Capacidades técnicas, legales y de gestión para equipos BlueTeam y RedTeam

En el presente trabajo se encontrará una descripción de cada una de las etapas realizadas en el seminario especializado durante el desarrollo del mismo. De igual manera se expresaran los logros alcanzados y se propondrán acciones o recomendaciones que pueden ser tenidas en cuenta para el mejoramiento de futuros cursos de este seminario.In this work you will find a description of each of the stages carried out in the specialized seminar during its development. In the same way, the achievements made will be expressed and actions or recommendations will be proposed that can be taken into account for the improvement of future courses of this seminar

A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed web- sites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial

Técnicas de detección de ataques en un sistema SIEM (Security Information and Event Management)

Technology advance has achieved an almost entirely globalized world. New inventions are achieved at a speed that has revolutionized people’s pace of life. Information has become a very helpful and of great value resource. This has made the protection of information a demanded work. Globalization and the Internet have managed to maintain in contact to people all around the world. Due to this progress cyber-attacks to networks have become a main objective for hackers that attempt to gain people credentials or not allowing the availability of network resources. System Information and Event Management (SIEM) have become the main defense against those attacks. How to detect attacks and prepare procedures and algorithms to protect information is the objective of this work that develops solutions when understanding theory and systems behind every cyber-attack.El avance de la tecnología ha logrado un mundo casi enteramente globalizado. La velocidad con la que se consigue nuevos inventos ya sean digitales o no, ha revolucionado el ritmo de vida en la mayoría de las personas. La información se ha vuelto un recurso muy utilizado y de mucho valor, por lo que proteger dicha información se ha vuelto un trabajo muy demandado. La globalización y la interconectividad de redes (el Internet) han logrado mantener en contacto a seres humanos muy alejados unos de otros. Debido a estos avances, los ataques informáticos a las redes se han vuelto objetivos por parte de atacantes que intentan conseguir información confidencial o no permitir la disponibilidad de recursos en la red. Los sistemas de información y manejo de eventos (SIEM por sus siglas en inglés) se han vuelto la defensa a estos ataques. Como detectar ataques y preparar procedimientos y algoritmos para proteger información es el objetivo de este trabajo que desarrolla soluciones a base de entender los sistemas y la teoría detrás de cada ataque informático

Casco Bay Weekly : 15 August 1996

https://digitalcommons.portlandlibrary.com/cbw_1996/1033/thumbnail.jp

Spring 2011

The Alembic - Spring 2011. Full Issue, 166 pages in total including front matter & table of contents. Contents: The Editors, Dedication, 8 Douglass, Karen, Fifth Wheel, 9 Pulfer-Terino, Emily, My Part, 10 Koncel, Mary A., Murder, 11 Lucas, Jorge, Strangers In The Night, 12 Ryan, Megan F., Dandelions, 17 Carter, Timothy H., Colored Wax Stubs, 18 Gannon, Peter, The Punisher, 19 Spireng, Matthew J., Hawk, 27 Shapiro, Rochelle Jewel, The Russians, 28 Dacey, Patrick, The Ground Floor, 29 Noah, Stanley, Thoughts Upon Film Noir By An Old Movie Star, 37 Myers, Jed, August Night, 38 Pappas, Greg, Charlie, 39 Pajak, Jeff, A Behovely Season, 45 Marcotte, David, Upon An Angel, Drawing His Sword, 46 McCartney, Liam, Dr. Kaine, 47 Perchik, Simon, *, 49 Harris, Peter, Depression Dreaming Gold, 50 Johnson, Peter, Translation, 51 Phillips, Glenn Allen, Mother To Son, 54 Rappaport, Henry, Shortcut, 55 Pelekidis, Angie, Commuting, 56 Gritsman, Andrey, Conversion, 63 Waggoner, Kim, I Don’t Feel Comfortable In My Own Skin, 64 Sullivan, John, The Many Voices Of Beryl Davenport, 65 Sherman, Diane, City Moment, 72 Williams, Tim, Glass Singing, 74 Babinecz, Elizabeth, The Keys, 75 Down, Jane, You Are Not Mr. Rochester, 78 Collura, Douglass, The Boat, 80 Costello, Elise, The Listener, 81 Costello, Elise, 37 Dreams Of Summer, 82 Costello, Elise, In Our Hands, 83 Brown, Andrew, Time To Escape, 84 Brown, Andrew, Night Light, 85 Gadoury, Chelsea, Untitled, 86 Nawrocki, William, So Long, Innocence, 87 Nawrocki, William, The Edge Of The World, 88 Nawrocki, William, The Girl And The Sea, 89 Dailey, Amanda, Dandelions, 90 Dailey, Amanda, Untitled, 91 Dailey, Amanda, The Confrontation, 92 Lynch, Dennis, No Good Deed, 93 Higgins, George, He Led A Sheltered Life, 98 McNally, Robert Aquinas, Beech, 99 Glitz, Amberly, This Too Shall Pass, 100 Parish, Dylan, The Girls On The Stoop, 109 Blome, William C., The Clear Truth, 111 Hannigan, Matt, Rosary, 112 Northington, Catherine, Meeting Street, 118 Neidermeyer, Joseph, When I Wake, 119 DeNisco, Alison, True Blue, 120 Koncel, Mary A., Bite Me, 126 Glitz, Amberly, Back It Up, 127 Jankiewicz, Matthew, Dandelions, 128 Harrigan, Leah, My Eyes Were Closed, 139 Gularte, Lara, The Blue Cape, 140 Leonardo, Beth, Popi, 141 Centrella, Amanda M., Sculpture, 143 Alfier, Jeffrey, Harmonica Man Leaves His Stone Bench On Catalina Avenue, 144 Dugan, Nancy Ford, Wedged, 145 Perel, Jane Lunin, Insomniac Lists, 149 Carter, Timothy H., Inside My Violets, 150 Lawry, Vivian, Staying Alive, 151 Reid, Bethany, Dear Occupant, 154 Ryan, Megan F., Lessons From My Grandmother, 155 Carmichael, Cynthia, How To Eat A Mango, 156 Contributors, 15

Development of a Social Engineering eXposure Index (SEXI) using Open-Source Personal Information

Millions of people willingly expose their lives via Internet technologies every day, and even the very few ones who refrain from the use of the Internet find themselves exposed through data breaches. Billions of private information records are exposed through the Internet. Marketers gather personal preferences to influence shopping behavior. Providers gather personal information to deliver enhanced services, and underground hacker networks contain repositories of immense data sets. Few users of Internet technologies have considered where their information is going or who has access to it. Even fewer are aware of how decisions made in their own lives expose significant pieces of information, which can be used by cyber hackers to harm the very organizations with whom they are affiliated. While this threat can affect any person holding any position at an organization, upper management poses a significantly higher risk due to their level of access to critical data and finances targeted by cybercrime. The goal of this research was to develop and validate a Social Engineering eXposure Index (SEXI)™ using Open-Source Personal Information (OSPI) to assist in identifying and classifying social engineering vulnerabilities. This study combined an expert panel using the Delphi method, developmental research, and quantitative data collection. The expert panel categorized and assessed information privacy components into three identifiability groups, subsequently used to develop an algorithm that formed the basis for a SEXI. Validation of the algorithm used open-source personal information found on the Internet for 50 executives of Fortune 500 organizations and 50 Hollywood celebrities. The exposure of each executive and persona was quantified and the collected data were evaluated, analyzed, and presented in an anonymous aggregated form. Phase 1 of this study developed and evaluated the SEXI benchmarking instrument via an expert panel using the Delphi expert methodology. During the first round, 3,531 data points were collected with 1,530 having to do with the demographics, qualifications, experience, and working environments of the panel members as well as 2,001 attributing levels of exposure to personal information. The second Delphi round presented the panel members with the feedback of the first-round tasking them with categorizing personal information, resulting in 1,816 data points. Phase 2 of this study used the composition, weights, and categories of personal information from Phase 1 in the development of a preliminary SEXI benchmarking instrument comprised of 105 personal information items. Simulated data was used to validate the instrument prior to the data collection. Before initiating Phase 3, the preliminary SEXI benchmarking instrument was fully tested to verify the accuracy of recorded data. Phase 3 began with discovering, evaluating, and validating repositories of publicly available data sources of personal information. Approximately two dozen sources were used to collect 11,800 data points with the SEXI benchmarking index. Upon completion of Phase 3, data analysis of the Fortune 500 executives and Hollywood personas used to validate the SEXI benchmarking index. Data analysis was conducted in Phase 3 by one-way Analysis of Variance (ANOVA). The results of the ANOVA data analysis from Phase 3 revealed that age, gender, marital status, and military/police experience were not significant in showing SEXI differences. Additionally, income, estimated worth, industry, organization position, philanthropic contributions are significant, showing differences in SEXI. The most significant differences in SEXI in this research study were found with writers and chief information officers. A t-test was performed to compare the Fortune 500 executives and the Hollywood personas. The results of the t-test data analysis showed a significant difference between the two groups in that Hollywood Personas had a higher SEXI than the Fortune 500 Executives suggesting increased exposure due to OSPI. The results of this research study established, categorized, and validated a quantifiable measurement of personal information. Moreover, the results of this research study validated that the SEXI benchmarking index could be used to assess an individual’s exposure to social engineering due to publicly available personal information. As organizations and public figures rely on Internet technologies understanding the level of personal information exposure is critical is protecting against social engineering attacks. Furthermore, assessing personal information exposure could provide an organization insight into exposed personal information facilitating further mitigation of threats or potential social engineering attack vectors. Discussions and implications for future research are provided

Agent-Based Modelling of O ensive Actors in Cyberspace

© Cran eld University 2021. All rights reserved. No part of this publication may be reproduced without the written permission of the copyright owner.With the rise of the Information Age, there has also been a growing rate of attacks targeting information. In order to better defend against these attacks being able to understand attackers and simulate their behaviour is of utmost importance. A recent approach of using serious games provides an avenue to explore o ensive cyber attacks in a safe and fun environment. There exists a wide range of cyber attackers, with varying levels of expertise whose motivations are di erent. This project provides a novel contribution in using games to allow people to role play as malicious attackers and then using these games as inputs into the simulation. A board game has been designed that emulates a cyber environment, where players represent o ensive actors, with seven roles - Cyber Mercenary (low and high capability), State-backed (low and high capability), Script Kiddy, Hacktivist and Counter-culture (not motivated by nances or ideology). The facilitator or the Games Master (GM) represents the organisation under attack, and players use the Technique cards to perform attacks on the organisation, all cards are sourced from existing Tools, Techniques and Procedures (TTPs). Along with the game, players also provided responses to a questionnaire, that encapsulated three individual dif ferences: Sneider's self-report, DOSPERT and Barratt's Impulsiveness scale. There was a total of 15 players participating in 13 games, and three key groups of individual di erences players. No correlation was identi ed with the individual Technique card pick rate and role. However, the complexity of the attack patterns (Technique card chains) was modulated by roles, and the players' individual di erences. A proof-of-concept simulation has been made using an Agent-Based Modelling framework that re-plays the actions of a player. One of the aspects of future work is the exploitation of the game data to be used as a learning model to create intelligent standalone agents.PH