Selected Topics in Computer and Information Science
| 주 | 이름 | 모듈 소개 |
|---|---|---|
| 21.10@16:30 online and in P19 -> Outline of the Course, and Hacking Ethics | This is the slack channel for the course. |
|
These are the slides from the lecture |
||
A bit about WannaCry |
||
Additional links: https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/ https://www.bleepingcomputer.com/news/security/security-firms-find-thin-lines-connecting-notpetya-to-ukraine-power-grid-attacks/ |
||
Fiske, Alan Page, & Tetlock, Philip E. (1997). Taboo Trade-offs: Reactions to Transactions That Transgress the Spheres of Justice. Political Psychology, 18(2), 255-297. doi: 10.1111/0162-895X.00058 |
||
Kaznivih dejanj lažnega izdajanja za uradno ali vojaško osebo po 1. odstavku 305. člena KZ-1 – kazen do 1. leta zapora vsakič. Kraja identitete se vodi po kz kot zloraba osebnih podatkov: http://pravninasvet.com/blog/kraja-identitete-2del (praviloma okoli 3 leta zapora) Kraja poslovnih skrivnosti: https://zakonodaja.com/zakon/kz-1/236-clen-izdaja-in-neupravicena-pridobitev-poslovne-skrivnosti |
||
Summary by Saul McLeod https://www.simplypsychology.org/kohlberg.html |
||
-Sykes,
Gresham M., & Matza, David. (1957). Techniques of Neutralization: A Theory
of Delinquency. American
Sociological Review, 22(6),
664-670. |
||
| 28.10.@16:30 -> PENetration TESTing, and Breach databases | Slides for lecture 2 and 3 |
|
The EU law that specifies handling of sensitive data (amongst other things) |
||
https://www.offensive-security.com/reports/penetration-testing-sample-report-2013.pdf |
||
Nasu, Hitoshi. (2015). STATE SECRETS LAW AND NATIONAL SECURITY. International and Comparative Law Quarterly, 64(2), 365-404. doi: 10.1017/S0020589315000056 (... When to disclose, and when not to, because this jeopardises national security) |
||
Sample commands for nmap |
||
Online resource to check your password security. |
||
| 4.11.@16:30 -> Open source Intelligence Gathering | SLides for OSINT Lecture |
|
NATO OSINT Manual [now declassified] |
||
Google hacking cheat-sheet |
||
Long, Johnny. (2005). The Google Hacker’s Guide: Understanding and Defending Against the Google Hacker. online: self-published. |
||
Lovell, Kieren , Modic, David, & Maennel, Olaf Manuel. (2018). Exercise Mercury: An Ethical Hacking Exercise [report] (U. I. Services, Trans.) (pp. 9). Cambridge, UK: University of Cambridge. |
||
About a popular malware package, called kovter... |
||
... 52% of the users studied have the same passwords (or very similar and easily hackable ones) for different services.... ... With 85% of passwords reused or slightly changed in the case of online shopping, and 62% for email ... |
||
Modic, David, Anderson, Ross, & Palomäki, Jussi. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale. PLOS ONE, 13(3), e0194119. doi: 10.1371/journal.pone.0194119 |
||
Long, Johnny, E, Skoudis, & A., van Eijkelenborg. (2004). Google hacking for penetration testers. Burlington, MA: Syngress Pub. |
||
Wilhelm, Thomas, & Andress, Jason. (2011). Ninja hacking : unconventional penetration testing tactics and techniques. Burlington, MA: Syngress/Elsevier. |
||
| 18.11@16:30 -> Shodan | SHODAN |
|
Keywords used in Shodan searches. |
||
Lee, Seungwoon, Shin, Seung-Hun, & Roh, Byeong-hee. (2017). Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning. Paper presented at the Ninth International Conference on Ubiquitous and Future Networks (ICUFN), Milan. |
||
Ercolani, V. J., Patton, M. W., & Chen, H. (2016). Shodan visualized. Paper presented at the IEEE Conference on Intelligence and Security Informatics (ISI), Tucson, AZ. |
||
Phan, Thai, Krum, David M., & Bolas, Mark. (2016). ShodanVR Immersive visualization of text records from the Shodan database. Paper presented at the 2016 Workshop on Immersive Analytics (IA), Greenville, SC, . |
||
Harsha, M. S., Bhavani, B. M., & Kundhavai, K. R. (2018). Analysis of vulnerabilities in MQTT security using Shodan API and implementation of its countermeasures via authentication and ACLs. Paper presented at the 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, India. |
||
Al-Alami, H., Hadi, A., & Al-Bahadili, H. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan. Paper presented at the, 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS), Amman |
||
Matherly, J. (2016). The Complete Guide to Shodan. Collect. Analyze. Visualize. Make Internet Intelligence Work For You. Kindle Edition Amazon. |
||
| 18.11@17:30 -> metasploit | (c) Aleksander Mundjar |
|
More in-depth tutorial course (recommended) |
||
Metasploitable2 os guide |
||
| 25.11.@16:30 -> Human Attack Vectors Part 1 | Psychology of Security part 1 |
|
Humphrey, N. (1976). The Social Function of Intellect. In P. P. G. Bateson & R. A. Hinde (Eds.), Growing Points in Ethology (pp. 303-317). Cambridge, UK: Cambridge University Press. |
||
Modic, D., Anderson, R., & Palomäki, J. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale. PLoS One, 13(3), e0194119. Retrieved from https://doi.org/10.1371/journal.pone.0194119. doi:10.1371/journal.pone.0194119 |
||
Herley, C. (2009). So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users. New York: Assoc Computing Machinery. |
||
Dyrud, M. A. (2005). I Brought You a Good News: An Analysis of Nigerian 419 Letters. Paper presented at the 70th Annual Convention of The Association for Business Communication, Irvine, CA. Analysis retrieved from http://www.businesscommunication.org/conventions/Proceedings/2005/PDFs/07ABC05.pdf |
||
Shadel, D. P., & Pak, K. B. S. (2007). The Psychology of Consumer Fraud. (PhD), Tillbrook University, Stanford Center on Longevity. |
||
Fischer, P., Lea, S., & Evans, K. (2009). The Psychology of Scams: Provoking and Commiting Errors of Judgement. Research for the Office of Fair Trading (OFT1070). Retrieved from Exeter, UK: http://www.oft.gov.uk/shared_oft/reports/consumer_protection/oft1070.pdf |
||
Modic, D., & Lea, S. E. G. (2011). How neurotic are scam victims, really? The big five and Internet scams. Paper presented at the 2011 Conference of the International Confederation for the Advancement of Behavioral Economics and Economic Psychology, Exeter, United Kingdom. |
||
Modic, D., & Anderson, R. (2015). It’s All Over but the Crying: The Emotional and Financial Impact of Internet Fraud. Ieee Security & Privacy, 13(5), 99-103. doi:10.1109/MSP.2015.107 |
||
Titus, R. M., & Dover, A. R. (2001). Personal Fraud: The Victims and the Scams. Crime Prevention Studies, 12, 133-151. |
||
Copes, H., Kerley, K. R., Mason, K. A., & Van Wyk, J. (2001). Reporting behavior of fraud victims and Black's theory of law: An empirical assessment. Justice Quarterly, 18(2), 343-363. doi:10.1080/07418820100094931 |
||
Modic, D., & Lea, S. E. G. (2013). Scam Compliance and the Psychology of Persuasion [pre-print]. Social Sciences Research Network, Available at SSRN: http://ssrn.com/abstract=2364464. Retrieved from http://ssrn.com/abstract=2364464. |
||
Kanfer, F. H., & Karoly, P. (1972). Self-control: A behavioristic excursion into the lion's den. Behavior Therapy, 3(3), 398-416. Retrieved from http://www.sciencedirect.com/science/article/pii/S0005789472801400. doi:10.1016/s0005-7894(72)80140-0 |
||
Muraven, M., & Baumeister, R. F. (2000). Self-regulation and depletion of limited resources: Does self-control resemble a muscle? Psychological Bulletin, 126(2), 247-259. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=bul-126-2 |
||
Nadel, S. F. (1953). Social Control and Self-Regulation. Social Forces, 31(3), 265-273. Retrieved from http://www.jstor.org/stable/2574226. -247&site=ehost-live. doi:10.1037/0033-2909.126.2.247 |
||
Gailliot, M. T., Baumeister, R. F., DeWall, C. N., Maner, J. K., Plant, E. A., Tice, D. M., . . . Schmeichel, B. J. (2007). Self-control relies on glucose as a limited energy source: Willpower is more than a metaphor. Journal of Personality and Social Psychology, 92(2), 325-336. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-92-2-325&site=ehost-live |
||
Wegner, D. M., Schneider, D. J., Carter, S. R., & White, T. L. (1987). Paradoxical effects of thought suppression. Journal of Personality and Social Psychology, 53(1), 5-13. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-53-1-5&site=ehost-live. doi:10.1037/0022-3514.53.1.5 |
||
Logue, A. W. (1988). Research on self-control: An integrating framework. Behavioral and Brain Sciences, 11(04), 665-679. Retrieved from http://dx.doi.org/10.1017/S0140525X00053978. doi:doi:10.1017/S0140525X00053978 |
||
Metcalfe, J., & Mischel, W. (1999). A hot/cool-system analysis of delay of gratification: Dynamics of willpower. Psychological Review, 106(1), 3-19. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=rev-106-1-3&site=ehost-live. doi:10.1037/0033-295x.106.1.3 |
||
Muraven, M., Tice, D. M., & Baumeister, R. F. (1998). Self-control as a limited resource: Regulatory depletion patterns. Journal of Personality and Social Psychology, 74(3), 774-789. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-74-3-774&site=ehost-live. doi:10.1037/0022-3514.74.3.774 |
||
Kuijer, R., de Ridder, D., Ouwehand, C., Houx, B., & van den Bos, R. (2008). Dieting as a case of behavioural decision making. Does self-control matter? Appetite, 51(3), 506-511. Retrieved from <Go to ISI>://WOS:000259930900014. doi:10.1016/j.appet.2008.03.014 |
||
McCrae, R. R., & Costa, P. T. (1987). Validation of the five-factor model of personality across instruments and observers. Journal of Personality and Social Psychology, 52(1), 81-90. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-52-1-81&site=ehost-live. doi:10.1037/0022-3514.52.1.81 |
||
| 16.12.@16:45 Team assignment overview IS POSPTPONED. Today: UNPACKING MALWARE and a short Q&A if there are any. |