cyber uc meeting 67
play

Cyber@UC Meeting 67 Bash and OverTheWire If Youre New! Join our - PowerPoint PPT Presentation

Jan 18, 2024 •430 likes •594 views

Cyber@UC Meeting 67 Bash and OverTheWire If Youre New! Join our Slack: cyberatuc.slack.com (URL changed!) SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees:

  1. Cyber@UC Meeting 67 Bash and OverTheWire

  2. If You’re New! ● Join our Slack: cyberatuc.slack.com (URL changed!) SIGN IN! (Slackbot will post the link in #general every Wed@6:30) ● Feel free to get involved with one of our committees: ● Content Finance Public Affairs Outreach Recruitment ● Ongoing Projects: Research lab! ○

  3. Announcements ● Board game night went great! September 18th NSA visit with an Enigma Machine ● ○ Deli Food! ● US Bank visit date! Rockwell Security Seminar ● ○ September 20th 9am-3pm ○ Nippert Stadium Lab update: SOC Architecture ●

  4. Public Affairs Useful videos and weekly livestreams on YouTube : youtube.com/channel/UCWcJuk7A_1nDj4m-cHWvIFw Follow us for club updates and cybersecurity news: Twitter: @CyberAtUC ● Facebook: @CyberAtUC ● ● Instagram: @CyberAtUC For more info: cyberatuc.org

  5. Weekly Content

  6. Windows ALPC Zero-Day ● Disclosed last week and confirmed to work on fully patched Windows 10 systems, also included a PoC Vulnerability allows for privilege escalation of a local user or malicious ● program ● Advanced Local Procedure Call (ALPC) is an internal mechanism of the Windows OS that facilitates fast and secure data transfer between processes Can even allow escalation to SYSTEM level privileges ● ● ALPC interface is a local system reducing impact of the vulnerability ● Microsoft was not notified of the zero-day Patch is unlikely to be released until September 11 ●

  7. Fortnite for Android MitD ● Epic Games made the decision not to make ‘Fortnite for Android’ available through the Google Play Store, but through their own app instead Installing Fortnite will require the installation of a helper app which willl ● download fortnite to the phone’s storage and install it ● Any app with “WRITE_EXTERNAL_STORAGE” permissions could intercept the installation and replace the file with a different malicious APK The malicious app could have full permissions, including access to SMS, GPS, ● camera, etc. without user knowledge ● Vuln found and reported August 15th, patched withing 48 hours v 2.1.0 Epic Games CEO criticized researcher for disclosing vuln within 7 days ●

  8. Triout Android Spyware Framework ● Corrupts legitimate apps into spyware Capable of recording calls, monitoring texts, stealing photos/videos, ● collecting location data, hides itself ● First spotted by Bitdefender May 15th, someone in Russia uploaded it to VirusTotal App maintained the same look and capabilities of the original ● Malware does not currently use obfuscation, allowing researchers to obtain ● source code ● Not yet sure how the malicious versions of the app were installed

  9. Recommended Reading https://thehackernews.com/2018/08/google-titan-security-key.html https://www.welivesecurity.com/2018/09/03/majority-worlds-top-websites-https/ https://thehackernews.com/2018/08/reality-winner-nsa-russia.html https://krebsonsecurity.com/2018/08/experts-urge-rapid-patching-of-struts-bug/

  10. Recommended Reading (breaches) https://thehackernews.com/2018/08/t-mobile-hack-breach.html https://thehackernews.com/2018/08/air-canada-data-breach.html https://krebsonsecurity.com/2018/08/fiserv-flaw-exposed-customer-data-at-hundreds-of-banks/ https://thehackernews.com/2018/09/google-mastercard-advertising.html https://thehackernews.com/2018/08/facebook-vpn-app-apple-store.html https://krebsonsecurity.com/2018/08/instagrams-new-security-tools-are-a-welcome-step-but-not- enough https://thehackernews.com/2018/08/secure-instagram-account.html

  11. Bash

  12. What is Bash? ● Command Line Interpreter (CLI) ● Most popular shell on Linux ● ● Features ○ Runs programs ○ Stores Variables ○ Piping ○ Conditional Logic

  13. GNU / Linux ● Bash wouldn’t have much use without programs GNU ported Unix tools to Linux. ● Some of the popular tools ● ○ ls cd ○ ○ mv pwd ○ ○ cat less ○

  14. Why use Bash? ● Complex tools use CLI You have better control over the ● software ● CLI is very powerful in the hands of the experienced Tab autocomplete actually works ●

  15. SSH ● Secure Shell Used for secure remote connection to other machines. ● Replaces Telnet/RSH as a secure alternative ● ● Present login and show a Bash terminal ● Technologies built on top of or extended by SSH SFTP (SSH File Transfer Protocol) ○ ○ SCP (CP over SSH) SOCKS protocol (Proxying) ○ ○ X11 Forwarding (Super Magical) Reverse / Local Port Binding (Magical) ○

  16. Connecting to overthewire.org overthewire.org – suggested starting game is Bandit bandit.labs.overthewire.org (on port 2220) Hostname: bandit0 Username: bandit0 Password: Bash command: ssh bandit0@bandit.labs.overthewire.org -p2220

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

430 views • 23 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

563 views • 11 slides
Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

525 views • 23 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
3.36pt Advanced Simulation - Lecture 1 George Deligiannidis January 18th, 2016 Lecture 1 1 /

3.36pt Advanced Simulation - Lecture 1 George Deligiannidis January 18th, 2016 Lecture 1 1 /

3.36pt Advanced Simulation - Lecture 1 George Deligiannidis January 18th, 2016 Lecture 1 1 / 25 Housekeeping First half of course: GD, second half: Lawrence Murray Website: www.stats.ox.ac.uk/~deligian/sc5.html Email: deligian@stats.ox.ac.uk

703 views • 26 slides
Hispanic/Latino BRG: Leveraging BRGs to Impact the Bottom- line Efforts Panelists Sonja

Hispanic/Latino BRG: Leveraging BRGs to Impact the Bottom- line Efforts Panelists Sonja

Hispanic/Latino BRG: Leveraging BRGs to Impact the Bottom- line Efforts Panelists Sonja Vega Buyer and Chair, Hispanic/Latino BRG Moderated by: Carolina Pulido Director of Learning Services, Retail Business Services 2 Hispanic /

573 views • 35 slides
Hemispheric Asymmetries: Early and Mid Level Visual Processing Lynn C. Robertson Delis,

Hemispheric Asymmetries: Early and Mid Level Visual Processing Lynn C. Robertson Delis,

Hemispheric Asymmetries: Early and Mid Level Visual Processing Lynn C. Robertson Delis, Robertson, & Efron Neuropsychologia, 1986 S S S S S S S S S S S S S S S S S S S S S S S S Global/Local Standard Left Hand Right

543 views • 32 slides
Delinquent Accounts STORMWATER UTILITY RATE STUDY Tax Year Delinquent SWU 2005 $206,061.80 2006

Delinquent Accounts STORMWATER UTILITY RATE STUDY Tax Year Delinquent SWU 2005 $206,061.80 2006

STORMWATER UTILITY RATE STUDY Delinquent Accounts STORMWATER UTILITY RATE STUDY Tax Year Delinquent SWU 2005 $206,061.80 2006 $382,049.78 2007 $378,920.74 Summary by Year 2008 $462,788.68 2009 $467,422.55 2010 $564,815.47 2011

422 views • 3 slides
TFS Financial Corporation For the quarter ended September 30, 2018 Forward-Looking Statements

TFS Financial Corporation For the quarter ended September 30, 2018 Forward-Looking Statements

TFS Financial Corporation For the quarter ended September 30, 2018 Forward-Looking Statements This presentation contains forward-looking statements, which can be identified by the use of such words as estimate, project, believe, intend,

450 views • 12 slides
PASSE MEETING This event is sponsored by the TBI Advisory Board Workgroup, specifically the

PASSE MEETING This event is sponsored by the TBI Advisory Board Workgroup, specifically the

PASSE MEETING This event is sponsored by the TBI Advisory Board Workgroup, specifically the Underserved Populations Sub-Workgroup and the Trust Fund/Waiver Sub-Workgroup The purpose of this meeting is to learn about PASSE and discuss the

403 views • 16 slides
Reconfigurable Acceleration Fabric Mingyu Gao , Christina Delimitrou, Dimin Niu, Krishna Malladi,

Reconfigurable Acceleration Fabric Mingyu Gao , Christina Delimitrou, Dimin Niu, Krishna Malladi,

DRAF: A Low-Power DRAM-based Reconfigurable Acceleration Fabric Mingyu Gao , Christina Delimitrou, Dimin Niu, Krishna Malladi, Hongzhong Zheng, Bob Brennan, Christos Kozyrakis ISCA June 22, 2016 FPGA-Based Accelerators Improve performance

555 views • 23 slides
Solving Non-deterministic Planning Problems with Pattern Database Heuristics Pascal Bercher

Solving Non-deterministic Planning Problems with Pattern Database Heuristics Pascal Bercher

, Formalization & Search PDB-Heuristic Benchmarks Conclusion Solving Non-deterministic Planning Problems with Pattern Database Heuristics Pascal Bercher Robert Mattm uller Institute of Artificial Intelligence Department of Computer

865 views • 28 slides

More recommend