Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
18 changed files
with
755 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| { | ||
| "python.pythonPath": "c:\\Users\\dang\\Documents\\GitHub\\245CT\\env\\Scripts\\python.exe" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,106 @@ | ||
| --- | ||
| author: 'Dan Goldsmith' | ||
| title: 'A152CEM:' | ||
| subtitle: "Introduction to Cyber Security" | ||
| email: 'aa9863@coventry.ac.uk' | ||
| --- | ||
|
|
||
| # Introduction | ||
| ## Welcome | ||
|
|
||
| > Welcome to the Module | ||
| ## Module Name | ||
|
|
||
| - Officially its "Introduction to Cyber Security" | ||
| - May also be known as | ||
| - "Cyber Security for Everyone" | ||
| - "Defence against the Dark Arts" | ||
|
|
||
| ## Course Team | ||
| - Dan Goldsmith (aa9863@coventry.ac.uk) | ||
| - James Shuttleworth (csx239@coventry.ac.uk) | ||
| - Adam Barns | ||
|
|
||
| ## About Dan | ||
|
|
||
| - Computer Scientist and Ethical Hacker | ||
| - Favourite topics are the "Red Team" | ||
| - Breaking things | ||
| - Reverse Engineering | ||
| - Malware and Exploit Development. | ||
|
|
||
| ## About James | ||
| - Not a hacker in the modern sense of the word. Prefer's the term | ||
| "spicy computer scientist." | ||
| - Absolutely a hacker in the old sense of the word. Someone who | ||
| likes to make computers do interesting things. | ||
|
|
||
|
|
||
| # How will you be taught? | ||
| ## No Lectures | ||
| - Except for this one.... | ||
| - Co-Delivery approach. | ||
| - Course materials delivered via Coventry University Online | ||
| - Use Aula for "Community Driven Learning" | ||
|
|
||
| ## Pre Reading for Labs | ||
| - So this means you need to do some pre-reading (or watching videos) | ||
| - Work through the online materials, before the Lab session | ||
| - Will bring this all together in the Lab sessions | ||
|
|
||
| ## Aula | ||
|
|
||
| - Collaborative learning platform | ||
| - Each week there will be topics to discuss | ||
| - Use the feed to create posts (using #tags), and comment on others. | ||
|
|
||
| ## Lab Activities | ||
|
|
||
| - Review of the Week | ||
| - Group Discussion of topics for that week | ||
| - Presentations? | ||
|
|
||
|
|
||
| # What will we be doing? | ||
| ## What is Security? | ||
| - What are the Threats? | ||
| - Who are the Threats? | ||
| - How much does this cost? | ||
|
|
||
| ## Social Engineering | ||
|
|
||
| - Are you Naked online? | ||
| - Social Engineering | ||
| - OS-Int | ||
| - Phishing | ||
|
|
||
| ## Cryptography | ||
|
|
||
| - Securing Data | ||
| - Securing Communications | ||
| - Passwords | ||
|
|
||
| ## The Legal Bit | ||
|
|
||
| - GDPR | ||
| - Ethics | ||
| - Law around Hacking | ||
| - Business Factors | ||
|
|
||
| ## H4ck th3 Pl4n3t!!! | ||
|
|
||
| - Real world Web Application Hacking | ||
|
|
||
| ## Malware | ||
|
|
||
| - Worms | ||
| - Viruses | ||
| - Antivirus / Malware | ||
|
|
||
| # Assessment: | ||
| ## Report | ||
|
|
||
| - One Coursework Element | ||
| - Due at the end of the Module (8th April 2021) | ||
| - Report on Cyber Security threats to a fictional Organisation |
BIN
+78.3 KB
Aula-Slides/Mary.png
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,216 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
| <head> | ||
| <meta charset="utf-8"> | ||
| <meta name="generator" content="pandoc"> | ||
| <meta name="author" content="Dan Goldsmith"> | ||
| <title>Hackers and the Hacked</title> | ||
| <meta name="apple-mobile-web-app-capable" content="yes"> | ||
| <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, minimal-ui"> | ||
| <link rel="stylesheet" href="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/dist/reset.css"> | ||
| <link rel="stylesheet" href="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/dist/reveal.css"> | ||
| <link rel="stylesheet" href="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/plugin/highlight/monokai.css" id="highlight-theme"> | ||
| <link rel="stylesheet" href="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/dist/theme/night.css" id="theme"> | ||
| </head> | ||
| <body> | ||
| <div class="reveal"> | ||
| <div class="slides"> | ||
|
|
||
| <section id="title-slide"> | ||
| <h1 class="title">Hackers and the Hacked</h1> | ||
| <p class="author">Dan Goldsmith</p> | ||
| </section> | ||
|
|
||
| <section> | ||
| <section id="case-studies" class="title-slide slide level1"> | ||
| <h1>Case Studies</h1> | ||
|
|
||
| </section> | ||
| <section id="this-weeks-future-learn" class="slide level2"> | ||
| <h2>This weeks Future learn</h2> | ||
| <ul> | ||
| <li>We looked at a few case studies</li> | ||
| <li>Different views on Hacking and the Hacked</li> | ||
| </ul> | ||
| </section></section> | ||
| <section> | ||
| <section id="mangham-case" class="title-slide slide level1"> | ||
| <h1>Mangham Case:</h1> | ||
|
|
||
| </section> | ||
| <section id="mangham-case-1" class="slide level2"> | ||
| <h2>Mangham Case</h2> | ||
| <ul> | ||
| <li>Glenn Mangham, Sentenced to 8 months for breaking into Facebook</li> | ||
| <li>Reduced to 4 Months on appeal</li> | ||
| <li>Prior to FB Bug Bounty Program</li> | ||
| </ul> | ||
| </section> | ||
| <section id="details" class="slide level2"> | ||
| <h2>Details:</h2> | ||
| <ul> | ||
| <li>Flaw in a separate subsystem of Facebook, used for puzzles.</li> | ||
| <li>Gained Access to an employee account</li> | ||
| <li>Accessed Mail Servers and Internal Tools</li> | ||
| <li>Estimated cost of $200,000</li> | ||
| </ul> | ||
| </section> | ||
| <section id="more-factors" class="slide level2"> | ||
| <h2>More Factors</h2> | ||
| <ul> | ||
| <li>Had previously taken part in Bug Bounty programs. | ||
| <ul> | ||
| <li>Paid for finding flaws by Yahoo</li> | ||
| </ul></li> | ||
| <li>However, Did not report Flaws to Facebook</li> | ||
| </ul> | ||
| </section> | ||
| <section id="prosecution" class="slide level2"> | ||
| <h2>Prosecution</h2> | ||
| <blockquote> | ||
| <p>“This was not just a bit of harmless experimentation - you accessed the very heart of the system of an international business of massive size.”</p> | ||
| <p>“This was not just fiddling about in the business records of some tiny business of no great importance and you acquired a great deal of sensitive and confidential information to which you were simply not entitled… Potentially what you did could have been utterly disastrous to Facebook.”</p> | ||
| </blockquote> | ||
| </section> | ||
| <section id="appeal" class="slide level2"> | ||
| <h2>Appeal</h2> | ||
| <blockquote> | ||
| <p>“The judge was entitled to conclude that his motive was not to inform Facebook of the defects in the system, but to prove that he could beat the system.</p> | ||
| </blockquote> | ||
| <blockquote> | ||
| <p>“In our view, the combination of the aggravating factors and mitigating factors is such that the more appropriate starting point, in our view, would have been six months, reduced to four months given the appellant’s plea.</p> | ||
| </blockquote> | ||
| <blockquote> | ||
| <p>“In particular, we would underline the point which the judge mentioned that the information had not been passed on to anyone and there was no financial gain involved.”</p> | ||
| </blockquote> | ||
| </section></section> | ||
| <section> | ||
| <section id="phone-hacking" class="title-slide slide level1"> | ||
| <h1>Phone Hacking</h1> | ||
|
|
||
| </section> | ||
| <section id="phone-hacking-1" class="slide level2"> | ||
| <h2>Phone Hacking</h2> | ||
| <ul> | ||
| <li>2005 Leaked information on Prince William</li> | ||
| <li>Other Celebrity activities leaked</li> | ||
| <li>2010 - 2011 Investigation</li> | ||
| </ul> | ||
| </section> | ||
| <section id="how" class="slide level2"> | ||
| <h2>How</h2> | ||
| <ul> | ||
| <li>Default PIN on voicemail messages</li> | ||
| <li>Used to access devices</li> | ||
| </ul> | ||
| </section> | ||
| <section id="issues" class="slide level2"> | ||
| <h2>Issues</h2> | ||
| <ul> | ||
| <li>Moral and Ethical Issues</li> | ||
| <li>Legal Issues?</li> | ||
| <li>Who paid attention to the Laws in the Case study?</li> | ||
| </ul> | ||
| </section> | ||
| <section id="laws-broken" class="slide level2"> | ||
| <h2>Laws Broken</h2> | ||
| <ul> | ||
| <li>Regulation of Investigatory powers | ||
| <ul> | ||
| <li>Intercept communication over telecoms, unless legal investigation by security services</li> | ||
| </ul></li> | ||
| <li>DPA | ||
| <ul> | ||
| <li>Personal Information</li> | ||
| </ul></li> | ||
| <li>CMA</li> | ||
| </ul> | ||
| </section></section> | ||
| <section> | ||
| <section id="password-phishing" class="title-slide slide level1"> | ||
| <h1>Password Phishing</h1> | ||
|
|
||
| </section> | ||
| <section id="phishing-4-passwords" class="slide level2"> | ||
| <h2>Phishing 4 Passwords</h2> | ||
| <ul> | ||
| <li>Which of these did you find most interesting?</li> | ||
| </ul> | ||
| </section> | ||
| <section id="easy-to-guess-passwords" class="slide level2"> | ||
| <h2>Easy to Guess Passwords</h2> | ||
| <ul> | ||
| <li>Picked a common PW, “Summer16”</li> | ||
| <li>Gained access to 50 or 800 accounts</li> | ||
| <li>Used this to escalate privileges to admin level</li> | ||
| <li>What was it about password policy that caused this?</li> | ||
| </ul> | ||
| </section> | ||
| <section id="phishing-via-email" class="slide level2"> | ||
| <h2>Phishing Via Email</h2> | ||
| <ul> | ||
| <li>Standard method</li> | ||
| <li>Learn something about the Organisation</li> | ||
| <li>Craft an Email</li> | ||
| <li>Wait for it to be clicked</li> | ||
| <li>What was the payload here?</li> | ||
| </ul> | ||
| </section> | ||
| <section id="phishing-via-phone" class="slide level2"> | ||
| <h2>Phishing Via Phone</h2> | ||
| <ul> | ||
| <li>Called organisation posing as Partner</li> | ||
| <li>Claimed software wouldn’t install</li> | ||
| <li>Was given admin password to help install process.</li> | ||
| <li>Who was at fault here?</li> | ||
| </ul> | ||
| </section></section> | ||
| <section> | ||
| <section id="task" class="title-slide slide level1"> | ||
| <h1>Task</h1> | ||
|
|
||
| </section> | ||
| <section id="task-1" class="slide level2"> | ||
| <h2>Task</h2> | ||
| <p>Coursework Preparation time.</p> | ||
| <p>In Groups: - Pick one of the case studies above, or choose your own. - Research this and look for the elements required for the coursework - Prepare a short presentation (~5 Mins) on the topic addressing the points</p> | ||
| </section> | ||
| <section id="reminder-of-the-topics-needed-for-the-coursework" class="slide level2"> | ||
| <h2>Reminder of the topics needed for the coursework:</h2> | ||
| <ul> | ||
| <li>Technical Details of the Hack Itself</li> | ||
| <li>Legal and Ethical Issues</li> | ||
| <li>Can we think of Similar Hacks that may have happened</li> | ||
| </ul> | ||
| </section></section> | ||
| </div> | ||
| </div> | ||
|
|
||
| <script src="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/dist/reveal.js"></script> | ||
|
|
||
| // reveal.js plugins | ||
| <script src="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/plugin/notes/notes.js"></script> | ||
| <script src="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/plugin/search/search.js"></script> | ||
| <script src="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/plugin/zoom/zoom.js"></script> | ||
| <script src="https://github.coventry.ac.uk/pages/aa9863/RevealTemplate/reveal.js/plugin/highlight/highlight.js"></script> | ||
|
|
||
| <script> | ||
|
|
||
| // Full list of configuration options available at: | ||
| // https://revealjs.com/config/ | ||
| Reveal.initialize({ | ||
| // Push each slide change to the browser history | ||
| history: true, | ||
|
|
||
| // reveal.js plugins | ||
| plugins: [ | ||
| RevealNotes, | ||
| RevealSearch, | ||
| RevealZoom, | ||
| RevealHighlight, | ||
| ] | ||
| }); | ||
| </script> | ||
| </body> | ||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.