| title | revealOptions | ||||||||
|---|---|---|---|---|---|---|---|---|---|
Cybersecurity Workshop |
|
LSAC Career Talks
March 3, 2024
Faculty of Automatic Control and Computers, UPB, room EC101
- Linux system, native or virtual machine
- Repository: https://github.com/open-education-hub/cybersec-workshop
- CTF Platform: https://workshop-ctf.security.cs.pub.ro
- OpenEdu Discord Server: https://bit.ly/OpenEduHub
- 50% of people use the same password for all their logins
- Over 80% of data breaches are due to poor password security
- The password "123456" is now used by more than 23 million people.
- 24% of Americans have used passwords like "password," "Qwerty," and "123456"
- The number of unfilled cybersecurity jobs worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million, according to Cybersecurity Ventures.
- The industry researcher also predicts that in five years, the same number of jobs will still be open.
- Cybersecurity classes
- Online cybersecurity courses
- https://cyber-edu.co/
- Cybersecury certifications: CISSP, OSCP, CEH
- Master programs:
- Advanced Cybersecurity (AC / SAS)
- Security of complex computer networks (SRIC)
- Digital4SECURITY project: https://info.digital4security.eu/launch/
- Defcon
- BlackHat
- Hack In The Box (HITB)
- "Big 4" (research conferences): ACM CCS, IEEE S&P (Oakland), NDSS, USENIX Security Symposium
- Ro: DefCamp, Bucharest Cybersecurity Conference, CyberCon Romania
- Capture the Flag
- team effort
- jeopardy or attack-defense
- https://ctftime.org/
- European Cybersecurity Challenge
- Ro: CTF USV, DefCamp CTF, UNbreakable
- ACS Keysight CTF, April 20-21, 2024
- Security Summer School, June 24 - July 28, 2024
- Challenge websites
- Do it when you want
- Similar challenges to CTFs
- Aggregator: http://www.wechall.net/
- Exploitation
- Web (Exploitation)
- Forensics / Misc
- Crypto
- Exploit software vulnerabilities
- Exploit hardware vulnerabilities
- Exploit misconfigurations
- RCE (Remote Code Execution)
- PrivEsc (Privilege Escalation)
- Hit me Hard challenge
- Connect remotely to SSH
- Privilege escalation
- Web is ubiquitous
- Large attack surface
- Can get access to system
- Then you can move on to PrivEsc
- Access to database
- Browser developer tools
- Burp Suite
- dirb
- Postman
- ZAP
- Damn Vulnerable Web Application (DVWA)
- Ping Me challenge
- Command injection
- Post-attack analysis
- Digital forensics
- Look for tracks in filesystem, disk, memory, processes, network traffic
- Figure out attack vector
- Report for future protection and for legal actions
- Basic OS analysis tools
- Volatility
- Sleuth Kit
- CAINE
- It's Right There challenge
- Look for configuration information, think sudo
- Use the discovered information
- Hashed information may be revealed with CrackStation
- Cryptographic primitives for digital data / transfer protection
- confidentiality, integrity, identity / authentication
- encryption, hash functions, key exchange, random number generator
- symmetric encryption
- public key cryptography
- keys, algorithms
- plaintext, ciphertext
- Peas in a Pod challenge
- RSA public key
- Find components of RSA algorithm
- Recreate private key
- Connect using SSH and get flag
- CTF Platform: https://workshop-ctf.security.cs.pub.ro
- You need an account
- Get flag, submit, get points
- Stay in school!
- CTFs & wargames
- Attend events
- Internships, projects, jobs