Dr. Melissa Danforth

Materials from Cybersecurity Section

REVS-UP Poster Template

The poster session for REVS-UP will be on the afternoon of Thursday June 28th. Our teams have signed up for poster printing on Wednesday June 27th at 2:00pm. All of the posters are 36"x48" or smaller. Photos and background colors should be kept to a minimum. The posters must include both the Chevron Logo and the REVS-UP logo. Posters should be exported to PDF for printing.

The following PowerPoint poster template meets all of the above requirements and has the theming and colors for CSUB and NSME: 36by48_revsup_template.pptx.

Cybersecurity Careers

The section is long enough to warrant its own page. Go to the cybersecurity careers page to see details.

Lecture Notes:

Created by Dr. Danforth

Lecture Notes on Kali Linux Tools:

Created by Aurora Hernandez (CSUB Student Assistant for 2018 session)

Password Security Activities and Worksheets

Password Complexity and Cracking Speed activity by Dr. Danforth
Introduction to Password Hashing and Cracking page by Dr. Danforth
HashCat labs and worksheets by Polo Melendez (CSUB Student Assistant for 2015 session)
Other Tools and Encryption activity utilizes CMPS 340 Digital Forensics materials by Donna Meyers

Word Lists/Dictionaries for Hashcat

The following word lists / dictionary files can be used with Hashcat:

combos2.dict - All two-character combinations
combos3.dict - All three-character combinations
combos4.dict - All four-character combinations
common_passwords.dict - A list of common passwords used by people
large.dict - A relatively large list of words, common passwords, and word variants
english_lower.dict - Common lower-case English words
french_lower.dict - Common lower-case French words
german_lower.dict - Common lower-case German words

Digital Forensics Activities and Worksheets

Created by Mark Stevens (CSUB Student Assistant for 2015 session)
Some activities utilize CMPS 340 Digital Forensics materials by Donna Meyers

Arduino / Internet of Things (IoT) Activities

Questions about the Arduino kit should be directed to Jesse Fonseca (CSUB Student Assistant for 2018 session)

Manual for Arduino kit
2018 prediction: securing IoT-connected devices will be a major cybersecurity challenge
What You Need To Know About Cybersecurity And The Internet Of Things
Cybersecurity policy for the Internet of Things - Microsoft whitepaper on IoT security.

Cybersecurity Websites and Comics

Websites and comics relating to cybersecurity.

CyberPatriot Training Modules - Archived modules on cybersecurity provided by the national CyberPatriot competition.
Krebs on Security - Blog and in-depth analysis of cybersecurity news.
Slashdot - Link aggregation website that focuses primarily on technology-related news.
Have I Been Pwned? - User account compromise page started by a Microsoft security employee, Troy Hunt, that catalogs various user account compromises and lets you check if your email address was in those compromises.
Troy Hunt's Blog - Blog maintained by Troy Hunt, focusing primarily on user database compromises.
How Troy Hunt verifies data breaches - Blog on the techniques used to verify the accuracy of a supposed user database being sold on the dark web.
Password Strength - XKCD comic on passwords vs. passphrases ("correct horse battery staple").
Password Reuse - XKCD comic on the danger of reusing the same password on multiple sites.
Paperwork - XKCD comic on leaking personal information.
Security, Security, Security - CommitStrip comic on the absurdity of password strength dialog boxes.
Security too expensive? Try a hack - CommitStrip comic on the consequences of ignoring security during development.
Security checklist - CommitStrip comic on the "people problem" when it comes to security.

Major Historical Breaches

These are breaches which were big news in the past decade or so.

Pre-2010 - Stuxnet and related software - State-sponsored attack on SCADA (industrial control) systems targeted at disrupting Iran's nuclear program. Suspected of being created by USA and/or Israel.
2011 - RSA and Lockheed Martin breach - Cyberespionage attack suspected of being conducted by Chinese state-sponsored attackers.
2011 - Sony password breach - Troy Hunt's analysis of the breach of user accounts from Sony PlayStation Network.
2012 - Linkedin breach - User accounts for Linkedin were stolen. Suspected to be perpetrated by a Russian cybercrime group.
2013 - Yahoo user account breach - The four year analysis of the Yahoo breach, which compromised all Yahoo accounts at the time.
2013 - Target breach - Post-mortem analysis of the breach.
2015 - Anthem breach - Analysis of the breach suspected to be part of a Chinese state-sponsored attack.
2014 and 2015 - Office of Personnel Management (OPM) breach - Stolen records from federal employees, including background check information. Another state-sponsored attack suspected of being the same group that pulled off the Anthem breach.
2017 - Equifax breach - Theft of many, many credit reports from Equifax. This information could easily be used to steal identities and open credit accounts in others' names.

Cybersecurity News

This section will be updated throughout the Summer 2018 session with latest news relating to cybersecurity.

VPNFilter Update - VPNFilter exploits endpoints, targets new devices - Malware affecting many SOHO routers.
China blamed for data theft from US Navy contractor - Cyberespionage attack.
For almost 11 years, hackers could easily bypass 3rd-party macOS signature checks - Recent news on issue with misconfigured MacOX tools that leave users vulnerable to malware.
MyHeritage breach leaks millions of account details - User database breach at DNA website.

Computer and Electrical Engineering and Computer Science DepartmentCalifornia State University, Bakersfield

Computer and Electrical Engineering and Computer Science Department
California State University, Bakersfield