Recommended
More Related Content
Similar to Enusec: WTF CW/Reports/Essay
Similar to Enusec: WTF CW/Reports/Essay (20)
Recently uploaded
Recently uploaded (20)
Enusec: WTF CW/Reports/Essay
- 1. ENUSEC: WTF CW/Report/Essay ?!?! 21st November 2018 NSFW
- 2. Agenda ● General Tips ● Understanding Spec ● Helpful Resources
- 3. Why Listen To Me? I’ve made the mistakes, so you don’t have to…
- 4. General Tips
- 5. #1 - Take Notes
- 6. #2 - SCQF Level CSNXX101 or SETXX111 12 - Doctorate 11 - Masters 10 - Honours 9 - Ordinary Degree 8 - HND https://scqf.org.uk/media/1123/scqf-level-descriptors-web-aug-2015.pdf
- 7. #3 - Collaborate It doesn’t hurt to collaborate with your fellow students on CWs. It does hurt to submit the same CW.
- 8. #4 - Plan Ahead Think about your academic calendar. What classes/ assessments/ nights out have you got coming up?
- 9. #5 - Backup Dropbox Overleaf GitHub Something is better than nothing
- 10. #6 - Any Questions? Ask! Ask any and all questions when it comes to the assignment Raise problems with Module Leader ASAP
- 12. #1 - What are you being asked?
- 13. #2 - Finding Literature
- 14. #3 - Creating a Methodology
- 15. #4 - Reporting Results
- 16. #5 - Evaluation Producing substantial evaluation is expected at higher SCQF levels So get use to writing it early
- 19. Live Demo Time. Fingers crossed.
- 21. Live Demo Time. Fingers crossed. Again.
- 22. #3 - Critical vs Descriptive nottingham.ac.uk/studentservices/documents/description-vs-analysis---learnhigher.pdf
- 23. Live Tutorial Time. Something different.
- 24. Is it Descriptive or Critical? 1. Masscan uses their own encryption algorithm to randomize target IP addresses. 1. The encryption algorithm employed in Masscan is a custom algorithm which uses the first 3 rounds of DES, but when visualized, this seems to reveal artifacts which suggest the randomization is not entirely random. 1. However, in comparison to ZMap, Masscan was considered to be less random, and led to poorer performance due to the potential for overloading target networks. 1. Assessing these qualities: age, bias, and comprehensiveness, Censys looked to possibly have fewer bias data than Shodan, however it is a more 1. Comprehensiveness is the completeness of the scans. The scanning method used looks to have an impact on the completeness of the scan data. 1. For scanning, Censys uses the ZMap scanner, another project from the same research group. ZMap was released in 2013, later upgraded in 2014 to increase scanning speed using specialist hardware. 1. A comprehensive comparison was carried out against Masscan, which at the time was seen to be the recommended port scanner. 2. Masscan offers incremental or random scanning. During incremental scanning, the scanner is more likely to be blocked automatically by firewalls due to the predictable behaviour and common scan source. Random scanning is recommended to avoid these issues.
- 27. Live Demo Time. Fingers crossed.
Editor's Notes
- Who is taking notes right now?
- Who knows what academic level they are learning at?? https://scqf.org.uk/media/1123/scqf-level-descriptors-web-aug-2015.pdf
- Is it a report essay technical report coursework Literature review
- Google Google books Library Search Google Scholar Advanced Searches - always Years Keywords Work backwards from refs WOrk FOrwardds from Cited
- Make a method, based off
- Data visualization Graph charts, - Bar graphs - Pie Charts - any other fancy charts Tables - Timelines
- 1 Attack Model(s) for a possible Hacker Group attack on South Craig Surgery with the Hacker Group specifically looking to gain access patient data. Motive behind the attack could vary from using the details for blackmail and extortion, to further reconnaissance of a specific individual of interest in which could be found in the data. The Surgery is located in the ground floor of the Tarvit House, it is staffed by 6 self-employed GPs under contract to the NHS, as well as a receptionist, two administrators, two nurses and an IT manager. The surgery has its own network based around an aging Windows 2003 server. Further contextual information is that this data should be covered by the Data Protection Act 1998. The principles of the act states that information held about an individual must be accurate, up to date and readily available to be read by the individual the data is about. The data must also have appropriate technical and organisation measures that shall be taken against unauthorised or unlawful processing, loss or destruction of personal data. These principles align with the Confidentiality Integrity and Accessibility (CIA) triad of information security. Failure to implement these principles results in fines, an example related to South Craig Surgery would be NHS Surrey being fined £200,000 by the Information Commissioner’s Office after losing patients records. 2. Internet-wide scanning projects such as Shodan and Censys, scan the Internet and collect active reconnaissance results for online devices. Access to this information is provided through associated websites. The Internet-wide scanning data can be used to identify devices and services which are exposed on the Internet. It is possible to identify services as being susceptible to known-vulnerabilities by analysing the data. Analysing this information is classed as passive reconnaissance, as the target devices are not being directly communicated with. This paper goes on to define this as contactless active reconnaissance. The vulnerability identification functionality in these Internet-wide scanning tools is currently limited to a small number of high profile vulnerabilities. This work looks towards extending these features through the creation of a tool Scout which combines data from Censys and the National Vulnerability Database to passively identify potential vulnerabilities. This is possible by analysing Common Platform Enumerations and associated Common Vulnerability and Exposures. Through this novel approach, active vulnerability scanning results can be gained, while mitigating the associated issues of active scanning, such as possible disruption to the target network and devices. In initial experiments performed on 2571 services across 7 local academic intuitions, 12967 potential known-vulnerabilities were identified. More focused experiments to evaluate the results and compare accuracy with industry standard vulnerability assessment tools were carried out and Scout was found to successfully identify vulnerabilities with an effectiveness score of up to 74 percent when compared to OpenVAS.
- Comprehensiveness is the com- pleteness of the scans. The scanning method used looks to have an impact on the completeness of the scan data. For scanning, Censys uses the ZMap scanner, another project from the same research group [7]. ZMap was released in 2013, later upgraded in 2014 to increase scanning speed using specialist hardware. A comprehensive comparison was carried out against Masscan, which at the time was seen to be the recommended port scanner [7], [18]. Masscan offeres incremental or random scanning. During incremental scanning, the scanner is more likely to be blocked automatically by firewalls due to the predictable behaviour and common scan source [19]. Random scanning is recommended to avoide these issues. Masscan uses their own encryption algorithm to randomize target IP addresses. The encryption algorithm employed in Masscan is a custom algorithm which uses the first 3 rounds of DES, but when visualized, this seems to reveal artifacts which suggest the randomization is not entirely random. However, in comparison to ZMap, Masscan was considered to be less random, and led to poorer performance due to the potential for overloading target networks [18]. Matherly comments that Shodan's crawlers are randomized, using a similar method to ZMap, although it seems the implementation is not well documented [13]. Assessing these qualities: age, bias, and comprehensive- ness, Censys looked to possibly have fewer bias data than Shodan, however it is a more comprehensive, up-to-date and predictable data source. Therefore, Censys was chosen to be taken forward as the Internet-wide scanning project for the work.