cyber uc meeting 40
play

Cyber@UC Meeting 40 CEH Networking If Youre New! Join our Slack - PowerPoint PPT Presentation

Feb 19, 2023 •230 likes •644 views

Cyber@UC Meeting 40 CEH Networking If Youre New! Join our Slack ucyber.slack.com SIGN IN! Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment Ongoing Projects:

  1. Cyber@UC Meeting 40 CEH Networking

  2. If You’re New! ● Join our Slack ucyber.slack.com SIGN IN! ● Feel free to get involved with one of our committees: Content, Finance, Public ● Affairs, Outreach, Recruitment ● Ongoing Projects: Malware Sandboxing Lab ○ ○ Cyber Range RAPIDS Cyber Op Center ○

  3. Announcements ● Dr. Williams Visited last week We’re planning school visits, reach out! ● Logo designs welcome! ● ● Board Game/Game Night !!! February 2nd , Friday at 6pm ● Dodgeball Team

  4. Public Affairs ● Please fill out Google form for GroupMe Numbers! https://goo.gl/forms/94i9kMJgtpDGXsC22 ● Our brand new YouTube channel has just been made. We will be live streaming meetings, events, etc and posting relevant videos to the channel. Please subscribe! youtube.com/channel/UCWcJuk7A_1nDj4m-cHWvIFw Follow us on our social media: Facebook : facebook.com/CyberAtUC/ Twitter : twitter.com/UCyb3r Instagram : instagram.com/cyberatuc/ Website : gauss.ececs.uc.edu/UC.yber/

  5. Weekly Content

  6. Git with Github, great but not perfect... ● Source Repositories, good for development Limited by the tools and security to interact with ● PS. Demo will not be perfect... ● https://git-scm.com/downloads/logos

  7. Git exploit with Escape Sequences...caveat…. ● Command-line only Possibly only a certain version of Linux/terminal affected ● Demo will be using github.uc.edu, not github.com ● ● Article posted on 2017/December/13 ● Reportedly posted to git’s security mailing list ● Article Link : https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence- twistlock-labs-experiment/ ● Github-Article-Link : https://github.com/twistlock/gitPocDiff

  8. Start Demo ● Also, don't do any of this ● Just poc, not meant to create Mr. Robot

  9. If !Demo, goto link Link to Article: https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twist lock-labs-experiment/

  10. CrossRAT ● Remember Dark Caracal? When going through what was found, a new cross platform malware called ● CrossRAT 0.1was found, believed to be developed by or for Dark Caracal ● Dark Caracal doesn’t use zero days ● Written in Java, making it easy to reverse engineer Only 2/58 popular AVs can detect CrossRAT ● Persistent surveillance, key logger ● ● Advise to install behaviour-based threat detection software ● Article includes a method to check for infection https://thehackernews.com/2018/01/crossrat-malware.html

  11. Part 2: Systems Overview My cat might have to have his one remaining tooth removed

  12. Differences from last week Based on everyone’s feedback and input: - More Color - More Graphics - More Content And as promised: - Things you can do to follow along - This week will be more technical

  13. The Topics Today Go Something Exactly Like This - Single Systems - Common OS Arch-Types - Small Networks - Data Bus - IPv4, MAC, & Ports - TCP and UDP - NAT and DHCP - FireWalls - Large Networks - Switches and Hubs - Intrusion Detection Systems - IPv4 & IPv6 - VPN - Inter-Networks - DNS & ICANN

  14. We have a single system, but what is on it?

  15. We have a handful of systems, how do we connect them? - At a high level, we just connect all of the devices on one network - For this abstract purpose, assume we can connect clients, servers, and peripherals directly to the same network

  16. How do we tell these individual devices apart? 192.168.0.5 - Follow along with: - ipconfig /a for Windows - ifconfig for Linux and Mac - We can give each device a physical address (MAC) which is integrated into the device’s network connector - We can give each device a network-specific address (IP) which is given to the device when it connects to the network - Typically applications that access the network will use IP address to connections 192.168.0.7

  17. More on IPv4 - Most of the world uses IPv4 - IPv4 is starting to be replaced by IPv6 which allows larger networks 192.168.0.1 - The first three octets make the network address , which details the network the host is connected to 2716 Jefferson - The fourth octet is the host address , which is the individual device identifier on the network - You can think of an IPv4 address as being similar to a house number and street address. - You can request an IP from a network if you don’t want to use the one you were assigned

  18. IP’s in Cyber Security

  19. More on MAC - The MAC address is assigned to the network card when it is manufactured - MAC addresses identify both the manufacturer of the ff:ff:ff:aa:aa:aa interface and the interface itself - Because the MAC is told to the network through software, it is quite trivial to change your MAC address through a tool such as macchanger - MAC addresses could once be used to track devices but most modern devices will randomize their MAC when joining a new network to prevent this

  20. Ports Port Protocol Application 20 TCP FTP Data 21 TCP FTP control 22 TCP SSH - To tell apart data that is sent to specific programs on the computer we use ports 23 TCP Telnet - Ports are numbered on the range 1-65535 but typically 25 TCP SMTP only the lower 800 are used for most applications - Web servers use port 80 as a standard HTTP port 53 Both DNS - Applications are not explicitly bound to a certain port, it’s just common practice to use certain ports with certain 67,68 UDP DHCP applications 80 TCP HTTP 443 TCP SSL

  21. How do we send data between systems? - Transport Control Protocol (TCP) - Two systems establish a connection stream then end the connection - Involves a 3 way handshake followed by a finish packet (SYN, ACK, SYN) - Provides error correction - Typically used for sending large amounts of data and verifying the reception of data - User Datagram Protocol (UDP) - No connection is established - Requires no handshake - Provides no error correction - Typically used for small, one way data transmission or one to many (multicast)transmissions

  22. Network Address Translation (NAT) 75.123.52.41 - We would run out of IPv4 addresses very quickly if every device was given a unique one - Instead, typically your home router is assigned a public IP and then gives the devices behind it internal IP addresses with DHCP - The outside world will see your IP as that of the router

  23. Dynamic Host Configuration Protocol (DHCP) 75.123.52.41 - Because you still need an IP address to talk to other computers your router can also assign internal IP’s to your network - Typically this IP range starts at 192.168.0.1 or 192.168.0.1 192.168.1.1 with the router and counts up - You can also request a specific network address form the router 192.168.0.3 192.168.0.2 192.168.0.4

  24. Good and Bad Fire Walls Internet Traffic - Most routers also have firewall built in, just not a good one - Firewalls are supposed to let good things Good through and keep bad things out Internet - Firewalls are typically passive systems that Traffic follow simple allow/disallow rules that correspond to certain ports - Example: allow TCP over port 80 (http)

  25. Firewall Demo

  26. Large Networks - Large networks such as major business require multiple layers of security - Large networks may include several smaller networks for different purposes - I.e. you may have a full access network, a restricted development network, and an air gapped internal only network all in one building - Large networks will start to use more advanced hardware that home networks typically won’t need

  27. Switches and Hubs - Switches and hubs are simple ways of extending network access physically - Switches will send network traffic only to the intended receiver - Hubs will send network traffic to all receivers

  28. Intrusion Detection Systems (IDS) - Intrusion Detection Systems will monitor traffic on a network and look for things that look malicious and report the event - Some very high end IDS’s use machine learning to recognize and adapt to use patterns on the network - 2 popular IDS’s are Suricata and Snort IDS

  29. IDS Demo

  30. Intrusion Prevention Systems (IPS) - Intrusion Prevention Systems will monitor traffic on a network and function as a dynamic firewall IPS - IPS’s are active when compared to passive firewalls or detection systems - IPS’s are inline just as a firewall would be

  31. IPv6 - IPv6 is meant to replace IPv4 in the future - IPv6 uses hexadecimal to distinguish from IPv4 - IPv4 addresses are only 32 bits long whereas - IPv6 addresses are 128 bits long - Can contain part of the mac address - 340,282,366,920,938,000,000,000,000,000,000,000,000 2001:0db8:85a3:0000:0000:8a2e:0370:7334 4563 West Street

  32. Virtual Private Network - VPN’s are a software way of allowing two or more systems to act as if they are on the same physical network over the internet - VPN’s can be used for users to remotely connect into work site services - UC provides a VPN for faculty and students - We use a OpenVPN to connect with Franco’s class for the red team simulation - Information sent over VPN is seen only by the VPN owner

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

430 views • 23 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

563 views • 11 slides
Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

525 views • 23 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236 systems Computer Software Some sample intrusion detection March 12, 2007 systems Lecture 14 Lecture 14 Page 1 Page 2 CS 236, Winter 2007

537 views • 10 slides
;%"'4<=>20'%#646?420'%$5>46@> ;%)64A0<B%*??6>>%+0'4<03

;%"'4<=>20'%#646?420'%$5>46@> ;%)64A0<B%*??6>>%+0'4<03

"#$%&'(%)*+ ,-./0123245%%%%%%%%$674%899: ;%"'4<=>20'%#646?420'%$5>46@> ;%)64A0<B%*??6>>%+0'4<03 ;%CCC%&'(%AD6<6%(06>%<0&@2'E %%?0@6%2'40%73&5F !

514 views • 7 slides
Scheduling Intrusion Detection Systems in Resource-Bounded Cyber-Physical Systems Waseem Abbas 1 ,

Scheduling Intrusion Detection Systems in Resource-Bounded Cyber-Physical Systems Waseem Abbas 1 ,

Scheduling Intrusion Detection Systems in Resource-Bounded Cyber-Physical Systems Waseem Abbas 1 , Aron Laszka 2 , Yevgeniy Vorobeychik 1 , Xenofon Koutsoukos 1 1 Institute for Software Integrated Systems, Vanderbilt University 2 Electrical

495 views • 24 slides
The Bro Network Intrusion Detection System Robin Sommer Lawrence Berkeley National Laboratory

The Bro Network Intrusion Detection System Robin Sommer Lawrence Berkeley National Laboratory

The Bro Network Intrusion Detection System Robin Sommer Lawrence Berkeley National Laboratory rsommer@lbl.gov http://www.icir.org UC Computing Services Conference 2007 Outline Design of the Bro NIDS Philosophy Architecture

1.14k views • 39 slides
Side-channel based intrusion detection for industrial control systems I have no idea what

Side-channel based intrusion detection for industrial control systems I have no idea what

Side-channel based intrusion detection for industrial control systems I have no idea what this device is doing, but at least its still doing the same thing. CRITIS 2017, October 9 th , 2017 Pol Van Aubel 1/31 Authors Joint work:

928 views • 31 slides
Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood Applied Research Lab : Reconfigurable Network Group Department of Computer Science and Engineering

214 views • 9 slides
HOW TO CONNECT VEHICLE IN SAFE AND SECURE WAY MIKKO HURSKAINEN TECHNOLOGIST 17+ 200+ 70+ 5

HOW TO CONNECT VEHICLE IN SAFE AND SECURE WAY MIKKO HURSKAINEN TECHNOLOGIST 17+ 200+ 70+ 5

HOW TO CONNECT VEHICLE IN SAFE AND SECURE WAY MIKKO HURSKAINEN TECHNOLOGIST 17+ 200+ 70+ 5 YEARS IN AUTOMOTIVE TOP NOTCH LOCATIONS EMBEDDED SOFTWARE PROFESSIONALS AROUND SOFTWARE PROJECTS BUILDING THE GLOBE BUSINESS DELIVERED

616 views • 34 slides
TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies for Local Responding To and Trust Assessment Area Monitoring and Area

291 views • 8 slides

More recommend