Dec{}de 2024: Fusion Forward Experience

Once again we've been lucky to be invited to this years Decode, the annual cybersecurity conference sponsored by Trend Micro. Three ICS faculty members were able to attend this year's conference. I attended the talks on AI/ML-related topics. It is very interesting to learn how AI/ML can aid in improving malware analysis, threat intelligence, and other cybersecurity related tasks. The keynote by Robert McArdle was excellent as well as the locknote by  Ryan Flores. 

I also attened the CyberConnectED session, hosted by Rodel Villarez, which focuses on cybersecurity education in the Philippines. It's good to know that several universities have partnered with Trend Micro in developing their cybersecurity classes. 

Since my invitation to CyberConnectED was prioritized over my Dec{}de application, I was not entitled to the snacks and other freebies. At least I got a good shot. :)

  

Read More

Dec{}de 2023: Resilience Rising Experience

Trend Micro's annual cybersecurity conference DEC{}DE is in person again this year with the theme "Resilience Rising".  ICS have participated in this free conference in the past. This year, there were 8 participants from ICS. In addition to the main security tracks, we also attended the Cybersecurity ConnectED event where Trend Micro presented how academic institutions can partner with them to bootstrap or enhance cybersecurity courses. We sure learned a lot from the conference and we are excited for the conference next year. This year is memorable for me because I was able to ask a question during the plenary session. 

Read More

YouTube channels/playlists for systems and cybersecurity topics

Here are some good materials available on YouTube for free.

(Last update: 2022-04-20)

Computer Systems and Operating Systems

• Operating Systems by Mythili Vutukuru
• ACM SIGOPS
• USENIX
• Introduction to Computer Systems at CMU
• Digital Design and Computer Architecture by Onur Mutlu

Computer Networks, Distributed Systems, and Cloud Computing

• Distributed Systems by Lindsey Kuper
• Distributed Systems at MIT 
• Virtualization and Cloud Computing by Mythili Vutukuru
• Distributed Systems Reading Group
• Distribute My System
• Jim Kurose's Networking Videos
• The Networking Channel

Databases

• CMU Database Group 

Cybersecurity

• PWN College
• HackerSploit
• Sam Bowne
• The Cyber Mentor
• John Hammond
• LiveOverflow
• Introduction to Cryptography by Christof Paar
• Solutions to Web Security Academy Labs by Machael Sommer
• Open Analysis Live 
• IppSec
• GynvaelEN

 

Read More

InfoSec vs CyberSec vs ITSec vs CompSec vs NetSec vs AppSec

Since I am relatively new to the area of "security", I decided to look up the definitions of the terms that I often read or hear in the community. I took the definitions from CSRC-NIST, SANS, and ACM.

Information Security (INFOSEC)

• "The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability."[1]
• "Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption."[2]

Cybersecurity (CYBERSEC)

• "Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and non-repudiation."[1]
• (Aside: Cyber/Cyberspace - "The interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries."[1].  Cyberspace can be considered a "realm" or "domain" like land, sea, air, and space where war can happen.)
• "Computer and network security, or cybersecurity.."[8]
• In Education - “computing-based discipline involving technology, people, information, and processes to enable assured operations.  It involves the creation, operation, analysis, and testing of secure computer systems. It is an interdisciplinary course of study, including aspects of law, policy, human factors, ethics, and risk management in the context of adversaries.”[7]

Information Technology Security (ITSEC)

"technological discipline concerned with ensuring that IT systems perform as expected and do nothing more; that information is provided adequate protection for confidentiality; that system, data and software integrity is maintained; and that information and system resources are protected against unplanned disruptions of processing that could seriously impact mission accomplishment. Synonymous with Automated Information System Security, Computer Security and Information Systems Security."[1]
• (Aside: Information Technology - computing and/or communications hardware and/or software components and related resources that can collect, store, process, maintain, share, transmit, or dispose of data. IT components include computers and associated peripheral devices, computer operating systems, utility/support software, and communications hardware and software."[1])
"Information Technology Security also known as, IT Security is the process of implementing measures and systems designed to securely protect and safeguard information (business and personal data, voice conversations, still images, motion pictures, multimedia presentations, including those not yet conceived) utilizing various forms of technology developed to create, store, use and exchange such information against any unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby preserving the value, confidentiality, integrity, availability, intended use and its ability to perform their permitted critical functions."[5]

Computer Security (COMPSEC)

"Computer Security is concerned with the risks related to computer use, and ensures the availability, integrity and confidentiality of information managed by the computer system, permitting authorized users to carry out legitimate and useful tasks within a secure computing environment."[3]
"Measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer. Rationale: Term has been replaced by the term “cybersecurity”". [1]
(Aside: probably used in the days when computer networks were not yet ubiquitous)

Network Security (NETSEC)

"Network Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment."[4]

Application Security (APPSEC)

"Application security describes security measures at the application level that aim to prevent data or code within the app from being stolen or hijacked. It encompasses the security considerations that happen during application development and design, but it also involves systems and approaches to protect apps after they get deployed. "[6]
(Aside: any activity designed to protect the usability and integrity of your applications [desktop, web, mobile, cloud, software in general?] and data)

There is obviously an overlap in the definitions above. I came up with a layering, which is shown in the figure below, in an attempt to put things in perspective.  I equate "security" to "protection" and the layering is based on what is being protected, with "information" the outermost layer having the broadest scope. Most people nowadays use "infosec" and "cybersecurity" interchangeably in general conversations and communications which are popular in hashtags. 

To conclude, what term should we use? I've decided to use a different term depending on the context of the conversation or communication. I will use cybersecurity when the context is national security or education. For enterprise, business, or industry contexts, information security seems to be appropriate and accepted in the community. The other terms will be used in more specific technical contexts in education and in practice.

References:

[1] https://csrc.nist.gov/glossary 

[2] https://www.sans.org/information-security/

[3] https://www.sans.org/computer-security/

[4] https://www.sans.org/network-security/

[5] https://www.sans.org/it-security/

[6] https://www.vmware.com/topics/glossary/content/application-security

[7] http://cybered.acm.org/

[8] http://nob.cs.ucdavis.edu/bishop/papers/2003-spcolv1n1/whatis.pdf  

Read More

ROOTCON's Easter Egg Hunt Event 2020: Power

Since we are in ECQ, I tried some of the problems. I decided to focus on the Power problem which is a crypto problem.

The flag is: rc_easter{p0w3r_1s_n07h1n6_w17h0u7_c0ntr0L}

You can read the full writeup here.

Read More

DEC{}DE 2019: Gear UP Experience

We again attended this year's DEC{}DE event sponsored by Trend Micro. This is my third year attending the event (2018, 2017). The talks were really interesting especially the Keynote by Jay Yaneza.  I also liked the talk given by Jon Oliver about the role of Machine Learning in Cybersecurity where he emphasized that ML must be layered to existing security solutions. The hands-on session was on Powershell for the Blue Team.

(Photo from Trend Micro)

Read More

Video: Basic Malware Analysis Workflow

The setup is using a Whonix Gateway VM and a Windows XP VM running in VirtualBox. Our objective is to capture the network traffic generated by malware. The malware is run on the Windows XP VM configured to use Whonix as the gateway.

Read More

DEC{}DE 2018: Connected Threat Intelligence Experience

We were lucky to be invited again in this year's security conference sponsored by Trend Micro, DECODE 2018.  The event was held at the Makati Shangri-La Hotel last October 11, 2018. This year's theme is Connected Threat Intelligence. I liked the talk by Andrew MacPherson on Graphing and Grey Data as well as Prof. Stefano Zanero's talk.

Read More

ROOTCON 12 Experience

I attended the ROOTCON 12 hacking conference held at the Taal Vista Hotel last September 27-28, 2018.  Although I've been dreaming of attending the conference for a while, it was only this year that I was able to save some money for this event. As expected, the event was great and I enjoyed all the technical talks. I also got to meet some  security professionals from various industries. Lastly, I got a cool badge. The slides for the talks are available here.

Read More

Using Kali Linux behind Whonix in VirtualBox

 After adding Kali Linux and Whonix in VirtualBox, do the following:
(Updated: 23 January 2019)

1. Start Whonix VM
2. Update Whonix VM
3. Run Whonix Check
4. Change Network Settings of Kali to "Internal Network". Choose Whonix.
5. Boot Kali and change the network settings. (No need to set this since the gateway has a DHCP server. Just update /etc/resolv.conf in Kali)
1. #ifconfig eth0 10.152.152.11
2. #route add default gw 10.152.152.10
6. Open check.torproject.org in a browser in Kali 

Note that the same technique can be used with other operating systems, such as Windows XP.

Read More

DEC{}DE 2017: Transforming Security Experience

We attended this one-day event sponsored by Trend Micro last Nov. 29. The morning session was devoted to keynote sessions and the afternoon on technical sessions which included a hands-on lab.
Majority of the talks focused on the modern threats and attack approaches. The speakers also presented interesting statistics on the security landscape. With the growing security threats, the speaker from FBI urged the cooperation among the industry, government, and the academe. A common attack nowadays is the Business Email Compromise (BEC) wherein employees are subjected to phishing attacks resulting to the spread of malware, particularly ransom ware. With the growing popularity of the crypto-currencies, attackers are also taking advantage of user resources for mining without their consent. There were also talks on cloud security(Amazon) and application of machine learning techniques to security(Microsoft). A final takeaway from the event is that "security is a habit.".

Read More

CNSEC 2017

In line with the offering of a new Special Topics course on Computer and Network Security, SRG hosted the Computer and Network Security 2017(CNSEC2017) Workshop last June 17-18, 2017. The objective of the workshop is to provide computer security related hands-on activities for the ICS faculty. SRG prepared two activities, one on buffer overflow exploitation and another on SQL injection. Contests were held to test the participants knowledge.  Winners of the “Olympus has fallen” stack overflow exploitation contest are Mam Maan, Sir TJ, and Miguel. Clinton won the “Attack on Titan” SQL injection contest.  

Read More

Hardening Firefox for Privacy and Security

Based on this guide, I decided to perform some adjustments in Firefox to protect my privacy and enhance security while browsing. After following the steps, my add-ons list now looks like the image below. I can use use tor-browser but I prefer to have more control on the browser settings.

Read More