cyber uc meeting 70
play

Cyber@UC Meeting 70 Networking and Basic Security If Youre New! - PowerPoint PPT Presentation

Feb 04, 2024 •273 likes •489 views

Cyber@UC Meeting 70 Networking and Basic Security If Youre New! Join our Slack: cyberatuc.slack.com (URL changed!) SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our

  1. Cyber@UC Meeting 70 Networking and Basic Security

  2. If You’re New! ● Join our Slack: cyberatuc.slack.com (URL changed!) SIGN IN! (Slackbot will post the link in #general every Wed@6:30) ● Feel free to get involved with one of our committees: ● Content Finance Public Affairs Outreach Recruitment ● Ongoing Projects: Research lab! ○

  3. Announcements ● US Bank visit THIS FRIDAY Friday Sept 28th 2pm ○ ● Chipotle fundraiser ○ Saturday Nov 3rd 4pm-8pm MakeUC Hack-a-thon this weekend ● ○ 8:30 AM September 29 outside of Baldwin 755 Runs from 9AM to 9PM ○ ● NSA Codebreaker Challenge has started codebreaker.ltsnet.net ● Outreach to Lakota East Think about Elections ● Register to vote! vote.gov ●

  4. Public Affairs Useful videos and weekly livestreams on YouTube : youtube.com/channel/UCWcJuk7A_1nDj4m-cHWvIFw Follow us for club updates and cybersecurity news: Twitter: @CyberAtUC ● Facebook: @CyberAtUC ● ● Instagram: @CyberAtUC For more info: cyberatuc.org

  5. Weekly Content

  6. Mirai Botnet Developers Work W/ FBI ● Three men associated with developing the Mirai botnet managed to receive probation, fines, etc. over jail time, due to “extraordinary cooperation” with the government ● Mirai is a botnet, enslaves IoT devices and uses them for large scale attacks ● Claimed to be for DDoSing Minecraft servers, found selling DDoS services Initially were selling their botnet’s services but attempted to distance ● themselves by releasing the source code online, many copycats arose ● Named after Mirai Nikki, the anime ● FBI and Justice Department recommended light sentencing due to their extraordinary assistance in identifying other cybercriminals One of the developers is currently working part time at a cybersec firm ●

  7. Newegg hacked ● Same group behind Ticketmaster and British Airways data breaches from earlier this year Magecart hacking group infiltrated and stole payment information between ● August 14th and 18th of 2018 ● Utilized a digital credit card skimmer, inserting malicious javascript into the checkout page of Newegg, exfiltrating the information to a remote server Both mobile and desktop were affected ● ● Potentially millions affected, >50 mill visitors to Newegg every month ● Only used 15 lines of script

  8. xBash malware, new chimera like malware ● Windows and Linux are both vulnerable Has ransomware, cryptomining, botnet, and self-propogation features ● Attributed to Iron Group, a.k.a. Rocke, a Chinese speaking APT ● ● Scans for certain services/ports and uses weak user/pass guessing ● Ransomware does not have decryption functionality Only mines and worms on Windows machines ● ○ Worms through Hadoop, Redis, and ActiveMQ vulnerabilities ● Developed in Python, converted into an executable through PyInstaller PyInstaller also helps avoid detection ○

  9. Recommended Readings https://www.darkreading.com/threat-intelligence/hacking-back-simply-a-bad-idea /a/d-id/1332856 https://thehackernews.com/2018/09/scan4you-malware-scanner.html https://thehackernews.com/2018/09/twitter-direct-message-api.html https://thehackernews.com/2018/09/4g-ee-wifi-modem-hack.html https://thehackernews.com/2018/09/android-ios-hacking-tool.html https://thehackernews.com/2018/09/windows-zero-day-vulnerability.html

  10. Networking Part 1

  11. What is computer networking? ● Group of interconnected computers capable of sharing information and hardware resources through transportation of information Break data down into packets, unit of data transferred between from the ● source to the destination ● These packets travel across the network making many stops along the way How do these packets know where to go? OSI Model ●

  13. OSI Model ● Application : Communicates with the software creating/assembling the packets Presentation : Communicates information to and from application layer in a ● standardized format ● Session : manages sessions for applications Transport : manages end-to-end communication, original source and final ● destination ● Network : manages the pathing from one node to the next ● Datalink : manages data for during travel between the nodes Physical :transmission of bits over physical medium ●

  16. IPv4 vs IPv6 ● Try typing ipconfig into cmd, or ifconfig for linux Your IP is your address, it is meant to uniquely identify you from everyone else ● The addresses available in IPv4 was running out, so IPv6 was invented ● ○ IPv4 maxes at 4.3 billion possible addresses IPv6 has 3.4 x 10^38 possible addresses ●

  17. DHCP ● Dynamic Host Configuration Protocol Automatically assigning unique IP addresses ● A device acts as the DHCP server, usually the router ● ● Device requests IP from router, router assigns an IP to the device ● Easy to get an IP without risk of doubling up on an already taken IP Having the IP be dynamic and subject to change can cause problems ●

  18. NAT ● Network Address Translation Helped with reducing strain of limited IPv4 addresses ● A device, such as a router acts as an agent between the device and everything ● upstream ● Allows one to be used to represent all computers connected to that router Different forms, static, dynamic, overloading, overlapping ● Follow the link below to get more detailed illustrations of each ● ● https://computer.howstuffworks.com/nat.htm

  19. Network Security Intrusion detection systems (IDS) ● A device (or devices) that is attached to a network (Usually, sometimes software) ● Listens to network traffic for anything out of the ordinary or anything that is flagged as malicious ● Warns network administrator, but does not actively stop flagged traffic ● Primarily used to make sure there are known patterns and records of network traffic Intrusion prevention systems (IPS) Functions as a packet filter - Denies or allows traffic, but allows most everything through ● ● Useful for denying specific patterns that are known to be malicious Examples: Suricata, Snort, Bro

  20. VPN Remote Access Connects one device to a remote network to provide “local” access to the ● remote network ● If you have an application for your desktop, it is this kind Site-to-site ● Mostly used by businesses or organizations with multiple offices Connection is from router to router ● Essentially a tunnel between two networks ● Example: IVPN, tinc

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

430 views • 23 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

563 views • 11 slides
Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

525 views • 23 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
What is a dating sim? What is a dating sim? Cast of cute girls Tokimeki Memorial (1994) What

What is a dating sim? What is a dating sim? Cast of cute girls Tokimeki Memorial (1994) What

What is a dating sim? What is a dating sim? Cast of cute girls Tokimeki Memorial (1994) What is a dating sim? Or a cast of cute boys Tokimeki Memorial Girl's Side (2002) What is a dating sim? And you Goal Get boys/girls to fall in love

481 views • 20 slides
RID Implementation Report Toshifumi Kai (kai@trc.mew.co.jp), Akito Nagashima

RID Implementation Report Toshifumi Kai (kai@trc.mew.co.jp), Akito Nagashima

RID Implementation Report Toshifumi Kai (kai@trc.mew.co.jp), Akito Nagashima (akito_nagashima@mewe1.mewnet.or.jp), Hiroshige Nakatani (nakatani@trc.mew.co.jp), Naohiro Fukuda (fukuda@trc.mew.co.jp), Shimizu Hiroshi (shimizu@trc.mew.co.jp)

681 views • 17 slides
Desi De signi gning ng the he Metadata Mod odel for or the he Aggr Aggrega gation ion

Desi De signi gning ng the he Metadata Mod odel for or the he Aggr Aggrega gation ion

ICADL 2019 Workshop: MAGIC- Information Commons for Manga, Anime and video Games Desi De signi gning ng the he Metadata Mod odel for or the he Aggr Aggrega gation ion of of MAG AG Metadata - the Development of Media-Art Database Dr.

385 views • 17 slides
Wh What t Ca Can You Learn fr from an n IP? Simran Patil and Nikita Borisov University of

Wh What t Ca Can You Learn fr from an n IP? Simran Patil and Nikita Borisov University of

Wh What t Ca Can You Learn fr from an n IP? Simran Patil and Nikita Borisov University of Illinois at Urbana-Champaign @SimranPatil25 @nikitab In the beginning GET /~nikitab/ HTTP/1.1 Host: geocities.com HTTP/1.1 200 OK

444 views • 16 slides
Discourse and Sentiment: Is there even anything interesting or relevant in their interaction at

Discourse and Sentiment: Is there even anything interesting or relevant in their interaction at

Discourse and Sentiment: Is there even anything interesting or relevant in their interaction at all or no? Example We never feel anything for these characters, and as a result the film is basically just a curiosity. Questions 1) Are there

500 views • 10 slides
Outline Basic info 1 Previous education 2 Promotion research 3 Albert-Jan Yzelman

Outline Basic info 1 Previous education 2 Promotion research 3 Albert-Jan Yzelman

Introductory presentation > Basic info Outline Basic info 1 Previous education 2 Promotion research 3 Albert-Jan Yzelman Introductory presentation > Basic info Basic info Name: Albert-Jan Yzelman Started: September 2007 Age: 23

411 views • 18 slides
CS 523: Multimedia Systems Angus Forbes creativecoding.evl.uic.edu/courses/cs523 Today -

CS 523: Multimedia Systems Angus Forbes creativecoding.evl.uic.edu/courses/cs523 Today -

CS 523: Multimedia Systems Angus Forbes creativecoding.evl.uic.edu/courses/cs523 Today - Project 2 Introduction - GPU access - Generative Adversarial Nets (GANs) Generative Adversarial Nets One day well be talking about good old

684 views • 34 slides
Plugin Architectures in Haskell Motivation 1 [1] [2] Problem Description Extensibility through

Plugin Architectures in Haskell Motivation 1 [1] [2] Problem Description Extensibility through

Sebastian Graf An Overview over the ecosystem September 15, 2016 https://github.com/sgraf812/hal16 Plugin Architectures in Haskell Motivation 1 [1] [2] Problem Description Extensibility through third party code Haskell as extension language

248 views • 20 slides

More recommend