📯

Intelligence

Requisites

Introduction

What is Intelligence?

Intelligence is the set of activities to obtain information in the economic, labor, commercial, financial, military, personal, family, and social fields, among others, of an objective human organization (cooperative or adversary), turning it into knowledge (a useful report for leaders decide on a course of action), with the goal of causing harm or taking precautionary measures. Counterintelligence is protecting yourself from these activities.

Since computer security is the protection of the assets of a computer system where it shields against deliberate threats from adversery agents. On the contrary, computer safety shields against accidents, mishaps and external organizationl disasters. We consider cybersecurity a Intelligence subfield and computer safesty a reliability engineering.

Computer security analyzes computer-based systems, which comprise hardware, software, product vendors, algorithms, programs, interfaces, software processes, databases, communication protocols, and designs. The goal is to identify their vulnerabilities and associated threats to prevent incidents by implementing control activities.

A vulnerability refers to a weakness in the system, while a threat is the condition that can exploit that vulnerability. An incident occurs when someone takes advantage of the vulnerability using the threat. Control activities are policies, mechanisms and an extra system design considerations taken to prevent and respond to such incidents. TODO: Zero day, known, unknown, apt,.

Availability, integrity, confidentiality, authentication, nonrepudation (or accountability), auditability measure the security of the system because they enable us to measure the value of information that parties share to each other.

Confidentiality, Integrity and Availability ensure that an asset can be viewed, modified, or used only by authorized parties, respectively [AND73]. These properties together form the Security Triad or CIA triad. ISO 7498-2 added authentication and nonrepudiation. The former confirms the identity of a sender, while the latter ensures that a sender cannot convincingly dispute their authorship. The U.S. Department of Defense added auditability. It traces all actions related to some interesed asset.

Contrary to the concepts of security, fabrication, interception, modification, and interruption are considered harmful actions. A fabrication attack introduces illegitimate information into the system, while an interception attack gains access to confidential information. An interruption attack degrades a system or renders it unavailable for legitimate use. A modification attack threatens the integrity of the information.

Physical security

Alice and Bob

The attacker mindset

Types of Attackers

Terrorists, hackers, criminal-for-hire, individuals, governments, organized crime members, loosely connected group.

Geopolitics

Hacking, hackers, crackers, ….

https://www.youtube.com/watch?v=k_zz3239DA0&ab_channel=JohnnyHarris

Risk

Roles of Compliance and Auditors

Attack methodologies

Cyber Kill Chain

ATT&CK

Diamond Model

Why does Intelligence matter to you?

https://sanchezcarlosjr.medium.com/inteligencia-el-ataque-a-tu-libertad-o-la-actividad-para-ir-a-un-mundo-feliz-9ce1a08c28e7

Ecosystem

Standards, jobs, industry, roles, …

Hacker One

Red teams

bug bounty hunter

Gadgets

https://shop.hak5.org/

Research

Conferences

DEF CON

BugCon

Rootedcon

Economics

Certifications

Beginner certifications are CompTIA A+, CompTIA Linux+, CompTIA Network+, CompTIA Security+, CCNA. Advanced certifications are CISSP, CISA, CISM, GSEC, GPEN, GWAPT, GIAC, OSCP, CREST, CEH.

Jobs

Intelligence Analysts

Culture

https://www.youtube.com/watch?v=przDcQe6n5o&ab_channel=Google

Capture the flag (CFT) and labs

CFT is an contest to find hidden text strings in vulnerable systems. Some the plataforms that offers to play CFT over the Internet are HackTheBox, TryHackMe, VulnHub, picoCFT, SANS Holiday Hack Challenge.

Some nice people offers labs to practice in a safe and reproducible environment the different attacks. In particular, we recommend you SEED Security labs by Wenliang Du, his book and lectures are wonderful to learn cybersecurity.

https://seedsecuritylabs.org/index.html

https://www.handsonsecurity.net/

Tricks

https://book.hacktricks.xyz/welcome/readme

Story

Disclaimer

Refer to

FAQ

Worked examples

Backups

Backups are essential for data recovery and business continuity. Implementing best practices ensures that your backups are reliable, secure, and fit the purpose. Here's a rundown of the key best practices for backups:

  1. 3-2-1 Rule:
    • Keep at least 3 copies of your data.
    • Store 2 backup copies on different devices or mediums.
    • Keep 1 copy offsite, away from your primary location.
  1. Regularly Schedule Backups:
    • Automate backups to occur at regular intervals, such as daily, weekly, or monthly.
    • Adjust the frequency depending on the importance and frequency of changes in your data.
  1. Test Your Backups:
    • Regularly test restoring from backups to ensure data integrity and that the restoration process works.
    • Document and familiarize your team with the restoration process.
  1. Encryption:
    • Encrypt backups to ensure data confidentiality, especially for sensitive data.
    • Use strong encryption algorithms and keep encryption keys secure.
  1. Retention and Rotation:
    • Determine how long you need to keep backup copies (retention period) based on legal, regulatory, and business requirements.
    • Implement a rotation scheme (e.g., Grandfather-Father-Son) to manage multiple backup versions.
  1. Monitoring and Notifications:
    • Monitor backup processes for failures or issues.
    • Set up notifications or alerts for backup successes, failures, or other significant events.
  1. Backup Storage and Media:
    • Use reliable backup storage media.
    • Store offsite backups in a secure, environmentally controlled location to protect against natural disasters and theft.
    • Periodically replace or refresh storage media to ensure durability.
  1. Versioning:
    • Keep multiple versions of your backups to protect against data corruption, accidental deletions, or ransomware that might corrupt recent backups.
  1. Incremental and Differential Backups:
    • Instead of always taking full backups, use incremental or differential backups to save time and storage.
      • Incremental backups save changes since the last backup (whether full or incremental).
      • Differential backups save changes since the last full backup.
  1. Isolate Backup Systems:
  1. Backup Application Settings and Configurations:
  1. Stay Updated:
  1. Document Everything:
  1. Review and Adjust:

Lastly, remember that the end goal of backups isn't just to have a copy of your data but to be able to restore and use that data when needed. Always approach backups with recovery in mind.

Authentication and authorization

Web authentication

Identification and Authentication, federated identity managment, multicator authentication, secure authentication, authentication based on biometrics, on phrases and facts, on tokens.

IAM

PAM

https://www.youtube.com/watch?v=5uNifnVlBy4

Ensure Authority and Authorization with Access control

Accesss policies

Implementing access control

Procedure-oriented access control

Role-based access control

General issues in access control

Firewalls

Secure mobile code

Denials of service

Secure naming

Reference architecture

Lightweight Directory Access Protocol

SSO

SML and OpenID

Authelia

Authentik

KeyCloak

ZITADEL

Full-suite

Certificates

Local Auth

Kerberos

OpenID

RADIUS

Identity management

Helpers

LDAP Account Manager (LAM)

Libravatar

Pomerium

Fusion Directory

Yubikeys

Password manager

Two-factor authentication

Zero-knowledge architecture

Zero-trust

Zero-knowledge proof

https://www.youtube.com/watch?v=HUs1bH85X9I&ab_channel=Computerphile

https://www.youtube.com/watch?v=cI5lkif-V1c&ab_channel=ALEXonScience

https://www.youtube.com/watch?v=yn6CPQ9RioA&ab_channel=IBMTechnology

IETF protocol for AAA

Kerberos

Open Radius

OAuth

SAML. Security Assertion Markup Language.

Multi-tenant

SASL2 https://www.gnu.org/software/gsasl/

Authentication, authorization, and accounting framework

Security management

Key management

Vault

Secure group management

Authorization management

Accounting

Worked examples

Notes

FAQ

Further resources

Cryptography

The first methods of encryption was simple, these algorithms hide the messages by substitution and transposition of plaintext characters.

1.1 Introducción
1.1.1 Criptografía
1.1.2 Criptosistema
1.1.3 Esteganografía
1.1.4 Criptoanálisis
1.1.5 Seguridad
1.2 Teoría de números
1.2.1 Números primos
1.2.2 Teorema de Fermat y Euler
1.2.3 Álgebra modular
1.2.4 Teorema chino del residuo
1.2.5 Logaritmos discretos

2.1 Sustitución monoalfabética
2.1.1 Sistema criptográfico de César
2.1.2 Cifrado con alfabeto decimado
2.1.3 Cifrado afín
2.1.4 Criptoanálisis de sistemas monoalfabéticos
2.2 Sustitución polialfabética
2.2.1 Sustitución con homófonos
2.2.2 Cifrado de Vigenère
2.2.3 El método original de Vigenère
2.2.4 Criptoanálisis del sistema de Vigenère
2.3 Sistemas poligráficos
2.3.1 Sistema poligráfico de Playfair
2.3.2 Sistema de cuatro cuadrados
2.3.3 Sistema de dos cuadrados
2.3.3.1 Sistema vertical de dos cuadrados
2.3.3.2 Sistema horizontal de dos cuadrados
2.3.4 Sistema de Hill
2.3.5 Criptoanálisis de sistemas poligráficos
2.4 Sistemas históricos de llave larga
2.4.1 Cifrado de Vernam y seguridad perfecta
2.4.2 ENIGMA
2.4.3 PÚRPURA

3.1 El estándar de cifrado de datos - DES
3.1.1 El origen de DES
3.1.2 Descripción de DES
3.1.3 Redes de Feistel
3.1.4 Algunas propiedades de DES
3.1.5 Llaves débiles, semi-débiles y posiblemente débiles
3.2 Propiedades algebraicas de DES
3.3 Criptoanálisis de DES
3.3.1 Red de Feistel simplificada: RFS
3.3.2 Criptoanálisis diferencial de RFS
3.3.3 Criptoanálisis lineal
3.4 Criptografía de llave pública
3.4.1 Criptografía de llave pública
3.4.2 Intercambio de llaves de Diffie-Hellman
3.4.3 Criptosistemas de envío de mensajes Massey-Omura
3.4.4 Criptosistema de ElGamal
3.4.5 Criptosistema RSA
3.5 Criptoanálisis de sistemas de llave pública
3.5.1 Ruptura contra ruptura total
3.5.2 Problemas asociados a los criptosistemas de llave pública
3.5.3 El problema del logaritmo discreto
3.5.4 El problema de factorización

4.1 Firmas hash
4.2 Herramientas criptográficas
4.2.1 TOR
4.2.2 Ransomware
4.2.3 PGP, SSL, SSH
4.2.4 VPNs & IPSec
4.2.5 TLS

JOSE (JWE, JWT, JWS)

Paseto

Entropy

Salting

Hash functions

HMAC

Hardware security modules (HSM)

https://github.com/Ciphey/Ciphey

Symmetric algorithms

AES, Blowfish

Asymmetric Algorithms

Rabin Algorithm, RSA Algorithm

Key exchange

ECDHE

DHE

ECDH

DH

RSA

PSK

Public-Key Cryptography Standards (PKCS)

Encryption

Symmetric cryptography

Asymmetric cryptography

PKI

Digital signatures

Keys and certificates are stored in a lot of different formats, but hopefully it is easy convert from one format to another. Some of the most common formats are:

DER certificate. It contains the data in its binary form, using ASN.1 encoding.The most of the time you find DER certificates with .crt .cer .der extensions.

PEM certificate. It contains the data from DER in ASCII format, using base64 encoding with a header -----BEGIN CERTIFICATE----- , and a footer -----END CERTIFICATE-----.

Legacy OpenSSL key format. SSLeay compatible.

PEM key

PKCS #7. The format for the transport of signed or encrypted data in plain text.

pkcs7=sign(certificate,private_key, data)

PKCS #8 key. The new format for the private key.

PKCS #12 (PFX) key and certificate

https://www.openssl.org/docs/man1.1.1/man1/openssl-rsa.html

Applied Cryptography, Second Edition: Protocols, Algorthms, and Source
Code in C (cloth)

Public key infrastructure

Certificate authority

Cryptographic Message Syntax

X.509

ASN.1

PEM files

BER (Basic Encoding Rules)

Certificates

.key, .csr, .pem

.der

.cert, cer .crt

.p7b, .keystore

.crl

PEM

PKCS7

DER

Goverment, law and handwritten signatures

Mexico have accepted digital signatures

https://www.diputados.gob.mx/LeyesBiblio/pdf/LFEA_200521.pdf

http://www.economia.unam.mx/publicaciones/econinforma/369/08leonizquierdo.pdf

https://www.zimuel.it/blog/sign-and-verify-a-file-using-openssl

Worked example.

Client side. forge

Server side. openssl

Bulletproof SSL and TLS

https://www.openssl.org/

PGP and GPG

PGP (Pretty Good Privacy) is a product invented by Phil Zimmermann in 1991 and is currently developed by Symantec Corporation. In contrast, OpenPGP is a standard that expands upon PGP. GnuPG (GNU Privacy Guard) is a free software implementation of the OpenPGP standard. There are various GUI (Graphical User Interface) clients, such as Kleopatra, KGpg, and Claws Mail, that facilitate the operation of GnuPG. It is also important to note that each programming language and operating system may have its unique implementation or method for integrating GnuPG. Indeed, GnuPG can be utilized in conjunction with several programming languages and operating systems, including PHP, Python, JavaScript, Unix, and Windows. For managing asymmetric cryptography, GnuPG is an alternative to OpenSSL. Similar to OpenSSL, you can sign and encrypt data with PGP. However, PGP differs in that it utilizes a web of trust for its operations, as opposed to the X.509 certificates and root entities used by OpenSSL.

gpg -c file
gpg --decrypt file.asc

gpg --search-key DF0925CFEC52C98E4CEB826ADB57E52EDEE4E4D2

echo "Hello World! This is important. My real name is [email protected]" | gpg --encrypt --sign --armor -r DF0925CFEC52C98E4CEB826ADB57E52EDEE4E4D
gpg --armor --export DF0925CFEC52C98E4CEB826ADB57E52EDEE4E4D2
# Prints the GPG key ID, in ASCII armor format

Web of trust

Social proof

https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own

(Admin), X. G. (2022). A Practical Guide to GPG Part 1: Generate Your Public/Private Key Pair. LinuxBabe. Retrieved from https://www.linuxbabe.com/security/a-practical-guide-to-gpg-part-1-generate-your-keypair

Ellingwood, J. (2017). How To Use GPG to Encrypt and Sign Messages. DigitalOcean. Retrieved from https://www.digitalocean.com/community/tutorials/how-to-use-gpg-to-encrypt-and-sign-messages

Security and Cryptography. (2022, October 27). Retrieved from https://missing.csail.mit.edu/2020/security

GPG Keys Cheatsheet. (2022, November 02). Retrieved from https://rtcamp.com/tutorials/linux/gpg-keys

Spam?

Spam protection for public GPG keys? (2022, November 02). Retrieved from https://security.stackexchange.com/questions/119271/spam-protection-for-public-gpg-keys

https://www.crypto101.io/

https://www.cs.umd.edu/~jkatz/papers/cryptography.pdf

https://www.youtube.com/watch?v=AS66q6ykLCs

https://github.com/sobolevn/awesome-cryptography#articles

https://www.feistyduck.com/library/openssl-cookbook/online/

Steganography

The poor cousin of Cryptography

Security by obscurity

Machine Identification Code

https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots

https://github.com/KuroLabs/stegcloak

https://www.youtube.com/watch?v=Py-qu9KWXhk

https://www.sentinelone.com/blog/hiding-code-inside-images-malware-steganography/

Sec lists

https://github.com/danielmiessler/SecLists

References

  1. Baumslag, G., Fine, B., Kreuzer, M., & Rosenberger, G. (2015). A Course in Mathematical Cryptography. De Gruyter. Available at: EBSCOhost [Clásica].
  1. Bock, L. (2021). Modern Cryptography for Cybersecurity Professionals: Learn how you can leverage encryption to better secure your organization's Data. Packt Publishing Ltd.
  1. Fúster, A. (2012). Criptografía, protección de datos y aplicaciones: una guía para estudiantes y profesionales. Alfaomega. [Clásica].
  1. Jimeno, M. T., Caballero, M. A., Míguez, C., Matas, A. M., y Heredia, E. (2012). La biblia del hacker. Anaya Multimedia. [Clásica].
  1. Maiorano, A. (2009). Criptografía: técnicas de desarrollo para profesionales. Alfaomega. [Clásica].
  1. Musa, S. M. (2018). Network Security and Cryptography. Mercury Learning & Information. Available at: EBSCOhost
  1. Paar, C. & Pelzl, J. (2010). Understanding Cryptography. Springer. [Clásica].
  1. Arboledas, D. (2017). Criptografía sin secretos con Python. RA-MA Editorial. Available at: EBSCOhost.
  1. Menezes, A. J., van Oorschot, P. C., & Vanstone, S. A. (1997). Handbook of Applied Cryptography. CRC Press. [Clásica].

Secure channels

Ciphersuite

A cyphersuite consists of the Key Exchange, Authentication, Encryption and Hashing protocols agreement between two parties.

TLS, secure and unsecure protocols

https://www.ssllabs.com/ssltest/

SSL, HTTPS, …

SSL Pinning

Checkm8 Exploit

https://frida.re/docs/android/

https://github.com/sensepost/objection

HTTP Public Key Pinning

https://appinventivinsider.medium.com/how-to-bypass-ios-ssl-pinning-7a65ea149e69

https://gupta-bless.medium.com/ssl-pinning-is-it-really-secures-us-from-mitm-attacks-6626787e9e1e

IPSec

Email

Plain text

Proton Email

Signal, Keybase

SSH

Matrix (social app)

https://matrix.org/

VPN

WireGuard, OpenVPN, IPsec, L2TP, IKEv2, Tinc, PPTP

Full disk encryption

cryptsetup + LUKS on Linux, BitLocker on Windows, or FileVault on macOS.

tor vs vpn

One, T. H. (2020, February 08). Tor vs VPN | Which one should you use for privacy, anonymity and security. Youtube. Retrieved from https://www.youtube.com/watch?v=6ohvf03NiIA&ab_channel=TheHatedOne

References

Baumslag, G., Fine, B., Kreuzer, M. & Rosenberger, G. (2015).
A Course in Mathematical Cryptography. De Gruyter.

https://search.ebscohost.com/login.aspx?
direct=true&db=e000xww&AN=1016960&lang=es&site=
ehost-live [Clásica].
Bock, L. (2021). Modern cryptography for Cybersecurity
Professionals: Learn how you can leverage encryption
to better secure your organization's Data. Packt
Publishing Ltd.
Fúster, A. (2012). Criptografía, protección de datos y
aplicaciones: una guía para estudiantes y profesionales.
Alfaomega. [Clásica].
Jimeno, M. T., Caballero, M. A., Míguez, C., Matas, A. M., y
Heredia, E. (2012). La biblia del hacker. Anaya
Multimedia. [Clásica].
Maiorano, A. (2009). Criptografía: técnicas de desarrollo para
profesionales. Alfaomega. [Clásica].
Musa, S. M. (2018). Network Security and Cryptography.
Mercury Learning & Information.

https://search.ebscohost.com/login.aspx?
direct=true&db=e000xww&AN=1809143&lang=es&site=
ehost-live
Paar, C. & Pelzl, J. (2010). Understanding Cryptography.
Springer. [Clásica].

Tor

Nonce

Programs

Buffer overflow

Secure programming

https://www.youtube.com/watch?v=jeLuKUGho0A

https://www.youtube.com/watch?v=SBGZCIwkNw8&ab_channel=redcudimexico

https://www.youtube.com/watch?v=YjMViAgoIFo&ab_channel=redcudimexico

Obfuscation

Reverse engineering

https://blackarch.org/reversing.html

https://cutter.re/

Drivers

Linux programs

Windows (.exe)

Android apps (.apk)

Generally, we’re working with emulator such as Andoird Studio AVD Emulator or Genymotion. In our case, we’re going to work with Genymotion because by default are rooted. We’ve chosen Samsung Galaxy S7, Android API 12, and we’ve installed Magisk such that we can install some interesting modules.

https://t.co/pP2j3k2WVG

Mobile Security Frawework MobSF

https://github.com/MobSF/Mobile-Security-Framework-MobSF

Frida

https://frida.re/

Medusa

https://github.com/Ch0pin/medusa

TODO

https://blackarch.org/mobile.html

https://owasp.org/www-project-mobile-app-security/

iPhone apps (.ipa)

Cyber forensics

Web security

Web server settings

TLS

HPKP

Cipher suite

https://ssl-config.mozilla.org/

SSL Pinning

https://www.ssllabs.com/

https://security.stackexchange.com/questions/181512/can-lack-of-certificate-pinning-be-considered-a-vulnerability

Public-Key-Pins: pin-sha256="base64=="; max-age=expireTime [; includeSubDomains][; report-uri="report"]

API REST

https://leakix.net

OWASP

https://owasp.org/www-project-web-security-testing-guide/latest/

Proxies

https://apps.apple.com/mx/app/surge-5/id1442620678

https://infosecwriteups.com/frida-objection-without-jailbreak-27a66501bf38?gi=770230767a38

https://github.com/KJCracks/Clutch

https://github.com/BishopFox/bfinject

Bursuite

Fiddler

CAIDO

TamperDev

mitmproxy

https://chrome.google.com/webstore/detail/hackers-toolkit/iebkeiopbbfnmieadmojmocohdmaghmb

Zed Attack Proxy (ZAP)

Postman

https://hetty.xyz/

https://twitter.com/LiveOverflow/status/1709461266979307633

SPA

Save all dynamic resources with Save All Resources.

References

  1. LeBlanc, J., & Messerschmidt, T. (2016). Identity and Data Security for Web Development: Best Practices. O'Reilly. [Clásica]

Operating systems

Hardening

Kon-Boot

USB Protection

USB Rubber Ducky

https://github.com/USBGuard/usbguard

https://github.com/google/ukip

Networks

nslookup

iptablesg

packet sniffers

ipconfig

netstat

port scanners

piong

ding

arp

protocol analyzers

nmap

route tcpdump

tracert

Man-in-the-middle

IMSI Catchers

Firewalls

Term origin

When firefighters try to stop the spread of a forest fire, they burn the area surrounding it. This is area called a firewall.

pfSense and OPNSense

Suricata

Snort

tcpdump

Honeypots

Databases

IBM Cloud Education. (2019, August 27). Database Security: An Essential Guide. Retrieved December 10, 2021, from IBM Cloud.

Raj, P., & Deka, G. C. (2018). A Deep Dive into NoSQL Databases: The Use Cases and Applications. Elsevier.

Savas, O., & Deng, J. (2021). Big Data Analytics in Cybersecurity. Auerbach.

Cloud computing

The internet of things

Social engineering

Management and Incidents

Preparation, identification, containtmenet, eradication, reovery, leassons learned.

Standards

ISO/IEC 27001 CIS, ISO27005, ISO27017, ISO27018, ISO27035, ISO27701 and NIST.

OWASP

Intrusion Detection System

.6.1 IDS
3.6.2 IPS
3.6.3 SIEM

Intrusion Prevention System

References

  1. Chio, C., & Freeman, D. (2018). Machine Learning and Security: Protecting Systems with Data and Algorithms. O'Reilly.
  1. Verma, R. M., & Marchette, D. J. (2020). Cybersecurity Analytics. CRC Press, Taylor & Francis Group.
  1. Chakraborty, R., Ghosh, A., & Mandal, J. K. (2021). Machine Learning Techniques and Analytics for Cloud Security. Wiley.
  1. Saxe, J., & Sanders, H. (2018). Malware Data Science: Attack Detection and Attribution. No Starch Press.

Secure system development

Blue team, red team and purple team

Penetration Testing

Devops

Hardening Checklists

MAC-based

NAC-based

Port blocking

Group policy

ACLs

Sinkholes

Patching

Jump Server

Endpoint Security

Isolation

References

Information Security Best Practices: 205 Basic Rules by George L Stefanek

Defensive Security Handbook: Best Practices for Securing Infrastructure

Secure Coding: Principles and Practices by Mark G. Graff, Kenneth R. van Wyk

Conklin, W. A., White, G. B., Cothren, C., Davis, R., & Williams, D. (2018). Principles of Computer Security: CompTIA Security+ and Beyond (Exam SY0-501). McGraw-Hill Education.

Chebbi, C. (2018). Mastering Machine Learning for Penetration Testing: Develop an Extensive Skill Set to Break Self-Learning Systems Using Python. Packt Publishing Ltd.

Diogenes, Y., & Ozkaya, E. (2018). Cybersecurity - Attack and Defense Strategies: Infrastructure Security with Red Team and Blue Team Tactics. Packt.

Intelligence assessment

Tail OS

Intelligence assessment, Intelligence or Intel (information gathering)

Espionage

Edward Snowden

Useful idiot

Strategic intelligence

Military intelligence

Business intelligence

Police intelligence

OSINT

Surveillance

5 eyes alliance

Cyberwarfare

Operation Aurora

Mass media

Libres, L. V. n. h. (2018, April 13). LAS NOTICIAS SON PROPAGANDA - ABRE LOS OJOS. Youtube. Retrieved from https://www.youtube.com/watch?v=naleYSK-5y8&t=15s&ab_channel=LaVerdadnosharálibres

References

Institutions

National Intelligence Centre in Mexico

Literature

Lerner, K. Lee and Brenda Wilmoth Lerner, eds. Encyclopedia of Espionage, Intelligence and Security (2003)

La seguridad nacional de México, una visión integradora

https://web.archive.org/web/20070612182250/https://www.cia.gov/library/intelligence-literature/index.html

https://www.youtube.com/watch?v=tUjBpvxupq8&ab_channel=ADNOpinión

Research

Journal of Information and Intelligence

Virus and Malware

Antimalware and antivirus

clamav

squid

Resources

"Malicious Software" de Eric L. Freudenthal,

"The Art of Computer Virus Research and Defense" by Peter Szor,

The Giant Black Book of Computer Viruses by Mark Ludwig

"Computer Viruses and Malware" by Markus Jakobsson and Zulfikar Ramzan

Computer Viruses, Artificial Life and Evolution: The Little Black Book of Computer Viruses by Mark Ludwig

Computer Viruses and Malware by Jonh Aycock

https://github.com/mav8557/virus

Privacy, legal issues, ethics and Law

🎇Rights and Laws

Digital content

Sources

sci-hub

https://thepiratebay.org/index.html

https://hdrezka.ag/

https://rutracker.org/forum/index.php

https://yandex.com/

https://libgen.is/

References

Inside Network Perimeter Security (2nd Edition). Northcutt, Zeltser, Winter and Ritchey. 2005.

Wenliang Du - Computer & Internet Security_ A Hands-on Approach-Wenliang Du

Castellanos , Luis R. (2015). Seguridad en Informática. Ed. Académica Española ,
Herzog, P., Jordan, M. B., Monroe, B., & Norman, G. (2015). The Network Security Essentials: Study Guide & Workbook-Volume 1. ISECOM.
Kizza, J. M. (2015). Guide to computer network security. Springer.
Pfleeger, C. P., & Pfleeger, S. L. (2015). Security in computing. Prentice Hall Professional Technical Reference

CompTIA Security

Matt, B. (2005). Computer security e art and science. 003-02-14)[2009-05-23].

Smith, R. E. (2015). Elementary information security. Jones & Bartlett Publishers.

Stewart, J. M. (2014). CompTIA Security+ Review Guide: Exam SY0-401. John Wiley & Sons

Wells, N. (2000). Guide to Linux Networking and Security. Course Technology Press

https://www.cert.org/information-for/home_networks.cfm

https://www.sans.org/

CTF

USB Keystroke Injection Protection

Enlace Hacktivista. (2022, September 19). Retrieved from https://enlacehacktivista.org/index.php?title=Enlace_Hacktivista

OWASP

https://www.youtube.com/watch?v=ZrXhoT_tXFE&ab_channel=%24DebugSec%24

Rafael Bucio ⠠⠵ on Twitter. (2022, October 01). Retrieved from https://twitter.com/Bucio/status/1575987501457494016

Children education

Welcome to Mara Turing Official Website for UK. (2021, March 07). Retrieved from https://maraturing.us

Mara Turing: El despertar de los hackers (The Awakening of the Hackers)

Physical security and cybersecurity – are they so different?

Security and Cryptography. (2022, October 27). Retrieved from https://missing.csail.mit.edu/2020/security

The Hated One - YouTube. (2022, October 30). Youtube. Retrieved from https://www.youtube.com/c/TheHatedOne/videos

[AND73] Anderson, J. “Information Security in a Multi-User Computer
Environment,” in Advances in Computers, v12, 1973, p1–35.

Folker, R. (2016, August 22). Intelligence Research & Collection. Youtube. Retrieved from https://www.youtube.com/watch?v=onfCJiw6iEI&ab_channel=RobertFolker

https://www.nowsecure.com/blog/2017/06/15/certificate-pinning-for-android-and-ios-mobile-man-in-the-middle-attack-prevention/

TODO