cyber uc meeting 33
play

Cyber@UC Meeting 33 Katoolin, Special Project, and more... If Youre - PowerPoint PPT Presentation

Aug 15, 2022 •212 likes •402 views

Cyber@UC Meeting 33 Katoolin, Special Project, and more... If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with

  1. Cyber@UC Meeting 33 Katoolin, Special Project, and more...

  2. If You’re New! ● Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati ● OWASP Chapter ● Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment Stay updated through our weekly emails and SLACK ●

  3. Announcements ● National Initiative for Cyber Education Conference was this week CharitEweek from Nov. 13th-Nov. 17th ● Red team against Franco’s Class! Nov. 30th - 1st Dec. ● ● P&G is prepping our visit. After they complete the “ War-room”. ● Logo Design SUBMIT IDEAS!

  4. National Initiative for Cyber Education (NICE) Conference summary

  5. Highlights 1. There are 300,000 cyber positions currently unfilled nationwide. 2. UC is well positioned to lead the growth in Cyber 3. There are multiple tracks for cyber careers 4. Cyber@UC may be able to achieve national recognition through High School outreach efforts 5. Cyber talent retention is a big problem 6. There is a CAE NICE challenge to showcase cyber skills 7. Skills required includes both technical and soft skills

  6. Weekly Content

  7. Browser mining (update on malicious mining) ● Previously covered the installation of cryptocurrency miners being installed by attackers Now, thanks to things like coinhive and jsminers, attackers are looking to ● infect websites by injecting code for these api into vulnerable websites ● Typical targets are websites where users tend to visit for several hours at a time Utilize the site visitors computing power ●

  8. United front against cyber attackers ● Windows Defender has a program called Advanced Threat Protection (ATP) Microsoft is now partnering with security companies BitDefener, Lookout, and ● Ziften ● These are just the first companies Microsoft has partnered with, they have plans to add more companies to this list soon These companies are allowing cross platform support for ATP ● Each company will be feeding threat and alert information to each other ● through a Windows Defender ATP console

  9. Keyloggers built-in to keyboards ● 104-key Mantistek GK2 Mechanicl Gaming Keyboard was found to be silently recording key strokes and sending them to a server maintained by the Alibaba Group ● Sent the key information through use of their cloud driver ● Though it was found to record the number of keystrokes, users were not informed of the key logging This could have been a lot more problematic if it had been a full key logger, ● especially since they were transmitting the information as plain text

  10. New Cyberthreat group SowBug ● Now know they have been operating since at least 2015 Target South American and Southeast Asian government bodies and foreign ● policy institutions and steal sensitive data ○ Targeted countries include Argentina, Brazil, Ecuador, Peru, Malaysia They like to use a (RAT) called Felismus to create backdoors into their target ● and can hide or extend its capabilities ● Felismus was first identified late March, and enabled us to identify previous SowBug attacks We know they are well funded because they can infiltrate many targets ● simultaneously

  11. SowBug continued (How they work) ● It isn’t currently clear how they infiltrate a network They use malicious software updates of Windows and Adobe Reader to install ● their malware ● They have also been known to use a tool called Starloader to deploy other malware and tools Instead of compromising the software itself, they give it similar names to ● those used by the software and puts them in the directory where they can be mistaken for legitimate software ● This hiding in plain sight approach has allowed them to remain hidden in systems for long periods of time

  12. Source links https://www.darkreading.com/endpoint/cybercriminals-employ-driveby-cryptocurr ency-mining-/d/d-id/1330353? https://www.darkreading.com/endpoint-security/windows-defender-atp-extended- to-ios-macos-android-linux-/d/d-id/1330357? https://www.microsoft.com/en-us/windowsforbusiness/windows-atp https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html https://thehackernews.com/2017/11/sowbug-hacking-group.html

  13. Special Cyber Project

  14. Installing Katoolin

  15. Super Easy Commands! 1. sudo apt-get install git 2. sudo git clone https://github.com/LionSec/katoolin.git && cp katoolin/katoolin.py /usr/bin/katoolin 3. chmod +x /usr/bin/katoolin 4. sudo katoolin

  16. Breakout Session Kali Linux Tools

  17. Choose a Tool and Research! ● Nmap ● WafW00f THC Hydra Kismet ● ● Airmon - ng, Airbase - ng, Aircrack - ng Burpsuite ● ● ● Hping3 ● Wireshark ● Recon - ng

  18. Metasploit armitage Recon - ng Thc hydra whois Nslookup Dig WafW00f Fierce Hping3 Airmon - ng, Airbase - ng, Aircrack - ng NMap

Recommend

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

430 views • 23 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

563 views • 11 slides
Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

525 views • 23 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
Cyber@UC Meeting 67 Bash and OverTheWire If Youre New! Join our Slack:

Cyber@UC Meeting 67 Bash and OverTheWire If Youre New! Join our Slack:

Cyber@UC Meeting 67 Bash and OverTheWire If Youre New! Join our Slack: cyberatuc.slack.com (URL changed!) SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees:

594 views • 16 slides
90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO HUMAN ERROR ERROR CYBER AWARE CYBER AWARE NEXT-GEN SECURITY AWARENESS TRAINING Cyber Crime Is Now A Cyber Crime Is Now A Business Opportunity

550 views • 25 slides
Cyber@UC Meeting 56 W I F I If Youre New! Join our Slack: ucyber.slack.com SIGN IN!

Cyber@UC Meeting 56 W I F I If Youre New! Join our Slack: ucyber.slack.com SIGN IN!

Cyber@UC Meeting 56 W I F I If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public Affairs Outreach

456 views • 19 slides
Cyber@UC Meeting 57 SDR Fun! If Youre New! Join our Slack: ucyber.slack.com SIGN IN!

Cyber@UC Meeting 57 SDR Fun! If Youre New! Join our Slack: ucyber.slack.com SIGN IN!

Cyber@UC Meeting 57 SDR Fun! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public Affairs Outreach

610 views • 18 slides
Cyber@UC Meeting 66 Welcome New Members! If Youre New! Join our Slack: ucyber.slack.com

Cyber@UC Meeting 66 Welcome New Members! If Youre New! Join our Slack: ucyber.slack.com

Cyber@UC Meeting 66 Welcome New Members! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general at 6:30) Feel free to get involved with one of our committees: Content Finance Public

178 views • 16 slides
Cyber@UC Meeting 49 Systems Exploitation: Sniffing, Man in the Middle, etc If Youre New!

Cyber@UC Meeting 49 Systems Exploitation: Sniffing, Man in the Middle, etc If Youre New!

Cyber@UC Meeting 49 Systems Exploitation: Sniffing, Man in the Middle, etc If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees:

464 views • 21 slides
1 5 6 Cyber Security and Cyber Space During these last years, the most important effect of the

1 5 6 Cyber Security and Cyber Space During these last years, the most important effect of the

1 5 6 Cyber Security and Cyber Space During these last years, the most important effect of the evolution of IT environments has been the origin of Cyber Space as a result for the Internet use by all subjects in the world, that is Individual

1.17k views • 67 slides
Cyber Bullying Sharing with Parents on Cyber Bullying Outline of Presentation To share on:

Cyber Bullying Sharing with Parents on Cyber Bullying Outline of Presentation To share on:

Slides (for Schools Use) to Brief Parents on Cyber Bullying Sharing with Parents on Cyber Bullying Outline of Presentation To share on: What is Cyber Bullying? MOEs Cyber Wellness Education School-wide Programmes

388 views • 14 slides

More recommend