Monday, July 11 - University of New Mexico



UNM GenCyber 2016 Curriculum & ScheduleMonday, July 11Daily learning objectivesUnderstand virtualizationHave an introductory grasp of ethical complexity in cybersecurityUnderstand the difference amongst an operating system, client and server applicationsHave a basic understanding of the role of different security countermeasures, such as firewalls, IDS, and anti-malwareAbility to describe current authentication methods, their roles and limitationsMorning topics/activitiesSurveyInformation security principles beginning with a history and followed by discussions describing information assets, threats, attacks and how to manage risk and plan for securityLunch activitiesFoodGround rules, meet & greet, team building exercise(s)Afternoon topics/activitiesHands on labs demonstrating the principles learned in the morning using our vCloud infrastructure and will include scanning networks, assessing vulnerabilities and penetration testing and remediationTuesday, July 12Daily learning objectivesUnderstand the physical and logical components of a networkHave a basic understanding of how devices communicate on networksUse free tools to assess the behavior and security of your network and its environmentHave a basic understanding of what can threaten your network and its devicesMorning topics/activitiesInformation security principles beginning with a history and followed by discussions describing information assets, threats, attacks and how to manage risk and plan for securityLunch activitiesFoodPresentation: TBDAfternoon topics/activitiesHands on labs demonstrating the principles learned in the morning using our vCloud infrastructure and will include scanning networks, assessing vulnerabilities and penetration testing and remediationWednesday, July 13Daily learning objectivesUnderstand the dependencies and risks of devices residing in your network (hands on project)Understand the legal history and principles behind investigations that include digital evidenceMorning topics/activitiesHands on labs demonstrating how to properly conduct data acquisition from different storage devices, validation and extracting evidenceLunch activitiesFoodPresentation: TBDAfternoon topics/activitiesMore labs supplemented by discussions on legal issues, investigations and principles such as chain of custody and historical legal case (e.g. Olmstead v. United States, Katz v. United States, etc.) or Act of Congress (e.g. Foreign Intelligence Surveillance Act, Patriot Act, etc.)Thursday, July 14Daily learning objectivesUnderstand the concepts of digital forensics and basic disk imagingBe able to describe hashing and common hashing typesUnderstand the concept of write blockingUse free tools to analyze a basic forensic imageUnderstand how EXIF data is useful in forensic investigationsInvestigate basic network traffic for forensicsUnderstand the concept of steganography and data obfuscationExplore Alternate Data StreamsMorning topics/activitiesHands on labs demonstrating how to analyze a basic forensic imageLunch activitiesFoodPresentation: TBDAfternoon topics/activitiesHands on labs demonstrating how to analyze a basic forensic imageHands on labs on steganography and data obfuscation Friday, July 15Daily learning objectivesUse free tools to understand password cracking challenges in forensic investigationsBe able to describe various methods of identifying and removing basic malwareUnderstand the concept of RAM analysis for forensic investigationsExplore alternative methods of creating forensic images in Kali LinuxExplore alternative methods of disk image analysis in Kali LinuxFriday, July 15 - continuedMorning topics/activities RCFL tourLunch activitiesFoodPresentation: TBDAfternoon topics/activitiesHands on labs demonstrating password crackingHands on labs demonstrating malware identification and removalHands on labs using Kali LinuxMonday, July 18Daily learning objectivesUnderstand vulnerabilities in server applications and gamesUnderstand privilege levels and related issues of access and securityUnderstand vulnerabilities that arise from poor privilege managementMorning topics/activitiesDemonstrate and experiment with vulnerabilities in Adobe Flash gamesLunch activitiesFood Presentation: TBDAfternoon topics/activities Werewolves with playing cards: students will learn the basic gameplay rules of Werewolves by using the playing cards in groups.Documentary video presentationTuesday, July 19Daily learning objectivesGain basic familiarity with the Linux command lineLearn about UNIX process structure and managementLearn about UNIX file permissionsIntroduction to Python programmingMorning topics/activitiesLinux command line, processes, permissions, basic UNIX security: Students will play around with the Linux command line and learn about basic abstractions such as the process hierarchy and UNIX file permissionsLunch activitiesFoodPresentation: Health information security challengesAfternoon topics/activitiesImplementing a simple game using PythonWednesday, July 20Daily learning objectivesUnderstand symmetric and asymmetric cryptographyLearn about hash functionsLearn about authentication, vulnerabilities, and password crackingMorning topics/activitiesSymmetric and asymmetric cryptography: the students will experiment with some symmetric ciphersDemonstration of asymmetric cryptography (i.e., public key cryptography)Lunch activitiesFoodVirtual panel – SFS students report on their internships and career preparationAfternoon topics/activitiesStudents will crack simple ciphersStudents will apply what they’ve learned to hacking Adobe Flash games.Thursday, July 21Daily learning objectivesUnderstand server vulnerabilitiesLearn common exploits and defensesMorning topics/activities"Fuzz testing" of Flash games: students will be shown a TOCTTOU race condition vulnerability in the Werewolves server, and then play online Flash games to try to find bugs in the games that can be exploitedLunch activitiesFoodPresentation: TBDAfternoon topics/activitiesWerewolves: students will attempt to exploit vulnerabilities during the gameFriday, July 22Daily learning objectivesLearn about current research topics in cybersecurityMorning topics/activitiesReview Werewolves source code: students will review the Werewolves source code to try to find logical fallacies (there are several known such vulnerabilities)National GenCyber SurveyLunch activitiesFoodPresentation: TBDAfternoon topics/activitiesWerewolves: students will play Werewolves and attempt to exploit vulnerabilities during the gameCommand injection: students will be shown a basic hands-on SQL injection demo that is color coded, and then shown a command injection exploit for Werewolves that they can attempt to use during the gameUNM GenCyber SurveyCybersecurity First Principles Coverage Within The CurriculumPrincipleWeek 1Week 2Domain separationOperating systems, applications (Day 1)Linux/UNIX (Day 7), Werewolves (Day 7)Process isolationVirtualization, vLab (Day 1)Malware (Day 1)Linux/UNIX (Day 7)Resource encapsulationAuthentication and system access (Day 1)Werewolves (Day 7)Least privilegeAccount and system privileges (Day 1)System privileges hacks (Day 2)Werewolves (Days 6 and 8)LayeringOS, services and apps interactions (Day 1)Werewolves and source code vulnerabilities (Day 10)AbstractionNetwork environment assessments (Day 2)Wireshark demo (Day 2)Race conditions (Day 9)Information HidingDigital Forensics (Days 3-5)Encryption (Day 6)ModularityWerewolves and source code vulnerabilities (Day 10)Simplicity of DesignWerewolves (Day 9)MinimizationUPDATE THIS TABLE ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download