Introduction to Cyber Security

This refers to the strategy of using different components for defensive and offensive purposes. Most nations have either drafted or have a cyber space or cyber strategy that details what mechanisms and proposed laws apply when attacked and what rights and rules are to be followed in defending or attacking other targets.

A concept that was created in 2011by the Lockheed Martin Computer Incident Response Team. This concept basiclly discusses how APTs (Advanced Persistent Threats) are not or poorly detected by static technology.

Here we take a look at how computer or cyber technology is changing how nations engage in combat. Tomorow´s wars will be fought with computers, viruses, botnets and other computing technology.

Spy technology (just like warfare) has evolved to include computers, electronics and software into the intelligence spectrum that has evolving technical capabilities to "intercept" any and all data the flows through the internet and its systems.

The use of cyber threats for organized crime and stealing data, secrets as well as information which are then sold to the highest bidder. The lines between crime and espionage are becoming harder to distinguish today. Other areas that are included in cyber crime are stealing private data, passwords, credit cards and whole identities.

The use of computer technology and components of "traditional" IT Security for defensive purposes. This area also concentrates on protecting critical infrastructure from attacks as well as using newer methods of sandboxing and other technologies to detect and catagorize APTs and other cyber attacks.

The proactive use of attack technologies including malware, botnets DDOS and other malicous weapons to attack another company, attacker or nation-state.

Cyber Units are specially trained teams that deal with cyber threats such as war, espionage and even crime to a company or nation. When part of national security, these teams typically include components of defense as well as offense. In recent years most nations have worked on building these advanced types of military or national security technical teams.

Network based systems that analyze traffic to and from systems and block attacks as defined in a rule set.

This is an update to the original Firewall Video with additional context missing from the previous video.

We also go into types of firewalls and the pros and cons of each.

Integrating Firewalls and Defense-in-Depth

Lastly, we look at NIST 800-41 and ISO27001 recommendations and best practices for implementing firewalls.

A network alerting system that detects intrusion attempts to company or institution's resources.Newer versions integrate multiple functions such as SIEM, IDS and IPS in one platform.

A network based attack deterance system that resets TCP/IP connections or attempts to drop malicious attacks on infrastructure or systems.

Refers to collecting of intellience from open sources as opposed to closed sources (aka spying, human intelligence, etc.).

Systems collect data about what is going on in a network or systems. A challenge with dynamic and evolving threats is how to use information that we collect to help understand, detect and deter attacks either before they happen or as they are happening. Many systems today just collect too much information and the question arrises very quickly as to the value of that information if it can not be used.

Here we focus on explaining some of those systems that install agents that monitor the status and capture alerts and information of servers and critical services.

This lecture introduces another part of our "Proactive Security Team Methodology" and uses the same skills as hackers do. Malware analysis and reverse engineering looks at malware, its components and how to analyze and reverse engineer it.

This lecture introduces Vulnerability Management, its process as well as how to use it to defend against cyber attacks.

Successful security teams today and in the future must be just as dynamic and innovative as the attacks they face in cyber space. Teams that adopt a "proactive" stance in that they also learn how to "hack" their own systems, tend to be more secure than those teams that depend on more static and traditional approaches to security.

There are many different aspects to cyber security, tools and protection of data. Home users are in some cases more vulnerable than in enterprise or institutional networks because of the added risks involved if not using VPN and more elaborate network security technology in larger more complex networks.

Corporations and Businesses will have to face new threats that consistently push the boundaries of existing security technology and solutions. The dynamic and persistent nature of tomorrow´s cyber threats are changing the needs of security and methods to protect against corporate espionage and cyber crime.

The central network brain of an organization or institution that monitors the operational status of complex networks. Although tasked with watching over the network components, they also integrate with other functions such as incident management and rapid response teams.

Simular to the NOC, the Security Operations Center monitors the overall security of an enterprise or institution. Some areas that are included here are Threat Intelligence, Governance and Data Security.

A review of cyber security and what the future holds in regards to threats and defense within the context of this course.

Presentation to this training.

Handbook to this training.

This research case focuses on an example of how a BotNet can be used to monitor, infect and influence Social Media.

Recent cases of implanted backdoor technology focused on implanting boot-kits in Macs and other UEFI systems that keep systems insecure and monitored by spies or attackers (in some instances) from a distance.

Some cases in the past revolved around spyware installed on clients known as FinFisher and Hacking Team. These software suites installed via vulnerabilities and exploits that captured screenshots and circumvented authentication in order to monitor journalists, political dissidents as well as terrorists. One could argue that there needs to be methods to capture terrorist activity in order to protect nations, but there are also ramifications when these tools get into the wrong hands.

By now you certainly have heard of SCADA the malware / virus / worm that infected Nucelar Powerplants in Iran. Research from security companies found this nasty piece of work that broke centrifuges in the plants that were used for Uranium enrichment. This was the first example of a cyber war weapon that actually caused physical damage.

Liturature and discussion on 2FA and Authentication

This chapter deals with the proactive security team and how defensive and offensive technology can be used together with an approach to protect the layers and also defend the organization.

The security "onion" has different layers. Each layer has certain mechanisms and a central strategy and processes that help defend against attacks reaching the next layer. Here we go through what types to tools protect the layers.

PTES is a stanard for Penetration Testing that also has a method to its madness. Many pen tests are just point, click and report. GUI or scanners are not pen testing so we will go through the standard and some of the examples.

This section discusses the Exploitation, Post Exploitation and Reporting phases of the PTES or Penetration Testing Execution Standard.

When looking at defense of networks, secure designs and architecture are very important elements of any strategy. When we invest time in the correct placement of network devices, segmentation and access control mechanisms and security, we can only improve the overall security posture. Firewalls, switches, routers, 2 and 3 layer network switching engine configurations such as from Cisco, HP, Juniper, etc. are a key aspect of good network design.

Inspecting network traffic and analyzing what is in packets is always a must for any NOC/SOC team member. Wireshark, TCP/IP dumps are standard components of a hacker, cracker and network or cyber security techie's arsenal.

We all know BackTrack which was the pen testers toolkit based on Ubuntu Linux. Since its inception, many new tools have come out and give us options to hack and test how secure we are. Kali Linux is a standard pen testing swiss knife Linux distro with many tools already installed and waiting to go.

After looking at Kali, we also look at community based versions of other scanners that help red and blue teams secure some aspects of the network through penetration testing. As with all GUI and scanners, manual validation is always needed to verify . We will take a brief look at Metasplot (in Kali Linux) and Nessus.

Looking at web applications has grown in popularity among crackers and hackers. Many successful attacks go back to older vulnerabilities and errors in design such as simple authentication, no filtering that detects and blocks SQL Injection, etc. Web scanners are an easy and fast way to do very simple tests to figure out how easy it is to break into and pwn web applications.

Black Arch Linux is another awesome Pen Testing and Network Audit virtual machine that allows you to do many things that Kali can but needs less resources and a bit more skills since you can install single packages.

This lecture takes a look at the free or open source based HIDS / NIDS and SIEM solutions out there from OSSEC, Snort, SGUIL (network) and Squert on a Xubuntu based Linux distribution called Security Onion. This VM is a more complex than Kali and even BlackArch in that you need to understand the concept of Snort and OSSEC before collecting intrusion information and configuring alerts and rules that trigger events on the dashboards.

This talk from Hamburg Sides in 2016 focused on research I did on open source mathematics and using data to classify real from botnet users on twitter. This talk starts with the math then goes on into details about using python scripts and lastly other solutions to help with detecting real social media users from botnet based automated propaganda slingers. 

This session gives some updates to older material like NIST's ATT@CK Framework, APT Groups, Social Media and Hybrid Cyber Warfare into the Introduction course without needed an additional course. We also talk about the 3 companion books on Blockchain and Crypto, Social Media Cyber Defense as well as Cyber Defense in 2021.