cyber uc meeting 47
play

Cyber@UC Meeting 47 POC CVEs and Scanning If Youre New! Join our - PowerPoint PPT Presentation

Sep 11, 2022 •245 likes •614 views

Cyber@UC Meeting 47 POC CVEs and Scanning If Youre New! Join our Slack ucyber.slack.com SIGN IN! Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment Ongoing

  1. Cyber@UC Meeting 47 POC CVEs and Scanning

  2. If You’re New! ● Join our Slack ucyber.slack.com SIGN IN! ● Feel free to get involved with one of our committees: Content, Finance, Public ● Affairs, Outreach, Recruitment ● Ongoing Projects: Malware Sandboxing Lab ○ ○ Cyber Range RAPIDS Cyber Op Center ○

  3. Announcements ● $1000 should be handed over soon Labspace design has been finalized ● Cincinnati B-Sides on May 12th , registration not open yet ● ● Static IP for our serve should be coming soon ● Tabling this Tuesday in Baldwin

  4. OC3 website ● Wrapping up by tomorrow god have mercy on my soul ○ ● Sneak peek: test.ohioc3.org

  5. Tabling in Baldwin ● When? April 3rd (Tuesday), 9am - 2pm ○ ● What? ○ We are going to have a table for people to stop at to talk to us to learn more about what we do and who we are. ● Why would people approach us? Well we plan to have drink and some BILL’S DONUTS ! Plus AJ is helping put together a demo! ○ ● Where? ○ Baldwin lobby We ask that you please tell people you may think could be interested to come ● by, and at a minimum get a donut. Also we need some volunteers to be there who can talk to people and tell them about our chapter.

  6. Public Affairs ● Please fill out Google form for GroupMe Numbers! https://goo.gl/forms/94i9kMJgtpDGXsC22 ● Our brand new YouTube channel has just been made. We will be live streaming meetings, events, etc and posting relevant videos to the channel. Please subscribe! youtube.com/channel/UCWcJuk7A_1nDj4m-cHWvIFw Follow us on our social media: Facebook : facebook.com/CyberAtUC/ Twitter : twitter.com/UCyb3r Instagram : instagram.com/cyberatuc/ Website : ucyber.github.io

  7. Weekly Content

  8. Hacker Conventions, Why attend? ● Networking Competitions ● Technical talks ● ● Lots of fun!!!

  9. Bsides ● InfoSec conference focused on presenting and participating in talks and collaborations Lots of bsides conferences around the world ● ● A calendar of BSides conference dates and locations can be found on their website http://www.securitybsides.com Originally started due to the # of rejections to the CFP for Black Hat in 2009, ● due to lack of space and time ● Local BSides: BSides Columbus, BSides Indy, BSides Cincinnati May 12 http://bsidescincy.org/

  10. 2600 ● Origin of 2600 comes from the discovery in the 60s that transmitting a tone at 2600 hertz, easily produced by a Cap’n Crunch cereal toy, gave access to “operator mode” allowing elevated phone privileges like free long distance calls:https://en.wikipedia.org/wiki/2600:_The_Hacker_Quarterly ● Here is an awesome documentary on the topic:https://www.youtube.com/watch?v=SQ5H01axlLs Meet every first Friday at “The Brew House” here in cincinnati ● ● https://cinci2600.org/ ● Nearby 2600 groups: Cincinnati, Dayton, Columbus

  11. Cincinnati SMBA ● SMBA: Security Masters of Beer Appreciation Allows security professionals to meet and discuss current info sec topics ● Free adult beverage of choice, networking, certification credits ● ● Meet monthly to drink beer, usually for free, and discuss topics ● Next meeting is April 16th, sponsored by Phantom at 2910 Wasson Rd, register on their website: https://sites.google.com/view/cincysmba/home

  12. Central Ohio InfoSec Summit ● 5/14-5/15 2018, Hyatt Regency Columbus $225 ticket for both days ● 9am - 5pm ● ● Brian Krebs will be there ● https://www.infosecsummit.com/ehome/2018cbusinfosec/611667/

  13. CircleCityCon ● They have a really cool website:http://circlecitycon.com/ Yearly conference in Indianapolis ● Focused on training classes, events, and contests ● ● June 1-3, in westin Indianapolis ● Student tickets $100

  14. SecureWV ● Offer talks, classes, and events, like CTFs 3 days long, this year Nov 30-Dec 2, 2018 ● Occurs in Charleston West Virginia ● ● About 200 attendees ● Lots of classes on Forensics http://securewv.com/index.html ●

  15. DC850 ● Meet monthly, have to check their site for dates and locations, < 1 year old Very focused around red team activities and penetration testing ● https://dc859blog.wordpress.com/ ●

  16. DerbyCon ● Running for eight years, even sold out tickets within a few minutes last year Run out of Louisville ● October 3 - 7 2018 ● ● Advertise themselves as good for beginners or experts ● https://www.derbycon.com/

  17. Day-Con ● Running for over 10 years Their website kind of sucks right now:http://www.day-con.org/ ● Run out of Dayton near the end of September ●

  18. ShmooCon ● Hosted by some pretty smart people, including developers of Linux Apache, PGP, OpenSSL and Snort Run out of D.C., January 18-20 2019 ● ● Sell out every year ● $150 per person http://shmoocon.org/ ●

  19. BlackHat ● August 4-9 2018, Las Vegas, started in 1997 Advertise themselves as the most technical security conference ● Offer briefings and trainings ● ● $2195-2795 for briefing prices, recommend you go to the site to determine which pass type you want https://www.blackhat.com/us-18/registration.html ●

  20. DefCon ● DefCon comes from Defense Condition DefCon 26 August 9-12 2018 Caesar’s Palace Las Vegas ● About $250 per ticket ● ● https://www.defcon.org/index.html

  21. Honorable Mentions ● OWASP AppSec Conference: https://2018.appsecusa.org/ RSA Conference: https://www.rsaconference.com/events/us18 ● ToorCon: https://toorcon.net/ ● ● Usenix Security Symposium: https://www.usenix.org/conference/usenixsecurity18 Infosec World: https://infosecworld.misti.com/ ●

  22. Other sources to find events in the area ● http://infosecevents.net/2010/10/21/cincinnati-security-community/ http://hackermaps.org/ ● https://en.wikipedia.org/wiki/Category:Hacker_conventions ● ● https://infosec-conferences.com/events/conferences-top-ten-must-go-to/

  23. Part 7: Scanning Get your cat up front for a cat scan

  24. The Topics Today Go Something Exactly Like This - Going From Intelligence Gathering to Scanning - What is Scanning - What is Gained from Scanning - Types of Scans - Vulnerabilities and Proof of Concepts - Common Scanning Tools - Example?

  25. From Intelligence Gathering to Scanning In our intelligence gathering and reconnaissance activities we were able to figure out what systems our target may be running and where they are running from. Logically we should now start looking close at what we have found to try to find our way into the target systems.

  26. What is Scanning Scanning is taking a better look at the system and finding exploitable targets

  27. What is Gained from Scanning? Scanning can reveal: - Internal Network Topology - Network Services, down to the version number in some cases - Machines on the network and what OS’s they may be running - Vulnerabilities that affect any of the previous three items that we can use to gain access into the system(s)

  28. The Types of Scans PDF Scan - Digitizes a document in PDF format Network Scan - Map out the network terrain Port Scan - Find open services on target machines Vulnerability Scan - Find Vulnerabilities on targets

  29. Vulnerabilities and Proof of Concepts If scanning is done to find vulnerabilities, what is a vulnerability? - Common Vulnerabilities and Exposures ( CVE’s ) are documents published by researchers that detail where errors are in systems and how those errors can be used maliciously against the system - Proof of Concepts ( PoC’s ) are examples that utilize known CVE’s to exploit a system in a demonstrative capacity CVE’s are uniquely numbered and usually tagged with corresponding PoC’s when published.

  30. Vulnerabilities and Proof of Concepts (cont.) Where are these CVE’s? - cve.mitre.org is the central CVE list and is both downloadable and web searchable - Vulnerability scans may give an exact CVE # which can be searched on Google to find PoC’s or even canned exploits

  31. Common Scanning Tools Network Scan - Map out the network terrain Port Scan - Find open services on target machines Vulnerability Scan - Find Vulnerabilities on targets

  32. Put on your 3D glasses Linux Distro now

  33. Common Scanning Tools Nmap, masscan, dnmap Network Scanners Nmap, masscan, dnmap Port Scanners OpenVAS, BBQSQL, BED, Nessus, Lynis Vulnerability Scanners

  34. OpenVAS ● For Kali Linux: apt install openvas Then run: openvas-setup ● Then: openvas-start ● ● Navigate to 127.0.0.1:9392 and log in with the generated password

  35. SearchSploit ● Install: apt install exploitdb Update the database: searchsploit -u ● Use: searchsploit “ftp” ● ● ??? ● Profit

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

430 views • 23 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent &amp; Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

563 views • 11 slides
Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

525 views • 23 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY February 22. 2019 whoami AND HOW DID I GET HERE? Cecillia Tran Kelly Albrink External network pen testing &amp; web Network pen testing,

882 views • 31 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (12/4/06) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (12/4/06) I E S R C E O V U

VLSI Design Verification and Test DFT &amp; Scan I CMPE 646 Overview Design for testability (DFT) makes it possible to: Assure the detection of all faults in a circuit. Reduce the cost and time associated with test development.

326 views • 20 slides
Twin Valley Roundtable March 12, 2020 A Look Ahead Calendar 13-17 th ~ Spring Exploration

Twin Valley Roundtable March 12, 2020 A Look Ahead Calendar 13-17 th ~ Spring Exploration

Did you sign the attendance sheet? or Scan Here! Twin Valley Roundtable March 12, 2020 A Look Ahead Calendar 13-17 th ~ Spring Exploration Camp, Week 2 March 17-18 th ~ Wente Work Weekend 4 th ~ BALOO &amp; Introduction to

896 views • 41 slides
Spiral scanning of keV electrons: applications in picosecond photon sensors A. Margaryan, R.

Spiral scanning of keV electrons: applications in picosecond photon sensors A. Margaryan, R.

Spiral scanning of keV electrons: applications in picosecond photon sensors A. Margaryan, R. Ajvazyan, H. Elbakyan, L. Gevorgian, V. Kakoyan Yerevan Physics Institute, Armenia J. Annand Department of Physics and Astronomy, University of

475 views • 21 slides
Working Group Quarterly Meeting June 25, 2020 2:00-3:30 pm (Eastern) Agenda Welcome and

Working Group Quarterly Meeting June 25, 2020 2:00-3:30 pm (Eastern) Agenda Welcome and

CAT Coalition AV Infrastructure-Industry Working Group Quarterly Meeting June 25, 2020 2:00-3:30 pm (Eastern) Agenda Welcome and Introductions Ongoing Commitment to Outreach and Knowledge Transfer Working Group Activities and Work

525 views • 21 slides
CAT Coalition Planning Scenarios Working Group November 6, 2019 Webinar Notes and Summary of

CAT Coalition Planning Scenarios Working Group November 6, 2019 Webinar Notes and Summary of

CAT Coalition Planning Scenarios Working Group November 6, 2019 Webinar Notes and Summary of Discussions Summary of Action Items 1. Staff to identify presenters for future webinars that can speak about how to create plans that are resilient

925 views • 26 slides
DIGITAL GEOMETRY PROCESSING Algorithms for Representing, Analyzing and Comparing 3D shapes Today

DIGITAL GEOMETRY PROCESSING Algorithms for Representing, Analyzing and Comparing 3D shapes Today

DIGITAL GEOMETRY PROCESSING Algorithms for Representing, Analyzing and Comparing 3D shapes Today Surface Scanning, Processing and Reconstruction 3D shape acquisition (scanning) Shape alignment: Iterative Closest Point (ICP) Point

2.1k views • 123 slides
Practical JTAG: : From 0 to 1 HyperChem Tencents Xuanwu Lab http://xlab.tencent.com

Practical JTAG: : From 0 to 1 HyperChem Tencents Xuanwu Lab http://xlab.tencent.com

Practical JTAG: : From 0 to 1 HyperChem Tencents Xuanwu Lab http://xlab.tencent.com @XuanwuLab &gt;#whoami Security Researcher@ Used to doing Chemistry; Interested in: Console Hacking; Embedded Device Security;

1.34k views • 39 slides

More recommend