This slide presents a practical methodology on how to carry out forensic on hackers' tools which is most often a malicious program(s) left on the victim's system during or after the attack.
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_F19.shtml
This slide presents a practical methodology on how to carry out forensic on hackers' tools which is most often a malicious program(s) left on the victim's system during or after the attack.
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_F19.shtml
Defying Logic - Business Logic Testing with AutomationRafal Los
Straight from Black Hat Europe - this talk lays the foundation for going-forward research and development into whether 'business logic' can be tested using automation and seeks to define boundaries, key assertions, and a roadmap for further work.
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
Data Sanitization and Disposal: Best PracticesAvritek
A presentation that covers compliance, techniques, and common myths relating to data destruction for mobile devices, hard drives (HHD) and solid state drive (SSD).
Defying Logic - Business Logic Testing with AutomationRafal Los
Straight from Black Hat Europe - this talk lays the foundation for going-forward research and development into whether 'business logic' can be tested using automation and seeks to define boundaries, key assertions, and a roadmap for further work.
Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to stop the attack.
Cyber extortions have taken on multiple forms - encrypting data and holding it hostage, stealing data and threatening exposure, and denying access to data.
Malware locks out the user’s system and demands ransom.
Creates “Zombie Computer” operated remotely.
Individuals and business targeted.
This form of extortion works on the assumption that the data is important enough to the user that they are willing to pay for recovery.
There is however no guarantee of actual recovery, even after payment is made.
The first known ransomware was the 1989 "AIDS" trojan (also known as "PC Cyborg") written by Joseph Popp.
Data Sanitization and Disposal: Best PracticesAvritek
A presentation that covers compliance, techniques, and common myths relating to data destruction for mobile devices, hard drives (HHD) and solid state drive (SSD).
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
Hacking
History Of Hacking
Types of Hacking
The Most World’s famous Hackers
Types Of Hackers
Scope Of Ethical Hackers
Cyber Laws for Hacking and their Punishments in Pakistan
How to Prevent Hacking
This presentation is intended to increase awareness of Extension Agents to the threats of scams and malware on the Internet. In addition it covers some ways to stay protected from such threats.
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
This handout was provided as part of our ongoing monthly webinar series on various issues affecting small businesses. This document is a summary of data and Internet security challenges and definitions that can affect small businesses. Please contact us at Frontier.com/Security with any questions.
What is SPYWARE?
Spyware is a type of malware that's hard to detect.
It collects information about your surfing habits, browsing history, or personal information (such as credit card numbers), and often uses the internet to pass this information along to third parties without you knowing.
o Key loggers are a type of spyware that monitors your key strokes.
Spyware is mostly classified into four types:
1.System monitors
2.Trojans
3.Adware
4.Tracking Cookies
spyware is mostly used for the purposes of tracking and storing internet users' movements on the web and serving up pop-up ads to internet users.
History and development of spyware.
The first recorded on October 16, 1995 in a UseNet post that poked fun at microsoft's business model.
Spyware at first denoted software meant for espionage purposes.
However, in early 2000 the founder of zone labs, gregor freund, used the term in a press release for the zone alarm personal firewall.
Use of exploits in JavaScript, internet explorer and windows to install.
Effect and behavior.
Unwanted behavior and degradation of system performance.
Unwanted CPU activity, disk usage, and network traffic.
Stability issues:-
Application's freezing.
Failure to boot.
System-wide crashes.
Difficulty connecting to the internet.
Disable software firewalls and anti-virus software.
Routes of infection.
Installed when you open an email attachment.
Spyware installs itself
Install by using deceptive tactics
Common tactics are using a Trojan horse.
USB Keylogger.
browser forces the download and installation of spyware.
Security Practices.
• Installing anti-spyware programs.
• Network firewalls and web proxies to block access to web sites known to install spyware
• Individual users can also install firewalls.
• Install a large hosts file.
• It Install shareware programs offered for download.
• Downloading programs only from reputable sources can provide some protection from this source of attack
Anti-spyware Programs
• Products dedicated to remove or block spyware.
• Programs such as pc tool’s spyware doctor, lava soft's ad-aware se and patrick kolla's spybot - search & destroy.
Legal Issues.
Criminal law
US FTC actions
Netherlands OPTA
Civil law
Libel suits by spyware developers
Webcam Gate
Thank You!
Stay Connected
Stay connected with me at Facebook :- https://www.facebook.com/mangesh.wadibhasme
Follow at Instagram: - @mangesh_hkr
What are the Botnets? Description of what are botnets and how they works. what are the known botnet attacks.and architecture of botnets. slides also describes some prevention steps from botnet attack.
A Guide to Internet Security For Businesses- Business.comBusiness.com
Recent revelations by National Security Agency (NSA) renegade contractor Edward Snowden have resulted in many businesses paying more attention to how secure their computer systems are. But even the most “cyber-savvy” businesses can have their computer networks hacked and compromised. Use this whitepaper to understand your threats, protective options, and trends in internet security for businesses.
Similar to Operating Systems: Computer Security (20)
Evaluating Teaching: SECTIONS.
Check out:
Bates, A. W., & Poole, G. (2003). Effective Teaching with Technology in Higher Education: Foundations for Success. Jossey-Bass, An Imprint of Wiley. 10475 Crosspoint Blvd, Indianapolis, IN 46256.
Evaluating Teaching: Anstey and Watson Rubric
Check out:
Lauren M. Anstey & Gavan P.L. Watson. (2018), Rubric for eLearning Tool Evaluation. Centre for Teaching and Learning, Western University,
http://creativecommons.org/licenses/by-n c-sa/4.0/
Designing Teaching: ASSURE
Check out:
Heinich, R., Molenda, M., & Russell, J. D., (1993). Instructional Media and The New
Technologies of Instruction. New York: Macmillan
Designing Teaching: Laurilliard's Learning TypesDamian T. Gordon
Designing Teaching: Laurilliard's Learning Types
Check out:
Laurillard, D., 2013. Teaching as a design science: Building pedagogical patterns for learning and technology. Routledge.
Designing Teaching: Elaboration Theory
Check out:
Reigeluth, C. & Stein, F. (1983). The elaboration theory of instruction. In C. Reigeluth (ed.), Instructional Design Theories and Models. Hillsdale, NJ: Erlbaum Associates.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
4. The operating system uses a number of
different ways to protect the system:
◦ Your credentials (e.g. username and password)
◦ Your authorisation (e.g. drwxr-x-r--)
◦ Your location (e.g. inside/outside the LAN)
◦ Your behaviour (e.g. deleting lots of files)
◦ The firewall
8. Makes the “victim” computer unavailable to
its users. Typically used on computers that
act as Web Servers.
9. Works by making the “victim” computer
perform a task over and over again, thus
preventing it from doing other jobs.
For example, if the computer is supposed to
take orders from customers, and the first
step is for the “victim” computer to identify
itself to the customer computer, a DoS attack
might keep making the “victim” computer
identify itself and therefore unable to do
other work.
10. A Distributed Denial-of-Service (DDoS) is
where the attack source is more than one,
often thousands of, unique IP addresses.
It is like to a group of people crowding the
entry door to a shop, and not letting
legitimate customers enter into the shop or
business, disrupting normal operations.
11. How does it work?
There are a variety of approaches that can
work, we’ll look at a HTTP POST DoS attack.
12. How does it work?
There are a variety of approaches that can
work, we’ll look at a HTTP POST DoS attack.
HTTP
POST
Attack
13. A legitimate HTTP POST header, which
includes a 'Content-Length' field to specify
the size of the message body to follow.
However, the attacker then proceeds to send
the actual message body at an extremely slow
rate (e.g. 1 byte/110 seconds).
HTTP
POST
Attack
14. Due to the entire message being complete,
the target server will attempt to obey the
'Content-Length' field in the header, and wait
for the entire body of the message to be
transmitted, which can take a very long time.
HTTP
POST
Attack
15. The attacker establishes hundreds or even
thousands of such connections, until all
resources for incoming connections on the
server (the victim) are used up, hence making
any further (including legitimate) connections
impossible until all data has been sent.
HTTP
POST
Attack
17. Bollywood versus Anonymous
Bollywood is the nickname for the Hindi language
film industry, based in Mumbai, the capital of
Maharashtra in India. Bollywood is also one of the
largest centres of film production in the world, and
is more formally referred to as Hindi cinema.
18. Bollywood versus Anonymous
Anonymous are a loosely associated international
network of activist and hacktivist groups. The
group became known for a series of well-
publicized publicity stunts and Denial-of-Service
(DoS) attacks on government, religious, and
corporate websites.
19. Bollywood versus Anonymous
Anonymous are a loosely associated international
network of activist and hacktivist groups. The
group became known for a series of well-
publicized publicity stunts and Denial-of-Service
(DoS) attacks on government, religious, and
corporate websites.
20. Bollywood versus Anonymous
Bollywood was unhappy with the torrent sites:
21. Bollywood versus Anonymous
In 2010, several Bollywood companies hired Aiplex
Software to launch DDoS attacks on websites that
did not respond to takedown notices.
22. Bollywood versus Anonymous
Piracy activists then created Operation Payback in
September 2010 in retaliation
23.
24. Bollywood versus Anonymous
The original plan was to attack Aiplex Software
directly, but upon finding some hours before the
planned DDoS that another individual had taken
down the firm's website on their own, Operation
Payback moved to launching attacks against the
websites of copyright stringent organisations
Motion Picture Association of America (MPAA) and
International Federation of the Phonographic
Industry, giving the two websites a combined total
downtime of 30 hours.
25. Bollywood versus Anonymous
In the following two days, Operation Payback
attacked a multitude of sites affiliated with the
MPAA, the Recording Industry Association of
America (RIAA), and British Phonographic Industry.
Law firms such as ACS:Law, Davenport Lyons and
Dunlap, Grubb & Weaver (of the US Copyright
Group) were also attacked.
26.
27. Wiretapping has been around since the
1890s, it’s simply a matter of gaining access
to the transmission media and using a device
to intercept the signals.
28. Wireless wiretapping works in the exact same
way, except that there is no need to have
physical contact with the transmission media.
This is why we should encrypt wireless
transmissions.
29.
30. There are two forms of wiretapping:
◦ Passive Wiretapping is where you are
recording the data transmitted, but not
interfering with it.
◦ Active Wiretapping is where you are
recording the data and also modifying it
before it is sent onto the receiver.
31. The USA PATRIOT Act
Title II: Enhanced Surveillance Procedures
USA
Patriot
Act
32. The USA PATRIOT Act
Title II: Enhanced Surveillance Procedures
Section 209 made it easier for authorities to
gain access to voicemail as they no longer
must apply for a wiretap order, and instead
just apply for a normal search warrant.
The FBI can secretly conduct a physical search
or wiretap on U.S. citizens to obtain evidence
of crime without proving probable cause, as
the Fourth Amendment explicitly requires.
USA
Patriot
Act
33. The USA PATRIOT Act
On February 9, 2016, the FBI asked Apple Inc. to
create a new version of the phone's iOS operating
system that could be installed and run in the
phone's random access memory to disable
certain security features that Apple refers to as
"GovtOS“, the FBI had recovered an Apple iPhone
5C owned by the San Bernardino County,
California government, that had been issued to
its employee, Syed Rizwan Farook, one of the
shooters involved in the December 2015 San
Bernardino attack. The attack killed 14 people
and seriously injured 22.
USA
Patriot
Act
What it
doesn’t
cover
34. The USA PATRIOT Act
Apple declined due to its policy to never
undermine the security features of its
products. The FBI responded by successfully
applying to a United States magistrate judge,
Sherri Pym, to issue a court order, mandating
Apple to create and provide the requested
software. The order was not a subpoena, but
rather was issued under the All Writs Act of
1789.
USA
Patriot
Act
What it
doesn’t
cover
35. The USA PATRIOT Act
On February 16, 2016, Apple chief executive
officer Tim Cook released an online statement to
Apple customers, explaining the company's
motives for opposing the court order. He also
stated that while they respect the FBI, the request
they made threatens data security by establishing
a precedent that the U.S. government could use
to force any technology company to create
software that could undermine the security of its
products.
USA
Patriot
Act
What it
doesn’t
cover
36. The USA PATRIOT Act
On March 28, 2016, the FBI said it had
unlocked the iPhone with the third party's
help, and an anonymous official said that the
hack's applications were limited; the
Department of Justice vacated the case.
USA
Patriot
Act
What it
doesn’t
cover
37. For more detail:
In September 2015, Apple released a white paper
detailing the security measures in its iOS 9
operating system.
The iPhone 5C model can be protected by a four-
digit PIN code. After more than ten incorrect
attempts to unlock the phone with the wrong
PIN, the contents of the phone will erase the AES
encryption key that protects its stored data.
https://www.apple.com/business/docs/iOS_Secu
rity_Guide.pdf
USA
Patriot
Act
What it
doesn’t
cover
38.
39. A Computer Virus is a program that alters the
way a computer works without permission of
the user. It is typically self-executing and
self-replicating.
40. A Virus is typically written for a specific
operating system, so a virus that works on
Windows usually won’t work on Linux.
Virus writers exploit vulnerabilities in a
specific operating systems.
43. Boot Sector Virus: Infects the boot sector.
There are two types of boot sector viruses:
◦ Master Boot Record (MBR): A MBR can
contain code that locates and invokes its
volume record.
◦ Volume Boot Record (VBR): A VBR can
contain code that loads and invokes the
operating system.
44. File Infector Virus: Perhaps the most common
type of virus, the file infector takes root in a
host file. This type of virus may end up
deleting the file that was originally infected,
or it may rewrite it or replace it with
something else.
Usually infects .COM and .EXE files.
45. Macro Virus: This is a virus that can be
hidden in data files, like Word documents and
Spreadsheets.
Disable macros on files that you don’t trust.
46. Multipartite Virus: A virus of this type may
spread in multiple ways, and it may take
different actions on an infected computer
depending on variables, such as the
operating system installed or the existence of
certain files.
Can infect boot sector and files.
47. Polymorphic Virus: A polymorphic Virus can
mutate over time or after every contaminated
file and changes the code that is used to
deliver the payload.
49. The Natas Virus
Natas is a memory-resident stealth virus
which is highly polymorphic, that affects
master boot records, boot sectors of
diskettes, files .COM and also .exe programs.
Natas
Virus
50. The Natas Virus
Natas (Satan spelled backwards) is a
computer virus written by James Gentile, a
then 18-year-old hacker from San Diego,
California who went by the alias of "Little Loc"
and later "Priest".
The virus was made for a Mexican politician
who wanted to win the Mexican elections by
affecting all the Mexican Federal Electoral
Institute (IFE) computers with a floppy disk.
Natas
Virus
51. The Natas Virus
The virus first appeared in Mexico City in May
1992, spread by a consultant using infected
floppy disks. The virus became widespread in
Mexico and the southwest United States.
The virus also made its way to the other side
of the USA, infecting computers at the United
States Secret Service knocking their network
offline for approximately three days.
Natas
Virus
52. The Natas Virus
When a file infected with Natas is executed, it
becomes memory resident, taking up 5,664
bytes in memory and infects the master boot
record and COMMAND.COM. The virus infects
files when they are executed, opened or
copied, appending its 4,746 bytes to .COM,
.EXE and .OVL files.
Natas
Virus
53.
54. A computer worm is program that replicates
itself in order to spread to other computers
(often using a computer network). Unlike a
computer virus, it does not need to attach
itself to an existing program
55. Worms usually slow down processor time,
and take up memory space, they also typically
take up network bandwidth.
Some worms that have been created are
designed only to spread, and do not attempt
to change the systems they pass through.
However, as the Morris worm and Mydoom
showed, even these worms can cause major
disruption by increasing network traffic.
56. Since the start of computer networks there
have been attempts to create useful worms,
for example, the Nachi family of worms tried
to download and install patches from
Microsoft's website to fix vulnerabilities in the
host system—by exploiting those same
vulnerabilities.
57. In practice, although this may have made
these systems more secure, it generated
considerable network traffic, rebooted the
machine in the course of patching it, and did
its work without the consent of the
computer's owner.
Several worms, like XSS worms, have been
written to research how worms spread. For
example, the effects of changes in social
activity or user behaviour.
59. The ILOVEYOU Worm
ILOVEYOU, sometimes referred to as Love
Letter, was a computer worm that attacked
tens of millions of Windows personal
computers on and after May 4th, 2000.
it started spreading as an email message with
the subject line "ILOVEYOU" and the
attachment "LOVE-LETTER-FOR-YOU.txt.vbs“
“I love
you”
worm
60. The ILOVEYOU Worm
The worm did damage on the local machine,
overwriting random types of files (including
Office files, image files, and audio files;
however after overwriting MP3 files the virus
would hide the file), and sent a copy of itself
to all addresses in the Windows Address Book
used by Microsoft Outlook.
“I love
you”
worm
61. The ILOVEYOU Worm
The worm originated in the Philippines,
thereafter across the world, moving first to
Hong Kong, then to Europe, and finally the
United States, as employees began their
workday that Friday morning. The outbreak
was later estimated to have caused US $5.5-
8.7 billion in damages worldwide, and
estimated to cost the US $15 billion to
remove the worm.
“I love
you”
worm
62.
63. A Trojan is a malicious program that
misrepresents itself to appear useful, routine,
or interesting in order to persuade a victim to
install it.
64. Trojans are generally spread by some form of
social engineering, for example where a user
is duped into executing an e-mail attachment
disguised to be unsuspicious, (e.g., a routine
form to be filled in), or by downloading.
Unlike computer viruses and worms, Trojans
generally do not attempt to inject themselves
into other files or otherwise propagate
themselves.
65. Types of things Trojans do:
◦ Destructive Behaviour
◦ Use of Resources, or Identity
◦ Money, Theft, or Ransom
◦ Data Theft
◦ Spying, Surveillance, or Stalking
66. Destructive Behaviour
◦ Crashing the computer or device.
◦ Modification or deletion of files.
◦ Data corruption.
◦ Formatting disks, destroying all contents.
◦ Spread malware across the network.
◦ Spy on user activities and access sensitive
information.
67. Use of Resources, or Identity
◦ Use of the machine as part of a botnet
(e.g. to perform automated spamming)
◦ Using computer resources for mining
cryptocurrencies
◦ Using the infected computer as proxy for
illegal activities and/or attacks on other
computers.
◦ Infecting other connected devices on the
network.
68. Money, Theft, or Ransom
◦ Electronic money theft
◦ Installing ransomware such as
CryptoLocker
69. Data Theft
◦ Data theft, including for industrial
espionage
◦ User passwords or payment card
information
◦ User personally identifiable information
◦ Trade secrets
70. Spying, Surveillance, or Stalking
◦ Keystroke logging
◦ Watching the user's screen
◦ Viewing the user's webcam
◦ Controlling the computer system remotely
72. The Gh0st RAT Trojan
Gh0st RAT is a Trojan horse for the Windows
platform that was used to hack into some of
the most sensitive computer networks on
Earth. It is a cyber spying computer program.
The "Rat" part of the name refers to the
software's ability to operate as a "Remote
Administration Tool".
Gh0st
RAT
Trojan
73. The Gh0st RAT Trojan
It can:
◦ Take full control of the remote screen.
◦ Provide real time as well as offline keystroke logging.
◦ Provide live feed of webcam, and microphone.
◦ Download remote binaries on the infected remote host.
◦ Take control of remote shutdown and reboot of host.
◦ Disable infected computer remote keyboard input.
◦ Enter into shell of remote infected host with full control.
◦ Provide a list of all the active processes.
Gh0st
RAT
Trojan
74. The Gh0st RAT Trojan
Gh0st Rat was originally made by the C.Rufus
Security Team in 2005. Just as with other
well-featured “off-the-shelf” trojans like
Poison Ivy, Hupigon and DarkComet it has
been used by all sorts of people – from script
kiddies to resourceful targeted attack actors.
Gh0st
RAT
Trojan
75. The Gh0st RAT Trojan
In less than two years (2007-2009) Gh0st Rat
infiltrated at least 1,295 computers in 103
countries, including many belonging to
embassies, foreign ministries and other
government offices, as well as the Dalai
Lama’s Tibetan exile centres in India,
Brussels, London and New York.
Gh0st
RAT
Trojan
76.
77. An unintentional attack is any breach of
security that was not as a result of a planned
intrusion.
For example, if two processes are updating
the same record and it results in an
incomplete modification of the record, that is
an unintentional attack.
78. The Year 2000 problem (aka the Millennium
bug, or the Y2K bug) was caused by
programmers who reduced the four-digit
year to two digits.
This made the year 2000 indistinguishable
from 1900.
79. Unintentional Denial-of-Service
When Michael Jackson died in 2009, websites
such as Google and Twitter slowed down or
even crashed. Many sites' servers thought the
requests were from a virus or spyware trying
to cause a denial-of-service attack, warning
users that their queries looked like
"automated requests from a computer virus
or spyware application".
80.
81. System protection is multifaceted, four
protection methods include:
◦ Antivirus Software
◦ Firewalls
◦ Patch Management
◦ Authentication
82. Antivirus Software is used to protect systems
from attack by malicious software.
83. The software can be preventative, diagnostic,
or a combination of both.
As new viruses are identified security vendors
and government agencies provide
information and updates about them.
84. Antivirus software is usually capable of
repairing files infected by a virus, but it
generally cannot repair the damage done by
worms, Trojans, and blended approaches.
This is since viruses usually add code to an
existing file, whereas worms, Trojans, and
blended approaches usually fully replace files.
85. Examples of Antivirus software include:
◦ Bitdefender Antivirus Plus
◦ Kaspersky Anti-Virus
◦ Webroot SecureAnywhere AntiVirus
◦ Emsisoft Anti-Malware
◦ F-Secure Anti-Virus 2015
◦ Malwarebytes Anti-Exploit
◦ McAfee AntiVirus Plus
◦ Panda Antivirus Pro
◦ Trend Micro Antivirus+ Security
◦ VoodooSoft VoodooShield
86. A firewall is a network security system that
monitors and controls the incoming and
outgoing network traffic based on
predetermined security rules.
87. Network firewalls can be software programs
running on general purpose hardware, or
hardware-based firewall computer
appliances, that filter traffic between two or
more networks.
Firewall appliances may also offer other
functionality to the internal network they
protect such as acting as a DHCP or VPN
server for that network.
88. Network firewalls can be software programs
running on general purpose hardware, or
hardware-based firewall computer
appliances, that filter traffic between two or
more networks.
Firewall appliances may also offer other
functionality to the internal network they
protect such as acting as a DHCP or VPN
server for that network.
89. Firewalls typically:
◦ Log activities that access the internet
◦ Maintain access control based on the senders’ and
receivers’ IP addresses
◦ Maintain access control based on the services being
requested
◦ Hide the internal network from unauthorized users
◦ Verify that virus protection is installed and running
◦ Perform authentication based on the source of a
request from the Internet
90. Firewalls use a combination of packet filtering
and proxy servers.
◦ Packet Filtering means that the firewall reviews all
of the header information of each packet coming
into the computer and going out to make sure there
is noting suspicious present.
◦ Proxy Servers sit in between the local computer
and network, and intercept all requests to the local
computer from the network, and verify them before
passing them onto the local computer.
92. A patch is a piece of software that can be
applied to an operating system (or any other
software) to correct an issue with that
software.
93. Most operating systems will have several
patches after their initial release and usually
update the version of the program when
successfully installed.
Software patches can be found through the
software developer's website, or are
automatically downloaded after each system
restart.
94. A security patch is a change applied to an
operating system to correct a discovered
vulnerability.
This corrective action will prevent successful
exploitation and remove or mitigate a threat’s
capability to exploit a specific vulnerability in
that operating system.
95. Security patches are the primary method of
fixing security vulnerabilities in operating
systems.
Currently Microsoft releases its security
patches once a month, and other operating
systems and software projects have security
teams dedicated to releasing the most
reliable software patches as soon after a
vulnerability announcement as possible.
96. Authentication is verification that an
individual trying to access the system is
authorised to do so.
97. Let’s consider passwords, they should be:
◦ Easy to remember
◦ Hard to guess
◦ Changed often
◦ Never written down
◦ Never part of an automated login
Passwords are stored on the system in an
encrypted format, so when you type in your
password, it is encrypted using the same
algorithm, and the two encryptions are
compared to verify.
101. The longer the password, the better.
◦ A password of eight (8) letters, just using lowercase
letters has 268 (208,827,064,576) possible
combinations.
◦ A password of ten (10) letters, just using lowercase
letters has 2610 (141,167,100,000,000) possible
combinations.
◦ A password of eight (8) letters, using all letters and
numbers has 958 (6,634,204,300,000,000) possible
combinations.
◦ A password of ten (10) letters, using all letters and
numbers has 9510 (59,873,694,000,000,000,000)
possible combinations.
102. Where are the passwords stored?
◦ On Windows:
c:windowssystem32configSAM
◦ On Linux
/etc/shadow
◦ On Unix and (some) Apple
/etc/passwd
103. Salting
Some operating systems (not Windows) make
the passwords even harder to guess by
adding in a few extra random bits into the
encrypted password. So even if two people
have the same password, they will be stored
differently.
105. CAPTCHAs
CAPTCHA ("Completely Automated Public Turing
test to tell Computers and Humans Apart") is a
type of challenge-response test.
The term was coined in 2003 by Luis von Ahn,
Manuel Blum, Nicholas J. Hopper, and John
Langford.
This form of CAPTCHA requires that the user
type the letters of a distorted image, sometimes
with the addition of an obscured sequence of
letters or digits that appears on the screen
106. reCAPTCHAs
The reCAPTCHA service supplies subscribing
websites with images of words that are hard
to read for optical character recognition
(OCR) software.
The text is obscured with horizontal lines and
warped.
107. Image reCAPTCHAs
In 2014, reCAPTCHA
implemented
another system in
which users are
asked to select one
or more images from
a selection of nine
images.
108. Smart Cards
A smart card, chip card, or integrated circuit card
(ICC) is any pocket-sized card that has
embedded integrated circuits.
Smart cards can be either contact or contactless
smart card. Smart cards can provide personal
identification, authentication, data storage, and
application processing.
Smart cards may provide strong security
authentication for single sign-on (SSO) within
large organizations.
109. Biometrics
Biometrics authentication (or realistic
authentication) is used as a form of identification
and access control.
Examples include, but are not limited to
fingerprint, palm veins, face recognition, DNA,
palm print, hand geometry, iris recognition,
retina and odour/scent.
Behavioral characteristics are related to the
pattern of behavior of a person, including but not
limited to typing rhythm, gait, and voice.
112. The operating system uses a number of
different ways to protect the system:
◦ Your credentials (e.g. username and password)
◦ Your authorisation (e.g. drwxr-x-r--)
◦ Your location (e.g. inside/outside the LAN)
◦ Your behaviour (e.g. deleting lots of files)
◦ The firewall