Tag Archives: Information Security

National Cyber Forensics & Training Alliance (NCFTA) Summer Internship Program

Who we are:

The National Cyber-Forensics & Training Alliance (NCFTA) is a Pittsburgh based globally focused non-profit corporation committed to identifying, mitigating and neutralizing cyber crime threats. The NCFTA operates by conducting real time information sharing by analysis and subject matter experts in the public, private and academic sectors. Through these partnerships, the NCFTA proactively identifies cyber threats in order to help its partners take preventive measures to mitigate and neutralize those threats. For more information see http://www.ncfta.net.

About the Program:

The NCFTA offers talented students an innovative work experience in a growing sector that will help them enhance their professional development and academic goals. Our program offers paid internships for undergraduate and graduate degree students. It is an intensive 12-week program that gives rising college seniors or graduate level students the opportunity to work in areas such as intellectual property fraud, financial fraud, and malware and cyber threats in order to build knowledge and skills in the intelligence analysis field. The student will receive training and be part of the team from day one. They will be assigned to a manager and mentor to enable them to quickly learn and acclimate. During their first few weeks on the team, they will participate in the internship orientation to become familiar with the NCFTA’s various resources, policies and procedures.

Role of the Intern:

Selected candidates will work on various organizational program initiatives. Duties will focus on conducting research and data collection using various tools and applications as well as proactive research in open sources to produce a finished product for dissemination. The intern will engage in collaboration with NCFTA partners and peers and be expected to participate in program meetings.

Internships with our Malware & Cyber Threats Program are more technical in nature and, as such, applicants with a sound technical background are desired. These duties may include writing scripts to automate processes (e.g. Python & shell/bash scripts), reviewing and analyzing malicious code (e.g. C, C++, VB.NET, Assembly, Java), and creating databases (MySQL, MS SQLServer, Postgress). Students with working knowledge of Mac OSX may have an opportunity to work on special projects.


Required Qualifications
• Must be legally authorized to work in the United States and be eligible for a U.S. Government security clearance
• Major studies in areas of consideration: International Affairs/Politics/Relations; Intelligence/Security Studies; Computer Science; Information Security; Business Intelligence or related fields. Other majors are considered on a case by case basis.
• Minimum GPA of 3.0
• Excellent writing skills and strong analytical thinking
• Proficiency in Microsoft Office required
• Arabic, Turkish, Russian, Chinese and Eastern European language skills desirable but not required
• Extensive experience with computers and networking highly preferred but not required

Candidate Skills:

While applicants come from a range of academic backgrounds, the most competitive applicants also should possess the following:
• Flexibility and adaptability
• Take initiative and be self-motivated
• Work well with others and have strong interpersonal abilities
• Good judgment and decision-making skills

Location/Date of Internship:

Internships are available in Pittsburgh, PA; Summer internship program will start approximately June 1, 2017

Application Instructions:
Resumes should be directed to: HumanResources@ncfta.net.

Please include:
• Your resume
• A cover letter in which you specify your qualifications for the position and address why you want to intern as an analyst
• Unofficial transcript

Hacking – Breaches and password dumps

Call it what you want – hacking, cracking, a dump, a data breach, whatever.  The fact is that these events are becoming more and more common, and as IT professionals we need to know how to deal with the fallout.  There is a great visualization that illustrates this recent trend on informationisbeautiful.net.

Often, one of the results of these breaches are that the public gets some insight into the security protections that a company uses (or lack thereof).  In the case of the recent 000Webhost breach, we discovered that passwords for over 13 million of their customers were stored in plaintext; that is to say, with no protection whatsoever.

Also in recent news, users of the Ashley Madison service had a large amount of their information disclosed, including account details and password hashes.  The primary protection mechanism for password storage that was in use here is a technology called bcrypt (a very strong password protection mechanism – you can find more details here and here), however due to a legacy function that had numerous flaws (for all of the details, check out this blog post) some user passwords were also simplified and stored as MD5.  Due to how MD5 functions, hardware like GPUs and ASICs are able to be used to quickly and efficiently crack the passwords, and in this case they were then able to use information gathered from cracking the MD5 hashes to significantly speed up the attacks on bcrypt-stored passwords.

One of the major problems with password hashes getting dumped is that password reuse is a real problem, and without the use of a password safe (like LastPass, KeePass, 1Password, or more enterprise products such as CyberArk or ERPM) it’s not realistic to think that end users will ever fix this on their own.

There are numerous websites and password managers available where you can check if your password has been a part of a breach, where the companies behind those websites seek out and collect password dumps to perform password cracking on them.  Simulating the attacks that malicious individuals use in this way allows them to provide a security monitoring and alerting service to their customers.  Many companies with a significant web presence, including Facebook, Twitter, and LinkedIn, will also scour the Internet for dumps and attempt to crack the passwords, then compare the cracked passwords to the information they have stored for your account.  If they get a match, they can take steps to protect your account by doing things like expiring your sessions, forcing a password reset on your account, etc.

I recently developed a lab focused on how to perform these password cracking attacks for a local security group called Steel City InfoSec.  The lab is available here on my GitHub, and if you aren’t familiar with password cracking, I suggest trying out the Beginner lab.  That difficulty level includes additional details about how to complete the lab, including a hints area that contains explanations and commands to run for each the steps of password cracking.  There is also a recording of my presentation and my slides available (along with additional information on the Steel City InfoSec message boards) if you are interested in a bit more background.

If you’ve done this sort of thing before and want to experiment with different tools or just download a bunch of word lists, feel free to try out the Intermediate lab.  Specifically, take a look at the downloads readme file to get a clean listing of everything that I’ve provided as a part of the lab.

If you have a GPU cracking rig or a cluster of machines at your disposal, and you’ve done this sort of things a few times in the past, take a crack at the competition.  It’s important to note that with the competition you will need to be a bit more creative about how you create a word list than just using the dumps that I’ve provided, and GPUs/ASICs will not help you as much as if you were cracking something stored with MD5 or even SHA-256.  Also, please note that the competition prizes were for the Steel City InfoSec event is are no longer available.

While working on the lab, if you find anything that isn’t clear or may be incorrect, please feel free to reach out to me directly (via a GitHub issue or pull request) and I can either lend a hand or fix any bugs as appropriate.  In addition, I will be available on RMU campus on November 10th in the evening in Hale 304, presenting this material to Dr. Paullet’s class.

Jon Zeolla

MUST READ Article on Cybersecurity

Student Editorial

I hope everyone’s summer has gone well so far, and I hope that everyone is almost ready for another great school year as August nears. The article below is by far one of the best articles I’ve seen/read on cybersecurity. With the pool of both the good and bad guys involved with cybersecurity only continuing to grow, the battle to protect and damage critical infrastructure will continue to rage on. Shawn Henry, current president of CrowdStrike Services and former FBI Assistant Director, discusses how cyber adversaries are adapting and finding new ways to attack. In addition, he discusses the growing issue with China continuing to illegally access the U.S.’s private data, and how our nation must provide a better response to these incidents.  In addition, a few other topics in cybersecurity are discussed.  All in all, this blog post cannot give you all of the detail provided by this marvelous article. Please take the time to read it.


Antivirus Discussion Webcast

On Friday December 5th at 2pm two security experts will be broadcasting a webcast with the topic of “Gaining Defense-In-Depth on the Endpoint -Is Antivirus Enough?


Brian Hazzard– Vice President of Product Management at Bit9 + Carbon Black

Dr. Engin Kirda of Lastline

Discussion Points:

  • How real is the threat of advanced attacks on your endpoints?
  • How can a layered defense-in-depth strategy help address the problem?
  • What kinds of technologies should be used? When?
  • Where does antivirus fit in the endpoint security landscape?

You will also be able to question the security experts throughout the webcast.

If you are interested in participating in this free online event, register by clicking on the following link below.