diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..8697595 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "python.pythonPath": "c:\\Users\\dang\\Documents\\GitHub\\245CT\\env\\Scripts\\python.exe" +} \ No newline at end of file diff --git a/Aula-Slides/DADA_Intro.md b/Aula-Slides/DADA_Intro.md index 359c314..8c341cd 100644 --- a/Aula-Slides/DADA_Intro.md +++ b/Aula-Slides/DADA_Intro.md @@ -21,6 +21,7 @@ email: 'aa9863@coventry.ac.uk' ## Course Team - Dan Goldsmith (aa9863@coventry.ac.uk) - James Shuttleworth (csx239@coventry.ac.uk) + - Adam Barns ## About Dan @@ -102,5 +103,5 @@ email: 'aa9863@coventry.ac.uk' ## Report - One Coursework Element - - Due at the end of the Module (10th April 2020) + - Due at the end of the Module (8th April 2021) - Report on Cyber Security threats to a fictional Organisation diff --git a/Aula-Slides/Mary.png b/Aula-Slides/Mary.png new file mode 100644 index 0000000..9e31f64 Binary files /dev/null and b/Aula-Slides/Mary.png differ diff --git a/Aula-Slides/Week1_Discussion.md b/Aula-Slides/Week1_Discussion.md new file mode 100644 index 0000000..d06a401 --- /dev/null +++ b/Aula-Slides/Week1_Discussion.md @@ -0,0 +1,57 @@ +--- +title: "Lab 1: Is the Threat Real" +--- + +# Introduction +## Introduction +This week we have had a look at cyber security in general, and +examined some of the threats to our computer systems and data. + +In this lab we are going to take a closer look at these factors. + + +## Pre Task (Introductions) + + - Group Task + - Random Group allocation, (hopefully, through breakout rooms) + - No bearing on the coursework etc. + +# Main Tasks +## Introduction + +In your groups research and discuss each topic. + + - Find Examples of the problem + - Research figures to support your views + +At the end of each session, be prepared for a short (<5 Mins) +presentation on your findings. + +## How to Present + + - No Right or Wrong Ideas. + - You have a whiteboard, + - Text, Images, Hand Drawn. + +## Task 1: What is Cyber? + +![Could be In Cyber](images/../image/fatima.png) + + +## Task 1: + + - First let get your views on what "Cyber" is? + - What does it mean ? + - What do "Cyber" people do? + - What kind of things might be important? + - What do "Normal" people have to worry about. + + +## Task 2: (30 Mins) + +In this weeks articles we introduced the OWASP Top 10. +In your Groups: + + - What as a group did you find the most interesting Vulnerability. + - What examples of real world instances of these Vulnerabilities can you think of? + diff --git a/Aula-Slides/Week2_Naked.md b/Aula-Slides/Week2_Naked.md new file mode 100644 index 0000000..76e3c98 --- /dev/null +++ b/Aula-Slides/Week2_Naked.md @@ -0,0 +1,69 @@ +--- +title: "Open Source Intelligence" +subtitle: "A152CEM" +--- + +# Introduction + +## Session Plan + + 1. Discuss Topics + 2. Activity + 3. Break + 4. GOTO 1 + +# What data is Online? + +## Introduction + +This week we are having a look at OS-Int, Also known as Open +Source Intelligence. + +In this lab we are going to take a closer look at tools and techniques that are +used to gather information freely and legally available on the internet + +## Pre Task + + - Companies can judge you for the data that you leave freely available online. + - Data you leave freely available online could also in extreme cases be used + against you. + - This task can be done solo or in groups, you often find more by talking to + your peers. + + +## Tasks + +In your groups or on your own, use OSInt techniques to investigate +yourself and see what you can find. + +At the end of each session, be prepared for a short (<5 Mins) +presentation on your findings in your groups. . . Avoid oversharing. + +## Tasks + + - Be respectful of peoples privacy next to you + - Share techniques to try and find out as much as you can that’s online about you + - Consider ways you could get sensitive information removed/taken down from sites + + +## Demo Time: + + - https://medium.com/the-first-digit/osint-how-to-find-information-on-anyone-5029a3c7fd56 + - https://mango.pdf.zone/operation-luigi-how-i-hacked-my-friend-without-her-noticing + +## Task 1: (60 Mins) + +In your Groups/solo: + + - Investigate yourselves using open source intelligence and see what kinds of data you can see + - See how far you can go, can you only using the data you’ve collected find your house for instance + - Think of the ways in which you can stop this information from being leaked + - Can it be taken off the sites? + +## Task 2: (30 Mins) + + - What data did you find? + - Many different social media profiles, Location information, Phone numbers? + - What do you think you can do to prevent this data from being open source? + - Can you limit the data that is collected about you? + - In future, what steps might you take to change your online habits? diff --git a/Aula-Slides/Week3_Phishing.md b/Aula-Slides/Week3_Phishing.md new file mode 100644 index 0000000..406aa85 --- /dev/null +++ b/Aula-Slides/Week3_Phishing.md @@ -0,0 +1,82 @@ +--- +title: Week 3. Gone Phishing +--- + + +# Introduction + +## Question + + - So What is Phishing? + - Where does it happen? + +## Your examples: + + - Do you have any recent examples of Phishing attempts + +## Where does Phishing Happen ? + + - Slide Thing + +## Where does Phishing Happen ? + + - Email + - Phone Calls + - Text Message + - Social Media + - Dodgy Applications + - The Bloke in the Pub + +## Tips to Spot Phishing ? + + - Slide Thing + + + + +# Tasks: + +## Task 1: + Complete the Phishing Quiz at: + + - https://phishingquiz.withgoogle.com/ + - https://www.opendns.com/phishing-quiz/ + - https://www.phishingbox.com/phishing-test + +## Task 1a: + +Take a note of the examples in the quizzes: + + - What "traits" to phishing emails have + - What about Phishing Websites + - How can we use these to spot possible Phishing attempts + + +## Task 2: + +OS Int and Google hacking. + +Our Target: + +![Mary](Mary.png) + + +## Task 2a: + + - Who do they work for? + - What social media profiles do they have? + - What hobbies and interests do they have? + - How could we use this to plan a Phishing attack. + + +## Task 2b: + + Using the information gathered, design a phishing email + + - Who is the Sender + - What is the Topic + - What is the Content. + +## Task 2c: + +> PRESENTATIONS!! diff --git a/Aula-Slides/convert.ps1 b/Aula-Slides/convert.ps1 new file mode 100644 index 0000000..485b546 --- /dev/null +++ b/Aula-Slides/convert.ps1 @@ -0,0 +1,42 @@ +<# +.SYNOPSIS + Script to convert markdown file to word document +.DESCRIPTION + Convertes a markdown file into an word document using pandoc as converter. The process uses a word template file +.PARAMETER i + Specifies the input file. This is the markdown file +.PARAMETER o + Specifies the output file. This is the word document +.PARAMETER t + specifies the name of the word template used to convert the markdown file to a word document +.EXAMPLE + C:\PS> ./build.ps1 -i myfile.md -o myfile.docx -t mytemplate.docx + Example that converts the file myfile.md +.NOTES + Author: Oliver Graf + Date: November 19, 2016 + +REVEAL_URL=https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js +HTML_PANDOC_OPTIONS = -t revealjs -V revealjs-url=$(REVEAL_URL) -V +theme=$(REVEAL_THEME) --template newReveal.html --standalone + +pandoc $(HTML_PANDOC_OPTIONS) $(SOURCES) -o $(TARGET) + +#> + +param( + [Parameter(Mandatory=$true)][string]$i, + [Parameter(Mandatory=$true)][string]$o, + [String]$theme = "night", + [string]$template = " C:\Users\dang\Documents\GitHub\245CT\slides\revealTemplate.html", + [string]$revealURL = "https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js" + +) + +Write-Host ("Processing file {0} with template {1} and convert to {2}" -f $i, $t, $o) +pandoc --standalone -t revealjs -V theme=$theme -V revealjs-url=$revealURL --template $template $i -o $o + +# We can do the SED equivilent +# https://www.kittell.net/code/powershell-unix-sed-equivalent-change-text-file/ + +(Get-Content $o).replace('data-auto-animate"', '" data-auto-animate') | Set-Content $o \ No newline at end of file diff --git a/Aula-Slides/image/fatima.png b/Aula-Slides/image/fatima.png new file mode 100644 index 0000000..92a308e Binary files /dev/null and b/Aula-Slides/image/fatima.png differ diff --git a/CW/CW_Jan2021.md b/CW/CW_Jan2021.md new file mode 100644 index 0000000..1151e6b --- /dev/null +++ b/CW/CW_Jan2021.md @@ -0,0 +1,156 @@ +--- +# Template Stuff +template: coursework/CourseworkBrief.jinja2 + +# Fields for the coursework +module_title: Introduction to Cybersecurity +module_code: A152CEM +module_leader: Dan Goldsmith + +cohort: Jan-May +handout: February +due: 9th April 2021 + +title: Coursework Report +type: Report +group: false +#effort: 20 Hours +percentage: 100% +effort: 10 Hours + +submit_via: Moodle +feedback_date: 1st May +feedback_method: "Feedback Via Aula" + +wordlimit: 1500 +short: A report that shows how awesome markdown is. +ilos: + - 1. Identify a range of cyber security threats faced by individuals + and organisations. + - 2. Evaluate prevention, identification and mitigation methods + appropriate to a variety of security scenarios + - 3. Demonstrate an understanding of the legal and ethical issues + surrounding cyber security + +--- + +# Task and Mark Distribution + +The assessment requires students to individually produce a security +assessment of an organisation. The output will be in the form of a +report of approximately 1500 words. + +## Scenario + + +The Cirrus Cybernetic Corporation is an organisation that develops +next generation robotics. + +The organisation has several hundred employees, and includes departments for: + - Management + - HR + - Accounting + - Maintenance + +The organisation has a Website, showing company information, and +providing "Chat" and Forums for Customers to ask questions. + +There is also a staff Portal accessible VIA the web interface. The +staff portal allows authenticated staff members to search and display +customer account information. Access to the staff area is through a +single sign on system (IE the staff member has the same Username and +password for their Desktop PC and the Intranet) + +Recently there was a web security incident, where an attacker was able +to access the organisation database. The initial analysis of the +attack suggests that it was launched from somewhere inside the company +network. + +## Tasks + +You have been asked to develop a report on the security of the +organisation above. All of the information you require about the +organisation is given in the "Scenario" section, although you are +expected to do some research on cyber security issues that might +relate to the organisation. + +This report should be written at a high level, suitable for a +non-technical management audience. Your report should focus on two +selected aspects of your choice, one each of: + + - A Technical aspect to security (such as how do we secure data, + recommendations for security software) + - A Human Aspect to security (what issues do the staff face, how can + we protect against them) + +Foe each aspect, select *ONE* factor (for example, Phishing, or a +specific Web vulnerability) that is a threat to the organisation, and give details of: + - What the Threat is + - How the threat occurs + - Examples of the Threat in the Real world + - Suggestions to mitigate the threat. + +## Example Topics + +You can find examples of Technical and Human factors threats below + +### Human Factors + + - Phishing + - Social Engineering + - Password Choice + - Security Policy + +### Technical Factors + + - Viruses + - Hacking (for example) + - Cross Site Scripting + - SQL injection + - Use of Firewalls / Antivirus + +
+ +## Marking Scheme + +### Report Contents (90%) + - Introduction (10%) + + Should introduce the subject, and provide context to the issues + discussed in the report + + - Background Research (10%) + + Introduction to Cyber Security, what are the key threats, and + how are they relevant to the organisation + + - Technical Threat (30%) + + Should include details of: + - What the Threat is + - How the threat occurs + - Examples of the Threat in the Real world + - Suggestions to mitigate the threat. + + - Human Factors Threat (30%) + - What the Threat is + - How the threat occurs + - Examples of the Threat in the Real world + - Suggestions to mitigate the threat. + + - Conclusions (10%) + +### Report Structure (10%) + + - Appropriate structure, use of diagrams and referencing + +## Marking Rubric + +| Grade | Element | +|-------|---------------------------------------------------------| +| 0-39 | Work mainly incomplete and /or weaknesses in most areas | +| 40-49 | Most elements completed; weaknesses outweigh strengths | +| 50-59 | Most elements are strong, minor weaknesses | +| 60-69 | Strengths in all elements | +| 70+ | work exceeds the standard expected | +| 80+ | All work substantially exceeds the standard expected | \ No newline at end of file diff --git a/labs/Session10_Business/Session10_Slides.md b/labs/Session10_Business/Session10_Slides.md index e827417..45b48f3 100644 --- a/labs/Session10_Business/Session10_Slides.md +++ b/labs/Session10_Business/Session10_Slides.md @@ -105,7 +105,7 @@ https://www.cisecurity.org/wp-content/uploads/2018/10/Six-tabletop-exercises-FIN ## Coursework Reminder - - New submission date. 1st May + - Due 14th December - Coursework is unchanged - I will keep you informed in anything changes diff --git a/labs/Session1_Introduction/IntroSlides.md b/labs/Session1_Introduction/IntroSlides.md index 4781a41..7f6cc23 100644 --- a/labs/Session1_Introduction/IntroSlides.md +++ b/labs/Session1_Introduction/IntroSlides.md @@ -20,7 +20,7 @@ email: 'aa9863@coventry.ac.uk' ## Course Team - Dan Goldsmith (aa9863@coventry.ac.uk) - - James Shuttleworh (csx239@coventry.ac.uk) + - James Shuttleworth (csx239@coventry.ac.uk) ## About Dan