The Black T-Shirt Cyber Forensics Challenge

Leave a reply

The staff in Stevenson University’s Cyber Forensics program is working with the programs at approximately 50 other colleges and universities in launching The Black T-Shirt Cyber Forensics Challenge, which is a joint academic and industry contest designed to promote interest in digital forensics, foster relationships among academic institutions, develop relationships between academia and the corporate sector, and provide a valuable hands-on exercise for learning and training.

We are looking for teams of students between 1-3 members to enter the challenge. There is no cost and this would be a great way to raise awareness of your skills and the Top Secret Colonials. We are permitted to have multiple teams but the teams are NOT permitted to work together. The annual challenge, which has already been built for this year, will run from January 1, 2016 to April 1, 2016. Challengers can register at any time in that window; once registered, links will be provided to download the data. Submissions will be due on April 1. The results will be scored in the month of April 2016.

Tools will not be provided but you can use FTK, the Password Recovery Toolkit, Splunk, DEFT, Autopsy, etc. to analyze the images. Teams are permitted to use whatever tools and methods they choose but they must be available and able to be recreated by the judges. Each member will receive a Black Cyber Forensics Challenge t-shirt.

This year’s contest involves confirming allegations of an exfiltration of company information by analyzing two computer images and network traffic. Point structure hasn’t been released yet. In addition to the main challenge, “Mini” Challenges” will be run throughout the year. These are similar to the annual challenge but smaller. The fall challenge for next year involves an executive returning from a business trip to find that there were very strange charges on her phone bill that she did not make.

More details can be found online at http://cyberforensicschallenge.com. Please email Dr. Paullet (paullet@rmu.edu) immediately so we can start forming teams.

Department of Homeland Security Secretary’s Honors Program Cyber Student Volunteer Initiative

Leave a reply

The U.S. Department of Homeland Security (DHS) is preparing to launch the 2016 Secretary’s Honors Program Cyber Student Volunteer Initiative. The initiative targets current undergraduate and graduate students and is a part of the Department’s efforts to build a cybersecurity talent pipeline by working with secondary and post-secondary institutions and other key partners in academia and the private sector.

Through the Secretary’s Honors Program Cyber Student Volunteer Initiative, students are able to learn about the DHS cybersecurity mission by completing hands-on cybersecurity work and building technical experience in key areas such as digital forensics, network diagnostics, and incident response.

DHS will announce the start of the 2016 Secretary’s Honors Program Cyber Student Volunteer Initiative program cycle within the upcoming weeks on http://www.USAJOBS.com. Here is a flyer with more details: DHS Flyer.

For more information, contact the DHS CyberSkills Management Support Initiative (CMSI) at CMSI@hq.dhs.gov.

FedEx Presentation on Monday, December 2

Leave a reply

FedEx will be on campus to give a presentation about their company and meet with students in the CIS department.  Please make room in your schedule to attend!

FedEx
Wednesday, December 2, 2015 (4:00 – 5:45pm)
Wheatley Center Atrium

4 pm – Registration and Pizza

4:15 pm – 5:15 pm – FedEx Presentation

5:15 pm – 5:45 pm – Q&A session

 

FedEx is currently seeking students interested in security, application development on all
platforms, and data analytics.

International student sponsorships available.

SET credit is available for attending this event.

Top Secret Colonials Christmas Tree

Leave a reply

The Top Secret Colonials have decorated a Christmas tree located in the Wheatley lobby. The tree has a technology theme and is decorated with various technology related ornaments: bedazzled floppy disks and CDs, keyboard keys, and punch cards, to name a few. Below are some pictures of the process of making the tree and the final product. Remember to come check it out in Wheatley!

Collage.jpgphoto (2)-1.jpg

Opportunity for Blog Design and Promotion Work

Leave a reply
A local company is seeking part-time help developing a blog site. Specifically, they are looking for help in layout and design as well as traffic building (search engine optimization, etc.).  This would be a paid position (hourly).
If you are interested and possess the required skills, please get in touch with Harry Evanko at cesint@comcast.net for further information.  This position is time sensitive and they are looking to fill it as soon as possible.

FBI Internship Information – How to Apply

Leave a reply

The FBI has opened the call for applications for the 2016 Honors and Cyber Internship programs. You must apply by November 24. All educational backgrounds will be considered for the internships. To qualify for the Honors or Cyber Internship Programs, candidates must:

  • Be a second-semester freshman or above; candidates cannot have graduated before June 13, 2016;
  • Be available 40 hours per week from June 13, 2016 to August 19, 2016 (10 weeks); and
  • Have a minimum cumulative 3.0 GPA.

How to Complete a Submission:

  • Step 1 – Choose a Talent Network
  • Step 2 – Create an Account
    • Click “Register Here”.
    • Pick a user name and password, and enter an email address.
    • Click “I Agree” and then “Register”.
    • From the Careers page, click “My Profile” to add your preferred method of contact, name, address, and phone number; click “Save”.
  • Step 3 – Submit Resume, Answer Questionnaires, and Complete Your Application
    • After you clicked “Apply Now”, the “Choose Resume” screen will be displayed.
    • Click “Copy and paste resume text” and “Continue”; from there, paste your resume.
    • Next, click “Continue” and complete the “Pre-Application Questionnaire”.
    • When you are finished, click “Save & Return”.
    • When finished filling out your application, click “Submit”.
    • Click “Yes” on the confirmation message that displays.
    • Review the Terms and Agreements; if you agree, click the “I agree to these terms” checkbox.
    • Once you have submitted your application, refer to the Careers page, and click “My Career Tool” link. You will then see your Applications in Progress.

Only candidates in the network by November 24 will be considered for the 2016 program.

HM Health Solutions Presentation Monday, November 16

Leave a reply

HM Health Solutions, a subsidiary of Highmark Health, will be on campus to give a presentation about their company and meet with students in the CIS department.  Please make room in your schedule to attend!

HM Health Solutions (Highmark Health)
Monday, November 16, 2015 (4:00 – 5:45pm)
Wheatley Center Atrium

4 pm – Registration and Pizza

4:15 pm – 5:15 pm – Highmark Presentation

5:15 pm – 5:45 pm – Q&A session

HM Health Solutions is committed to excellence in delivering innovative solutions to enable health plans achieve top-line revenue growth, reduce costs and gain economies of scale. With industry-leading expertise, HM Health Solutions delivers measurable results while increasing customer engagement. It’s extensive portfolio includes enterprise services, infrastructure management, data center housing and print management.

HM Health Solutions is seeking knowledgeable, creative individuals to join them as they continue to power the future of health care. Opportunities exist at all levels, from experienced professionals to internships, and also with our Rotation Program for high-potential recent college graduates.

They currently are looking to fill seats in a COBOL boot camp program that starts the 3rd week in January. Those chosen will be hired and then attend an extensive training that will prepare you for an important role on their team that can make a huge impact. More information on how to apply will be available at the event.

They are also looking to fill multiple roles in the areas of Cyber Security and Information Access Management.

International student sponsorships available.

SET credit is available for attending this event

FBI Internship Information

Leave a reply

The FBI has opened the call for applications for the 2015 Honors and Cyber Internship programs and launched a new application process. All intern candidates must go to www.fbijobs.gov, register and complete a profile, and then select their profile to be added to the Intern Talent Network (ID Number 1023) by November 24.

After selecting the Intern Talent Network, intern candidates must attach their resumes and answer suitability questions. Only those candidates in the network by November 24 will be considered for the 2016 program.

All educational backgrounds will be considered for the internships. To qualify for the Honors or Cyber Internship Programs, candidates must:

  • Be a second-semester freshman or above; candidates cannot have graduated before June 13, 2016;
  • Be available 40 hours per week from June 13, 2016 to August 19, 2016 (10 weeks); and
  • Have a minimum cumulative 3.0 GPA.

Professional Web Development Experience Opportunity

Leave a reply

A non-profit organization called EyesFree.org is looking for a student to help them with development of their web site:

http://eyesfree.org/pfg/index.htm

This organization works to aid blind and other disabled individuals by finding inexpensive ways for them to access computers and software.  They feature screen readers and email programs along with word processing and web surfing so that people with disabilities will have a way to look for and apply for jobs. 

If you have web development skills and would be interested in aiding this organization for professional experience, please reach out to Dr. Andrea Schwartz at 724-444-0064.

Hacking – Breaches and password dumps

Leave a reply

Call it what you want – hacking, cracking, a dump, a data breach, whatever.  The fact is that these events are becoming more and more common, and as IT professionals we need to know how to deal with the fallout.  There is a great visualization that illustrates this recent trend on informationisbeautiful.net.

Often, one of the results of these breaches are that the public gets some insight into the security protections that a company uses (or lack thereof).  In the case of the recent 000Webhost breach, we discovered that passwords for over 13 million of their customers were stored in plaintext; that is to say, with no protection whatsoever.

Also in recent news, users of the Ashley Madison service had a large amount of their information disclosed, including account details and password hashes.  The primary protection mechanism for password storage that was in use here is a technology called bcrypt (a very strong password protection mechanism – you can find more details here and here), however due to a legacy function that had numerous flaws (for all of the details, check out this blog post) some user passwords were also simplified and stored as MD5.  Due to how MD5 functions, hardware like GPUs and ASICs are able to be used to quickly and efficiently crack the passwords, and in this case they were then able to use information gathered from cracking the MD5 hashes to significantly speed up the attacks on bcrypt-stored passwords.

One of the major problems with password hashes getting dumped is that password reuse is a real problem, and without the use of a password safe (like LastPass, KeePass, 1Password, or more enterprise products such as CyberArk or ERPM) it’s not realistic to think that end users will ever fix this on their own.

There are numerous websites and password managers available where you can check if your password has been a part of a breach, where the companies behind those websites seek out and collect password dumps to perform password cracking on them.  Simulating the attacks that malicious individuals use in this way allows them to provide a security monitoring and alerting service to their customers.  Many companies with a significant web presence, including Facebook, Twitter, and LinkedIn, will also scour the Internet for dumps and attempt to crack the passwords, then compare the cracked passwords to the information they have stored for your account.  If they get a match, they can take steps to protect your account by doing things like expiring your sessions, forcing a password reset on your account, etc.

I recently developed a lab focused on how to perform these password cracking attacks for a local security group called Steel City InfoSec.  The lab is available here on my GitHub, and if you aren’t familiar with password cracking, I suggest trying out the Beginner lab.  That difficulty level includes additional details about how to complete the lab, including a hints area that contains explanations and commands to run for each the steps of password cracking.  There is also a recording of my presentation and my slides available (along with additional information on the Steel City InfoSec message boards) if you are interested in a bit more background.

If you’ve done this sort of thing before and want to experiment with different tools or just download a bunch of word lists, feel free to try out the Intermediate lab.  Specifically, take a look at the downloads readme file to get a clean listing of everything that I’ve provided as a part of the lab.

If you have a GPU cracking rig or a cluster of machines at your disposal, and you’ve done this sort of things a few times in the past, take a crack at the competition.  It’s important to note that with the competition you will need to be a bit more creative about how you create a word list than just using the dumps that I’ve provided, and GPUs/ASICs will not help you as much as if you were cracking something stored with MD5 or even SHA-256.  Also, please note that the competition prizes were for the Steel City InfoSec event is are no longer available.

While working on the lab, if you find anything that isn’t clear or may be incorrect, please feel free to reach out to me directly (via a GitHub issue or pull request) and I can either lend a hand or fix any bugs as appropriate.  In addition, I will be available on RMU campus on November 10th in the evening in Hale 304, presenting this material to Dr. Paullet’s class.

Jon Zeolla