CNIT 140: IT Security Practices

Spring 2018 - Sam Bowne

Scores

Schedule · Reference Materials · Projects · Practice · Links · Home Page

38347 501 Lec M  06:10-09:00PM  MUB 180

Moved to SCIE 37

Purpose of Class

Training students for cybersecurity competitions, including CTF events and the Collegiate Cyberdefense Competition (CCDC). This training will prepare students for employment as security professionals, and if our team does well in the competitions, the competitors will gain recognition and respect which should lead to more and better job offers.
The primary focus of this class is hands-on defense of systems. Students will work in groups configuring servers, firewalls, routers, switches, and other systems to resist attacks.

Live Streaming

You can attend class remotely using a PC, Mac, Linux, iOS or Android: https://zoom.us/j/4108472927

Textbook

There will be no textbook. We will use online tutorials and CTFs instead.

Catalog Description

This course explores techniques used by hackers to access protected data. Students will learn about cybercrime laws, penalties and organizations defending civil liberties of citizens. Students will learn about the various methodologies hackers use to gain access to confidential data such stealthy network recon, passive traffic identification, etc. CSU
Advisory: CNIT 123 or equivalent familiarity with hacking techniques

Class Schedule (may be revised)

Date

Topic

Mon Jan 22

First Class: Cybercompetitions: CCDC, CPTC, & NCL
Class Structure and Grading

Mon Jan 29

Practice 1 -- Goal: 4 picoCTF Challenges Solved

Mon Feb 5

Practice 2

Mon Feb 12

Practice 3

Mon Feb 19

Holiday: No Class

Mon Feb 26

Practice 4
NCL Registration Starts

Mon Mar 5

Practice 5

Mon Mar 12

Practice 6

Mon Mar 19

Practice 7

Mon Mar 26

Holiday: No Class

Mon Apr 2

TBA

Mon Apr 9

Mon Apr 16

Practice 9

Mon Apr 23

Practice 10

Mon Apr 30

Mon May 7

Mon May 14

Class Cancelled for DEF CON China

There is no final exam in this class

Recommended Practice Sites
picoCTF General CTF Prep
Bandit Linux command-line
Infosec Institute General CTF Prep
Bright Shadows General CTF Prep
Pwnable KR Binary Exploitation
We Chall Many Types of Challenges
Pentester Lab $20 per month
Exploit-Exercises: Nebula Challenges Free

Competition Schedule (may be revised)

Fri, Feb 9 - Mon, Feb 19	EasyCTF 2018 (EASY) USA

Feb 15	Contact iCTF for update: contest should be in March

Fri, Feb 23 - Wed, Feb 28	Angstrom CTF (EASY) Montgomery Blair High School, Silver Spring, MD

Mon Feb 26	NCL Registration Starts

Sun Mar 25	NCL Registration Ends

Sat, Mar 17 - Sat, Mar 31	RUSecure CTF (EASY) Radford University, Virginia

Fri Mar 30	NCL Gym Available

Wed Apr 4 - Tue Apr 10	NCL Preseason

Sat, Apr 7	TORO.HACK Conference 8:00 AM - 5:00PM, CSUDH Loker Student Union Ballroom C 1000 East Victoria Street, Carson, CA 90747

Fri Apr 13 - Sun Apr 15	NCL Regular Season

Sun, April 15 - Mon, April 16	BSidesSF

Mon, Apr 16 - Fri, Apr 20	RSA Conference 2018 College Day: Thu, Apr 19 My approved workshop Practical Malware Analysis CTF (with Dylan)

April	PACTF (EASY) Phillips Academy, Andover, Massachusetts

Fri, Apr 20 - Sat, Apr 21	MITRE STEM CTF: Cyber Challenge 2018 (EASY)

Fri Apr 27 - Sun Apr 29	NCL Postseason

May	HSCTF (EASY) West Windsor-Plainsboro High School North in New Jersey

Reference Materials

Grading Policy · First Day Handout

2017 CCDC Qualifier Images

https://owncloud.wrccdc.org/index.php/s/c9qqbJS9x4oEll7
2017 WRCCDC Regional Images

https://owncloud.wrccdc.org/index.php/s/3MkMEEYqoX8OsFE

Tim Krugh's Slides (ODP) · Tim Krugh's Lecture (YouTube)
Codepath Cybersecurity University
1. Networking -- Traffic flow, switching, and routing. · KEY · PDF
2. Perimeter Security -- Network and Host based firewalls, how they work and how to configure them, as well as Intrusion Detection Systems, Virtual Private Networks, and DMZs.· KEY · PDF
Write-Up for "Judgement", from Tokyo Westerns / MMA CTF 2nd 2016
3. Flashing/Patching -- Both Hardware and Software Flashing/Patching
OpenWrt in VMware Fusion
JTAG powerpoint
Write-Up for "Judgement"a, from Tokyo Westerns / MMA CTF 2nd 2016
CTF Flow Chart
Windows Internals KEY · PDF
NECCDC Materials & Rekall KEY · PDF
4. UNIX -- Multiple flavors of UNIX such as Fedora Core, Solaris, Gentoo, BSD, Ubuntu, etc.
5. Windows Workstations and Servers -- NT, 2000, 2008, 2012, XP, 7, 8, 10
6. User Management -- Adding and deleting users on multiple Operating Systems and managing those user accounts
7. Services and Applications -- Email, DNS, HTTP, HTTPS, SQL, Web applications
8. Tools - Port Scanners, Vulnerability Scanners, MD5, and Software based firewalls and IDSs.
9. Authentication -- Beyond just knowing how to change passwords in multiple environments, also understanding other forms of authentication such as multi-factor, biometrics, and tokens
10. General - Performing admin duties such as installing, securing, updating, troubleshooting, and maintaining the functionality of computer systems on a network.

Click a lecture name to see it on SlideShare. If you want to use other formats, you may find this useful: Cloud Convert.

Projects (under development)
Installing Python on Windows Using Python for HTTP Palo Alto Virtual Firewall Downloading the Virtual Machines Pass the Hash (non-Domain) Detecting Nmap Scans with Snort Suggested Project Topics picoCTF Splunk Bro Snort Router ACLs & Switching configs (Packet Tracer?, Juniper, Cisco, Vyatta, Endian) Pix and ASA firewalls (pfSense) Write a report: incident response, security audit Networking Equipment Configuring routers and switches; using Packet Tracer Configuring firewalls Windows Servers Common Services: IIS, SQL Server, Exchange, and Domain Controllers Finding and Patching Vulnerabilities: MBSA Linux Servers Essential Versions: Ubuntu, Fedora, FreeBSD, and Solaris Services: Apache, Bind, and Sendmail Protocols HTTP, HTTPS, DNS, SMTP, POP3, SSH, FTP, SQL Intrusion Detection Snort, Splunk, Configuring Logging, Network Monitoring Injects Migrate a Website from IIS to Apache
Tools (may be revised) Assessment Tools: Kali, Codescout, Metasploit Framework, Microsoft Baseline Security Analyzer, Nessus, Netcat, Nikto, Nmap, Paros Proxy, Superscan Forensics Utilities: Coroners Toolkit DNS Utilities: Dig, Nslookup, Whois Packet Analysis: Ettercap, TCPDUMP, Wireshark Compression Utilities: Gzip, 7-Zip, Tar, Zip Perimeter Security: Iptables/TCP Wrappers, Snort Password Auditing: John the Ripper, L0pht Crack, Cain and Abel Miscellaneous Tools: GCC, Make, MD5, Microsoft Update, Nagios, PGP, PHPMyAdmin Ping, Sysinternals, Traceroute, Tripwire Training: Hackme Bank, Books, Casino, Shipping, or Travel, WebGoat, WebMaven

Projects (under development)

Installing Python on Windows
Using Python for HTTP
Palo Alto Virtual Firewall
Downloading the Virtual Machines
Pass the Hash (non-Domain)
Detecting Nmap Scans with Snort

Suggested Project Topics

picoCTF
Splunk
Bro
Snort
Router ACLs & Switching configs (Packet Tracer?, Juniper, Cisco, Vyatta, Endian)
Pix and ASA firewalls (pfSense)
Write a report: incident response, security audit

Networking Equipment
Configuring routers and switches; using Packet Tracer
Configuring firewalls

Windows Servers
Common Services: IIS, SQL Server, Exchange, and Domain Controllers
Finding and Patching Vulnerabilities: MBSA

Linux Servers
Essential Versions: Ubuntu, Fedora, FreeBSD, and Solaris
Services: Apache, Bind, and Sendmail

Protocols
HTTP, HTTPS, DNS, SMTP, POP3, SSH, FTP, SQL
Intrusion Detection
Snort, Splunk, Configuring Logging, Network Monitoring
Injects
Migrate a Website from IIS to Apache

Tools (may be revised)

Assessment Tools:
Kali, Codescout, Metasploit Framework, Microsoft Baseline Security Analyzer, Nessus, Netcat, Nikto, Nmap, Paros Proxy, Superscan
Forensics Utilities: Coroners Toolkit
DNS Utilities: Dig, Nslookup, Whois
Packet Analysis: Ettercap, TCPDUMP, Wireshark
Compression Utilities: Gzip, 7-Zip, Tar, Zip
Perimeter Security: Iptables/TCP Wrappers, Snort
Password Auditing: John the Ripper, L0pht Crack, Cain and Abel
Miscellaneous Tools: GCC, Make, MD5, Microsoft Update, Nagios, PGP, PHPMyAdmin Ping, Sysinternals, Traceroute, Tripwire

Training: Hackme Bank, Books, Casino, Shipping, or Travel, WebGoat, WebMaven

Links
CCDC 1: CCDC Team Preparation Guide -- GOALS FOR CLASS CCDC 2: Preparing for the Collegiate Cyber Defense Competition (CCDC): A Guide for New Teams and Recommendations for Experienced Players CCDC 3: Web Application Defender's Cookbook: CCDC Blue Team Cheatsheet CCDC 4: Tips - How-To Guide for the CCDC CCDC 5: How to Win CCDC CCDC 6: Raytheon Cyber: Bracketology: Breaking down the NCCDC championships CCDC 7: How To Monitor System Authentication Logs on Ubuntu CCDC 8: IP Tables State CCDC 9: CentOS 5.9 Configuration Guide: First 15 Minutes Net 1: Wireshark 101: Essential Skills for Network Analysis Net 2: WCNA Certification Net 3: laura chappell wireshark - YouTube Net 4: Warriors of The Net Net 5: Popular port numbers Flashcards Net 6: WARRIORS OF THE NET [Full] - YouTube Perimeter 1: Project - Snort Perimeter 2: The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins Perimeter 3: Top FREE Network Monitoring Tools Perimeter 4: 7 free tools every network needs Perimeter 5: Phantom Cyber Network Monitoring PHP 1: 25 PHP Security Best Practices For Sys Admins PHP 2: PHP Security Cheat Sheet - OWASP Windows 1: Free Intrusion Detection and Prevention software Windows 2: Detecting Security Incidents Using Windows Workstation Event Logs Windows 3: How to close TCP and UDP ports via windows command line Windows 4: CurrPorts: Monitoring TCP/IP network connections on Windows Windows 5: TCPView for Windows OpenWrt 1: OpenWrt OpenWrt 2: What Is OpenWrt And Why Should I Use It For My Router? OpenWrt 3: Installing OpenWrt [OpenWrt Wiki] OpenWrt 4: How to create Openwrt on VMWARE Workstation PTES 1: Introduction to Penetration Testing -- Slides PTES 2: The Penetration Testing Execution Standard PTES 3: PTES Technical Guidelines - The Penetration Testing Execution Standard Windows Internals 1: Book (PDF) Windows Internals 2: Tricks in Assembly Language (pdf) PAN 1: PAN-OS Command Line Interface (CLI) Reference Guide PAN 2: PAN-OS 7.0 CLI Quick Start PAN 3: CLI Cheat Sheets PAN 4: Use the Command Line Interface (CLI) PAN 5: Importing an OVA file into VMware Fusion PAN 6: Configure Interfaces and Zones PAN 7: How to Change the Management IP Address via the Console PAN 8: CLI Commands for Troubleshooting Palo Alto Firewalls Resources Arizona Cyber Warfare Range -- USE FOR PROJECTS CPTC: Collegiate Pentesting Championship Path to OSCP -- Many resources CCSF-Hacking - Google Groups Miscellaneous Links THE SECOND INTER-COLLEGIATE PENETRATION TESTING COMPETITION osx - Is there a quick and easy way to dump the contents of a MacOS X keychain? Nagios - Network, Server and Log Monitoring Software Vulnerable By Design ~ VulnHub -- GOOD CTF PRACTICE Security Onion -- NETWORK MONITORING PROJECT Network Security Toolkit (NST 24) -- USEFUL FOR A PROJECT Skynet Solutions : EasyIDS -- POSSIBLE PROJECT WRCCDC Reg Here UNIX / Linux Tutorial for Beginners Penetration Testing Tools Cheat Sheet Datanyze -- Fingerprints technologies Cheat Engine--Modify Windows Games Windows Internals 3: Process Explorer Windows Internals 4: PsGetSid Windows Internals 5: Original PPT slides from Solomon, 2007 Windows Internals 6: PsExec How to Update Ubuntu Kernel: 7 Steps (with Pictures) Protecting SSH with Fail2Ban Reversing Firmware Part 1 Rekall Memory Forensic Framework SANS Rekall Cheat Sheet SANS Digital Forensics Cheat Sheets 2014 rekall workshop Slides GitHub google/rekall: Rekall Memory Forensic Framework 12 units is full-time at CCSF EasyIDS 2015-2016 WRCCDC Guides - Xploit Cybersecurity Club Palo Alto Firewall Free 15-day Trial on AWS Linux: Where can I get the repositories for old Ubuntu versions? - Super User CCDC Eligibility for our CCSF team How to Create an Application Override for FTP - Live Community How To Configure BIND as a Private Network DNS Server on Ubuntu 14.04 \| DigitalOcean How secure is authentication in mysql protocol? CCDC Lessons Learned Why is sudo not installed by default in Debian? Information Security Talent Search (ISTS) competition iCTF -- VERY INTERESTING COMPETITION Prep Guide for Offsec's PWK/OSCP - Cybrary CyberPatriot Training Modules Discord - Free Voice and Text Chat for Gamers -- RECOMMENDED FOR COMPETITIONS facebook/fbctf: Platform to host Capture the Flag competitions CyberPatriot: Build Your Own Practice Images CyberPatriot Windows 7 VM Sam 1 CyberPatriot Images CyberPatriot: Linux Scoring Engine Instructions Students Are the Newest U.S. Weapon Against Terrorist Recruitment -- POSSIBLE PROJECT 2017-08-05: (108) Western Regional Collegiate Cyber Defense Competition -- Signups will open in Sept Resources: Week 7 - Cybersecurity University \| CodePath Courses Bootcamp Structure - Cybersecurity University \| CodePath Courses Collegiate Penetration Testing Competition Information - Central Region PWNABLE.KR -- FUN KOREAN CTF Making a Windows 2008 Domain Controller How to Pivot from the Victim System to Own Every Computer on the Network � Null Byte :: WonderHowTo Pivoting guide with Metasploit 5 Ways to Find Systems Running Domain Admin Processes Nessus and Metasploit: Scan networks in pivoting How To Monitor System Authentication Logs on Ubuntu CTF Write-Ups: MAKE PROJECTS LIKE THIS CTF Web Resources -- TRAINING MATERIALS Practice CTF List (SSL Error) INFOSEC INSTITUTE CTF - capture the flag hacking exercises UntangleWiki Intrusion Prevention - UntangleWiki How To Verify File Integrity in Windows with FCIV 13 More Hacking Sites to (Legally) Practice Your InfoSec Skills EasyCTF IV Writeups -- Good explanation of "Special Endings" How to win a cyber security competition Using XMLDecoder to execute server-side Java Code on an Restlet application (i.e. Remote Command Execution) Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792) IppSec -- YouTube Training Python Luhn checksum for credit card validation Tools used for solving and cracking CTF challenges--USEFUL Prep for OSCP-- self-paced course and hands-on lab access package for only $50 National Cyber League \| Fall Season Pentesting Notes -- USEFUL FOR CTF's and Competitions Vulnerable By Design ~ VulnHub CNIT140VM1 New Unsorted Links Privilege Escalation & Post-Exploitation Resources -- VERY USEFUL Passing OSCP A Red Teamer's guide to pivoting How to Pivot from the Victim System to Own Every Computer on the Network Protecting a Server with iptables and iptstate ccdc/linux at master � traviskp/ccdc

Links

CCDC 1: CCDC Team Preparation Guide -- GOALS FOR CLASS
CCDC 2: Preparing for the Collegiate Cyber Defense Competition (CCDC): A Guide for New Teams and Recommendations for Experienced Players
CCDC 3: Web Application Defender's Cookbook: CCDC Blue Team Cheatsheet
CCDC 4: Tips - How-To Guide for the CCDC
CCDC 5: How to Win CCDC
CCDC 6: Raytheon Cyber: Bracketology: Breaking down the NCCDC championships
CCDC 7: How To Monitor System Authentication Logs on Ubuntu
CCDC 8: IP Tables State
CCDC 9: CentOS 5.9 Configuration Guide: First 15 Minutes

Net 1: Wireshark 101: Essential Skills for Network Analysis
Net 2: WCNA Certification
Net 3: laura chappell wireshark - YouTube
Net 4: Warriors of The Net
Net 5: Popular port numbers Flashcards
Net 6: WARRIORS OF THE NET [Full] - YouTube

Perimeter 1: Project - Snort
Perimeter 2: The Top 20 Free Network Monitoring and Analysis Tools for Sys Admins
Perimeter 3: Top FREE Network Monitoring Tools
Perimeter 4: 7 free tools every network needs
Perimeter 5: Phantom Cyber Network Monitoring

PHP 1: 25 PHP Security Best Practices For Sys Admins
PHP 2: PHP Security Cheat Sheet - OWASP

Windows 1: Free Intrusion Detection and Prevention software
Windows 2: Detecting Security Incidents Using Windows Workstation Event Logs
Windows 3: How to close TCP and UDP ports via windows command line
Windows 4: CurrPorts: Monitoring TCP/IP network connections on Windows
Windows 5: TCPView for Windows

OpenWrt 1: OpenWrt
OpenWrt 2: What Is OpenWrt And Why Should I Use It For My Router?
OpenWrt 3: Installing OpenWrt [OpenWrt Wiki]
OpenWrt 4: How to create Openwrt on VMWARE Workstation

PTES 1: Introduction to Penetration Testing -- Slides
PTES 2: The Penetration Testing Execution Standard
PTES 3: PTES Technical Guidelines - The Penetration Testing Execution Standard

Windows Internals 1: Book (PDF)
Windows Internals 2: Tricks in Assembly Language (pdf)

PAN 1: PAN-OS Command Line Interface (CLI) Reference Guide
PAN 2: PAN-OS 7.0 CLI Quick Start
PAN 3: CLI Cheat Sheets
PAN 4: Use the Command Line Interface (CLI)
PAN 5: Importing an OVA file into VMware Fusion
PAN 6: Configure Interfaces and Zones
PAN 7: How to Change the Management IP Address via the Console
PAN 8: CLI Commands for Troubleshooting Palo Alto Firewalls

Resources
Arizona Cyber Warfare Range -- USE FOR PROJECTS
CPTC: Collegiate Pentesting Championship
Path to OSCP -- Many resources
CCSF-Hacking - Google Groups

Miscellaneous Links
THE SECOND INTER-COLLEGIATE PENETRATION TESTING COMPETITION
osx - Is there a quick and easy way to dump the contents of a MacOS X keychain?
Nagios - Network, Server and Log Monitoring Software
Vulnerable By Design ~ VulnHub -- GOOD CTF PRACTICE
Security Onion -- NETWORK MONITORING PROJECT
Network Security Toolkit (NST 24) -- USEFUL FOR A PROJECT
Skynet Solutions : EasyIDS -- POSSIBLE PROJECT
WRCCDC Reg Here
UNIX / Linux Tutorial for Beginners
Penetration Testing Tools Cheat Sheet
Datanyze -- Fingerprints technologies
Cheat Engine--Modify Windows Games
Windows Internals 3: Process Explorer
Windows Internals 4: PsGetSid
Windows Internals 5: Original PPT slides from Solomon, 2007
Windows Internals 6: PsExec
How to Update Ubuntu Kernel: 7 Steps (with Pictures)
Protecting SSH with Fail2Ban
Reversing Firmware Part 1
Rekall Memory Forensic Framework
SANS Rekall Cheat Sheet
SANS Digital Forensics Cheat Sheets
2014 rekall workshop Slides
GitHub google/rekall: Rekall Memory Forensic Framework
12 units is full-time at CCSF
EasyIDS
2015-2016 WRCCDC Guides - Xploit Cybersecurity Club
Palo Alto Firewall Free 15-day Trial on AWS
Linux: Where can I get the repositories for old Ubuntu versions? - Super User
CCDC Eligibility for our CCSF team
How to Create an Application Override for FTP - Live Community
How To Configure BIND as a Private Network DNS Server on Ubuntu 14.04 | DigitalOcean
How secure is authentication in mysql protocol?
CCDC Lessons Learned
Why is sudo not installed by default in Debian?
Information Security Talent Search (ISTS) competition
iCTF -- VERY INTERESTING COMPETITION
Prep Guide for Offsec's PWK/OSCP - Cybrary
CyberPatriot Training Modules
Discord - Free Voice and Text Chat for Gamers -- RECOMMENDED FOR COMPETITIONS
facebook/fbctf: Platform to host Capture the Flag competitions
CyberPatriot: Build Your Own Practice Images
CyberPatriot Windows 7 VM Sam 1
CyberPatriot Images
CyberPatriot: Linux Scoring Engine Instructions
Students Are the Newest U.S. Weapon Against Terrorist Recruitment -- POSSIBLE PROJECT
2017-08-05: (108) Western Regional Collegiate Cyber Defense Competition -- Signups will open in Sept
Resources: Week 7 - Cybersecurity University | CodePath Courses
Bootcamp Structure - Cybersecurity University | CodePath Courses
Collegiate Penetration Testing Competition Information - Central Region
PWNABLE.KR -- FUN KOREAN CTF
Making a Windows 2008 Domain Controller
How to Pivot from the Victim System to Own Every Computer on the Network � Null Byte :: WonderHowTo
Pivoting guide with Metasploit
5 Ways to Find Systems Running Domain Admin Processes
Nessus and Metasploit: Scan networks in pivoting
How To Monitor System Authentication Logs on Ubuntu
CTF Write-Ups: MAKE PROJECTS LIKE THIS
CTF Web Resources -- TRAINING MATERIALS
Practice CTF List (SSL Error)
INFOSEC INSTITUTE CTF - capture the flag hacking exercises
UntangleWiki
Intrusion Prevention - UntangleWiki
How To Verify File Integrity in Windows with FCIV
13 More Hacking Sites to (Legally) Practice Your InfoSec Skills
EasyCTF IV Writeups -- Good explanation of "Special Endings"
How to win a cyber security competition
Using XMLDecoder to execute server-side Java Code on an Restlet application (i.e. Remote Command Execution)
Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)
IppSec -- YouTube Training
Python Luhn checksum for credit card validation
Tools used for solving and cracking CTF challenges--USEFUL
Prep for OSCP-- self-paced course and hands-on lab access package for only $50
National Cyber League | Fall Season
Pentesting Notes -- USEFUL FOR CTF's and Competitions
Vulnerable By Design ~ VulnHub
CNIT140VM1

New Unsorted Links
Privilege Escalation & Post-Exploitation Resources -- VERY USEFUL
Passing OSCP
A Red Teamer's guide to pivoting
How to Pivot from the Victim System to Own Every Computer on the Network
Protecting a Server with iptables and iptstate
ccdc/linux at master � traviskp/ccdc

Last Updated: 5-7-18 9:05 pm

CNIT 140: IT Security Practices

Spring 2018 - Sam Bowne

Scores

Schedule · Reference Materials · Projects · Practice · Links · Home Page

Moved to SCIE 37

Purpose of Class

Live Streaming

Textbook

Catalog Description

Class Schedule (may be revised)

Recommended Practice Sites

Competition Schedule (may be revised)

Reference Materials

2017 CCDC Qualifier Images

2017 WRCCDC Regional Images

Projects (under development)

Suggested Project Topics

Networking Equipment

Windows Servers

Linux Servers

Protocols

Intrusion Detection

Injects

Tools (may be revised)

Links

Resources

Miscellaneous Links

New Unsorted Links