03/21/2019 Meeting - Networking and Firewalling

This meeting, we talked about what networking is, layers of the OSI model, showing how they fit into real world usage. We also went over core networking devices and how they create LANs, WANs, and the internet.

Slides: Networking_and_Firewalling.pdf

03/07/2019 Meeting - Booz Allen's Vehicle Cyber Analysis Center Talk

Cybersecurity News Headlines:

• Tufts Investigation - https://techcrunch.com/2019/03/08/tufts-grade-hacking/
• Chrome 0day - https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/
• NSA releases GHIDRA - https://ghidra-sre.org/

This week, we had represents from Booz Allen's Vehicle Cyber Analysis Center talk about the state of car cybersecurity. We examined how the numerous networks on modern cars can leave significant amounts of forensics data behind and the potential vulnerabilities in these systems.

02/28/2019 Meeting - Malware Detection and Removal

Cybersecurity News Headlines:

• Cyber Command Operation - https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html?utm_term=.9db99cc96ca6
• Australian Parliament Breached - https://www.smh.com.au/politics/federal/china-not-iran-still-the-main-suspect-in-hacking-of-australia-s-political-parties-say-sources-20190221-p50zgv.html
• Drupal Bugs - https://arstechnica.com/information-technology/2019/02/millions-of-websites-threatened-by-highly-critical-code-execution-bug-in-drupal/
• Dow Jones - https://techcrunch.com/2019/02/27/dow-jones-watchlist-leak/
• Armed Computer Theft - https://www.reuters.com/article/us-spain-northkorea-idUSKCN1QG1QJ
• Which Face is Real? - http://www.whichfaceisreal.com/index.php

This week, Jake gave a talk on some basic tools and techniques we can use to detect and remove malware. Specifically, we explored using ClamAV and SysInternals' Autoruns to identify anomalous behavior. After the introduction and overview, we practiced using the tools to respond to a live malware infection in the lab where our Domain Controller had been infected.

Slides: MalwareDetectionAndRemoval.pdf.pdf

02/21/2019 Meeting - Malware Detection and Removal

Cybersecurity News Headlines:

• Wordpress RCE - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
• Phishing Campaign - https://motherboard.vice.com/en_us/article/d3mdxm/venezuela-government-hack-activists-phishing
• Encryption Debate - https://www.gizmodo.com.au/2019/02/you-dont-get-to-learn-how-the-fbi-tried-to-crack-facebook-messenger-encryption-judge-rules/

Daniel gave a presentation on the mindset of exploit development. We went over the importance of arbitrary reads and writes, and practiced exploiting format string vulnerabilities to get flags

Slides: Arbitrary_reads_writes_and_Format_String_presentation.pdf

02/14/2019 Meeting - Spawning Your First Remote Shell

Cybersecurity News Headlines:

• Teenager finds security issue with Macs - https://www.forbes.com/sites/thomasbrewster/2019/02/06/teenager-finds-apple-mac-hack-that-steals-passwords-with-evil-apps/#12bc582d1929
• Vault7 Leaker Case Continues - https://www.cyberscoop.com/vault7-joshua-schulte-misplaced-discovery-material/
• Spy ring targeting Citizen Lab Researchers found to be larger - https://apnews.com/a1d1af4256c04cc5a36347667e966a14
• Exposed data - https://arstechnica.com/information-technology/2019/02/indecent-disclosure-gay-dating-app-left-private-exposed-to-web/
• VFEmail suffers 'catastrophic hack' - https://krebsonsecurity.com/2019/02/email-provider-vfemail-suffers-catastrophic-hack/
• Ubuntu Privesc Vulnerability - https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
• Connected fridges - https://techcrunch.com/2019/02/08/industrial-refrigerators-defrost-flaw/

This week, Jake gave an introduction to penetration testing and red teaming as we worked to exploit the ETERNALBLUE vulnerability. In addition, we also practiced some basic persistence commands and successfully applied the MS17-010 patch to mitigate this attack.

Slides: SpawningYourFirstShell_EternalBlue.pdf

02/07/2019 Meeting - Cross Site Scripting (XSS)

Cybersecurity News Headlines:

• Telecoms Selling Data - https://motherboard.vice.com/en_us/article/a3b3dg/big-telecom-sold-customer-gps-data-911-calls
• Phone companies providing location data - https://motherboard.vice.com/en_us/article/43z3dn/hundreds-bounty-hunters-att-tmobile-sprint-customer-location-data-years
• SIM Swapping - https://motherboard.vice.com/en_us/article/gyaqnb/hacker-joel-ortiz-sim-swapping-10-years-in-prison
• Geometry Hacking - https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html?m=1
• Malware TODO - https://app.any.run/tasks/0c226f48-e6e1-494c-862e-10b0e529c4e5

Roman gave a presentation on XSS and we practiced exploiting this vulnerability on a vulnerable site that Roman set up.

Slides: XSS_and_SQL_Injection.pdf

01/31/2019 Meeting - API Security

Cybersecurity News Headlines:

• Huawei Indictments - https://www.cnet.com/news/us-hammers-huawei-with-indictments-for-stolen-trade-secrets-fraud/
• FaceTime Bug - https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
• Exchange Bug - https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
• DNS Hijacking Warning - https://cyber.dhs.gov/ed/19-01/
• PEAR Hacked - https://www.zdnet.com/article/mystery-still-surrounds-hack-of-php-pear-website/
• Apt-get RCE - https://justi.cz/security/2019/01/22/apt-rce.html
• Project Raven - https://www.reuters.com/investigates/special-report/usa-spying-raven/
• El Chapo Trial - https://twitter.com/alanfeuer/status/1083146741078212609
• Smart Locks?? - https://twitter.com/hacks4pancakes/status/1087054044328271872
• OSINT on Twitter - https://twitter.com/AircraftSpots/status/1077982997285023744

Sam gave a presentation about API security, sharing of his experience with using APIs and some of the dos and don'ts of API security.

Slides: Do's_and_Don'ts_of_API_Security.pdf

11/08/2018 Meeting - Introduction to CCDC

Cybersecurity News Headlines:

• Communication System Failure - https://finance.yahoo.com/news/cias-communications-suffered-catastrophic-compromise-started-iran-090018710.html
• Europol Twitter Question - https://twitter.com/Europol/status/1051812094214066177
• Open-Source Intelligence reveals photo location - https://www.bellingcat.com/resources/case-studies/2018/11/08/europols-asian-city-child-abuse-photographs-geolocated/
• VirtualBox flaw - https://www.bleepingcomputer.com/news/security/virtualbox-zero-day-vulnerability-details-and-exploit-are-publicly-available/
• US Cyber Command Posts Malware Samples - https://www.zdnet.com/article/us-cyber-command-starts-uploading-foreign-apt-malware-to-virustotal/
• Flaw discovered in FaceTime - https://bugs.chromium.org/p/project-zero/issues/detail?id=1641

Presentation: Mariah and Jake gave a talk this week about the Collegiate Cyber Defense Competition (CCDC) and the plans to start getting ready for the 2019 season.

11/01/2018 Meeting - Introduction to Fuzzing

Cybersecurity News Headlines:

• More Indictments by the DOJ - https://www.justice.gov/opa/pr/chinese-intelligence-officers-and-their-recruited-hackers-and-insiders-conspired-steal
• Supply Chain Concerns - https://www.zdnet.com/article/us-bans-exports-to-chinese-dram-maker-citing-national-security/
• Abundance of free cybersecurity offerings for elections - https://www.zdnet.com/article/dhs-election-officials-inundated-confused-by-free-cyber-security-offerings/
• Concerns about spying - https://arstechnica.com/tech-policy/2018/10/nyt-chinese-and-russian-spies-routinely-eavesdrop-on-trumps-iphone-calls/
• Cryptocurrency Theft - https://www.zdnet.com/article/north-korea-blamed-for-two-cryptocurrency-scams-five-trading-platform-hacks/
• Windows Defender gets sandboxing - https://www.zdnet.com/article/windows-defender-becomes-first-antivirus-to-run-inside-a-sandbox/
• Typosquatting problems continue - https://www.zdnet.com/article/twelve-malicious-python-libraries-found-and-removed-from-pypi/
• More 0-days on Twitter - https://twitter.com/SandboxEscaper/status/1054744201244692485

Presentation: Daniel gave a talk this week on the concept of fuzzing in order to find vulnerabilities and logic flaws in binary applications. In addition, we practiced solving some recent CTF challenges, applying the ideas from the talk to get flags!

Slides: Fuzzing_for_Vulnerabilities.pdf

10/25/2018 Meeting - Windows Security Basics

Presentation: Calvin gave a talk on the basics of Windows Security and the quickest wins that provide the most protection with hands-on demos and exercises. We explored how sometimes simple, built-in features can be used to provide strong security gains especially in competitions like CCDC.

10/18/2018 Meeting - CTF Prep

Description: This week, we spent another week working on CTF problems in order to get ready the upcoming MetaCTF and patriotCTF events at UVA and George Mason, respectively.

10/11/2018 Meeting - Blockchain, Ethereum, and Smart Contracts

Cybersecurity News Headlines:

• Facebook Security Incident - https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html
• DOJ extradites Chinese Spy - https://www.washingtonpost.com/world/national-security/chinese-spy-charged-with-stealing-us-military-secrets-and-extradited-for-prosecution/2018/10/10/b2a7325c-cc97-11e8-920f-dd52e1ae4570_story.html
• Bloomberg "Big Hack" - https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
• DHS, Apple, and Amazon denies Supermicro story - https://www.dhs.gov/news/2018/10/06/statement-dhs-press-secretary-recent-media-reports-potential-supply-chain-compromise
• Bloomberg Article #2 - https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom
• NSA's Joyce responds to Supermicro stories - https://www.cyberscoop.com/rob-joyce-bloomberg-story-supply-chain/
• Kanye's Password - https://twitter.com/misterjamo/status/1050436638520823809

Presentation: Jack and Jake gave an overview of blockchain, Ethereum, Smart Contracts, and why we care about them in security. We looked at an example smart contract written in Solidity and deployed on the blockchain and web3 commands that allow us to interface with the blockchain/store data. After the introduction, students began to work on the NSA Codebreaker Challenge.

Slides: Ethereum_SmartContracts.pdf

10/04/2018 Meeting - CTF Basics and Prep

Presentation: This week, we spent the meeting learning what CTFs are and working through some sample problems. Then, students worked in teams on PicoCTF as they get ready for MetaCTF @ UVA later this month.

09/27/2018 Meeting - Guest Speaker: Vern McCandlish

Presentation: We had Vernon McCandlish, a Sr. Incident Responder at General Electric, come in to talk about everything from home labs to malware to career paths in cybersecurity. He talked about some of his favorite tools and gave advice on how you can "break" into the security field.

09/20/2018 Meeting - Networking Basics

Cybersecurity News Headlines:

• Email compromise at State Dept - https://www.politico.com/story/2018/09/17/state-department-email-personal-information-792665
• Magecart claims another victim - https://techcrunch.com/2018/09/19/newegg-credit-card-data-breach/
• Mirai Botnet authors' sentencing - https://krebsonsecurity.com/2018/09/mirai-botnet-authors-avoid-jail-time/
• Apple releases iOS 12 Security Report - https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf
• Not a cyberattack - https://motherboard.vice.com/en_us/article/9kvy5z/massachusetts-gas-explosion-cyberattack-hackers-speculation
• Crashing iPhones - https://www.zdnet.com/article/nasty-piece-of-css-code-crashes-and-restarts-iphones/
• Accidental Settings Change - https://www.theverge.com/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change
• Zero Day released - https://www.cyberscoop.com/nuuo-zero-day-peekaboo-video-surveillance-vulnerability/

Presentation: Roman talked about networking basics including various ports and protocols and tools such as Wireshark.

Slides: Introduction_to_Networking.pdf

09/13/2018 Meeting - Intro to Malware Analysis

Cybersecurity News Headlines:

• Poor OPSEC leads to indictment - https://www.cyberscoop.com/lazarus-group-charges-wannacry-ransomware-symantec-fireeye/
• Malicious JS steals CCs - https://www.zdnet.com/article/british-airways-breach-caused-by-the-same-group-that-hit-ticketmaster/ and https://www.riskiq.com/blog/labs/magecart-british-airways-breach/
• IoT Security Bill - https://www.zdnet.com/article/first-iot-security-bill-reaches-governors-desk-in-california/
• Twitter, Facebook testify on the hill - https://www.cyberscoop.com/foreign-influence-campaigns-facebook-twitter-sheryl-sandberg-jack-dorsey-congress/
• Trend Micro data stealing - https://www.cyberscoop.com/trend-micro-mac-app-store-browser-history/
• 0-days on Twitter - https://twitter.com/Zerodium/status/1039127214602641409

Presentation: Jake walked through the recent cybersecurity news before walking through basic reverse engineering and malware analysis. We covered some of the basic commands to analyze an unknown file, more advanced tools like HxD and IDA, and briefly discussed how we can fingerprint malware through YARA rules.

Slides: Intro_Reverse_Malware_Analysis.pdf

09/06/2018 Meeting - Interest Meeting

Cybersecurity News Headlines:

• VPNFilter Malware targets networking gear - https://blog.talosintelligence.com/2018/05/VPNFilter.html
• More bugs, more data exposed - https://www.zdnet.com/article/tmobile-bug-let-anyone-see-any-customers-account-details/
• Microsoft buys Github - https://www.theverge.com/platform/amp/2018/6/3/17422752/microsoft-github-acquisition-rumors
• Ships can be hacked too - https://www.theregister.co.uk/2018/06/06/infosec_europe_maritime_security/
• Polar fitness app exposing data - https://decorrespondent.nl/8480/this-fitness-app-lets-anyone-find-names-and-addresses-for-thousands-of-soldiers-and-secret-agents/260810880-cc840165
• Chrome Site isolation - https://security.googleblog.com/2018/07/mitigating-spectre-with-site-isolation.html
• DOJ Indictment on 12 Russian Hackers - https://www.c-span.org/video/?448407-1/12-russian-intelligence-officers-indicted-dnc-hacking
• NotPetya reporting - https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world
• ZTE, Huawei locked out of 5G builds - https://www.afr.com/news/policy/foreign-affairs/china-intensifies-criticism-of-huawei-5g-ban-20180828-h14lr0
• 0 Days on Twitter - https://www.zdnet.com/article/windows-zero-day-vulnerability-disclosed-through-twitter/
• Google Kill the URL - https://www.wired.com/story/google-wants-to-kill-the-url/
• DOJ Indictment on North Korean Hacker - https://motherboard.vice.com/en_us/article/j5nyyx/doj-charge-north-korea-wannacry-sony-hack

Presentation: Jake and Roman went over major security new since our last meeting in the spring, introduced what we do in the CNS, talked about topics for future meetings and gave an overview of our team's performance at this year's Collegiate Cyber Defense Competition(CCDC).

Slides: Welcome_and_Intro.pdf

03/01/2018 Meeting - Introduction to Binary Exploitation

Cybersecurity News Headlines:

• Connected Cars and Data Sharing - https://arstechnica.com/cars/2018/02/no-one-has-a-clue-whats-happening-with-their-connected-cars-data/
• Apple moves iCloud encryption keys to China - https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060
• Olyimpic Destroyer Attribution - http://blog.talosintelligence.com/2018/02/who-wasnt-responsible-for-olympic.html?m=1
• CSS Keylogger - https://twitter.com/captbaritone/status/966051583132758016
• Cellebrite iOS Exploits - https://www.forbes.com/sites/thomasbrewster/2018/02/26/government-can-access-any-apple-iphone-cellebrite/1

Presentation: Jake and Mariah gave a talk this evening introducing the basics of assembly, GDB/PEDA, and binary exploitation. In addition, we practiced examining actual binaries from CTF competitions in order to find the flags.

Slides: Intro_Binary_Exploitation.pdf

02/22/2018 Meeting - XSS

Cybersecurity News Headlines:

• KDE Command Injection - https://www.theregister.co.uk/2018/02/12/kde_naming_usb_drive_vuln/
• NotPeyta Cyberattack Attribution - https://www.whitehouse.gov/briefings-statements/statement-press-secretary-25/
• Darknet Diaries - https://darknetdiaries.com
• Money Laundering via Amazon books - https://krebsonsecurity.com/2018/02/money-laundering-via-author-impersonation-on-amazon/

Presentation: Roman gave a talk this evening about Cross Site Scripting (XSS) flaws. We looked at what this vulnerability is and practiced exploiting it to steal session cookies or other information.

Slides: Cross_Site_Scripting_XSS.pdf

02/15/2018 Meeting - Linux Security Basics

Cybersecurity News Headlines:

• Olympic Destroyer Malware - http://blog.talosintelligence.com/2018/02/olympic-destroyer.html
• Equifax realizes they lost even more data - http://www.zdnet.com/article/hackers-stole-more-equifax-data-than-first-thought/
• Cisco ASA vulnerability gets worse - https://www.cyberscoop.com/cisco-asa-vulnerability-worse-than-thought/
• Chrome will mark all HTTP sites as Not Secure - https://www.theregister.co.uk/2018/02/08/google_chrome_http_shame/
• BitGrail does client side validation, loses $170 million - https://twitter.com/bascule/status/962740918053888000

Presentation: Roman gave a talk this evening about basic Linux security including how user info is stored, attacker persistence mechanisms, and helpful command line tools. In addition, we looked at how to exploit path traversal vulnerabilities.

Slides: Linux Security Basics.pdf

First Blog Post

Welcome to the CNS blog!