CNIT 140: IT Security Practices

Fall 2017 - Sam Bowne

Schedule · Reference Materials · Projects · Links · Home Page

77301  Sat 10 am - 1:00 pm MOVED TO CLOUD 218

Purpose of Class

Training students for cybersecurity competitions, including CTF events and the Collegiate Cyberdefense Competition (CCDC). This training will prepare students for employment as security professionals, and if our team does well in the competitions, the competitors will gain recognition and respect which should lead to more and better job offers.

The primary focus of this class is hands-on defense of systems. Students will work in groups configuring servers, firewalls, routers, switches, and other systems to resist attacks.

Live Streaming

You can attend class remotely using Zoom.

Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/4108472927
Meeting ID: 410-847-2927

The free version of Zoom is limited to 40 minutes per meeting. So to see the second part of the lecture live, you will have to re-join with the same meeting ID.

Classes will also be recorded and published on YouTube for later viewing.

Textbook

There will be no textbook. We will use online tutorials and presentations instead.

Catalog Description

This course explores techniques used by hackers to access protected data. Students will learn about cybercrime laws, penalties and organizations defending civil liberties of citizens. Students will learn about the various methodologies hackers use to gain access to confidential data such stealthy network recon, passive traffic identification, etc. CSU

Advisory: CNIT 123 or equivalent familiarity with hacking techniques

Schedule (may be revised)

Date Report Topic

Sat 8-19 Introduction to Cybercompetitions and the CCDC
Class Structure and Grading
Sound starts at 2 minutes in, video is pretty poor

 


Sat 8-26 Class meets: groups working on projects

Sat 9-2Holiday: No Class
Fri 9-8Last day to add

Sat 9-9Progress Plan Due Class meets: groups working on projects

Sat 9-10 REGISTER FOR WRCCDC
Class meets: groups working on projects
Sat 9-16 Class meets: groups working on projects
Sat 9-23 WRCCDC Sign-Up


Fri 9-29 WRCCDC Competitors Call 2-3 PM


Sat 9-30


Class cancelled for CactusCon


Sat 10-7Class may be cancelled CPTC at UBER Oct 7-8


Fri 10-13 WRCCDC Competitors Call 2-3 PM


Sat 10-14 WRCCDC Invitational
Sat 10-21Report 1 Due Report 1 Due


Fri 10-27 WRCCDC Competitors Call 2-3 PM


Sat 10-28 Class meets: groups working on projects
Sat 11-4 Class meets: groups working on projects


Fri 11-10 WRCCDC Competitors Call 2-3 PM


Sat 11-11 WRCCDC Invitational
Sat 11-18Report 2 Due Class meets: groups working on projects
Sat 11-25Holiday: No Class


Fri 12-1 WRCCDC Competitors Call 2-3 PM


Sat 12-2 WRCCDC Invitational
Sat 12-9Report 3 Due Class meets: groups working on projects


Fri 12-15 WRCCDC Competitors Call 2-3 PM


Sat 12-16 Final Exam Day: Make-Up & Extra Credit

Reference Materials

Grading Policy · Schedule

Tim Krugh's Slides (ODP) · Tim Krugh's Lecture (YouTube)

Codepath Cybersecurity University

1. Networking -- Traffic flow, switching, and routing. · KEY · PDF

2. Perimeter Security -- Network and Host based firewalls, how they work and how to configure them, as well as Intrusion Detection Systems, Virtual Private Networks, and DMZs.· KEY · PDF

Write-Up for "Judgement", from Tokyo Westerns / MMA CTF 2nd 2016

3. Flashing/Patching -- Both Hardware and Software Flashing/Patching
OpenWrt in VMware Fusion
JTAG powerpoint
Write-Up for "Judgement"a, from Tokyo Westerns / MMA CTF 2nd 2016
CTF Flow Chart

Windows Internals KEY · PDF

NECCDC Materials & Rekall KEY · PDF

4. UNIX -- Multiple flavors of UNIX such as Fedora Core, Solaris, Gentoo, BSD, Ubuntu, etc.

5. Windows Workstations and Servers -- NT, 2000, 2008, 2012, XP, 7, 8, 10

6. User Management -- Adding and deleting users on multiple Operating Systems and managing those user accounts

7. Services and Applications -- Email, DNS, HTTP, HTTPS, SQL, Web applications

8. Tools - Port Scanners, Vulnerability Scanners, MD5, and Software based firewalls and IDSs.

9. Authentication -- Beyond just knowing how to change passwords in multiple environments, also understanding other forms of authentication such as multi-factor, biometrics, and tokens

10. General - Performing admin duties such as installing, securing, updating, troubleshooting, and maintaining the functionality of computer systems on a network.

Click a lecture name to see it on SlideShare. If you want to use other formats, you may find this useful: Cloud Convert.


Back to Top

Projects (under development)

Palo Alto Virtual Firewall

Downloading the Virtual Machines

Pass the Hash (non-Domain)

Suggested Project Topics

  • picoCTF
  • Splunk
  • Bro
  • Snort
  • Router ACLs & Switching configs (Packet Tracer?, Juniper, Cisco, Vyatta, Endian)
  • Pix and ASA firewalls (pfSense)
  • Write a report: incident response, security audit

Networking Equipment

Configuring routers and switches; using Packet Tracer
Configuring firewalls

Windows Servers

Common Services: IIS, SQL Server, Exchange, and Domain Controllers
Finding and Patching Vulnerabilities: MBSA

Linux Servers

Essential Versions: Ubuntu, Fedora, FreeBSD, and Solaris
Services: Apache, Bind, and Sendmail

Protocols

HTTP, HTTPS, DNS, SMTP, POP3, SSH, FTP, SQL

Intrusion Detection

Snort, Splunk, Configuring Logging, Network Monitoring

Injects

Migrate a Website from IIS to Apache

Tools (may be revised)

Assessment Tools:
Kali, Codescout, Metasploit Framework, Microsoft Baseline Security Analyzer, Nessus, Netcat, Nikto, Nmap, Paros Proxy, Superscan

Forensics Utilities: Coroners Toolkit

DNS Utilities: Dig, Nslookup, Whois

Packet Analysis: Ettercap, TCPDUMP, Wireshark

Compression Utilities: Gzip, 7-Zip, Tar, Zip

Perimeter Security: Iptables/TCP Wrappers, Snort

Password Auditing: John the Ripper, L0pht Crack, Cain and Abel

Miscellaneous Tools: GCC, Make, MD5, Microsoft Update, Nagios, PGP, PHPMyAdmin Ping, Sysinternals, Traceroute, Tripwire

Training: Hackme Bank, Books, Casino, Shipping, or Travel, WebGoat, WebMaven

Links

CCDC 1: CCDC Team Preparation Guide -- GOALS FOR CLASS
CCDC 2: Preparing for the Collegiate Cyber Defense Competition (CCDC): A Guide for New Teams and Recommendations for Experienced Players
CCDC 3: Web Application Defender's Cookbook: CCDC Blue Team Cheatsheet
CCDC 4: Tips - How-To Guide for the CCDC
CCDC 5: How to Win CCDC

Net 1: Wireshark 101: Essential Skills for Network Analysis
Net 2: WCNA Certification
Net 3: laura chappell wireshark - YouTube
Net 4: Warriors of The Net
Net 5: Popular port numbers Flashcards
Net 6: WARRIORS OF THE NET [Full] - YouTube

Perimeter 1: Project - Snort
Perimeter 2: The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins
Perimeter 3: Top FREE Network Monitoring Tools
Perimeter 4: 7 free tools every network needs
Perimeter 5: Phantom Cyber Network Monitoring

Windows 1: Free Intrusion Detection and Prevention software
Windows 2: Detecting Security Incidents Using Windows Workstation Event Logs
Windows 3: How to close TCP and UDP ports via windows command line
Windows 4: CurrPorts: Monitoring TCP/IP network connections on Windows
Windows 5: TCPView for Windows

OpenWrt 1: OpenWrt
OpenWrt 2: What Is OpenWrt And Why Should I Use It For My Router?
OpenWrt 3: Installing OpenWrt [OpenWrt Wiki]
OpenWrt 4: How to create Openwrt on VMWARE Workstation

PTES 1: Introduction to Penetration Testing -- Slides
PTES 2: The Penetration Testing Execution Standard
PTES 3: PTES Technical Guidelines - The Penetration Testing Execution Standard

Windows Internals 1: Book (PDF)
Windows Internals 2: Tricks in Assembly Language (pdf)

Resources

Arizona Cyber Warfare Range -- USE FOR PROJECTS
CPTC: Collegiate Pentesting Championship
Path to OSCP -- Many resources
CCSF-Hacking - Google Groups

Miscellaneous Links

THE SECOND INTER-COLLEGIATE PENETRATION TESTING COMPETITION
osx - Is there a quick and easy way to dump the contents of a MacOS X keychain?
Nagios - Network, Server and Log Monitoring Software
Vulnerable By Design ~ VulnHub -- GOOD CTF PRACTICE
Security Onion -- NETWORK MONITORING PROJECT
Network Security Toolkit (NST 24) -- USEFUL FOR A PROJECT
Skynet Solutions : EasyIDS -- POSSIBLE PROJECT
WRCCDC Reg Here
UNIX / Linux Tutorial for Beginners
Penetration Testing Tools Cheat Sheet
Datanyze -- Fingerprints technologies
Cheat Engine--Modify Windows Games

New Unsorted Links

Windows Internals 3: Process Explorer
Windows Internals 4: PsGetSid
Windows Internals 5: Original PPT slides from Solomon, 2007
Windows Internals 6: PsExec
How to Update Ubuntu Kernel: 7 Steps (with Pictures)
CCDC 6: Raytheon Cyber: Bracketology: Breaking down the NCCDC championships
PHP 1: 25 PHP Security Best Practices For Sys Admins
PHP 2: PHP Security Cheat Sheet - OWASP
CCDC 7: How To Monitor System Authentication Logs on Ubuntu
CCDC 8: IP Tables State
Protecting SSH with Fail2Ban
Reversing Firmware Part 1
Rekall Memory Forensic Framework
SANS Rekall Cheat Sheet
SANS Digital Forensics Cheat Sheets
2014 rekall workshop Slides
GitHub google/rekall: Rekall Memory Forensic Framework
12 units is full-time at CCSF
EasyIDS
2015-2016 WRCCDC Guides - Xploit Cybersecurity Club
Palo Alto Firewall Free 15-day Trial on AWS
PAN 1: PAN-OS® Command Line Interface (CLI) Reference Guide
PAN 2: PAN-OS� 7.0 CLI Quick Start
PAN 3: CLI Cheat Sheets
PAN 4: Use the Command Line Interface (CLI)
PAN 5: Importing an OVA file into VMware Fusion
Linux: Where can I get the repositories for old Ubuntu versions? - Super User
PAN 6: Configure Interfaces and Zones
Shopping List for Lab -- SHOW TO CLASS
PAN 7: How to Change the Management IP Address via the Console
PAN 8: CLI Commands for Troubleshooting Palo Alto Firewalls
CCDC Eligibility for our CCSF team
How to Create an Application Override for FTP - Live Community
How To Configure BIND as a Private Network DNS Server on Ubuntu 14.04 | DigitalOcean
How secure is authentication in mysql protocol?
CCDC Lessons Learned
Why is sudo not installed by default in Debian?
Information Security Talent Search (ISTS) competition
iCTF -- VERY INTERESTING COMPETITION
Prep Guide for Offsec's PWK/OSCP - Cybrary
CyberPatriot Training Modules
Discord - Free Voice and Text Chat for Gamers -- RECOMMENDED FOR COMPETITIONS
facebook/fbctf: Platform to host Capture the Flag competitions
CyberPatriot: Build Your Own Practice Images
CyberPatriot Windows 7 VM Sam 1
CyberPatriot Images
CyberPatriot: Linux Scoring Engine Instructions
Students Are the Newest U.S. Weapon Against Terrorist Recruitment -- POSSIBLE PROJECT
2017-08-05: (108) Western Regional Collegiate Cyber Defense Competition -- Signups will open in Sept
Resources: Week 7 - Cybersecurity University | CodePath Courses
SegWit (Segregated Witness)
SegWit - Wikipedia
Bootcamp Structure - Cybersecurity University | CodePath Courses
Collegiate Penetration Testing Competition Information - Central Region
PWNABLE.KR -- FUN KOREAN CTF
Making a Windows 2008 Domain Controller
How to Pivot from the Victim System to Own Every Computer on the Network � Null Byte :: WonderHowTo
Pivoting guide with Metasploit
5 Ways to Find Systems Running Domain Admin Processes


Last Updated: 9-23-17 11:21 am