Intelligence
Requisites
Introduction
What is Intelligence?
Intelligence is the set of activities to obtain information in the economic, labor, commercial, financial, military, personal, family, and social fields, among others, of an objective human organization (cooperative or adversary), turning it into knowledge (a useful report for leaders decide on a course of action), with the goal of causing harm or taking precautionary measures. Counterintelligence is protecting yourself from these activities.
Since computer security is the protection of the assets of a computer system where it shields against deliberate threats from adversery agents. On the contrary, computer safety shields against accidents, mishaps and external organizationl disasters. We consider cybersecurity a Intelligence subfield and computer safesty a reliability engineering.
Computer security analyzes computer-based systems, which comprise hardware, software, product vendors, algorithms, programs, interfaces, software processes, databases, communication protocols, and designs. The goal is to identify their vulnerabilities and associated threats to prevent incidents by implementing control activities.
A vulnerability refers to a weakness in the system, while a threat is the condition that can exploit that vulnerability. An incident occurs when someone takes advantage of the vulnerability using the threat. Control activities are policies, mechanisms and an extra system design considerations taken to prevent and respond to such incidents. TODO: Zero day, known, unknown, apt,.
Availability, integrity, confidentiality, authentication, nonrepudation (or accountability), auditability measure the security of the system because they enable us to measure the value of information that parties share to each other.
Confidentiality, Integrity and Availability ensure that an asset can be viewed, modified, or used only by authorized parties, respectively [AND73]. These properties together form the Security Triad or CIA triad. ISO 7498-2 added authentication and nonrepudiation. The former confirms the identity of a sender, while the latter ensures that a sender cannot convincingly dispute their authorship. The U.S. Department of Defense added auditability. It traces all actions related to some interesed asset.
Contrary to the concepts of security, fabrication, interception, modification, and interruption are considered harmful actions. A fabrication attack introduces illegitimate information into the system, while an interception attack gains access to confidential information. An interruption attack degrades a system or renders it unavailable for legitimate use. A modification attack threatens the integrity of the information.
Physical security
Alice and Bob
The attacker mindset
Types of Attackers
Terrorists, hackers, criminal-for-hire, individuals, governments, organized crime members, loosely connected group.
Geopolitics
Hacking, hackers, crackers, ….
https://www.youtube.com/watch?v=k_zz3239DA0&ab_channel=JohnnyHarris
Risk
Roles of Compliance and Auditors
Attack methodologies
Cyber Kill Chain
ATT&CK
Diamond Model
Why does Intelligence matter to you?
Ecosystem
Standards, jobs, industry, roles, …
Hacker One
Red teams
bug bounty hunter
Gadgets
Research
Conferences
DEF CON
BugCon
Economics
Certifications
Beginner certifications are CompTIA A+, CompTIA Linux+, CompTIA Network+, CompTIA Security+, CCNA. Advanced certifications are CISSP, CISA, CISM, GSEC, GPEN, GWAPT, GIAC, OSCP, CREST, CEH.
Jobs
Intelligence Analysts
Culture
https://www.youtube.com/watch?v=przDcQe6n5o&ab_channel=Google
Capture the flag (CFT) and labs
CFT is an contest to find hidden text strings in vulnerable systems. Some the plataforms that offers to play CFT over the Internet are HackTheBox, TryHackMe, VulnHub, picoCFT, SANS Holiday Hack Challenge.
Some nice people offers labs to practice in a safe and reproducible environment the different attacks. In particular, we recommend you SEED Security labs by Wenliang Du, his book and lectures are wonderful to learn cybersecurity.
https://seedsecuritylabs.org/index.html
https://www.handsonsecurity.net/
Tricks
https://book.hacktricks.xyz/welcome/readme
Story
Disclaimer
Refer to
FAQ
Worked examples
Backups
Backups are essential for data recovery and business continuity. Implementing best practices ensures that your backups are reliable, secure, and fit the purpose. Here's a rundown of the key best practices for backups:
- 3-2-1 Rule:
- Keep at least 3 copies of your data.
- Store 2 backup copies on different devices or mediums.
- Keep 1 copy offsite, away from your primary location.
- Regularly Schedule Backups:
- Automate backups to occur at regular intervals, such as daily, weekly, or monthly.
- Adjust the frequency depending on the importance and frequency of changes in your data.
- Test Your Backups:
- Regularly test restoring from backups to ensure data integrity and that the restoration process works.
- Document and familiarize your team with the restoration process.
- Encryption:
- Encrypt backups to ensure data confidentiality, especially for sensitive data.
- Use strong encryption algorithms and keep encryption keys secure.
- Retention and Rotation:
- Determine how long you need to keep backup copies (retention period) based on legal, regulatory, and business requirements.
- Implement a rotation scheme (e.g., Grandfather-Father-Son) to manage multiple backup versions.
- Monitoring and Notifications:
- Monitor backup processes for failures or issues.
- Set up notifications or alerts for backup successes, failures, or other significant events.
- Backup Storage and Media:
- Use reliable backup storage media.
- Store offsite backups in a secure, environmentally controlled location to protect against natural disasters and theft.
- Periodically replace or refresh storage media to ensure durability.
- Versioning:
- Keep multiple versions of your backups to protect against data corruption, accidental deletions, or ransomware that might corrupt recent backups.
- Incremental and Differential Backups:
- Instead of always taking full backups, use incremental or differential backups to save time and storage.
- Incremental backups save changes since the last backup (whether full or incremental).
- Differential backups save changes since the last full backup.
- Instead of always taking full backups, use incremental or differential backups to save time and storage.
- Isolate Backup Systems:
- Keep backup systems separate from the main network to protect against ransomware and other threats.
- Backup Application Settings and Configurations:
- Alongside data, back up application settings, configurations, and system states to ensure quick recoveries.
- Stay Updated:
- Regularly update and patch backup software to protect against vulnerabilities.
- Document Everything:
- Maintain comprehensive documentation of backup policies, procedures, schedules, and restoration processes.
- Ensure key personnel are familiar with these documents.
- Review and Adjust:
- Periodically review and adjust backup strategies as your business needs, technologies, and threat landscapes evolve.
Lastly, remember that the end goal of backups isn't just to have a copy of your data but to be able to restore and use that data when needed. Always approach backups with recovery in mind.
Authentication and authorization
Identification and Authentication, federated identity managment, multicator authentication, secure authentication, authentication based on biometrics, on phrases and facts, on tokens.
IAM
PAM
https://www.youtube.com/watch?v=5uNifnVlBy4
Ensure Authority and Authorization with Access control
Accesss policies
Implementing access control
Procedure-oriented access control
Role-based access control
General issues in access control
Firewalls
Secure mobile code
Denials of service
Secure naming
Reference architecture
Lightweight Directory Access Protocol
SSO
SML and OpenID
Federeration
Full-suite
Certificates
Local Auth
Kerberos
OpenID
RADIUS
Identity management
Helpers
Yubikeys
Password manager
Two-factor authentication
Zero-knowledge architecture
Zero-trust
Zero-knowledge proof
https://www.youtube.com/watch?v=HUs1bH85X9I&ab_channel=Computerphile
https://www.youtube.com/watch?v=cI5lkif-V1c&ab_channel=ALEXonScience
https://www.youtube.com/watch?v=yn6CPQ9RioA&ab_channel=IBMTechnology
IETF protocol for AAA
Kerberos
Open Radius
OAuth
SAML. Security Assertion Markup Language.
Multi-tenant
SASL2 https://www.gnu.org/software/gsasl/
Authentication, authorization, and accounting framework
Security management
Key management
Vault
Secure group management
Authorization management
Accounting
Worked examples
Notes
FAQ
Further resources
Cryptography
The first method of encryption was simple, these algorithms hide the messages by substitution and transposition of plaintext characters.
1.1 Cryptography
1.1.1 Cryptosystem
1.1.2 Steganography
1.1.3 Cryptanalysis
1.1.4 Security
1.2 Number Theory
1.2.1 Prime Numbers
1.2.2 Fermat and Euler's Theorem
1.2.3 Modular Algebra
1.2.4 Chinese Remainder Theorem
1.2.5 Discrete Logarithms
2.1 Monoalphabetic Substitution
2.1.1 Caesar Cipher
2.1.2 Decimated Alphabet Cipher
2.1.3 Affine Cipher
2.1.4 Cryptanalysis of Monoalphabetic Systems
2.2 Polyalphabetic Substitution
2.2.1 Homophonic Substitution
2.2.2 Vigenère Cipher
2.2.3 The Original Vigenère Method
2.2.4 Cryptanalysis of the Vigenère System
2.3 Polygraphic Systems
2.3.1 Playfair Cipher
2.3.2 Four-Square Cipher
2.3.3 Two-Square Cipher
2.3.3.1 Vertical Two-Square Cipher
2.3.3.2 Horizontal Two-Square Cipher
2.3.4 Hill Cipher
2.3.5 Cryptanalysis of Polygraphic Systems
2.4 Historical Long-Key Systems
2.4.1 Vernam Cipher and Perfect Security
2.4.2 ENIGMA
2.4.3 PURPLE
3.1 The Data Encryption Standard - DES
3.1.1 The Origin of DES
3.1.2 Description of DES
3.1.3 Feistel Networks
3.1.4 Some Properties of DES
3.1.5 Weak, Semi-Weak, and Possibly Weak Keys
3.2 Algebraic Properties of DES
3.3 Cryptanalysis of DES
3.3.1 Simplified Feistel Network: SFN
3.3.2 Differential Cryptanalysis of SFN
3.3.3 Linear Cryptanalysis
3.4 Public-Key Cryptography
3.4.1 Public-Key Cryptography
3.4.2 Diffie-Hellman Key Exchange
3.4.3 Massey-Omura Message Sending Cryptosystems
3.4.4 ElGamal Cryptosystem
3.4.5 RSA Cryptosystem
3.5 Cryptanalysis of Public-Key Systems
3.5.1 Break vs. Total Break
3.5.2 Problems Associated with Public-Key Cryptosystems
3.5.3 The Discrete Logarithm Problem
3.5.4 The Factoring Problem
4.1 Hash Signatures
4.2 Cryptographic Tools
4.2.1 TOR
4.2.2 Ransomware
4.2.3 PGP, SSL, SSH
4.2.4 VPNs & IPSec
4.2.5 TLS
JOSE (JWE, JWT, JWS)
Paseto
Entropy
Salting
Hash functions
HMAC
Hardware security modules (HSM)
Symmetric algorithms
AES, Blowfish
Asymmetric Algorithms
Rabin Algorithm, RSA Algorithm
Key exchange
ECDHE
DHE
ECDH
DH
RSA
PSK
Public-Key Cryptography Standards (PKCS)
Encryption
Symmetric cryptography
Asymmetric cryptography
PKI
Digital signatures
Keys and certificates are stored in a lot of different formats, but hopefully, it is easy to convert from one format to another. Some of the most common formats are:
DER certificate. It contains the data in its binary form, using ASN.1 encoding. Most of the time you find DER certificates with .crt .cer .der extensions.
PEM certificate. It contains the data from DER in ASCII format, using base64 encoding with a header -----BEGIN CERTIFICATE-----
, and a footer -----END CERTIFICATE-----
.
Legacy OpenSSL key format. SSLeay compatible.
PEM key
PKCS #7. The format for the transport of signed or encrypted data in plain text.
pkcs7=sign(certificate,private_key, data)
PKCS #8 key. The new format for the private key.
PKCS #12 (PFX) key and certificate
https://www.openssl.org/docs/man1.1.1/man1/openssl-rsa.html
Applied Cryptography, Second Edition: Protocols, Algorithms, and Source
Code in C (cloth)
Public key infrastructure
Certificate authority
Cryptographic Message Syntax
X.509
ASN.1
PEM files
BER (Basic Encoding Rules)
Certificates
.key
, .csr
, .pem
.der
.cert, cer .crt
.p7b, .keystore
.crl
PEM
PKCS7
DER
Government, law, and handwritten signatures
Mexico has accepted digital signatures
https://www.diputados.gob.mx/LeyesBiblio/pdf/LFEA_200521.pdf
http://www.economia.unam.mx/publicaciones/econinforma/369/08leonizquierdo.pdf
https://www.zimuel.it/blog/sign-and-verify-a-file-using-openssl
Worked example.
Client side. forge
Server side. OpenSSL
Bulletproof SSL and TLS
OpenSSL
PGP and GPG
PGP (Pretty Good Privacy) is a product invented by Phil Zimmermann in 1991 and is currently developed by Symantec Corporation. In contrast, OpenPGP is a standard that expands upon PGP. GnuPG (GNU Privacy Guard) is a free software implementation of the OpenPGP standard. Various GUI (Graphical User Interface) clients, such as Kleopatra, KGpg, and Claws Mail, facilitate the operation of GnuPG. It is also important to note that each programming language and operating system may have its unique implementation or method for integrating GnuPG. Indeed, GnuPG can be used with several programming languages and operating systems, including PHP, Python, JavaScript, Unix, and Windows. GnuPG is an alternative to OpenSSL for managing asymmetric cryptography. Similar to OpenSSL, you can sign and encrypt data with PGP. However, PGP differs in that it utilizes a web of trust for its operations, as opposed to the X.509 certificates and root entities used by OpenSSL.
gpg -c file
gpg --decrypt file.asc
gpg --search-key DF0925CFEC52C98E4CEB826ADB57E52EDEE4E4D2
echo "Hello World! This is important. My real name is [email protected]" | gpg --encrypt --sign --armor -r DF0925CFEC52C98E4CEB826ADB57E52EDEE4E4D
gpg --armor --export DF0925CFEC52C98E4CEB826ADB57E52EDEE4E4D2
# Prints the GPG key ID, in ASCII armor format
Web of trust
Social proof
https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own
(Admin), X. G. (2022). A Practical Guide to GPG Part 1: Generate Your Public/Private Key Pair. LinuxBabe. Retrieved from https://www.linuxbabe.com/security/a-practical-guide-to-gpg-part-1-generate-your-keypair
Ellingwood, J. (2017). How To Use GPG to Encrypt and Sign Messages. DigitalOcean. Retrieved from https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages
Security and Cryptography. (2022, October 27). Retrieved from https://missing.csail.mit.edu/2020/security
GPG Keys Cheatsheet. (2022, November 02). Retrieved from https://rtcamp.com/tutorials/linux/gpg-keys
Spam?
Spam protection for public GPG keys? (2022, November 02). Retrieved from https://security.stackexchange.com/questions/119271/spam-protection-for-public-gpg-keys
https://www.cs.umd.edu/~jkatz/papers/cryptography.pdf
https://www.youtube.com/watch?v=AS66q6ykLCs
https://github.com/sobolevn/awesome-cryptography#articles
https://www.feistyduck.com/library/openssl-cookbook/online/
JOSE
https://web-token.spomky-labs.com/console-command/console
https://github.com/dvsekhvalnov/jose-jwt
JSON Web Encryption
Create your pair of keys
./jose.phar key:generate:rsa --use enc -a RSA-OAEP-256 2048 > private.key
./jose.phar key:convert:public "$(cat private.key)" > public.key
Steganography
The poor cousin of Cryptography
Security by obscurity
Machine Identification Code
https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots
https://github.com/KuroLabs/stegcloak
https://www.youtube.com/watch?v=Py-qu9KWXhk
https://www.sentinelone.com/blog/hiding-code-inside-images-malware-steganography/
Sec lists
https://github.com/danielmiessler/SecLists
Automated decryption/decoding/cracking tool
https://github.com/Ciphey/Ciphey
https://github.com/swanandx/lemmeknow
PyWhat
References
- Baumslag, G., Fine, B., Kreuzer, M., & Rosenberger, G. (2015). A Course in Mathematical Cryptography. De Gruyter. Available at: EBSCOhost [Clásica].
- Bock, L. (2021). Modern Cryptography for Cybersecurity Professionals: Learn how you can leverage encryption to better secure your organization's Data. Packt Publishing Ltd.
- FĂşster, A. (2012). CriptografĂa, protecciĂłn de datos y aplicaciones: una guĂa para estudiantes y profesionales. Alfaomega. [Clásica].
- Jimeno, M. T., Caballero, M. A., MĂguez, C., Matas, A. M., y Heredia, E. (2012). La biblia del hacker. Anaya Multimedia. [Clásica].
- Maiorano, A. (2009). CriptografĂa: tĂ©cnicas de desarrollo para profesionales. Alfaomega. [Clásica].
- Musa, S. M. (2018). Network Security and Cryptography. Mercury Learning & Information. Available at: EBSCOhost
- Paar, C. & Pelzl, J. (2010). Understanding Cryptography. Springer. [Clásica].
- Arboledas, D. (2017). CriptografĂa sin secretos con Python. RA-MA Editorial. Available at: EBSCOhost.
- Menezes, A. J., van Oorschot, P. C., & Vanstone, S. A. (1997). Handbook of Applied Cryptography. CRC Press. [Clásica].
Secure channels
Ciphersuite
A cyphersuite consists of the Key Exchange, Authentication, Encryption and Hashing protocols agreement between two parties.
TLS, secure and unsecure protocols
SSL, TLS, mTLS
https://www.ssllabs.com/ssltest/
SSL, HTTPS, …
SSL Pinning
Checkm8 Exploit
https://frida.re/docs/android/
https://github.com/sensepost/objection
HTTP Public Key Pinning
https://appinventivinsider.medium.com/how-to-bypass-ios-ssl-pinning-7a65ea149e69
https://gupta-bless.medium.com/ssl-pinning-is-it-really-secures-us-from-mitm-attacks-6626787e9e1e
IPSec
Plain text
Proton Email
Signal, Keybase
SSH
Matrix (social app)
VPN
WireGuard, OpenVPN, IPsec, L2TP, IKEv2, Tinc, PPTP
Full disk encryption
cryptsetup + LUKS on Linux, BitLocker on Windows, or FileVault on macOS.
tor vs vpn
One, T. H. (2020, February 08). Tor vs VPN | Which one should you use for privacy, anonymity and security. Youtube. Retrieved from https://www.youtube.com/watch?v=6ohvf03NiIA&ab_channel=TheHatedOne
References
Baumslag, G., Fine, B., Kreuzer, M. & Rosenberger, G. (2015).
A Course in Mathematical Cryptography. De Gruyter.
https://search.ebscohost.com/login.aspx?
direct=true&db=e000xww&AN=1016960&lang=es&site=
ehost-live [Clásica].
Bock, L. (2021). Modern cryptography for Cybersecurity
Professionals: Learn how you can leverage encryption
to better secure your organization's Data. Packt
Publishing Ltd.
FĂşster, A. (2012). CriptografĂa, protecciĂłn de datos y
aplicaciones: una guĂa para estudiantes y profesionales.
Alfaomega. [Clásica].
Jimeno, M. T., Caballero, M. A., MĂguez, C., Matas, A. M., y
Heredia, E. (2012). La biblia del hacker. Anaya
Multimedia. [Clásica].
Maiorano, A. (2009). CriptografĂa: tĂ©cnicas de desarrollo para
profesionales. Alfaomega. [Clásica].
Musa, S. M. (2018). Network Security and Cryptography.
Mercury Learning & Information.
https://search.ebscohost.com/login.aspx?
direct=true&db=e000xww&AN=1809143&lang=es&site=
ehost-live
Paar, C. & Pelzl, J. (2010). Understanding Cryptography.
Springer. [Clásica].
Tor
Nonce
Programs
Buffer overflow
Secure programming
https://www.youtube.com/watch?v=jeLuKUGho0A
https://www.youtube.com/watch?v=SBGZCIwkNw8&ab_channel=redcudimexico
https://www.youtube.com/watch?v=YjMViAgoIFo&ab_channel=redcudimexico
Obfuscation
Reverse engineering
Practical Reverse Engineering: X86, X64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Reverse Engineering for Beginners by Dennis Yurichev
Reverse Engineering: Technology of Reinvention by Wego Wang
Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly by Dennis Andriesse
https://blackarch.org/reversing.html
Drivers
Linux programs
Windows (.exe)
Android apps (.apk)
Generally, we’re working with emulator such as Andoird Studio AVD Emulator or Genymotion. In our case, we’re going to work with Genymotion because by default are rooted. We’ve chosen Samsung Galaxy S7, Android API 12, and we’ve installed Magisk such that we can install some interesting modules.
Kotlin and Java
SMALI
Mobile Security Frawework MobSF
https://github.com/MobSF/Mobile-Security-Framework-MobSF
Frida
Medusa
https://github.com/Ch0pin/medusa
TODO
https://blackarch.org/mobile.html
https://owasp.org/www-project-mobile-app-security/
iPhone apps (.ipa)
Certification
MANIFEST.MF + CERT.SF +CERT.RSA
Cyber forensics
OSINT
What is it?
Maltego Casefile
Web Footprinting
Person footpriting
Organization footpriting
Getting data from social media
TOR and researching from Deep Web
Analyze metatada
RAD
Shodan
SPAM
Check numbers in databases
Maltego CE
SpiderFoot and Leaks
Check reputation
Web security
Web server settings
TLS
HPKP
Cipher suite
https://ssl-config.mozilla.org/
SSL Pinning
Public-Key-Pins: pin-sha256="base64=="; max-age=expireTime [; includeSubDomains][; report-uri="report"]
API REST
OWASP
https://owasp.org/www-project-web-security-testing-guide/latest/
Proxies
https://apps.apple.com/mx/app/surge-5/id1442620678
https://infosecwriteups.com/frida-objection-without-jailbreak-27a66501bf38?gi=770230767a38
https://github.com/KJCracks/Clutch
https://github.com/BishopFox/bfinject
Bursuite
Fiddler
CAIDO
TamperDev
mitmproxy
https://chrome.google.com/webstore/detail/hackers-toolkit/iebkeiopbbfnmieadmojmocohdmaghmb
Zed Attack Proxy (ZAP)
Postman
https://twitter.com/LiveOverflow/status/1709461266979307633
Artificial Intelligence
https://github.com/cchio/deep-pwning
https://github.com/emalderson/ThePhish
https://github.com/CRED-CLUB/ARTIF
EDR
Melody-Raven
BlueSpawn
Harding Windows
Inori
SPA
Save all dynamic resources with Save All Resources.
References
- LeBlanc, J., & Messerschmidt, T. (2016). Identity and Data Security for Web Development: Best Practices. O'Reilly. [Clásica]
Operating systems
Hardening
Kon-Boot
USB Protection
USB Rubber Ducky
https://github.com/USBGuard/usbguard
Networks
nslookup
iptablesg
packet sniffers
ipconfig
netstat
port scanners
piong
ding
arp
protocol analyzers
nmap
route tcpdump
tracert
Man-in-the-middle
IMSI Catchers
Firewalls
Term origin
When firefighters try to stop the spread of a forest fire, they burn the area surrounding it. This is area called a firewall.
pfSense and OPNSense
Suricata
Snort
tcpdump
Honeypots
Databases
IBM Cloud Education. (2019, August 27). Database Security: An Essential Guide. Retrieved December 10, 2021, from IBM Cloud.
Raj, P., & Deka, G. C. (2018). A Deep Dive into NoSQL Databases: The Use Cases and Applications. Elsevier.
Savas, O., & Deng, J. (2021). Big Data Analytics in Cybersecurity. Auerbach.
Cloud computing
The internet of things
Social engineering
Management and Incidents
Preparation, identification, containtmenet, eradication, reovery, leassons learned.
Standards
ISO/IEC 27001 CIS, ISO27005, ISO27017, ISO27018, ISO27035, ISO27701 and NIST.
OWASP
Blue team, purple team, red team
Offensive countermeasures. Teh art of active defense. John Strand.
Blue Team Field Manual (BTFM) (RTFM) Alan J White, Ben Clark.
NIST Cybersecurity Framework
Intrusion Detection System
.6.1 IDS
3.6.2 IPS
3.6.3 SIEM
Intrusion Prevention System
References
- Chio, C., & Freeman, D. (2018). Machine Learning and Security: Protecting Systems with Data and Algorithms. O'Reilly.
- Verma, R. M., & Marchette, D. J. (2020). Cybersecurity Analytics. CRC Press, Taylor & Francis Group.
- Chakraborty, R., Ghosh, A., & Mandal, J. K. (2021). Machine Learning Techniques and Analytics for Cloud Security. Wiley.
- Saxe, J., & Sanders, H. (2018). Malware Data Science: Attack Detection and Attribution. No Starch Press.
Secure system development
Blue team, red team and purple team
Penetration Testing
Devops
Hardening Checklists
MAC-based
NAC-based
Port blocking
Group policy
ACLs
Sinkholes
Patching
Jump Server
Endpoint Security
Isolation
References
Information Security Best Practices: 205 Basic Rules by George L Stefanek
Defensive Security Handbook: Best Practices for Securing Infrastructure
Secure Coding: Principles and Practices by Mark G. Graff, Kenneth R. van Wyk
Conklin, W. A., White, G. B., Cothren, C., Davis, R., & Williams, D. (2018). Principles of Computer Security: CompTIA Security+ and Beyond (Exam SY0-501). McGraw-Hill Education.
Chebbi, C. (2018). Mastering Machine Learning for Penetration Testing: Develop an Extensive Skill Set to Break Self-Learning Systems Using Python. Packt Publishing Ltd.
Diogenes, Y., & Ozkaya, E. (2018). Cybersecurity - Attack and Defense Strategies: Infrastructure Security with Red Team and Blue Team Tactics. Packt.
Intelligence assessment
Tail OS
Intelligence assessment, Intelligence or Intel (information gathering)
Espionage
Edward Snowden
Useful idiot
Strategic intelligence
Military intelligence
Business intelligence
Police intelligence
OSINT
Surveillance
5 eyes alliance
Cyberwarfare
Operation Aurora
Mass media
Libres, L. V. n. h. (2018, April 13). LAS NOTICIAS SON PROPAGANDA - ABRE LOS OJOS. Youtube. Retrieved from https://www.youtube.com/watch?v=naleYSK-5y8&t=15s&ab_channel=LaVerdadnosharálibres
References
Institutions
National Intelligence Centre in Mexico
Literature
Lerner, K. Lee and Brenda Wilmoth Lerner, eds. Encyclopedia of Espionage, Intelligence and Security (2003)
La seguridad nacional de MĂ©xico, una visiĂłn integradora
https://www.youtube.com/watch?v=tUjBpvxupq8&ab_channel=ADNOpiniĂłn
Research
Journal of Information and Intelligence
Malware
Code mobility
Malware
Self-replication
Host
Payload and vulnerabilities
Rootkits
- Types:
- Spyware
- Adware
- Cryptojacking
- Ransomware: wannacry
- DDoS: over 1Tbps
- Infection Methods:
- Software exploits
- zero-day exploits: zerodium
- Drive-by downloads
- exploits vulnerabilities in client software
- Malicious networks
- Supply chain attack:
- hardware trojan: malicious change to circuits or chips
- software supply-chain attacks: xcodeghost
- backdoored ssh clients
- Comprimised server
- Self-replicating malware
- virus, modify other programs to include copies of itself, use self-modication to mutate and avoid detection
- encrypted virus: contains a short functino that decrypts its main code into memory and runs it
- polymorphic viruses: re-encrypt, metamorphic: rewrite themselves
- worm: spread by exploiting network vulnerabilities to run copies of itself on remote systems
- remote code-injection: SQL Slammer
- cross-site scripting: samy worm
- Morris worm: first prosecuted under cfaa
- buffer overflow, propagated via rsh and cracked passwords
- virus, modify other programs to include copies of itself, use self-modication to mutate and avoid detection
- Distributed malware: bots and botnets
- ...
- Software exploits
- Concealing malware: rootkits
- Advanced persistent threats
https://textbook.cs161.org/network/malware.html
Virus
Ransomware
Young, Adam L.; Yung, Moti (2017). "Cryptovirology: The Birth, Neglect, and Explosion of Ransomware". Communications of the ACM. 60 (7): 24–26. doi:10.1145/3097347. S2CID 232783395. Retrieved 14 August 2024.
Young, A.; M. Yung (1996). Cryptovirology: extortion-based security threats and countermeasures. IEEE Symposium on Security and Privacy. pp. 129–140. doi:10.1109/SECPRI.1996.502676. ISBN 0-8186-7417-2.
Detection methods
Antimalware and antivirus
clamav
squid
Signature-based detection, antivirus, flag unfamiliar code
Recovery methods
Malware analysis and Reverse engineering Malware
Running untrusted code
https://cs155.stanford.edu/lectures/03-isolation.pdf
Cross-Site Scripting (XSS)
Scan porting
Clickjacking/User Interface (UI) Attacks
https://www.youtube.com/watch?v=bYBiud3DCHA
Assignments
Compiler Trojan horse: Modify LLVM to implement the self-propagating compiler-resident Trojan horse suggested by Ken Thompson in Reflections on Trusting Trust. Your Trojan should propagate when LLVM builds a new copy of itself, and it should inject a demonstration payload when compiling some standard utility program. Bonus challenge: Make a single Trojan that works with two or more compilers, propagating when each builds itself or the other.
Kernel-level rootkit: For the operating system of your choice, construct a rootkit (like the one described here) that operates in kernel mode and hides from standard administrative tools; while running, it should not be visible in the file system, process list, or startup files. Bonus challenge: Implement a minimal hypervisor rootkit that contains a basic payload. You might adapt techniques from SubVirt.
Malicious code in websites: Part 1: Build a simple dummy social networking site and use it to demonstrate SQL injection, XSS, and CSRF vulnerabilities. Part 2: Construct an XSS worm to attack your site, like the Samy worm that infected MySpace. Part 3: Implement defenses against each threat. Bonus challenge: Discover an undocumented XSS vulnerability in a popular website.
Hardware Trojan: Implement and demonstrate a Trojan horse embedded into a microprocessor core. Use an FPGA (you’ll have to provide your own) and an open-source core, as in this paper. Your Trojan should implement a simple malicious function that is difficult to detect in normal operation but easy for an attacker to trigger. Bonus challenge: Implement an attack that directly subverts a widely used cryptosystem.
Firmware-resident malware: Demonstrate the potential harm of malicious firmware attacks in the context of a digital camera, using the CHDK framework: (a) Reprogram the camera so that it refuses to take a picture whenever a particular symbol (chosen by the attacker) is visible in the frame; and (b) steganographically embed the time (and location, if the camera has GPS) when each picture is taken in the pixel data so that it cannot easily be stripped out or decoded by anyone except the attacker. (Other firmware attacks would also be acceptable; see me to discuss.) Bonus challenge: Program the camera to mask your face if anyone takes a picture of you, as in this example.
Resources
Malware Data Science: Attack Detection and Attribution
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Antivirus Bypass Techniques: Learn practical techniques and tactics to combat, bypass, and evade antivirus software
Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, T. Garfinkel
Efficient Software-Based Fault Isolation, Robert Wahbe, et al.
https://www.eecs.umich.edu/courses/eecs588.w14/
Reflections on Trusting Trust. Ken Thompson. Communications of the ACM, 27(8), Aug. 1984.
CloudAV: N-Version Antivirus in the Network Cloud. Oberheide, Cooke, and Jahanian. Usenix Security 2008.
Towards Automatic Generation of Vulnerability-Based Signatures. Brumley, Newsome, Song, Wang, and Jha. Oakland 2006.
Control Flow Integrity for COTS Binaries. Zhang and Sekar. Usenix Security 2013.
Inside the Slammer Worm. Moore, Paxson, Savage, Shannon, Staniford, and Weaver. IEEE Security and Privacy, July/August 2003.
The Morris Worm: A Fifteen-Year Perspective. Orman. IEEE Security and Privacy, Sept./Oct. 2003.
Capsicum: Practical Capabilities for UNIX. Watson, Anderson, Laurie, and Kennaway. Usenix Security 2010.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code. Yee, Sehr, Dardyk, Chen, Muth, Ormandy, Okasaka, Narula, and Fullagar. Oakland 2009.
Leveraging Legacy Code to Deploy Desktop Applications on the Web. Douceur, Elson, Howell, and Lorch. OSDI 2008.
Safe Kernel Extensions Without Run-Time Checking. Necula and Lee. OSDI 1996.
The Security Architecture of the Chromium Browser. Barth, Jackson, Reis, and The Google Chrome Team. 2008.
The Ten-Page Introduction to Trusted Computing. Martin. 2008.
Computer & Network Security EECS 588
"Malicious Software" de Eric L. Freudenthal
"The Art of Computer Virus Research and Defense" by Peter Szor,
The Giant Black Book of Computer Viruses by Mark Ludwig
"Computer Viruses and Malware" by Markus Jakobsson and Zulfikar Ramzan
Computer Viruses, Artificial Life and Evolution: The Little Black Book of Computer Viruses by Mark Ludwig
Computer Viruses and Malware by Jonh Aycock
https://github.com/mav8557/virus
https://dl.acm.org/doi/10.1145/358198.358210
Privacy, legal issues, ethics and Law
Digital content
Sources
sci-hub
https://thepiratebay.org/index.html
https://rutracker.org/forum/index.php
References
Inside Network Perimeter Security (2nd Edition). Northcutt, Zeltser, Winter and Ritchey. 2005.
Wenliang Du - Computer & Internet Security_ A Hands-on Approach-Wenliang Du
Castellanos , Luis R. (2015). Seguridad en Informática. Ed. Académica Española ,
Herzog, P., Jordan, M. B., Monroe, B., & Norman, G. (2015). The Network Security Essentials: Study Guide & Workbook-Volume 1. ISECOM.
Kizza, J. M. (2015). Guide to computer network security. Springer.
Pfleeger, C. P., & Pfleeger, S. L. (2015). Security in computing. Prentice Hall Professional Technical Reference
CompTIA Security
Matt, B. (2005). Computer security e art and science. 003-02-14)[2009-05-23].
Smith, R. E. (2015). Elementary information security. Jones & Bartlett Publishers.
Stewart, J. M. (2014). CompTIA Security+ Review Guide: Exam SY0-401. John Wiley & Sons
Wells, N. (2000). Guide to Linux Networking and Security. Course Technology Press
https://www.cert.org/information-for/home_networks.cfm
CTF
USB Keystroke Injection Protection
Enlace Hacktivista. (2022, September 19). Retrieved from https://enlacehacktivista.org/index.php?title=Enlace_Hacktivista
OWASP
https://www.youtube.com/watch?v=ZrXhoT_tXFE&ab_channel=%24DebugSec%24
Rafael Bucio â â µ on Twitter. (2022, October 01). Retrieved from https://twitter.com/Bucio/status/1575987501457494016
Children education
Welcome to Mara Turing Official Website for UK. (2021, March 07). Retrieved from https://maraturing.us
Mara Turing: El despertar de los hackers (The Awakening of the Hackers)
Physical security and cybersecurity – are they so different?
Security and Cryptography. (2022, October 27). Retrieved from https://missing.csail.mit.edu/2020/security
The Hated One - YouTube. (2022, October 30). Youtube. Retrieved from https://www.youtube.com/c/TheHatedOne/videos
[AND73] Anderson, J. “Information Security in a Multi-User Computer
Environment,” in Advances in Computers, v12, 1973, p1–35.
Folker, R. (2016, August 22). Intelligence Research & Collection. Youtube. Retrieved from https://www.youtube.com/watch?v=onfCJiw6iEI&ab_channel=RobertFolker