cyber uc meeting 35
play

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! - PowerPoint PPT Presentation

Oct 06, 2022 •437 likes •563 views

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

  1. Cyber@UC Meeting 35 Exploit ALL the vulnerabilities!

  2. If You’re New! ● Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati ● OWASP Chapter ● Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment Stay updated through our weekly emails and SLACK ●

  3. Announcements ● Red team against Franco’s Class! TOMORROW P&G visit set for Jan 22nd 2-3pm ● Logo Design SUBMIT IDEAS! ● ● We have 200K of equipment coming! ● Lab in ERC almost ready getting keys soon!

  4. Weekly Content

  5. Cybersec staffing problems causing vulnerability ● 22% of surveyed companies cited their security team as being understaffed The skills shortage expected to create 1.8 million job deficit by 2022 ● Constant advancement in the field makes maintaining skills difficult ● ● We are seeing that the deficit is a skills deficit, less a worker deficit ● It is difficult to attain the necessary skills while currently working in the field due to the heavy workload 88% of security professional respondents report moderate to high job ● satisfaction ● Incentives such as financial and other forms of compensation are reported as the reason for this high level of satisfaction https://www.darkreading.com/cloud/cybersecurity-staffing-shortage-tied-to-cyber attacks-data-breaches/d/d-id/1330372?

  6. Immunity for AV Vendors ● Malwarebytes was sued for listing Enigma Software Group tools as malware because they filed a lawsuit against their affiliate Bleepingcomputer.com Malwarebytes made use of a poorly known provision in the Communications ● Decency Act ● “provides legal immunity to computer vendors that provide "technical means to restrict access" to obscene, lewd, excessively violent, and otherwise objectionable content” ● Vendors are able to self define what they view as objectionable content https://www.darkreading.com/cloud/av-vendors-have-immunity-for-malware-bloc king-decisions-court-says/d/d-id/1330385?

  7. Exploit Breakout Sessions

  8. Overview of Targets Services to Target: FTP (File Transfer Protocol) ● ● IPP (Printer Service) ● Ping Daytime ● MySQL ● ● WordPress ● Apache2 PHP ●

  9. Vulnerabilities ● Changes in the configuration files ~/.bashrc added aliases for “sudo” and updated to make sure that they don’t get root access ○ ● CVE-2015-5477 BIND9 TKEY remote assert DoS PoC ○ Tkill.c file included in the OS and added as a startup application Shell script[4][5] to stop running services ● ○ A script that stops local services Dirty Cow ● ○ Gives root access without prompting the attacker for to enter the password

  10. Additional Info ● Targeted services will be monitored Points will be deducted if they go down ○ ● Login will be done Via OpenVPN ○ Franco will provide the keys

  11. ● Pick a Service ● Choose method of recon Team Goals ● Choose Vulnerability Research, RESEARCH ● RESEARCH Map out a plan for exploiting ● Test out the commands and taking down services ● Write that BASH!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

430 views • 23 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

525 views • 23 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
Cyber@UC Meeting 67 Bash and OverTheWire If Youre New! Join our Slack:

Cyber@UC Meeting 67 Bash and OverTheWire If Youre New! Join our Slack:

Cyber@UC Meeting 67 Bash and OverTheWire If Youre New! Join our Slack: cyberatuc.slack.com (URL changed!) SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees:

594 views • 16 slides
INTERNET LAW SESSION 4 DR ANGELA DALY 21 OCTOBER 2019 FREE SPEECH AND CONTENT REGULATION WHAT

INTERNET LAW SESSION 4 DR ANGELA DALY 21 OCTOBER 2019 FREE SPEECH AND CONTENT REGULATION WHAT

INTERNET LAW SESSION 4 DR ANGELA DALY 21 OCTOBER 2019 FREE SPEECH AND CONTENT REGULATION WHAT IS FREE International human rights law Constitutions SPEECH AND Bills of rights, etc WHERE DO WE FIND IT? Where is free speech

431 views • 25 slides
MPSoC 2003 MPSoC 2003 Hardware dependent Software (HdS). Hardware dependent Software (HdS).

MPSoC 2003 MPSoC 2003 Hardware dependent Software (HdS). Hardware dependent Software (HdS).

MPSoC 2003 MPSoC 2003 Hardware dependent Software (HdS). Hardware dependent Software (HdS). Multiprocessor SoC Aspects. Multiprocessor SoC Aspects. An introduction An introduction Frank Pospiech Alcatel Massy, France CTO Hardware

606 views • 32 slides
1 Outline Economics in Mariposa Apply a microeconomic paradigm for 1. Assumptions for DDBMS

1 Outline Economics in Mariposa Apply a microeconomic paradigm for 1. Assumptions for DDBMS

Why is Mariposa Important? Mariposa: A wide-area distributed database Wide-area ( WAN ) differ from Local-area ( LAN ) databases. Each individual site is set up differently: with different access methods. with different data

332 views • 5 slides
Internet Engineering: Web Application Architecture Ali Kamandi Sharif University of Technology

Internet Engineering: Web Application Architecture Ali Kamandi Sharif University of Technology

Internet Engineering: Web Application Architecture Ali Kamandi Sharif University of Technology kamandi@ce.sharif.edu Spring 2007 Centralized Architecture mainframe terminals terminals 2 Two Tier Application Architecture In the 90s,

716 views • 68 slides
BILL MARTIN Designing a Comprehensive Thinking Program: Blending Thinking Skills and

BILL MARTIN Designing a Comprehensive Thinking Program: Blending Thinking Skills and

BILL MARTIN Designing a Comprehensive Thinking Program: Blending Thinking Skills and Dispositions CONFERENCE ON THINKING NORDIC FOLLOW-UP SWEDEN - OCTOBER 2008 DO YOU KNOW A THINKING SCHOOL? WHY NOT? The thinker has left!

790 views • 29 slides
Group Communication for CoAP Akbar Rahman Esko Dijk IETF 81, July 2011

Group Communication for CoAP Akbar Rahman Esko Dijk IETF 81, July 2011

Group Communication for CoAP Akbar Rahman Esko Dijk IETF 81, July 2011 http://tools.ietf.org/html/draft-rahman-core-groupcomm-06 CoAP Group Communications Concept 1) Multiple receiver nodes form a group 2) Source (sender) sends a single

583 views • 24 slides
Maritime Administration Port Infrastructure Development Grant Program July 18, 2019 Maritime

Maritime Administration Port Infrastructure Development Grant Program July 18, 2019 Maritime

Maritime Administration Port Infrastructure Development Grant Program July 18, 2019 Maritime Administration 1200 New Jersey Ave., SE | Washington, DC | 20590 w w w . d o t . g o v Port Infrastructure Development Grant Overview Port

227 views • 21 slides
The Mach System From "Operating Systems Concepts, Sixth Edition" by Abraham

The Mach System From "Operating Systems Concepts, Sixth Edition" by Abraham

The Mach System From "Operating Systems Concepts, Sixth Edition" by Abraham Silberschatz, Peter Baer Galvin, and Greg Gagne, published by J Wiley, 2002. Presented by James Holladay Outline How Mach started Goals of Mach

1.11k views • 30 slides

More recommend