cyber uc meeting 74
play

Cyber@UC Meeting 74 Mitre Framework If Youre New! Join our Slack: - PowerPoint PPT Presentation

Mar 01, 2024 •108 likes •312 views

Cyber@UC Meeting 74 Mitre Framework If Youre New! Join our Slack: cyberatuc.slack.com Check out our website: cyberatuc.org SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one

  1. Cyber@UC Meeting 74 Mitre Framework

  2. If You’re New! ● Join our Slack: cyberatuc.slack.com Check out our website: cyberatuc.org ● SIGN IN! (Slackbot will post the link in #general every Wed@6:30) ● ● Feel free to get involved with one of our committees: Content Finance Public Affairs Outreach Recruitment Ongoing work in our research lab! ●

  3. Announcements ● NSA internships – application window closing Oct 31st NSA Codebreaker hack-a-thon went well ● UFB DefCon Funding Approved! ● ● Chipotle fundraiser ○ Saturday Nov 3rd, 4pm–8pm Taking headshots after this meeting ● ● Officer elections to be held next week ○ Nominees should prepare brief speech ○ Nominations need to be made ASAP!

  4. Election nominees (incumbents shown in parentheses) President (A.J. Cardarelli) Head of Content (Cory McPhillips) A.J. Cardarelli Christopher Morrison Clif Wolfe Head of Finance (Kyle Hardison) Ryan Young Kyle Hardison Vice President (Hayden Schiff) Ryan O'Connor Hayden Schiff Head of Public Affairs (Jai Singh) Treasurer (Ryan Baas) Jai Singh Ryan Baas Head of Outreach (Mahathi Venkatesh) Clif Wolfe Grace Gamstetter Secretary (Mike Sengleman) Mahathi Venkatesh Timothy Robert Holstein Ryan Young Head of Recruitment (Greg Barker) Greg Barker

  5. Weekly Content

  6. VestaCP Supply Chain Compromise ● VestaCP is a hosting control platform used to manage multiple websites, emails, databases, DNS records, etc. Over the last few months, many users were warned that they were using ● abnormal amounts of bandwidth ○ Turns out they were being used to make DDoS attacks Using malware known as Linux/ChachaDDoS ● ● The malware was traced to supply chain attack on VestaCP back in May 2018 ● Attacker launches the malware from /var/tmp directory via SSH Possible to store the file here due to poor password storage ○

  7. VestaCP (continued) ● Stage 1 – Persistence: creates a renewal service in the event the malware is stopped or deleted Stage 1 – Download: Downloads on port 8852, with IP belonging to ● 193.201.224.0/24 subnet, Ukraine ○ URL follows a certain pattern http://{C&C}:8852/{campaign}/{arch} ○ Available for multiple architectures ● Stage 2 – Running: Downloads and runs stage 3 tasks Stage 3 – Tasks: DDoS functions, mainly SYN DDoS attacks ●

  8. LibSSH Authentication Flaw ● Authentication-bypass introduced in v0.6 in 2014 Neither OpenSSH nor GitHub are vulnerable ● ○ GitHub does use libssh, but says it is not vulnerable due to how it uses the library ● Fails to check if a login success message is coming from the server or client A client can just send SSH2_MSG_USERAUTH_SUCCESS message ○ ○ The server then considers authentication to have been successful and allows access without a password ● Shodan search shows about 6,500 servers may be vulnerable ● Versions 0.8.4 and 0.7.6 are patched

  9. iPhone Password Bypass ● Discovered by a Spanish amateur security researcher who also discovered a similar bug in iOS about two weeks ago Allows anyone with physical access to your phone access to your photos and ● sending of them to anyone through Apple Messages ● Works on all current iPhone models and latest iOS Current fix until a patch is released is to disable Siri from lockscreen ● Demonstration video in link ●

  10. Recommended Reading https://krebsonsecurity.com/2018/10/who-is-agent-tesla/ https://thehackernews.com/2018/10/amazon-freertos-iot-os.html https://www.darkreading.com/vulnerabilities---threats/us-tops-global-malware-c2- distribution/d/d-id/1333097 https://thehackernews.com/2018/10/tumblr-account-hacking.html https://www.welivesecurity.com/2018/10/18/tumblr-patches-bug-could-exposed- user-data/

  11. Recommended Reading (continued) https://www.welivesecurity.com/2018/10/16/phishers-unusual-ploy-targeting-boo k-publishers/ https://www.darkreading.com/endpoint/privacy/how-to-get-consumers-to-forgive- you-for-a-breach/d/d-id/1333074 https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-danger ous-threat-actors/ https://securelist.com/darkpulsar/88199/ https://securelist.com/darkpulsar-faq/88233/

  12. Recommended Reading (continued) https://thehackernews.com/2018/10/hacking-tool-luminositylink.html https://thehackernews.com/2018/10/critical-flaw-found-in-streaming.html https://thehackernews.com/2018/10/google-android-european-commission.html https://www.darkreading.com/endpoint/google-patch-to-block-spectre-slowdown- in-windows-10/d/d-id/1333084 https://www.darkreading.com/vulnerabilities---threats/facebook-rumored-to-be-hu nting-for-major-cybersecurity-acquisition/d/d-id/1333099

  13. MITRE Framework

  14. The Topics Today Go Something Exactly Like This - What is Cyber? - MITRE ATT&CK - Linux/MAC persistence and privilege escalation

  15. What is Cyber really? “The internet and its services” - Business People “The new place to steal” - Black Hats “The new place to fight” - Governments / Warfare People “Like phone sex over Omegle?” - Andy from OSU

  16. MITRE ATT&CK Adversarial Tactics, Techniques & Common Knowledge Basically Wikipedia for malware behavior ● ● Run by the non-profit Mitre near DC ● Includes information about how threat actors and malware behave and how to counter or mitigate such threats

  17. T1156: .bashrc/.bash_profile persistence Insert code into .bashrc / .bash_profile, similar to AutoRun in Windows Allows scripts to run every time bash opens ● ● Interesting alias entries like sudo can have the user perform priv. Escalation ● Only requires user level access

  18. Red Team Activity You are an FBI agent with user access to the new Silk Road server. Write your own payload into your .bashrc or .bash_profile that lets you piggy-back off of the system admin using sudo without them knowing ● Try something that’s hard to notice even when it executes Try to keep everything on one line ● Try to make the line delete itself after successful execution so the bad guys ● suspect nothing

  19. Blue Team Activity You are an analyst in a Security Operations Center (SOC) for a worldwide software company (You deploy AV and do IT tasks). The logs for the systems are showing an unusually large number of writes to ~/.bashrc and ~./bash_profile ● Write a script that monitors for potential malicious injections into the file Make sure to still allow users to modify their files so they can keep working ● Use syslog to notify the system of any malicious activity ●

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

430 views • 23 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

563 views • 11 slides
Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

525 views • 23 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
Permutations and Combinations Rosen, Chapter 5.3 Motivating question In a family of 3, how

Permutations and Combinations Rosen, Chapter 5.3 Motivating question In a family of 3, how

10/17/2016 Permutations and Combinations Rosen, Chapter 5.3 Motivating question In a family of 3, how many ways can we arrange the members of the family in a line for a photograph? 1 10/17/2016 Permutations A permutation of a set of

591 views • 34 slides
Optimization Problems and Wrap-Up CS 221 Lecture 14 Tue 6 December 2011 Agenda 1.

Optimization Problems and Wrap-Up CS 221 Lecture 14 Tue 6 December 2011 Agenda 1.

Optimization Problems and Wrap-Up CS 221 Lecture 14 Tue 6 December 2011 Agenda 1. Announcements 2. Solving Optimization Problems in Excel and MATLAB (Text Chapter 10) 3. Other nifty functions in (standard) MATLAB Image

485 views • 21 slides
OBJECTS AND GRAPHICS CSSE 120 Rose-Hulman Institute of Technology Outline Eclipse

OBJECTS AND GRAPHICS CSSE 120 Rose-Hulman Institute of Technology Outline Eclipse

OBJECTS AND GRAPHICS CSSE 120 Rose-Hulman Institute of Technology Outline Eclipse The object of objects Graphics Creating and using objects Coordinate systems Interactive graphics In-class practice time Integrated

736 views • 26 slides
Elementary Functions Part 1, Functions Lecture 1.1a, The Definition of a Function Dr. Ken W.

Elementary Functions Part 1, Functions Lecture 1.1a, The Definition of a Function Dr. Ken W.

Elementary Functions Part 1, Functions Lecture 1.1a, The Definition of a Function Dr. Ken W. Smith Sam Houston State University 2013 Smith (SHSU) Elementary Functions 2013 1 / 27 Definition of a function We study the most fundamental

701 views • 57 slides
Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

SAC Summer School 2019 Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1: ORAM simulation Store and simulate data structure with ORAM General-purpose Zero-leakage (if data is transformed

1.29k views • 60 slides
CS61A Lecture #35: Cryptography Announcements: HKN surveys next Friday: 7.5 bonus points for

CS61A Lecture #35: Cryptography Announcements: HKN surveys next Friday: 7.5 bonus points for

CS61A Lecture #35: Cryptography Announcements: HKN surveys next Friday: 7.5 bonus points for filling out their sur- vey on Friday (yes, that means you have to come to lecture). Last modified: Fri Apr 25 14:02:18 2014 CS61A: Lecture #35 1

339 views • 17 slides
transparency for legal machines Vytautas YRAS Vilnius University Vytautas.Cyras@mif.vu.lt

transparency for legal machines Vytautas YRAS Vilnius University Vytautas.Cyras@mif.vu.lt

Compliance and software transparency for legal machines Vytautas YRAS Vilnius University Vytautas.Cyras@mif.vu.lt Friedrich LACHMAYER Vienna University of Innsbruck www.legalvisualization.com Tallinn, 8-11.06. 2014 Contents 1. Legal

599 views • 31 slides
Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Preliminaries on adversarial robustness Classifier-dependent lower bounds Universal lower bounds Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis Dohmatob Limits on Robustness to Adversarial

763 views • 74 slides

More recommend