Materials from Cybersecurity Section
REVS-UP Poster TemplateThe poster session for REVS-UP will be on the afternoon of Thursday June 28th. Our teams have signed up for poster printing on Wednesday June 27th at 2:00pm. All of the posters are 36"x48" or smaller. Photos and background colors should be kept to a minimum. The posters must include both the Chevron Logo and the REVS-UP logo. Posters should be exported to PDF for printing. The following PowerPoint poster template meets all of the above requirements and has the theming and colors for CSUB and NSME: 36by48_revsup_template.pptx.
Cybersecurity CareersThe section is long enough to warrant its own page. Go to the cybersecurity careers page to see details.
Lecture Notes:Created by Dr. Danforth
- Introduction, Ethics, Operational Security, Passwords
- Authentication Protocols
- More on Authentication Protocols, Best Practices for Passwords
- Password Patterns, Secure Authentication
- TCP/IP Networking
- Network Attacks
- Malware Terminology and Basics
- Why Compromises Matter: Access Control
- Graphical User Interfaces (GUIs), Security Practices Online
Lecture Notes on Kali Linux Tools:Created by Aurora Hernandez (CSUB Student Assistant for 2018 session)
Password Security Activities and WorksheetsPassword Complexity and Cracking Speed activity by Dr. Danforth
HashCat labs and worksheets by Polo Melendez (CSUB Student Assistant for 2015 session)
Encryption activity utilizes CMPS 340 Digital Forensics materials by Donna Meyers
- Password Complexity and Cracking Speed
- Introduction to Password Hashing and Cracking
- Introduction to HashCat
- HashCat Brute Force and Mask Attacks
- HashCat Mask Attacks Continued
- HashCat Hybrid Attacks
- Graphics Card and Poster Prep
- HashCat Rule Based Attacks
- Other Tools besides HashCat and Encryption
Word Lists/Dictionaries for HashcatThe following word lists / dictionary files can be used with Hashcat:
- combos2.dict - All two-character combinations
- combos3.dict - All three-character combinations
- combos4.dict - All four-character combinations
- common_passwords.dict - A list of common passwords used by people
- large.dict - A relatively large list of words, common passwords, and word variants
- english_lower.dict - Common lower-case English words
- french_lower.dict - Common lower-case French words
- german_lower.dict - Common lower-case German words
Digital Forensics Activities and WorksheetsCreated by Mark Stevens (CSUB Student Assistant for 2015 session)
Some activities utilize CMPS 340 Digital Forensics materials by Donna Meyers
- Donna's Steganography Lab
- Donna's File Signature Analysis Lab
- Windows Live Data Collection
- Disk Image Creation and Manipulation
Arduino / Internet of Things (IoT) ActivitiesQuestions about the Arduino kit should be directed to Jesse Fonseca (CSUB Student Assistant for 2018 session)
- Manual for Arduino kit
- 2018 prediction: securing IoT-connected devices will be a major cybersecurity challenge
- What You Need To Know About Cybersecurity And The Internet Of Things
- Cybersecurity policy for the Internet of Things - Microsoft whitepaper on IoT security.
Cybersecurity Websites and ComicsWebsites and comics relating to cybersecurity.
- CyberPatriot Training Modules - Archived modules on cybersecurity provided by the national CyberPatriot competition.
- Krebs on Security - Blog and in-depth analysis of cybersecurity news.
- Slashdot - Link aggregation website that focuses primarily on technology-related news.
- Have I Been Pwned? - User account compromise page started by a Microsoft security employee, Troy Hunt, that catalogs various user account compromises and lets you check if your email address was in those compromises.
- Troy Hunt's Blog - Blog maintained by Troy Hunt, focusing primarily on user database compromises.
- How Troy Hunt verifies data breaches - Blog on the techniques used to verify the accuracy of a supposed user database being sold on the dark web.
- Password Strength - XKCD comic on passwords vs. passphrases ("correct horse battery staple").
- Password Reuse - XKCD comic on the danger of reusing the same password on multiple sites.
- Paperwork - XKCD comic on leaking personal information.
- Security, Security, Security - CommitStrip comic on the absurdity of password strength dialog boxes.
- Security too expensive? Try a hack - CommitStrip comic on the consequences of ignoring security during development.
- Security checklist - CommitStrip comic on the "people problem" when it comes to security.
Major Historical BreachesThese are breaches which were big news in the past decade or so.
- Pre-2010 - Stuxnet and related software - State-sponsored attack on SCADA (industrial control) systems targeted at disrupting Iran's nuclear program. Suspected of being created by USA and/or Israel.
- 2011 - RSA and Lockheed Martin breach - Cyberespionage attack suspected of being conducted by Chinese state-sponsored attackers.
- 2011 - Sony password breach - Troy Hunt's analysis of the breach of user accounts from Sony PlayStation Network.
- 2012 - Linkedin breach - User accounts for Linkedin were stolen. Suspected to be perpetrated by a Russian cybercrime group.
- 2013 - Yahoo user account breach - The four year analysis of the Yahoo breach, which compromised all Yahoo accounts at the time.
- 2013 - Target breach - Post-mortem analysis of the breach.
- 2015 - Anthem breach - Analysis of the breach suspected to be part of a Chinese state-sponsored attack.
- 2014 and 2015 - Office of Personnel Management (OPM) breach - Stolen records from federal employees, including background check information. Another state-sponsored attack suspected of being the same group that pulled off the Anthem breach.
- 2017 - Equifax breach - Theft of many, many credit reports from Equifax. This information could easily be used to steal identities and open credit accounts in others' names.
Cybersecurity NewsThis section will be updated throughout the Summer 2018 session with latest news relating to cybersecurity.
- VPNFilter Update - VPNFilter exploits endpoints, targets new devices - Malware affecting many SOHO routers.
- China blamed for data theft from US Navy contractor - Cyberespionage attack.
- For almost 11 years, hackers could easily bypass 3rd-party macOS signature checks - Recent news on issue with misconfigured MacOX tools that leave users vulnerable to malware.
- MyHeritage breach leaks millions of account details - User database breach at DNA website.