SlideShare ist ein Scribd-Unternehmen logo

Create a Security Lab Tutorial

Als DOCX, PDF herunterladen
C
ChereCheek752

Final Project Create a Security Lab Tutorial Look back to the course labs you’ve performed so far, lecture topics covered, and any other security topics in which you have interest. Which area would you like to further explore? Your final project is to expand your hands-on learning and understanding of security by creating your own lab. Students choose their security topics and what software to use. This is an opportunity to further explore an area of security you find interesting. Students may work in teams or individually, as preferred. Up to three students (max) may form a team to complete this final course project. Each student must demonstrate that he or she actively contributed to the project. Model your lab tutorial in a format similar to course labs (e.g., description of what the exercise does; numbered steps; URLs to sources used during an exercise posted as footnotes on the relevant page; screen shots that illustrate important input and output and that provide evidence the shots were taken by you; page numbers; etc.) Due Dates Assignment Due Team project proposal submitted on BB Discussion forum Tues, Nov 16, 2pm* Submit final project on Blackboard that includes: ** 1. your lab tutorial 2. presentation slides Thurs, Dec 9, 3pm** Team presentations Presentation : Thurs, Dec 9, 6-8pm*** * During class on Nov 16th, we will discuss each student team’s proposal. This is an opportunity for students to get feedback and further flush out their project ideas. Importantly, it is also the time when I’ll review the software and projects being proposed across the class to ensure a variety of projects. Some students may be asked to change their topic because too many students are proposing similar projects. In cases where several student teams propose projects that are too similar, the student/team posting the proposal first gets priority. Note: ensure there is only 1 Discussion forum post per team. ** Final project submissions are per team. If multiple submissions occur from a team, the last submission will be graded. A 3pm deadline is given so that I can organize the order of presentations, and helps me get familiar with your projects prior to your presentation, which is helpful. *** Students present their final project to the class. Each team member must be present and present some portion of the talk. IST 656, J. Spears, Fall 2021 Page 1 of 7 Final Project Learning Objective: 1. Expand knowledge gained from course software labs and lectures 2. Create a reasonably detailed lab tutorial that another person could complete 3. Obtain security information on a target in your lab 4. Create a working lab, self-troubleshooting as needed #1. Choose Project and Submit Proposal Choose an area of interest to you. The purpose of this final project is to expand your knowledge from previous course labs in one of the following areas of interest to you: · Network security operations and/or scanning · Data analytics of log files · Ma ...

Bildung
1 von 31
Final Project Create a Security Lab Tutorial Look back to the course labs you’ve performed so far, lecture topics covered, and any other security topics in which you have interest. Which area would you like to further explore? Your final project is to expand your hands-on learning and understanding of security by creating your own lab. Students choose their security topics and what software to use. This is an opportunity to further explore an area of security you find interesting. Students may work in teams or individually, as preferred. Up to three students (max) may form a team to complete this final course project. Each student must demonstrate that he or she actively contributed to the project. Model your lab tutorial in a format similar to course labs (e.g., description of what the exercise does; numbered steps; URLs to sources used during an exercise posted as footnotes on the relevant page; screen shots that illustrate important input and output and that provide evidence the shots were taken by you; page numbers; etc.) Due Dates Assignment Due Team project proposal submitted on BB Discussion forum Tues, Nov 16, 2pm* Submit final project on Blackboard that includes: ** 1. your lab tutorial 2. presentation slides Thurs, Dec 9, 3pm** Team presentations
Presentation : Thurs, Dec 9, 6-8pm*** * During class on Nov 16th, we will discuss each student team’s proposal. This is an opportunity for students to get feedback and further flush out their project ideas. Importantly, it is also the time when I’ll review the software and projects being proposed across the class to ensure a variety of projects. Some students may be asked to change their topic because too many students are proposing similar projects. In cases where several s tudent teams propose projects that are too similar, the student/team posting the proposal first gets priority. Note: ensure there is only 1 Discussion forum post per team. ** Final project submissions are per team. If multiple submissions occur from a team, the last submission will be graded. A 3pm deadline is given so that I can organize the order of presentations, and helps me get familiar with your projects prior to your presentation, which is helpful. *** Students present their final project to the class. Each team member must be present and present some portion of the talk. IST 656, J. Spears, Fall 2021 Page 1 of 7 Final Project Learning Objective: 1. Expand knowledge gained from course software labs and lectures 2. Create a reasonably detailed lab tutorial that another person could complete 3. Obtain security information on a target in your lab 4. Create a working lab, self-troubleshooting as needed #1. Choose Project and Submit Proposal Choose an area of interest to you.
The purpose of this final project is to expand your knowledge from previous course labs in one of the following areas of interest to you: · Network security operations and/or scanning · Data analytics of log files · Malware analysis · Network protocol analysis with Wireshark · Web or mobile application pen testing · Ethical hacking; cyber defense; vulnerability assessment; etc. · Other security topics, such as access control; encryption; secure code; security analytics Depending on the software used, it may be useful to install your project software in your Ubuntu VM. Alternatively, consider whether or not it is better for you to create a freshly configured VM. If you are interested in mobile app pen testing, I can provide a lab (from last spring!) that you can use (as-is) to setup an Android virtual device using Genymotion software. Each team member is expected to install the software used on the team project; perform the lab exercises; and trouble-shoot technical issues as needed. Some Final Project Suggestions: The following suggestions build on work you’ve done in previous labs. You are welcomed to work on software not listed below. Either way, submit your proposal by Nov 16th to ensure you’re on the right track. 1. Wireshark · Analyze malicious traffic · Detect password cracking attempts · Detect malicious activity shown in data packet analysis 2. Network protection: pfSense; OpenVPN; intrusion detection
system (Snort); creating a DNS using DNSSEC 3. Mobile app pen testing: Genymotion; apktool for reverse- engineering a mobile app; Bluetooth vulnerabilities using Kali Linux tools 4. Test or crack SSL encryption for a vulnerable mobile or web app 5. Conduct some type of cyber attack using, for example, Metasploit or Kali Linux software · Vulnerable apps: https://owasp.org/www-project-vulnerable- web-applications-directory/ (click on tabs); https://resources.infosecinstitute.com/topic/top-5-deliberately- vulnerable-web-applications-to-practice-your-skills-on/ Post your proposal on the Blackboard Discussion forum: By the 2pm deadline next Tues, Nov 16th, post a discussion thread containing a brief writeup of your proposed project. State: 1. The name(s) of who will work on this project (up to 3 students) · Note: if 3 students are on the project, then there needs to be enough work for 3 people. 2. What security software will be used? On which virtual machine (e.g., Ubuntu, or something else)? What target or vulnerable system do you plan to use? 3. What do you want to do with the software? What is the security issue being addressed? #2. Create a lab tutorial on an approved topic. Construct a Security Tutorial: Your tutorial must be reader-friendly, neatly formatted, with numbered steps, screenshots that illustrate important steps and output, and includes descriptions where most useful. Use page numbers. Your tutorial should be detailed enough so that a reader can easily perform your lab (and so that you could
duplicate the instructions yourself in the future if you choose). Use a format similar to that in course labs 1, 2, 4, 5, or 7. Begin your tutorial with a brief explanation of what your lab covers, the software used, and any data used. You are welcomed to use instructions from other online sources, but sources must be cited and multiple sources used. Cite the sources of your lab instructions as footnotes[footnoteRef:1] on the page where the source is used. In other words, cite within the body of the paper, not at the end of the document. [1: To make your document visible, cite your source as an endnote that includes the full URL.] It is not sufficient to only follow existing tutorials found from other sources. Instead, your tutorial must be customized and include original instructions -- written by you in your own words. Similarly, all screen shots included in your tutorial must be original and from your work. Include some screen shots that illustrate the portions of your tutorial that you customized (different from the online tutorials you found). In other words, do not simply retake a screen shot found online; customize your own narrative. Your tutorial must demonstrate specific security tasks and have specific results/output. The tutorial should have a narrative. In addition to security requirement, grading is based on: Caution: allow for sufficient time to trouble-shoot any technical problems your team may encounter when installing, configuring, and using your lab software. Grading Criteria for Lab Tutorial: 1. Complete and descriptive narrative, written in your own words, of the security issue your project lab is addressing; results are also described
2. Technical solution works; technical activities described; and results are interpreted in your own words. 3. Originality and depth 4. Readability / formatting 5. Repeatability If two or three students are named on the assignment, there must also be evidence that each student performed work on the project – e.g., each student has a screen shot showing his or her first name in the command prompt, title bar, filename, etc. Repeatability: · I should be able to perform the lab with only using your tutorial for the vast majority (e.g., 95%) of steps needed in order to install, configure, and execute the same lab. Though not an exhaustive list, include in your lab tutorial: · URL to software you’ve installed · URL to software description/instructions, etc. that you’re using · Step-by-step instructions · Screen shots that are helpful for reader to follow; must be readable for credit Originality and Depth: · Lab must focus on a security problem; have a purpose (e.g., to locate security vulnerabilities in X); have an outcome (e.g., list of vulnerabilities found); and contain explanations of what was performed and the outcome. · While a lab narrative is required to explain the purpose of the lab and what it is doing, the vast majority of the lab should be on the actual lab steps performed, along with relevant screen shots. · Similar to course labs, several screen shots must display students’ first name in some portion of the software window. Each team member must provide named screen shots. · While it is expected that students will initially reference
existing online sources to learn how to construct tutorial, it is expected that such online sources will be “adapted” – meaning that students will tailor and expand upon online sources. · Aim for at least 50%-60% of lab being original · If three students are on the team, then the tutorial should clearly contain the workload of three students. · Include a brief statement on the last page of lab stating what aspects of your lab were from other sources, and which parts are original content from you. · URLs to sources must be included. Major deductions will occur if this is omitted. · Only provide citations actually used/applied in your tutorial · Provide URLs as a footnote in the document where you used the source. In other words, not at the end of the doc, but embedded in your tutorial. · Please note that TurnItIn.com, or a similar tool will be used to determine originality. Readability/formatting: · Provide title page with project name and author(s) · Break tutorial into digestible and intuitive sections; label each section · Use page numbering; numbered steps; · Font size is 12 or 11-pt; section headers; bold font to highlight · Use spacing and blank lines as appropriate to increase readability · Format citations as footnotes on the same page (see course labs as examples) Completeness / Works: · The tutorial is approx. 10-15 pages, excluding a title page · The tutorial contains sections on: (a) new lab software installation and configuration, and (b) using the newly installed/configured software · Overall, the vast majority of your tutorial solution works · Evidence tutorial works is included in the tutorial via
screenshots #3. Present to class during final exam session: Create a PowerPoint or PDF presentation. Include a max of 6 slides, as listed below: First page: provide a title page with Lab name and team members Second page: introduce what your lab does. State the risk or security issue your lab addresses. Briefly (e.g., 1 sentence) state the purpose of the software your lab uses. (No need to mention Virtual Box or Ubuntu.) Pages 3, 4, 5: provide original screen shots from your work that best illustrate key elements of your completed project. Screen shots should zoom into content; be visible to audience. Page 6: Use to provide additional information the team feels is most valuable in presenting their project. Note: Do not provide wordy definitions or other explanations. Instead, focus on the actions performed in your lab, what they were trying to achieve, and the results. Explaining how your lab software was used within your lab exercises is also of interest. Grading Guidelines on presentation: · Your presentation is focused on a security issue · More time is spent on describing the technical solution and problem addressed · Screen shots must be reasonably readable to audience (i.e., zoom-in/focus on content) · Chosen screen shots are value-added (i.e., show us something substantive) · The security purpose/objective of your lab is clear to audience · Slide deck is complete, according to above instructions · If three students work on the project, then all three students are present
Passwords From SkullSecurity HEY EVERYBODY! If you like this page, please consider supporting me on Patreon (https://www.patreon.com /iagox86)! Contents 1 Password dictionaries 2 Leaked passwords 2.1 Statistics 3 Miscellaneous non-hacking dictionaries 3.1 Facebook lists Password dictionaries These are dictionaries that come with tools/worms/etc, designed for cracking passwords. As far as I know, I'm not breaking any licensing agreements by mirroring them with credit; if you don't want me to host one of these files, let me know and I'll remove it. Name Compressed Uncompressed Notes John the Ripper (http://www.openwall.com/john/) john.txt.bz2 (http://downloads.skullsecurity.org /passwords/john.txt.bz2) (10,934 bytes) n/a
Simple, extremely good, designed to be modified Cain & Abel (http://www.oxid.it /cain.html) cain.txt.bz2 (http://downloads.skullsecurity.org /passwords/cain.txt.bz2) (1,069,968 bytes) n/a Fairly comprehensive, not ordered Conficker worm conficker.txt.bz2 (http://downloads.skullsecurity.org /passwords/conficker.txt.bz2) (1411 bytes) n/a Used by conficker worm to spread -- low quality 500 worst passwords (http://www.whatsmypass.com /?p=415) 500-worst-passwords.txt.bz2 (http://downloads.skullsecurity.org/passwords/500- worst-passwords.txt.bz2) (1868 bytes)
n/a 370 Banned Twitter passwords (http://techcrunch.com/2009/12 /27/twitter-banned-passwords/) twitter-banned.txt.bz2 (http://downloads.skullsecurity.org/passwords/twitter- banned.txt.bz2) (1509 bytes) n/a Leaked passwords Passwords that were leaked or stolen from sites. I'm hosting them because it seems like nobody else does (hopefully it isn't because hosting them is illegal :)). Naturally, I'm not the one who stole these; I simply found them online, removed any names/email addresses/etc (I don't see any reason to supply usernames -- if you do Passwords - SkullSecurity https://wiki.skullsecurity.org/index.php?title=Passwords 1 of 5 12/11/20, 3:05 AM have a good reason, email me (ron-at-skullsecurity.net) and I'll see if I have them. The best use of these is to generate or test password lists. Note: The dates are approximate. Name Compressed Uncompressed Date Notes
Rockyou rockyou.txt.bz2 (http://downloads.skullsecurity.org /passwords/rockyou.txt.bz2) (60,498,886 bytes) n/a 2009-12 Best list available; huge, stolen unencryptedRockyou with count rockyou-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /rockyou-withcount.txt.bz2) (59,500,255 bytes) n/a phpbb phpbb.txt.bz2 (http://downloads.skullsecurity.org /passwords/phpbb.txt.bz2) (868,606 bytes) n/a 2009-01 Ordered by commonness Cracked from md5 by Brandon Enright (97%+ coverage)
phpbb with count phpbb-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/phpbb- withcount.txt.bz2) (872,867 bytes) n/a phpbb with md5 phpbb-withmd5.txt.bz2 (http://downloads.skullsecurity.org/passwords/phpbb- withmd5.txt.bz2) (4,117,887 bytes) n/a MySpace myspace.txt.bz2 (http://downloads.skullsecurity.org /passwords/myspace.txt.bz2) (175,970 bytes) n/a 2006-10 Captured via phishing MySpace - with count myspace-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /myspace-withcount.txt.bz2) (179,929 bytes) n/a Hotmail hotmail.txt.bz2 (http://downloads.skullsecurity.org /passwords/hotmail.txt.bz2) (47,195 bytes)
n/a Unknown Isn't clearly understood how these were stolenHotmail with count hotmail-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /hotmail-withcount.txt.bz2) (47,975 bytes) n/a Faithwriters (http://forums.crosswalk.com /m_4252083/mpage_1/tm.htm) faithwriters.txt.bz2 (http://downloads.skullsecurity.org/passwords /faithwriters.txt.bz2) (39,327 bytes) n/a 2009-03 Religious passwords Faithwriters - with count faithwriters-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /faithwriters-withcount.txt.bz2) (40,233 bytes) n/a
Elitehacker elitehacker.txt.bz2 (http://downloads.skullsecurity.org /passwords/elitehacker.txt.bz2) (3,690 bytes) n/a 2009-07 Part of zf05.txt Elitehacker - with count elitehacker-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /elitehacker-withcount.txt.bz2) (3,846 bytes) n/a Hak5 hak5.txt.bz2 (http://downloads.skullsecurity.org /passwords/hak5.txt.bz2) (16,490 bytes) n/a 2009-07 Part of zf05.txt Hak5 - with count hak5-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/hak5- withcount.txt.bz2) (16,947 bytes) n/a Älypää (http://www.f-secure.com /weblog/archives/00001915.html)
alypaa.txt.bz2 (http://downloads.skullsecurity.org /passwords/alypaa.txt.bz2) (5,178 bytes) n/a 2010-03 Finnish passwordsalypaa (http://www.f-secure.com /weblog/archives/00001915.html) - with count alypaa-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /alypaa-withcount.txt.bz2) (6,013 bytes) n/a Facebook (Pastebay) (http://twitter.com/FSLabsAdvisor /status/12585285761) facebook-pastebay.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-pastebay.txt.bz2) (375 bytes) n/a 2010-04 Found on Pastebay; appear to be malware- stolen.
Facebook (Pastebay) (http://twitter.com/FSLabsAdvisor /status/12585285761) - w/ count facebook-pastebay-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-pastebay-withcount.txt.bz2) (407 bytes) n/a Unknown porn site porn-unknown.txt.bz2 (http://downloads.skullsecurity.org/passwords/porn- unknown.txt.bz2) (30,600 bytes) n/a 2010-08 Found on angelfire.com. No clue where they originated, but clearly porn site. Unknown porn site - w/ count porn-unknown-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/porn- unknown-withcount.txt.bz2) (31,899 bytes) n/a Passwords - SkullSecurity
https://wiki.skullsecurity.org/index.php?title=Passwords 2 of 5 12/11/20, 3:05 AM Ultimate Strip Club List (http://sla.ckers.org/forum /read.php?3,35591) tuscl.txt.bz2 (http://downloads.skullsecurity.org /passwords/tuscl.txt.bz2) (176,291 bytes) n/a 2010-09 Thanks to Mark Baggett for finding! Ultimate Strip Club List - w/ count tuscl-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/tuscl - withcount.txt.bz2) (182,441 bytes) n/a [Facebook Phished] facebook-phished.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-phished.txt.bz2) (14,457 bytes) n/a 2010-09 Thanks to
Andrew Orr for reporting Facebook Phished - w/ count facebook-phished-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-phished-withcount.txt.bz2) (14,941 bytes) n/a Carders.cc carders.cc.txt.bz2 (http://downloads.skullsecurity.org /passwords/carders.cc.txt.bz2) (8,936 bytes) n/a 2010-05 Carders.cc - w/ count carders.cc-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /carders.cc-withcount.txt.bz2) (9,774 bytes) n/a Singles.org singles.org.txt.bz2 (http://downloads.skullsecurity.org /passwords/singles.org.txt.bz2) (50,697 bytes) n/a 2010-10 Singles.org - w/ count singles.org-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords
/singles.org-withcount.txt.bz2) (52,884 bytes) n/a Unnamed financial site (reserved) (reserved) 2010-12 Unnamed financial site - w/ count (reserved) (reserved) Gawker (reserved) (reserved) 2010-12 Gawker - w/ count (reserved) (reserved) Free-Hack.com (reserved) (reserved) 2010-12 Free-Hack.com w/count (reserved) (reserved) Carders.cc (second time hacked) (reserved) (reserved) 2010-12Carders.cc w/count (second time hacked) (reserved) (reserved) Statistics I did some tests of my various dictionaries against the different sets of leaked passwords. I grouped them by the password set they were trying to crack: cracked_500worst.png (http://www.skullsecurity.org/blogdata/cracked_500worst.png) cracked_elitehackers.png (http://www.skullsecurity.org/blogdata/cracked_elitehackers.pn g) cracked_faithwriters.png (http://www.skullsecurity.org/blogdata/cracked_faithwriters.png
) cracked_hak5.png (http://www.skullsecurity.org/blogdata/cracked_hak5.png) cracked_hotmail.png (http://www.skullsecurity.org/blogdata/cracked_hotmail.png) cracked_myspace.png (http://www.skullsecurity.org/blogdata/cracked_myspace.png) cracked_phpbb.png (http://www.skullsecurity.org/blogdata/cracked_phpbb.png) cracked_rockyou.png (http://www.skullsecurity.org/blogdata/cracked_rockyou.png) Miscellaneous non-hacking dictionaries These are dictionaries of words (etc), not passwords. They may be useful for one reason or another. Name Compressed Uncompressed Notes English english.txt.bz2 (http://downloads.skullsecurity.org /passwords/english.txt.bz2) (1,368,101 bytes) n/a My combination of a couple lists, from Andrew Orr (https://twitter.com/xorrbit), Brandon Enright, and Seth (http://xd-blog.com.ar/) German german.txt.bz2 (http://downloads.skullsecurity.org /passwords/german.txt.bz2) (2,371,487 bytes) n/a Compiled by Brandon Enright
Passwords - SkullSecurity https://wiki.skullsecurity.org/index.php?title=Passwords 3 of 5 12/11/20, 3:05 AM American cities (http://ha.ckers.org /blog/20090417/us- cities-dictionary/) us_cities.txt.bz2 (http://downloads.skullsecurity.org /passwords/us_cities.txt.bz2) (77,081 bytes) n/a Generated by RSnake "Porno" porno.txt.bz2 (http://downloads.skullsecurity.org /passwords/porno.txt.bz2) (7,158,285 bytes) n/a World's largest porno password collection! Created by Matt Weir (http://reusablesec.blogspot.com/) Honeynet honeynet.txt.bz2 (http://downloads.skullsecurity.org /passwords/honeynet.txt.bz2) (889,525 bytes) n/a From a honeynet run by Joshua Gimer (http://twitter.com/jgimer)
Honeynet - w/ count honeynet-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /honeynet-withcount.txt.bz2) (901,868 bytes) n/a File locations file-locations.txt.bz2 (http://downloads.skullsecurity.org /passwords/file-locations.txt.bz2) (1,724 bytes) n/a Potential logfile locations (for LFI, etc). Thanks to Seth (http://xd- blog.com.ar/)! Fuzzing strings (Python) fuzzing-strings.txt.bz2 (http://downloads.skullsecurity.org/passwords/fuzzing- strings.txt.bz2) (276 bytes) n/a Thanks to Seth (http://xd- blog.com.ar/)! PHPMyAdmin locations phpmyadmin-locations.txt.bz2 (http://downloads.skullsecurity.org/passwords /phpmyadmin-locations.txt.bz2) (304 bytes)
n/a Potential PHPMyAdmin locations. Thanks to Seth (http://xd- blog.com.ar/)! Web extensions web-extensions.txt.bz2 (http://downloads.skullsecurity.org/passwords/web- extensions.txt.bz2) (117 bytes) n/a Common extensions for Web files. Thanks to dirb (http://www.open- labs.org/)! Web mutations web-mutations.txt.bz2 (http://downloads.skullsecurity.org/passwords/web- mutations.txt.bz2) (177 bytes) n/a Common 'mutations' for Web files. Thanks to dirb (http://www.open- labs.org/)! DirBuster (http://www.owasp.org/index.php/Category:OWASP_DirBuster_ Project#tab=Download) has some awesome lists, too -- usernames and filenames.
Facebook lists These are the lists I generated from this data (http://www.skullsecurity.org/blog/?p=887). Some are more useful than others as password lists. All lists are sorted by commonness. If you want a bunch of these, I highly recommend using the torrent (http://www.skullsecurity.org/blogdata /fbdata.torrent). It's faster, and you'll get them all at once. Name Compressed Uncompressed Date Notes Full names facebook-names-unique.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- names-unique.txt.bz2) (479,332,623 bytes) n/a 2010-08 Full names - w/ count facebook-names-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- names-withcount.txt.bz2) (477,274,173 bytes) n/a First names facebook-firstnames.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- firstnames.txt.bz2) (16,464,124 bytes)
n/a 2010-08 First names - w/ count facebook-firstnames-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- firstnames-withcount.txt.bz2) (73,134,218 bytes) n/a Last names facebook-lastnames.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- lastnames.txt.bz2) (21,176,444 bytes) n/a 2010-08 Last names - w/ count facebook-lastnames-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- lastnames-withcount.txt.bz2) (21,166,232 bytes) n/a Passwords - SkullSecurity https://wiki.skullsecurity.org/index.php?title=Passwords 4 of 5 12/11/20, 3:05 AM First initial last names facebook-f.last.txt.bz2 (http://downloads.skullsecurity.org
/passwords/facebook-f.last.txt.bz2) (67,110,776 bytes) n/a 2010-08 First initial last names - w/ count facebook-f.last-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- f.last-withcount.txt.bz2) (66,348,431 bytes) n/a First name last initial facebook-first.l.txt.bz2 (http://downloads.skullsecurity.org /passwords/facebook-first.l.txt.bz2) (37,463,798 bytes) n/a 2010-08 First name last initial facebook-first.l-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- first.l-withcount.txt.bz2) (36,932,295 bytes) n/a Retrieved from "https://wiki.skullsecurity.org/index.php?title=Passwords&oldid =3203" This page was last modified on 18 May 2015, at 23:53. Passwords - SkullSecurity
https://wiki.skullsecurity.org/index.php?title=Passwords 5 of 5 12/11/20, 3:05 AM Publicly Available Security Data Sets https://www.unb.ca/cic/datasets/index.html (contains a long list of links to data sets) http://www.secrepo.com/ (contains a long list of links to data sets) https://digitalcorpora.org/corpora/cell-phones Comprehensive, Multi-Source Cyber-Security Events · data: https://csr.lanl.gov/data/ · data structure: https://csr.lanl.gov/data/cyber1/ Unified Network and Host Event Data, Nov 2018 · Data and data definition: https://csr.lanl.gov/data/2017/ Scenarios (for forensic analysis): https://digitalcorpora.org/corpora/scenarios · Scenarios are collections of multiple disk images, memory dumps, network traffic, and/or data from portable devices. There are currently 5. · https://digitalcorpora.org/corpora/scenarios/2018-lone-wolf- scenario · The 2018 Lone Wolf scenario is a set of materials from the a fictional seizure of a laptop of a fictional individual who was planning a mass shooting. In the scenario, the individual’s brother alerted the police regarding the increasingly concerning behavior of his brother. As a result of the alert, the police seized the brother’s laptop. The laptop was then imaged with
the FTK Imager program. · https://digitalcorpora.org/corpora/scenarios/obtaining- solutions · The Lone Wolf scenario uses FTK Imager · Software download: https://accessdata.com/product- download/ftk-imager-version-4-5 · Tutorial: https://eforensicsmag.com/how-to-investigate-files- with-ftk-imager/ Tutorials (read!): https://eforensicsmag.com/downloads/free/ (register free acct) · https://eforensicsmag.com/download/preview-set-your-osint- environment/ · https://eforensicsmag.com/download/preview-unveiling-the- hidden-content-on-youtube/ · see article on OSINT on Video Conferencing Applications · https://eforensicsmag.com/download/preview-nmap- metasploit-netcat/ · https://eforensicsmag.com/download/preview-different- approaches-to-memory-forensics/ · https://eforensicsmag.com/download/all-in-one-digital- forensics-tutorial-compilation/ · https://eforensicsmag.com/category/free-course-content/ · https://eforensicsmag.com/shodan-in-the-cli-free-course- video/ · https://eforensicsmag.com/security-onion-deployment- scenarios-free-course-video/ https://eforensicsmag.com/android- forensics-challenge-free-course-content/ (I downloaded the data; need to print this page w/challenge) · https://eforensicsmag.com/android-malware-analysis-tools- free-course-video/ · https://eforensicsmag.com/android-security-model-infections- and-detection-methods-free-course-content/ · https://eforensicsmag.com/thunderbird-artifacts-free-course- content/
https://santoku-linux.com/ (free, open source mobile security testing tool) https://digitalcorpora.org/ https://www.netresec.com/index.ashx?page=PcapFiles (contains a list of pcap data sets, including labs) https://vizsec.org/data/ (contains a long list of links to data sets) https://github.com/hgascon/security-datasets (honeypot; network traffic; malware; CTF) Data-Driven Security book that I own. Here are their datasets: · https://datadrivensecurity.info/blog/pages/dds-dataset- collection.html (honeypot & malware) · https://datadrivensecurity.info/blo g/posts/2014/Jan/blander- part1/ Online ebooks: https://datadrivensecurity.info/blog/pages/resources.html Intrusion Detection system data containing 9 different attack types: https://www.unsw.adfa.edu.au/unsw-canberra- cyber/cybersecurity/ADFA-NB15-Datasets/ Wireshark tutorials: https://www.varonis.com/blog/how-to-use-wireshark/ https://hackonology.com/courses/kali-linux/lesson/wireshark-a- complete-tutorial/ https://www.hackingarticles.in/understanding-guide-icmp- protocol-wireshark/
https://www.hackers-arise.com/post/2018/09/24/network- forensics-wireshark-basics-part-1 https://jerrybanfield.com/sniffing-netsniff-ng-wireshark- ettercap/ https://learn.sparkfun.com/tutorials/hexadecimal/all https://hackertarget.com/wireshark-tutorial-and-cheat-sheet/ https://towardsdatascience.com/data-analysis-for-cybersecurity- 101-detecting-data-exfiltration-ae887594f675

Empfohlen

Csec 640 Enthusiastic Study / snaptutorial.com
Csec 640 Enthusiastic Study / snaptutorial.comCsec 640 Enthusiastic Study / snaptutorial.com
Csec 640 Enthusiastic Study / snaptutorial.comStephenson54
 
Csec 640 Success Begins - snaptutorial.com
Csec 640 Success Begins - snaptutorial.comCsec 640 Success Begins - snaptutorial.com
Csec 640 Success Begins - snaptutorial.comWilliamsTaylorz
 
7th sem
7th sem7th sem
7th semnastysuman009
 
7th sem
7th sem7th sem
7th semnastysuman009
 
Coursework2 2013 distributed systems(1)
Coursework2 2013 distributed systems(1)Coursework2 2013 distributed systems(1)
Coursework2 2013 distributed systems(1)randomP786
 
01.intro
01.intro01.intro
01.introPhilip Johnson
 
Devops syllabus
Devops syllabusDevops syllabus
Devops syllabusLen Bass
 
Design and Implement Security Operat.docx
Design and Implement Security Operat.docxDesign and Implement Security Operat.docx
Design and Implement Security Operat.docxtheodorelove43763
 

Empfohlen

Csec 640 Enthusiastic Study / snaptutorial.com
Csec 640 Enthusiastic Study / snaptutorial.comCsec 640 Enthusiastic Study / snaptutorial.com
Csec 640 Enthusiastic Study / snaptutorial.comStephenson54
 
Csec 640 Success Begins - snaptutorial.com
Csec 640 Success Begins - snaptutorial.comCsec 640 Success Begins - snaptutorial.com
Csec 640 Success Begins - snaptutorial.comWilliamsTaylorz
 
7th sem
7th sem7th sem
7th semnastysuman009
 
7th sem
7th sem7th sem
7th semnastysuman009
 
Coursework2 2013 distributed systems(1)
Coursework2 2013 distributed systems(1)Coursework2 2013 distributed systems(1)
Coursework2 2013 distributed systems(1)randomP786
 
01.intro
01.intro01.intro
01.introPhilip Johnson
 
Devops syllabus
Devops syllabusDevops syllabus
Devops syllabusLen Bass
 
Design and Implement Security Operat.docx
Design and Implement Security Operat.docxDesign and Implement Security Operat.docx
Design and Implement Security Operat.docxtheodorelove43763
 
MN502Overview of Network SecurityPage 6 of 6Assessment D.docx
MN502Overview of Network SecurityPage 6 of 6Assessment D.docxMN502Overview of Network SecurityPage 6 of 6Assessment D.docx
MN502Overview of Network SecurityPage 6 of 6Assessment D.docxraju957290
 
AppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOpsAppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOpsCheckmarx
 
HND Assignment Brief Session Sept.docx
HND Assignment Brief Session Sept.docx HND Assignment Brief Session Sept.docx
HND Assignment Brief Session Sept.docxjoyjonna282
 
6062 comp cwk2 17 18 new template
6062 comp cwk2 17 18 new template6062 comp cwk2 17 18 new template
6062 comp cwk2 17 18 new templateElliot Byrne
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingJakub Ruzicka
 
Multimedia Systems Development (IT441) Assignment 4Deadline 30-.docx
Multimedia Systems Development (IT441) Assignment 4Deadline 30-.docxMultimedia Systems Development (IT441) Assignment 4Deadline 30-.docx
Multimedia Systems Development (IT441) Assignment 4Deadline 30-.docxgilpinleeanna
 
LearningOutcomesassessedin
LearningOutcomesassessedinLearningOutcomesassessedin
LearningOutcomesassessedinJospehStull43
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Testing in multiplatform environment
Testing in multiplatform environmentTesting in multiplatform environment
Testing in multiplatform environmentshivanichauhan1953
 
Chaos Engineering 101: A Field Guide
Chaos Engineering 101: A Field GuideChaos Engineering 101: A Field Guide
Chaos Engineering 101: A Field Guidematthewbrahms
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comBaileyabw
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comrobertlesew6
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comDavisMurphyA97
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comdonaldzs8
 
please read the attached file cearfully before telling me you can do.docx
please read the attached file cearfully before telling me you can do.docxplease read the attached file cearfully before telling me you can do.docx
please read the attached file cearfully before telling me you can do.docxChereCheek752
 
please read my post carefully.then place handshakei have the wor.docx
please read my post carefully.then place handshakei have the wor.docxplease read my post carefully.then place handshakei have the wor.docx
please read my post carefully.then place handshakei have the wor.docxChereCheek752
 

Weitere ähnliche Inhalte

Ähnlich wie Create a Security Lab Tutorial

MN502Overview of Network SecurityPage 6 of 6Assessment D.docx
MN502Overview of Network SecurityPage 6 of 6Assessment D.docxMN502Overview of Network SecurityPage 6 of 6Assessment D.docx
MN502Overview of Network SecurityPage 6 of 6Assessment D.docxraju957290
 
AppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOpsAppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOpsCheckmarx
 
HND Assignment Brief Session Sept.docx
HND Assignment Brief Session Sept.docx HND Assignment Brief Session Sept.docx
HND Assignment Brief Session Sept.docxjoyjonna282
 
6062 comp cwk2 17 18 new template
6062 comp cwk2 17 18 new template6062 comp cwk2 17 18 new template
6062 comp cwk2 17 18 new templateElliot Byrne
 
Multimedia Systems Development (IT441) Assignment 4Deadline 30-.docx
Multimedia Systems Development (IT441) Assignment 4Deadline 30-.docxMultimedia Systems Development (IT441) Assignment 4Deadline 30-.docx
Multimedia Systems Development (IT441) Assignment 4Deadline 30-.docxgilpinleeanna
 
LearningOutcomesassessedin
LearningOutcomesassessedinLearningOutcomesassessedin
LearningOutcomesassessedinJospehStull43
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Testing in multiplatform environment
Testing in multiplatform environmentTesting in multiplatform environment
Testing in multiplatform environmentshivanichauhan1953
 
Chaos Engineering 101: A Field Guide
Chaos Engineering 101: A Field GuideChaos Engineering 101: A Field Guide
Chaos Engineering 101: A Field Guidematthewbrahms
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comBaileyabw
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comrobertlesew6
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comDavisMurphyA97
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comdonaldzs8
 

Ähnlich wie Create a Security Lab Tutorial (20)

MN502Overview of Network SecurityPage 6 of 6Assessment D.docx
MN502Overview of Network SecurityPage 6 of 6Assessment D.docxMN502Overview of Network SecurityPage 6 of 6Assessment D.docx
MN502Overview of Network SecurityPage 6 of 6Assessment D.docx
 
AppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOpsAppSec How-To: Achieving Security in DevOps
AppSec How-To: Achieving Security in DevOps
 
HND Assignment Brief Session Sept.docx
HND Assignment Brief Session Sept.docx HND Assignment Brief Session Sept.docx
HND Assignment Brief Session Sept.docx
 
6062 comp cwk2 17 18 new template
6062 comp cwk2 17 18 new template6062 comp cwk2 17 18 new template
6062 comp cwk2 17 18 new template
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Multimedia Systems Development (IT441) Assignment 4Deadline 30-.docx
Multimedia Systems Development (IT441) Assignment 4Deadline 30-.docxMultimedia Systems Development (IT441) Assignment 4Deadline 30-.docx
Multimedia Systems Development (IT441) Assignment 4Deadline 30-.docx
 
LearningOutcomesassessedin
LearningOutcomesassessedinLearningOutcomesassessedin
LearningOutcomesassessedin
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.com
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
 
Testing in multiplatform environment
Testing in multiplatform environmentTesting in multiplatform environment
Testing in multiplatform environment
 
Chaos Engineering 101: A Field Guide
Chaos Engineering 101: A Field GuideChaos Engineering 101: A Field Guide
Chaos Engineering 101: A Field Guide
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.com
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.com
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.com
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.com
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.com
 

Mehr von ChereCheek752

please read the attached file cearfully before telling me you can do.docx
please read the attached file cearfully before telling me you can do.docxplease read the attached file cearfully before telling me you can do.docx
please read the attached file cearfully before telling me you can do.docxChereCheek752
 
please read my post carefully.then place handshakei have the wor.docx
please read my post carefully.then place handshakei have the wor.docxplease read my post carefully.then place handshakei have the wor.docx
please read my post carefully.then place handshakei have the wor.docxChereCheek752
 
Please read the attachment.Please write a pure Essay Paper. Plea.docx
Please read the attachment.Please write a pure Essay Paper. Plea.docxPlease read the attachment.Please write a pure Essay Paper. Plea.docx
Please read the attachment.Please write a pure Essay Paper. Plea.docxChereCheek752
 
Please read first because this Assignment is for correction.Plea.docx
Please read first because this Assignment is for correction.Plea.docxPlease read first because this Assignment is for correction.Plea.docx
Please read first because this Assignment is for correction.Plea.docxChereCheek752
 
Please read below, and write esaay.I need 3 pages.Overvi.docx
Please read below, and write esaay.I need 3 pages.Overvi.docxPlease read below, and write esaay.I need 3 pages.Overvi.docx
Please read below, and write esaay.I need 3 pages.Overvi.docxChereCheek752
 
Please Read Before RespondingI need assistance with a .docx
Please Read Before RespondingI need assistance with a .docxPlease Read Before RespondingI need assistance with a .docx
Please Read Before RespondingI need assistance with a .docxChereCheek752
 
Please provide response to the below post. Topic #1) You are an .docx
Please provide response to the below post. Topic #1) You are an .docxPlease provide response to the below post. Topic #1) You are an .docx
Please provide response to the below post. Topic #1) You are an .docxChereCheek752
 
Please provide an annotation for the two articles attached AND ide.docx
Please provide an annotation for the two articles attached AND ide.docxPlease provide an annotation for the two articles attached AND ide.docx
Please provide an annotation for the two articles attached AND ide.docxChereCheek752
 
Please provide a statement that addresses your reasons for transferr.docx
Please provide a statement that addresses your reasons for transferr.docxPlease provide a statement that addresses your reasons for transferr.docx
Please provide a statement that addresses your reasons for transferr.docxChereCheek752
 
Please provide a brief response to the following questions1) How .docx
Please provide a brief response to the following questions1) How .docxPlease provide a brief response to the following questions1) How .docx
Please provide a brief response to the following questions1) How .docxChereCheek752
 
PLEASE NOTE OF SOURCESMATERIALS ALSO INCLUDED---USE THEMT.docx
PLEASE NOTE OF SOURCESMATERIALS ALSO INCLUDED---USE THEMT.docxPLEASE NOTE OF SOURCESMATERIALS ALSO INCLUDED---USE THEMT.docx
PLEASE NOTE OF SOURCESMATERIALS ALSO INCLUDED---USE THEMT.docxChereCheek752
 
Please note that the following vignettes represent samples of the ty.docx
Please note that the following vignettes represent samples of the ty.docxPlease note that the following vignettes represent samples of the ty.docx
Please note that the following vignettes represent samples of the ty.docxChereCheek752
 
Please no plagiarism. I have attached an example to go by. The popul.docx
Please no plagiarism. I have attached an example to go by. The popul.docxPlease no plagiarism. I have attached an example to go by. The popul.docx
Please no plagiarism. I have attached an example to go by. The popul.docxChereCheek752
 
PLEASE NO PLAGIARIZE!! Have 10 hours to fullfil this work. 1page or .docx
PLEASE NO PLAGIARIZE!! Have 10 hours to fullfil this work. 1page or .docxPLEASE NO PLAGIARIZE!! Have 10 hours to fullfil this work. 1page or .docx
PLEASE NO PLAGIARIZE!! Have 10 hours to fullfil this work. 1page or .docxChereCheek752
 
Please Paraphrase the following into a more scholarly toneI f.docx
Please Paraphrase the following into a more scholarly toneI f.docxPlease Paraphrase the following into a more scholarly toneI f.docx
Please Paraphrase the following into a more scholarly toneI f.docxChereCheek752
 
Please only respond if you are familiar with raspberry piIam loo.docx
Please only respond if you are familiar with raspberry piIam loo.docxPlease only respond if you are familiar with raspberry piIam loo.docx
Please only respond if you are familiar with raspberry piIam loo.docxChereCheek752
 
Please note this is 2 ASSIGNMENTS ......Please only orginial work on.docx
Please note this is 2 ASSIGNMENTS ......Please only orginial work on.docxPlease note this is 2 ASSIGNMENTS ......Please only orginial work on.docx
Please note this is 2 ASSIGNMENTS ......Please only orginial work on.docxChereCheek752
 
PLEASE NEED TWO RESPONSES TWO HUNDRED WORDS EACHDistinguish b.docx
PLEASE NEED TWO RESPONSES TWO HUNDRED WORDS EACHDistinguish b.docxPLEASE NEED TWO RESPONSES TWO HUNDRED WORDS EACHDistinguish b.docx
PLEASE NEED TWO RESPONSES TWO HUNDRED WORDS EACHDistinguish b.docxChereCheek752
 
Please no plagiarism and make sure you are able to access all resour.docx
Please no plagiarism and make sure you are able to access all resour.docxPlease no plagiarism and make sure you are able to access all resour.docx
Please no plagiarism and make sure you are able to access all resour.docxChereCheek752
 
Please need two posts of 200 words each. Discuss the ways in whi.docx
Please need two posts of 200 words each. Discuss the ways in whi.docxPlease need two posts of 200 words each. Discuss the ways in whi.docx
Please need two posts of 200 words each. Discuss the ways in whi.docxChereCheek752
 

Mehr von ChereCheek752 (20)

please read the attached file cearfully before telling me you can do.docx
please read the attached file cearfully before telling me you can do.docxplease read the attached file cearfully before telling me you can do.docx
please read the attached file cearfully before telling me you can do.docx
 
please read my post carefully.then place handshakei have the wor.docx
please read my post carefully.then place handshakei have the wor.docxplease read my post carefully.then place handshakei have the wor.docx
please read my post carefully.then place handshakei have the wor.docx
 
Please read the attachment.Please write a pure Essay Paper. Plea.docx
Please read the attachment.Please write a pure Essay Paper. Plea.docxPlease read the attachment.Please write a pure Essay Paper. Plea.docx
Please read the attachment.Please write a pure Essay Paper. Plea.docx
 
Please read first because this Assignment is for correction.Plea.docx
Please read first because this Assignment is for correction.Plea.docxPlease read first because this Assignment is for correction.Plea.docx
Please read first because this Assignment is for correction.Plea.docx
 
Please read below, and write esaay.I need 3 pages.Overvi.docx
Please read below, and write esaay.I need 3 pages.Overvi.docxPlease read below, and write esaay.I need 3 pages.Overvi.docx
Please read below, and write esaay.I need 3 pages.Overvi.docx
 
Please Read Before RespondingI need assistance with a .docx
Please Read Before RespondingI need assistance with a .docxPlease Read Before RespondingI need assistance with a .docx
Please Read Before RespondingI need assistance with a .docx
 
Please provide response to the below post. Topic #1) You are an .docx
Please provide response to the below post. Topic #1) You are an .docxPlease provide response to the below post. Topic #1) You are an .docx
Please provide response to the below post. Topic #1) You are an .docx
 
Please provide an annotation for the two articles attached AND ide.docx
Please provide an annotation for the two articles attached AND ide.docxPlease provide an annotation for the two articles attached AND ide.docx
Please provide an annotation for the two articles attached AND ide.docx
 
Please provide a statement that addresses your reasons for transferr.docx
Please provide a statement that addresses your reasons for transferr.docxPlease provide a statement that addresses your reasons for transferr.docx
Please provide a statement that addresses your reasons for transferr.docx
 
Please provide a brief response to the following questions1) How .docx
Please provide a brief response to the following questions1) How .docxPlease provide a brief response to the following questions1) How .docx
Please provide a brief response to the following questions1) How .docx
 
PLEASE NOTE OF SOURCESMATERIALS ALSO INCLUDED---USE THEMT.docx
PLEASE NOTE OF SOURCESMATERIALS ALSO INCLUDED---USE THEMT.docxPLEASE NOTE OF SOURCESMATERIALS ALSO INCLUDED---USE THEMT.docx
PLEASE NOTE OF SOURCESMATERIALS ALSO INCLUDED---USE THEMT.docx
 
Please note that the following vignettes represent samples of the ty.docx
Please note that the following vignettes represent samples of the ty.docxPlease note that the following vignettes represent samples of the ty.docx
Please note that the following vignettes represent samples of the ty.docx
 
Please no plagiarism. I have attached an example to go by. The popul.docx
Please no plagiarism. I have attached an example to go by. The popul.docxPlease no plagiarism. I have attached an example to go by. The popul.docx
Please no plagiarism. I have attached an example to go by. The popul.docx
 
PLEASE NO PLAGIARIZE!! Have 10 hours to fullfil this work. 1page or .docx
PLEASE NO PLAGIARIZE!! Have 10 hours to fullfil this work. 1page or .docxPLEASE NO PLAGIARIZE!! Have 10 hours to fullfil this work. 1page or .docx
PLEASE NO PLAGIARIZE!! Have 10 hours to fullfil this work. 1page or .docx
 
Please Paraphrase the following into a more scholarly toneI f.docx
Please Paraphrase the following into a more scholarly toneI f.docxPlease Paraphrase the following into a more scholarly toneI f.docx
Please Paraphrase the following into a more scholarly toneI f.docx
 
Please only respond if you are familiar with raspberry piIam loo.docx
Please only respond if you are familiar with raspberry piIam loo.docxPlease only respond if you are familiar with raspberry piIam loo.docx
Please only respond if you are familiar with raspberry piIam loo.docx
 
Please note this is 2 ASSIGNMENTS ......Please only orginial work on.docx
Please note this is 2 ASSIGNMENTS ......Please only orginial work on.docxPlease note this is 2 ASSIGNMENTS ......Please only orginial work on.docx
Please note this is 2 ASSIGNMENTS ......Please only orginial work on.docx
 
PLEASE NEED TWO RESPONSES TWO HUNDRED WORDS EACHDistinguish b.docx
PLEASE NEED TWO RESPONSES TWO HUNDRED WORDS EACHDistinguish b.docxPLEASE NEED TWO RESPONSES TWO HUNDRED WORDS EACHDistinguish b.docx
PLEASE NEED TWO RESPONSES TWO HUNDRED WORDS EACHDistinguish b.docx
 
Please no plagiarism and make sure you are able to access all resour.docx
Please no plagiarism and make sure you are able to access all resour.docxPlease no plagiarism and make sure you are able to access all resour.docx
Please no plagiarism and make sure you are able to access all resour.docx
 
Please need two posts of 200 words each. Discuss the ways in whi.docx
Please need two posts of 200 words each. Discuss the ways in whi.docxPlease need two posts of 200 words each. Discuss the ways in whi.docx
Please need two posts of 200 words each. Discuss the ways in whi.docx
 

Kürzlich hochgeladen

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 

Kürzlich hochgeladen (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 

Create a Security Lab Tutorial

  • 1. Final Project Create a Security Lab Tutorial Look back to the course labs you’ve performed so far, lecture topics covered, and any other security topics in which you have interest. Which area would you like to further explore? Your final project is to expand your hands-on learning and understanding of security by creating your own lab. Students choose their security topics and what software to use. This is an opportunity to further explore an area of security you find interesting. Students may work in teams or individually, as preferred. Up to three students (max) may form a team to complete this final course project. Each student must demonstrate that he or she actively contributed to the project. Model your lab tutorial in a format similar to course labs (e.g., description of what the exercise does; numbered steps; URLs to sources used during an exercise posted as footnotes on the relevant page; screen shots that illustrate important input and output and that provide evidence the shots were taken by you; page numbers; etc.) Due Dates Assignment Due Team project proposal submitted on BB Discussion forum Tues, Nov 16, 2pm* Submit final project on Blackboard that includes: ** 1. your lab tutorial 2. presentation slides Thurs, Dec 9, 3pm** Team presentations
  • 2. Presentation : Thurs, Dec 9, 6-8pm*** * During class on Nov 16th, we will discuss each student team’s proposal. This is an opportunity for students to get feedback and further flush out their project ideas. Importantly, it is also the time when I’ll review the software and projects being proposed across the class to ensure a variety of projects. Some students may be asked to change their topic because too many students are proposing similar projects. In cases where several s tudent teams propose projects that are too similar, the student/team posting the proposal first gets priority. Note: ensure there is only 1 Discussion forum post per team. ** Final project submissions are per team. If multiple submissions occur from a team, the last submission will be graded. A 3pm deadline is given so that I can organize the order of presentations, and helps me get familiar with your projects prior to your presentation, which is helpful. *** Students present their final project to the class. Each team member must be present and present some portion of the talk. IST 656, J. Spears, Fall 2021 Page 1 of 7 Final Project Learning Objective: 1. Expand knowledge gained from course software labs and lectures 2. Create a reasonably detailed lab tutorial that another person could complete 3. Obtain security information on a target in your lab 4. Create a working lab, self-troubleshooting as needed #1. Choose Project and Submit Proposal Choose an area of interest to you.
  • 3. The purpose of this final project is to expand your knowledge from previous course labs in one of the following areas of interest to you: · Network security operations and/or scanning · Data analytics of log files · Malware analysis · Network protocol analysis with Wireshark · Web or mobile application pen testing · Ethical hacking; cyber defense; vulnerability assessment; etc. · Other security topics, such as access control; encryption; secure code; security analytics Depending on the software used, it may be useful to install your project software in your Ubuntu VM. Alternatively, consider whether or not it is better for you to create a freshly configured VM. If you are interested in mobile app pen testing, I can provide a lab (from last spring!) that you can use (as-is) to setup an Android virtual device using Genymotion software. Each team member is expected to install the software used on the team project; perform the lab exercises; and trouble-shoot technical issues as needed. Some Final Project Suggestions: The following suggestions build on work you’ve done in previous labs. You are welcomed to work on software not listed below. Either way, submit your proposal by Nov 16th to ensure you’re on the right track. 1. Wireshark · Analyze malicious traffic · Detect password cracking attempts · Detect malicious activity shown in data packet analysis 2. Network protection: pfSense; OpenVPN; intrusion detection
  • 4. system (Snort); creating a DNS using DNSSEC 3. Mobile app pen testing: Genymotion; apktool for reverse- engineering a mobile app; Bluetooth vulnerabilities using Kali Linux tools 4. Test or crack SSL encryption for a vulnerable mobile or web app 5. Conduct some type of cyber attack using, for example, Metasploit or Kali Linux software · Vulnerable apps: https://owasp.org/www-project-vulnerable- web-applications-directory/ (click on tabs); https://resources.infosecinstitute.com/topic/top-5-deliberately- vulnerable-web-applications-to-practice-your-skills-on/ Post your proposal on the Blackboard Discussion forum: By the 2pm deadline next Tues, Nov 16th, post a discussion thread containing a brief writeup of your proposed project. State: 1. The name(s) of who will work on this project (up to 3 students) · Note: if 3 students are on the project, then there needs to be enough work for 3 people. 2. What security software will be used? On which virtual machine (e.g., Ubuntu, or something else)? What target or vulnerable system do you plan to use? 3. What do you want to do with the software? What is the security issue being addressed? #2. Create a lab tutorial on an approved topic. Construct a Security Tutorial: Your tutorial must be reader-friendly, neatly formatted, with numbered steps, screenshots that illustrate important steps and output, and includes descriptions where most useful. Use page numbers. Your tutorial should be detailed enough so that a reader can easily perform your lab (and so that you could
  • 5. duplicate the instructions yourself in the future if you choose). Use a format similar to that in course labs 1, 2, 4, 5, or 7. Begin your tutorial with a brief explanation of what your lab covers, the software used, and any data used. You are welcomed to use instructions from other online sources, but sources must be cited and multiple sources used. Cite the sources of your lab instructions as footnotes[footnoteRef:1] on the page where the source is used. In other words, cite within the body of the paper, not at the end of the document. [1: To make your document visible, cite your source as an endnote that includes the full URL.] It is not sufficient to only follow existing tutorials found from other sources. Instead, your tutorial must be customized and include original instructions -- written by you in your own words. Similarly, all screen shots included in your tutorial must be original and from your work. Include some screen shots that illustrate the portions of your tutorial that you customized (different from the online tutorials you found). In other words, do not simply retake a screen shot found online; customize your own narrative. Your tutorial must demonstrate specific security tasks and have specific results/output. The tutorial should have a narrative. In addition to security requirement, grading is based on: Caution: allow for sufficient time to trouble-shoot any technical problems your team may encounter when installing, configuring, and using your lab software. Grading Criteria for Lab Tutorial: 1. Complete and descriptive narrative, written in your own words, of the security issue your project lab is addressing; results are also described
  • 6. 2. Technical solution works; technical activities described; and results are interpreted in your own words. 3. Originality and depth 4. Readability / formatting 5. Repeatability If two or three students are named on the assignment, there must also be evidence that each student performed work on the project – e.g., each student has a screen shot showing his or her first name in the command prompt, title bar, filename, etc. Repeatability: · I should be able to perform the lab with only using your tutorial for the vast majority (e.g., 95%) of steps needed in order to install, configure, and execute the same lab. Though not an exhaustive list, include in your lab tutorial: · URL to software you’ve installed · URL to software description/instructions, etc. that you’re using · Step-by-step instructions · Screen shots that are helpful for reader to follow; must be readable for credit Originality and Depth: · Lab must focus on a security problem; have a purpose (e.g., to locate security vulnerabilities in X); have an outcome (e.g., list of vulnerabilities found); and contain explanations of what was performed and the outcome. · While a lab narrative is required to explain the purpose of the lab and what it is doing, the vast majority of the lab should be on the actual lab steps performed, along with relevant screen shots. · Similar to course labs, several screen shots must display students’ first name in some portion of the software window. Each team member must provide named screen shots. · While it is expected that students will initially reference
  • 7. existing online sources to learn how to construct tutorial, it is expected that such online sources will be “adapted” – meaning that students will tailor and expand upon online sources. · Aim for at least 50%-60% of lab being original · If three students are on the team, then the tutorial should clearly contain the workload of three students. · Include a brief statement on the last page of lab stating what aspects of your lab were from other sources, and which parts are original content from you. · URLs to sources must be included. Major deductions will occur if this is omitted. · Only provide citations actually used/applied in your tutorial · Provide URLs as a footnote in the document where you used the source. In other words, not at the end of the doc, but embedded in your tutorial. · Please note that TurnItIn.com, or a similar tool will be used to determine originality. Readability/formatting: · Provide title page with project name and author(s) · Break tutorial into digestible and intuitive sections; label each section · Use page numbering; numbered steps; · Font size is 12 or 11-pt; section headers; bold font to highlight · Use spacing and blank lines as appropriate to increase readability · Format citations as footnotes on the same page (see course labs as examples) Completeness / Works: · The tutorial is approx. 10-15 pages, excluding a title page · The tutorial contains sections on: (a) new lab software installation and configuration, and (b) using the newly installed/configured software · Overall, the vast majority of your tutorial solution works · Evidence tutorial works is included in the tutorial via
  • 8. screenshots #3. Present to class during final exam session: Create a PowerPoint or PDF presentation. Include a max of 6 slides, as listed below: First page: provide a title page with Lab name and team members Second page: introduce what your lab does. State the risk or security issue your lab addresses. Briefly (e.g., 1 sentence) state the purpose of the software your lab uses. (No need to mention Virtual Box or Ubuntu.) Pages 3, 4, 5: provide original screen shots from your work that best illustrate key elements of your completed project. Screen shots should zoom into content; be visible to audience. Page 6: Use to provide additional information the team feels is most valuable in presenting their project. Note: Do not provide wordy definitions or other explanations. Instead, focus on the actions performed in your lab, what they were trying to achieve, and the results. Explaining how your lab software was used within your lab exercises is also of interest. Grading Guidelines on presentation: · Your presentation is focused on a security issue · More time is spent on describing the technical solution and problem addressed · Screen shots must be reasonably readable to audience (i.e., zoom-in/focus on content) · Chosen screen shots are value-added (i.e., show us something substantive) · The security purpose/objective of your lab is clear to audience · Slide deck is complete, according to above instructions · If three students work on the project, then all three students are present
  • 9. Passwords From SkullSecurity HEY EVERYBODY! If you like this page, please consider supporting me on Patreon (https://www.patreon.com /iagox86)! Contents 1 Password dictionaries 2 Leaked passwords 2.1 Statistics 3 Miscellaneous non-hacking dictionaries 3.1 Facebook lists Password dictionaries These are dictionaries that come with tools/worms/etc, designed for cracking passwords. As far as I know, I'm not breaking any licensing agreements by mirroring them with credit; if you don't want me to host one of these files, let me know and I'll remove it. Name Compressed Uncompressed Notes John the Ripper (http://www.openwall.com/john/) john.txt.bz2 (http://downloads.skullsecurity.org /passwords/john.txt.bz2) (10,934 bytes) n/a
  • 10. Simple, extremely good, designed to be modified Cain & Abel (http://www.oxid.it /cain.html) cain.txt.bz2 (http://downloads.skullsecurity.org /passwords/cain.txt.bz2) (1,069,968 bytes) n/a Fairly comprehensive, not ordered Conficker worm conficker.txt.bz2 (http://downloads.skullsecurity.org /passwords/conficker.txt.bz2) (1411 bytes) n/a Used by conficker worm to spread -- low quality 500 worst passwords (http://www.whatsmypass.com /?p=415) 500-worst-passwords.txt.bz2 (http://downloads.skullsecurity.org/passwords/500- worst-passwords.txt.bz2) (1868 bytes)
  • 11. n/a 370 Banned Twitter passwords (http://techcrunch.com/2009/12 /27/twitter-banned-passwords/) twitter-banned.txt.bz2 (http://downloads.skullsecurity.org/passwords/twitter- banned.txt.bz2) (1509 bytes) n/a Leaked passwords Passwords that were leaked or stolen from sites. I'm hosting them because it seems like nobody else does (hopefully it isn't because hosting them is illegal :)). Naturally, I'm not the one who stole these; I simply found them online, removed any names/email addresses/etc (I don't see any reason to supply usernames -- if you do Passwords - SkullSecurity https://wiki.skullsecurity.org/index.php?title=Passwords 1 of 5 12/11/20, 3:05 AM have a good reason, email me (ron-at-skullsecurity.net) and I'll see if I have them. The best use of these is to generate or test password lists. Note: The dates are approximate. Name Compressed Uncompressed Date Notes
  • 12. Rockyou rockyou.txt.bz2 (http://downloads.skullsecurity.org /passwords/rockyou.txt.bz2) (60,498,886 bytes) n/a 2009-12 Best list available; huge, stolen unencryptedRockyou with count rockyou-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /rockyou-withcount.txt.bz2) (59,500,255 bytes) n/a phpbb phpbb.txt.bz2 (http://downloads.skullsecurity.org /passwords/phpbb.txt.bz2) (868,606 bytes) n/a 2009-01 Ordered by commonness Cracked from md5 by Brandon Enright (97%+ coverage)
  • 13. phpbb with count phpbb-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/phpbb- withcount.txt.bz2) (872,867 bytes) n/a phpbb with md5 phpbb-withmd5.txt.bz2 (http://downloads.skullsecurity.org/passwords/phpbb- withmd5.txt.bz2) (4,117,887 bytes) n/a MySpace myspace.txt.bz2 (http://downloads.skullsecurity.org /passwords/myspace.txt.bz2) (175,970 bytes) n/a 2006-10 Captured via phishing MySpace - with count myspace-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /myspace-withcount.txt.bz2) (179,929 bytes) n/a Hotmail hotmail.txt.bz2 (http://downloads.skullsecurity.org /passwords/hotmail.txt.bz2) (47,195 bytes)
  • 14. n/a Unknown Isn't clearly understood how these were stolenHotmail with count hotmail-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /hotmail-withcount.txt.bz2) (47,975 bytes) n/a Faithwriters (http://forums.crosswalk.com /m_4252083/mpage_1/tm.htm) faithwriters.txt.bz2 (http://downloads.skullsecurity.org/passwords /faithwriters.txt.bz2) (39,327 bytes) n/a 2009-03 Religious passwords Faithwriters - with count faithwriters-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /faithwriters-withcount.txt.bz2) (40,233 bytes) n/a
  • 15. Elitehacker elitehacker.txt.bz2 (http://downloads.skullsecurity.org /passwords/elitehacker.txt.bz2) (3,690 bytes) n/a 2009-07 Part of zf05.txt Elitehacker - with count elitehacker-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /elitehacker-withcount.txt.bz2) (3,846 bytes) n/a Hak5 hak5.txt.bz2 (http://downloads.skullsecurity.org /passwords/hak5.txt.bz2) (16,490 bytes) n/a 2009-07 Part of zf05.txt Hak5 - with count hak5-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/hak5- withcount.txt.bz2) (16,947 bytes) n/a Älypää (http://www.f-secure.com /weblog/archives/00001915.html)
  • 16. alypaa.txt.bz2 (http://downloads.skullsecurity.org /passwords/alypaa.txt.bz2) (5,178 bytes) n/a 2010-03 Finnish passwordsalypaa (http://www.f-secure.com /weblog/archives/00001915.html) - with count alypaa-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /alypaa-withcount.txt.bz2) (6,013 bytes) n/a Facebook (Pastebay) (http://twitter.com/FSLabsAdvisor /status/12585285761) facebook-pastebay.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-pastebay.txt.bz2) (375 bytes) n/a 2010-04 Found on Pastebay; appear to be malware- stolen.
  • 17. Facebook (Pastebay) (http://twitter.com/FSLabsAdvisor /status/12585285761) - w/ count facebook-pastebay-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-pastebay-withcount.txt.bz2) (407 bytes) n/a Unknown porn site porn-unknown.txt.bz2 (http://downloads.skullsecurity.org/passwords/porn- unknown.txt.bz2) (30,600 bytes) n/a 2010-08 Found on angelfire.com. No clue where they originated, but clearly porn site. Unknown porn site - w/ count porn-unknown-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/porn- unknown-withcount.txt.bz2) (31,899 bytes) n/a Passwords - SkullSecurity
  • 18. https://wiki.skullsecurity.org/index.php?title=Passwords 2 of 5 12/11/20, 3:05 AM Ultimate Strip Club List (http://sla.ckers.org/forum /read.php?3,35591) tuscl.txt.bz2 (http://downloads.skullsecurity.org /passwords/tuscl.txt.bz2) (176,291 bytes) n/a 2010-09 Thanks to Mark Baggett for finding! Ultimate Strip Club List - w/ count tuscl-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/tuscl - withcount.txt.bz2) (182,441 bytes) n/a [Facebook Phished] facebook-phished.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-phished.txt.bz2) (14,457 bytes) n/a 2010-09 Thanks to
  • 19. Andrew Orr for reporting Facebook Phished - w/ count facebook-phished-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /facebook-phished-withcount.txt.bz2) (14,941 bytes) n/a Carders.cc carders.cc.txt.bz2 (http://downloads.skullsecurity.org /passwords/carders.cc.txt.bz2) (8,936 bytes) n/a 2010-05 Carders.cc - w/ count carders.cc-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /carders.cc-withcount.txt.bz2) (9,774 bytes) n/a Singles.org singles.org.txt.bz2 (http://downloads.skullsecurity.org /passwords/singles.org.txt.bz2) (50,697 bytes) n/a 2010-10 Singles.org - w/ count singles.org-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords
  • 20. /singles.org-withcount.txt.bz2) (52,884 bytes) n/a Unnamed financial site (reserved) (reserved) 2010-12 Unnamed financial site - w/ count (reserved) (reserved) Gawker (reserved) (reserved) 2010-12 Gawker - w/ count (reserved) (reserved) Free-Hack.com (reserved) (reserved) 2010-12 Free-Hack.com w/count (reserved) (reserved) Carders.cc (second time hacked) (reserved) (reserved) 2010-12Carders.cc w/count (second time hacked) (reserved) (reserved) Statistics I did some tests of my various dictionaries against the different sets of leaked passwords. I grouped them by the password set they were trying to crack: cracked_500worst.png (http://www.skullsecurity.org/blogdata/cracked_500worst.png) cracked_elitehackers.png (http://www.skullsecurity.org/blogdata/cracked_elitehackers.pn g) cracked_faithwriters.png (http://www.skullsecurity.org/blogdata/cracked_faithwriters.png
  • 21. ) cracked_hak5.png (http://www.skullsecurity.org/blogdata/cracked_hak5.png) cracked_hotmail.png (http://www.skullsecurity.org/blogdata/cracked_hotmail.png) cracked_myspace.png (http://www.skullsecurity.org/blogdata/cracked_myspace.png) cracked_phpbb.png (http://www.skullsecurity.org/blogdata/cracked_phpbb.png) cracked_rockyou.png (http://www.skullsecurity.org/blogdata/cracked_rockyou.png) Miscellaneous non-hacking dictionaries These are dictionaries of words (etc), not passwords. They may be useful for one reason or another. Name Compressed Uncompressed Notes English english.txt.bz2 (http://downloads.skullsecurity.org /passwords/english.txt.bz2) (1,368,101 bytes) n/a My combination of a couple lists, from Andrew Orr (https://twitter.com/xorrbit), Brandon Enright, and Seth (http://xd-blog.com.ar/) German german.txt.bz2 (http://downloads.skullsecurity.org /passwords/german.txt.bz2) (2,371,487 bytes) n/a Compiled by Brandon Enright
  • 22. Passwords - SkullSecurity https://wiki.skullsecurity.org/index.php?title=Passwords 3 of 5 12/11/20, 3:05 AM American cities (http://ha.ckers.org /blog/20090417/us- cities-dictionary/) us_cities.txt.bz2 (http://downloads.skullsecurity.org /passwords/us_cities.txt.bz2) (77,081 bytes) n/a Generated by RSnake "Porno" porno.txt.bz2 (http://downloads.skullsecurity.org /passwords/porno.txt.bz2) (7,158,285 bytes) n/a World's largest porno password collection! Created by Matt Weir (http://reusablesec.blogspot.com/) Honeynet honeynet.txt.bz2 (http://downloads.skullsecurity.org /passwords/honeynet.txt.bz2) (889,525 bytes) n/a From a honeynet run by Joshua Gimer (http://twitter.com/jgimer)
  • 23. Honeynet - w/ count honeynet-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords /honeynet-withcount.txt.bz2) (901,868 bytes) n/a File locations file-locations.txt.bz2 (http://downloads.skullsecurity.org /passwords/file-locations.txt.bz2) (1,724 bytes) n/a Potential logfile locations (for LFI, etc). Thanks to Seth (http://xd- blog.com.ar/)! Fuzzing strings (Python) fuzzing-strings.txt.bz2 (http://downloads.skullsecurity.org/passwords/fuzzing- strings.txt.bz2) (276 bytes) n/a Thanks to Seth (http://xd- blog.com.ar/)! PHPMyAdmin locations phpmyadmin-locations.txt.bz2 (http://downloads.skullsecurity.org/passwords /phpmyadmin-locations.txt.bz2) (304 bytes)
  • 24. n/a Potential PHPMyAdmin locations. Thanks to Seth (http://xd- blog.com.ar/)! Web extensions web-extensions.txt.bz2 (http://downloads.skullsecurity.org/passwords/web- extensions.txt.bz2) (117 bytes) n/a Common extensions for Web files. Thanks to dirb (http://www.open- labs.org/)! Web mutations web-mutations.txt.bz2 (http://downloads.skullsecurity.org/passwords/web- mutations.txt.bz2) (177 bytes) n/a Common 'mutations' for Web files. Thanks to dirb (http://www.open- labs.org/)! DirBuster (http://www.owasp.org/index.php/Category:OWASP_DirBuster_ Project#tab=Download) has some awesome lists, too -- usernames and filenames.
  • 25. Facebook lists These are the lists I generated from this data (http://www.skullsecurity.org/blog/?p=887). Some are more useful than others as password lists. All lists are sorted by commonness. If you want a bunch of these, I highly recommend using the torrent (http://www.skullsecurity.org/blogdata /fbdata.torrent). It's faster, and you'll get them all at once. Name Compressed Uncompressed Date Notes Full names facebook-names-unique.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- names-unique.txt.bz2) (479,332,623 bytes) n/a 2010-08 Full names - w/ count facebook-names-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- names-withcount.txt.bz2) (477,274,173 bytes) n/a First names facebook-firstnames.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- firstnames.txt.bz2) (16,464,124 bytes)
  • 26. n/a 2010-08 First names - w/ count facebook-firstnames-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- firstnames-withcount.txt.bz2) (73,134,218 bytes) n/a Last names facebook-lastnames.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- lastnames.txt.bz2) (21,176,444 bytes) n/a 2010-08 Last names - w/ count facebook-lastnames-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- lastnames-withcount.txt.bz2) (21,166,232 bytes) n/a Passwords - SkullSecurity https://wiki.skullsecurity.org/index.php?title=Passwords 4 of 5 12/11/20, 3:05 AM First initial last names facebook-f.last.txt.bz2 (http://downloads.skullsecurity.org
  • 27. /passwords/facebook-f.last.txt.bz2) (67,110,776 bytes) n/a 2010-08 First initial last names - w/ count facebook-f.last-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- f.last-withcount.txt.bz2) (66,348,431 bytes) n/a First name last initial facebook-first.l.txt.bz2 (http://downloads.skullsecurity.org /passwords/facebook-first.l.txt.bz2) (37,463,798 bytes) n/a 2010-08 First name last initial facebook-first.l-withcount.txt.bz2 (http://downloads.skullsecurity.org/passwords/facebook- first.l-withcount.txt.bz2) (36,932,295 bytes) n/a Retrieved from "https://wiki.skullsecurity.org/index.php?title=Passwords&oldid =3203" This page was last modified on 18 May 2015, at 23:53. Passwords - SkullSecurity
  • 28. https://wiki.skullsecurity.org/index.php?title=Passwords 5 of 5 12/11/20, 3:05 AM Publicly Available Security Data Sets https://www.unb.ca/cic/datasets/index.html (contains a long list of links to data sets) http://www.secrepo.com/ (contains a long list of links to data sets) https://digitalcorpora.org/corpora/cell-phones Comprehensive, Multi-Source Cyber-Security Events · data: https://csr.lanl.gov/data/ · data structure: https://csr.lanl.gov/data/cyber1/ Unified Network and Host Event Data, Nov 2018 · Data and data definition: https://csr.lanl.gov/data/2017/ Scenarios (for forensic analysis): https://digitalcorpora.org/corpora/scenarios · Scenarios are collections of multiple disk images, memory dumps, network traffic, and/or data from portable devices. There are currently 5. · https://digitalcorpora.org/corpora/scenarios/2018-lone-wolf- scenario · The 2018 Lone Wolf scenario is a set of materials from the a fictional seizure of a laptop of a fictional individual who was planning a mass shooting. In the scenario, the individual’s brother alerted the police regarding the increasingly concerning behavior of his brother. As a result of the alert, the police seized the brother’s laptop. The laptop was then imaged with
  • 29. the FTK Imager program. · https://digitalcorpora.org/corpora/scenarios/obtaining- solutions · The Lone Wolf scenario uses FTK Imager · Software download: https://accessdata.com/product- download/ftk-imager-version-4-5 · Tutorial: https://eforensicsmag.com/how-to-investigate-files- with-ftk-imager/ Tutorials (read!): https://eforensicsmag.com/downloads/free/ (register free acct) · https://eforensicsmag.com/download/preview-set-your-osint- environment/ · https://eforensicsmag.com/download/preview-unveiling-the- hidden-content-on-youtube/ · see article on OSINT on Video Conferencing Applications · https://eforensicsmag.com/download/preview-nmap- metasploit-netcat/ · https://eforensicsmag.com/download/preview-different- approaches-to-memory-forensics/ · https://eforensicsmag.com/download/all-in-one-digital- forensics-tutorial-compilation/ · https://eforensicsmag.com/category/free-course-content/ · https://eforensicsmag.com/shodan-in-the-cli-free-course- video/ · https://eforensicsmag.com/security-onion-deployment- scenarios-free-course-video/ https://eforensicsmag.com/android- forensics-challenge-free-course-content/ (I downloaded the data; need to print this page w/challenge) · https://eforensicsmag.com/android-malware-analysis-tools- free-course-video/ · https://eforensicsmag.com/android-security-model-infections- and-detection-methods-free-course-content/ · https://eforensicsmag.com/thunderbird-artifacts-free-course- content/
  • 30. https://santoku-linux.com/ (free, open source mobile security testing tool) https://digitalcorpora.org/ https://www.netresec.com/index.ashx?page=PcapFiles (contains a list of pcap data sets, including labs) https://vizsec.org/data/ (contains a long list of links to data sets) https://github.com/hgascon/security-datasets (honeypot; network traffic; malware; CTF) Data-Driven Security book that I own. Here are their datasets: · https://datadrivensecurity.info/blog/pages/dds-dataset- collection.html (honeypot & malware) · https://datadrivensecurity.info/blo g/posts/2014/Jan/blander- part1/ Online ebooks: https://datadrivensecurity.info/blog/pages/resources.html Intrusion Detection system data containing 9 different attack types: https://www.unsw.adfa.edu.au/unsw-canberra- cyber/cybersecurity/ADFA-NB15-Datasets/ Wireshark tutorials: https://www.varonis.com/blog/how-to-use-wireshark/ https://hackonology.com/courses/kali-linux/lesson/wireshark-a- complete-tutorial/ https://www.hackingarticles.in/understanding-guide-icmp- protocol-wireshark/