Puzzles:

• decrypt one of the lines in caeser cipher applet (2 brownies for each unique solution up to 3 solutions)
• decrypt one of the lines in substitution cipher applet (3 brownies for each unique solution up to 3 solutions)
• decrypt this:
XHYMSREQMXRMV'LLYVVMEZQMXHYMSREQMXRMKE,I'SYMESYMEITRVXMYNELXIFMXHYMVETY
in the substitution applet (4 brownies to the first person that gets it)
• find the keyword that decrypts this in the vigenere applet:
XQPAJMFITBLSJAGMGMWYTVLOJESSQQFZYMSK
to something readable (5 brownies to the first person that gets it)
• 4 brownies - 1st person wins all
Given the alphabet below showing frequency of occurrence in random strings find the entropy of the alphabet. Suppose all symbols of the alphabet have equal frequency of occurrence. What would the entropy be? What does the entropy mean in this case? The entropy of the alphabet with frequency as shown for each symbol is less. Can that fact be exploited in some way?

 Symbol Freq (%) Symbol Freq (%) Symbol Freq (%) Symbol Freq (%) A 8.496 B 2.072 C 4.538 D 3.384 E 11.16 F 1.812 G 2.485 H 3.003 I 7.544 J 0.196 K 1.102 L 5.489 M 3.012 N 6.654 O 7.163 P 3.167 Q 0.192 R 7.580 S 5.735 T 6.95 U 3.63 V 1.007 W 1.289 X 0.290 Y 1.778 Z 0.272

23 Aug

Network architecture models/diagrams
Conceptual "attack landscape"

Network Architecture and Topology (CK Slides) TBD
Network Basics (wireshark, packets, etc.) 17 Sep/27 Sep
WireShark reference
Network Architecture and Topology TBD
DMZ architecture (CK Slides) TBD
DMZ architecture TBD
Hosted virtual machine architecture (CK Slides) TBD
Virtualizing I/O Devices on VMware Workstation's HVMM TBD

Tools for Network Analysis
Nessus vulnerability scanner reference
Kali Linux reference
Security Onion reference
Lecture and demonstration by Doug Flick reference

Network traffic encryption and authentication
Secret-key and Public-key operation reference
Modular arithmetic reference
Generators reference
Merkel-Hellman encryption reference
Merkle-Hellman demo reference
Diffie-Hellman key exchange reference
Karn+Diffie-Hellman reference
Modular Inverse reference
Chinese Remainder Theorem reference
Fermat's Little Theorem reference
Roots Modulo N reference
Square Roots Modulo N reference
Prime Testing and Generation reference
RSA reference
DES, IDEA, AES reference
AES 128 reference
Hashing reference
Transmission in blocks reference
Authentication handshakes and pitfalls 13 Sep
Kerberos 17 Sep
IPSec 17 Sep
Lab 2 using NAT instead of Host-Only 17 Sep

Authentication Mechanisms
Elliptic Curve Crypto 13 Sep
Password authentication, KDCs and CAs 6 Oct
Public Key Infrastructure 6 Oct
Authentication and federated identity reference

Cyber kill chain attack model
Cyber attack landscape 20 Sep
Mandiant: Anatomy of an Attack 20 Sep
Cyber kill chain (LMCO) 20 Sep
Alignment to cyber kill chain (CK notes) 20 Sep
The cyber kill chain (JVF notes) 20 Sep
Intel-Driven Defense (LMCO) [pdf] 20 Sep
Cyber kill chain (Nige Security Blog) 20 Sep
Practicality 20 Sep

Passive network security monitoring systems
Logging systems 20 Sep
Network Security Monitoring (JF slides) 20 Sep
Security policy example 20 Sep
Acceptable use policy example 20 Sep
Security practices example 20 Sep
--------------
Suricata signatures 20 Sep
--------------
APNIC Tutorial 20 Sep
Zeek network security monitor 20 Sep
Zeek description and examples (JVF slides) 20 Sep
Zeek samples from JVF txt file 20 Sep
Pcap files for the above samples 20 Sep
Zeek exercises 20 Sep
Zeek log file identifiers 20 Sep
zeek binaries for linux 20 Sep
Packet capture systems TBD
Secure store-and-forward TBD
Securing out-of-band architectures TBD
Secure in-band wireless pairing TBD
In-band vs. out-of-band solutions TBD
Network Security Monitoring (CK Slides) 20 Sep
Security Onion Introduction 20 Sep
Security Onion VirtualBox Install 20 Sep

Active network security monitoring systems
Active Defense (CK Slides) 27 Sep
Firewall basics 27 Sep
IPTables configuration for Linux 27 Sep
IPTables rules to block common attacks 27 Sep
Securing Cisco routers 27 Sep
Firewalls, iptables (JF Slides) 27 Sep
iptables and DDoS? (JF Slides) 27 Sep
Proxy servers, vpn, configuration pitfalls (JF Slides) 27 Sep
Proxy servers for privacy and security 27 Sep
Securing email servers 27 Sep

Incident response organization and process
Computer Security Incident Response Teams (JF Slides) 4 Oct
Organization and Process 4 Oct
Handbook for Computer Security Incident Response Teams 4 Oct
Organizational Models 4 Oct
How to create a CSIRT 4 Oct
NIST Computer Security Incident Handling Guide 4 Oct
Implementing a CSIRT in limited resource organizations 4 Oct
Incident Handler's Handbook 4 Oct
Best practices for victim response and reporting of cyber incidents 4 Oct
SANS Computer Incident Response Team 4 Oct
Immediate power down may cause problems 4 Oct

Example attack patterns
Attack patterns (JF notes) 11 Oct
Example security incidents 11 Oct
Introduction to attack patterns 11 Oct
Attack patterns 11 Oct
Five most common attack patterns of 2014 11 Oct
Five most common cyber attacks of 2018 11 Oct
Attack patterns as a software assurance knowledge resource 11 Oct
SANS attack prevention 11 Oct

Attack vectors
Attack Vectors (JF Slides) 11 Oct
OWASP Top 10 Attack Vectors for 2013 11 Oct
SQL-injection, watering hole, spear phishing (JF Slides) 11 Oct
SQL-injection 11 Oct
watering hole attacks 11 Oct
spear phishing 11 Oct
Internet-facing server considerations 11 Oct
Common Stealth Attacks 11 Oct
Tool and attack examples 11 Oct
Configuring apps and systems for defense 11 Oct

Container model of file structure
PDF vulnerabilities, Vtable exploits, Use-After-Free, REMnux (JF Slides) 17 Oct
pefile module for Python, to analyze Windows EXE/DLL files 17 Oct
pdf-parser.py, by Didier Stevens 17 Oct
XFABMPExploit.py against PDF CVE-2013-2729 vulnerability, by "binamuse.com" 17 Oct
officeparser.py, by John Davison (unixfreak0037) 17 Oct
Analysis of CVE-2012-0158 exploit, RTF encoded OLE 17 Oct

Organizing a Security Operations Center
Security Operations Center (SOC) 17 Oct
McAfee: Creating & Maintaining a SOC 17 Oct

Defense in Depth
Intro to Defense in Depth (JF Slides) 25 Oct
Example IA security policies 25 Oct
Example IA security procedures 25 Oct
National Information Assurance Partnership (NIAP) 25 Oct
Information Assurance Directorate (IAD - need account) 25 Oct
Federal Interagency Security Committee (FISC) risk management process 25 Oct
Types of attacks 25 Oct

The Common Criteria
Intro to the Common Criteria (JF Slides) 25 Oct
The Common Criteria 25 Oct
The Common Criteria Introduction and General Model 25 Oct
The Common Criteria Security Functional Components 25 Oct
The Common Criteria Security Assurance Components 25 Oct
Microsoft Windows Security Target 25 Oct
US DoD firewall Protection Profile 25 Oct
SANS Institute Common Criteria Protection Profiles 25 Oct

The CDX
Instructions for environment setup 1 Nov
Guide for securing Oracle Linux 1 Nov
Guide for hardening Ubuntu Linux 1 Nov
Ubuntu Security Notices 1 Nov

Reverse Engineering
Analyze software from captured laptop 1 Nov
Determine IED IP address from captured traffic 1 Nov
Decrypt key file to disarm IED 1 Nov
Generate one time key code 1 Nov
Use the one time key codes to disarm IEDs 1 Nov
Analyze code that overwrites the return address on the stack 1 Nov
Remove malware from malicious binary 1 Nov
Remove malware from malicious binary with Ghidra I (Gentily) 8 Nov
Remove malware from malicious binary with Ghidra II (Leyda) 8 Nov
Codebreaker Challenge discussion in CyDef chat 8 Nov

Basic malware analysis
Malware analysis (JF slides) 8 Nov
Malware analysis guide 8 Nov
Introduction to malware analysis 8 Nov
Hashing algorithms to identify malware 8 Nov
Entropy algorithms to identify malware 8 Nov

Identifying malware and shellcode in apps
Obfuscation methods 8 Nov
Tools to detect tampering 8 Nov

Cloud Security
Threats in the cloud 15 Nov

Impact of virtualization
Virtualization, especially in the cloud 15 Nov
Secure virtualization for cloud computing 15 Nov

Digital Rights Management, Digital Millennium Copyright Act, and Fair Use
DRM & DMCA & Fair Use 22 Nov

Information sharing
Resources - Nov
Glossary - Nov
Competitions - Nov
Capture the Flag Competitions - Nov
List of CTF opportunities - Nov
Cyber Defense Exercise (CDX) - Nov
National CCDC - Nov
Conferences - Nov
RSA Conference - Nov
Black Hat - Nov
Black Hat YouTube Channel - Nov
DEF CON - Nov
DEF CON CTF - Nov
What is a CTF? - Nov
Blogs/Periodicals - Nov
Schneier Blog - Nov
Matt Blaze - Nov
The CyberWire - Nov
The CyberWire Dispatch - Nov
Professional Societies - Nov
IEEE Cyber Security - Nov
IEEE Center for Secure Design - Nov
IEEE Cipher News Letter - Nov
Usenix (orig: Unix Users Group) - Nov
Cyber Security Databases - Nov
Mitre Corporation - Nov
CMU Software Engineering Institute, Computer Emergency Response Team - Nov
National Vulnerability Database - Nov
Veris Database - Nov
Application Security Failures - Nov
Indicator Feed & Database: malc0de.com (searchable) - Nov
Feed & Tools: Collective Intelligence Framework - Nov
Artifact Database: virusshare.com (searchable) - Nov
Private Companies - Nov
Kaspersky Lab - Nov
SANS Institute - Nov
FireEye - Nov
CrowdStrike Technical Analysis: Putter Panda Group - Nov
Rapid7: Metasploit - Nov
Communities - Nov
Open Web Application Security Project (OWASP) - Nov
OWASP Top 10 - Nov
Community: National Council of ISACs (industry-focused information sharing) - Nov
Tools for finding malware in files - Nov
Community: DeepEnd Research (& Yara Exchange) - Nov
example yara rules - Nov

Event knowledge management
cyber intelligence storage, collection, retrieval
CRITs intelligence database - Nov
Will provide VM with CRITs - Nov
Tie historical data to emerging attacks - Nov
Important use-cases for knowledge management - Nov
Public and private communities - Nov

Evaluating solutions and services
Communities - OWASP, ISSA - Nov
Communities - Common Criteria - Nov
Aligning solutions against kill chain detectability - Nov

Resource Access Control
Introduction - Nov
Virtual Private Network (VPN) - Nov
VPN explained 'in plain English' - thanks Linda Garth - Nov
Digital Rights Management - Nov

Integration of detection, defense, KM tools
Discussion - Nov

+ Class is held only on Wednesday of this week.