이름 모듈 소개
21.10@16:30 online and in P19 -> Outline of the Course, and Hacking Ethics URL COURSE SLACK CHANNEL

This is the slack channel for the course.

파일 Presentation (outline and ethics) [pdf]

These are the slides from the lecture

URL Wannacry - outline

A bit about WannaCry

URL A set of links about notPetya

Additional links:

https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/

https://www.bleepingcomputer.com/news/security/security-firms-find-thin-lines-connecting-notpetya-to-ukraine-power-grid-attacks/


파일 Fiske, Alan Page, & Tetlock, Philip E. (1997). Taboo Trade-offs: Reactions to Transactions That Transgress the Spheres of Justice

Fiske, Alan Page, & Tetlock, Philip E. (1997). Taboo Trade-offs: Reactions to Transactions That Transgress the Spheres of Justice. Political Psychology, 18(2), 255-297. doi: 10.1111/0162-895X.00058

파일 Slovene criminal law (6th edition) in Slovene

Kaznivih dejanj lažnega izdajanja za uradno ali vojaško osebo po 1. odstavku 305. člena KZ-1 – kazen do 1. leta zapora vsakič.

Kraja identitete se vodi po kz kot zloraba osebnih podatkov: http://pravninasvet.com/blog/kraja-identitete-2del (praviloma okoli 3 leta zapora)

Kraja poslovnih skrivnosti: https://zakonodaja.com/zakon/kz-1/236-clen-izdaja-in-neupravicena-pridobitev-poslovne-skrivnosti


파일 Kohlberg's theory of Moral development (1958)

Summary by Saul McLeod

https://www.simplypsychology.org/kohlberg.html


파일 Sykes, Gresham M., & Matza, David. (1957). Techniques of Neutralization: A Theory of Delinquency

-Sykes, Gresham M., & Matza, David. (1957). Techniques of Neutralization: A Theory of Delinquency. American Sociological Review, 22(6), 664-670.

28.10.@16:30 -> PENetration TESTing, and Breach databases 파일 Penetration Testing process and Breach databases [slides]

Slides for lecture 2 and 3

URL EU Data Protection Directive

The EU law that specifies handling of sensitive data (amongst other things)

URL SI-CERT resource on SI laws on cybercrime (In SLO)
파일 A sample penetration testing report (by offensive security)

https://www.offensive-security.com/reports/penetration-testing-sample-report-2013.pdf

파일 Nasu, H. (2015). STATE SECRETS LAW AND NATIONAL SECURITY

Nasu, Hitoshi. (2015). STATE SECRETS LAW AND NATIONAL SECURITY. International and Comparative Law Quarterly, 64(2), 365-404. doi: 10.1017/S0020589315000056

(... When to disclose, and when not to, because this jeopardises national security)

URL Ars Technica article on a huge passwords leak
URL nmap cheat sheet

Sample commands for nmap

URL haveibeenpwned?

Online resource to check your password security.

4.11.@16:30 -> Open source Intelligence Gathering 파일 Lecture 5. OSINT

SLides for OSINT Lecture

파일 NATO OSINT Manual

NATO OSINT Manual [now declassified]

URL Google hacking tutorial

Google hacking cheat-sheet

파일 The Google Hacker’s Guide

Long, Johnny. (2005). The Google Hacker’s Guide: Understanding and Defending Against the Google Hacker. online: self-published.

파일 Lovell, K. , Modic, D., & Maennel, O.M.. (2018). Exercise Mercury [REPORT]

Lovell, Kieren , Modic, David, & Maennel, Olaf Manuel. (2018). Exercise Mercury: An Ethical Hacking Exercise [report] (U. I. Services, Trans.) (pp. 9). Cambridge, UK: University of Cambridge.

URL kovter (malware package)

About a popular malware package, called kovter...

URL Password reuse statistics

... 52% of the users studied have the same passwords (or very similar and easily hackable ones) for different services....

... With 85% of passwords reused or slightly changed in the case of online shopping, and 62% for email ...

파일 Modic, D., Anderson, R., & Palomäki, J. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale

Modic, David, Anderson, Ross, & Palomäki, Jussi. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale. PLOS ONE, 13(3), e0194119. doi: 10.1371/journal.pone.0194119

파일 Long, Johnny, E, Skoudis, & A., van Eijkelenborg. (2004). Google hacking for penetration testers

Long, Johnny, E, Skoudis, & A., van Eijkelenborg. (2004). Google hacking for penetration testers. Burlington, MA: Syngress Pub.

파일 Wilhelm, Thomas, & Andress, Jason. (2011). Ninja hacking : unconventional penetration testing tactics and techniques

Wilhelm, Thomas, & Andress, Jason. (2011). Ninja hacking : unconventional penetration testing tactics and techniques. Burlington, MA: Syngress/Elsevier.

18.11@16:30 -> Shodan 파일 Shodan Presentation

SHODAN

파일 Shodan search terms

Keywords used in Shodan searches.

URL Shodan null-byte Online tutorial
URL Shodan API overview
URL Shodan Beginner tutorial
파일 Lee, Seungwoon, Shin, Seung-Hun, & Roh, Byeong-hee. (2017). Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning

Lee, Seungwoon, Shin, Seung-Hun, & Roh, Byeong-hee. (2017). Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning. Paper presented at the Ninth International Conference on Ubiquitous and Future Networks (ICUFN), Milan. 

파일 Ercolani, V. J., Patton, M. W., & Chen, H. (2016). Shodan visualized

Ercolani, V. J., Patton, M. W., & Chen, H. (2016). Shodan visualized. Paper presented at the IEEE Conference on Intelligence and Security Informatics (ISI), Tucson, AZ. 

파일 Phan, Thai, Krum, David M., & Bolas, Mark. (2016). ShodanVR Immersive visualization of text records from the Shodan database

Phan, Thai, Krum, David M., & Bolas, Mark. (2016). ShodanVR Immersive visualization of text records from the Shodan database. Paper presented at the 2016 Workshop on Immersive Analytics (IA), Greenville, SC, . 

파일 Harsha, M. S., Bhavani, B. M., & Kundhavai, K. R. (2018). Analysis of vulnerabilities in MQTT security using Shodan API and implementation of its countermeasures via authentication and ACLs

Harsha, M. S., Bhavani, B. M., & Kundhavai, K. R. (2018). Analysis of vulnerabilities in MQTT security using Shodan API and implementation of its countermeasures via authentication and ACLs. Paper presented at the 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, India. 

파일 Al-Alami, H., Hadi, A., & Al-Bahadili, H. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan

Al-Alami, H., Hadi, A., & Al-Bahadili, H. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan. Paper presented at the, 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS), Amman 

파일 Matherly, J. (2016). The Complete Guide to Shodan

Matherly, J. (2016). The Complete Guide to Shodan. Collect. Analyze. Visualize. Make Internet Intelligence Work For You. Kindle Edition Amazon.

18.11@17:30 -> metasploit 파일 metasploitable presentation

(c) Aleksander Mundjar

URL More in-depth tutorial course (recommended)

More in-depth tutorial course (recommended)

URL Metasploitable2 os guide
Metasploitable2 os guide
25.11.@16:30 -> Human Attack Vectors Part 1 파일 Presentation slides (part 1) [pdf]

Psychology of Security part 1

파일 Humphrey, N. (1976). The Social Function of Intellect

Humphrey, N. (1976). The Social Function of Intellect. In P. P. G. Bateson & R. A. Hinde (Eds.), Growing Points in Ethology (pp. 303-317). Cambridge, UK: Cambridge University Press.


파일 Modic, D., Anderson, R., & Palomäki, J. (2018). We will make you like our research

Modic, D., Anderson, R., & Palomäki, J. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale. PLoS One, 13(3), e0194119. Retrieved from https://doi.org/10.1371/journal.pone.0194119. doi:10.1371/journal.pone.0194119

파일 Herley, C. (2009). So Long, And No Thanks for the Externalities

Herley, C. (2009). So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users. New York: Assoc Computing Machinery.

파일 Dyrud, M. A. (2005). I Brought You a Good News: An Analysis of Nigerian 419 Letters

Dyrud, M. A. (2005). I Brought You a Good News: An Analysis of Nigerian 419 Letters. Paper presented at the 70th Annual Convention of The Association for Business Communication, Irvine, CA. Analysis retrieved from http://www.businesscommunication.org/conventions/Proceedings/2005/PDFs/07ABC05.pdf

파일 Shadel, D. P., & Pak, K. B. S. (2007). The Psychology of Consumer Fraud

Shadel, D. P., & Pak, K. B. S. (2007). The Psychology of Consumer Fraud. (PhD), Tillbrook University, Stanford Center on Longevity. 

파일 Fischer, P., Lea, S., & Evans, K. (2009). The Psychology of Scams

Fischer, P., Lea, S., & Evans, K. (2009). The Psychology of Scams: Provoking and Commiting Errors of Judgement. Research for the Office of Fair Trading (OFT1070). Retrieved from Exeter, UK: http://www.oft.gov.uk/shared_oft/reports/consumer_protection/oft1070.pdf

파일 Modic, D., & Lea, S. E. G. (2011). How neurotic are scam victims, really? The big five and Internet scams

Modic, D., & Lea, S. E. G. (2011). How neurotic are scam victims, really? The big five and Internet scams. Paper presented at the 2011 Conference of the International Confederation for the Advancement of Behavioral Economics and Economic Psychology, Exeter, United Kingdom.

파일 Modic, D., & Anderson, R. (2015). It’s All Over but the Crying

Modic, D., & Anderson, R. (2015). It’s All Over but the Crying: The Emotional and Financial Impact of Internet Fraud. Ieee Security & Privacy, 13(5), 99-103. doi:10.1109/MSP.2015.107

파일 Titus, R. M., & Dover, A. R. (2001). Personal Fraud: The Victims and the Scams

Titus, R. M., & Dover, A. R. (2001). Personal Fraud: The Victims and the Scams. Crime Prevention Studies, 12, 133-151. 

파일 Copes, H., Kerley, K. R., Mason, K. A., & Van Wyk, J. (2001). Reporting behavior of fraud victims and Black's theory of law: An empirical assessment

Copes, H., Kerley, K. R., Mason, K. A., & Van Wyk, J. (2001). Reporting behavior of fraud victims and Black's theory of law: An empirical assessment. Justice Quarterly, 18(2), 343-363. doi:10.1080/07418820100094931


파일 Modic, D., & Lea, S. E. G. (2013). Scam Compliance and the Psychology of Persuasion

Modic, D., & Lea, S. E. G. (2013). Scam Compliance and the Psychology of Persuasion [pre-print]. Social Sciences Research Network, Available at SSRN: http://ssrn.com/abstract=2364464. Retrieved from http://ssrn.com/abstract=2364464. 

파일 Kanfer, F. H., & Karoly, P. (1972). Self-control: A behavioristic excursion into the lion's den

Kanfer, F. H., & Karoly, P. (1972). Self-control: A behavioristic excursion into the lion's den. Behavior Therapy, 3(3), 398-416. Retrieved from http://www.sciencedirect.com/science/article/pii/S0005789472801400. doi:10.1016/s0005-7894(72)80140-0


파일 Muraven, M., & Baumeister, R. F. (2000). Self-regulation and depletion of limited resources: Does self-control resemble a muscle?

Muraven, M., & Baumeister, R. F. (2000). Self-regulation and depletion of limited resources: Does self-control resemble a muscle? Psychological Bulletin, 126(2), 247-259. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=bul-126-2


파일 Nadel, S. F. (1953). Social Control and Self-Regulation

Nadel, S. F. (1953). Social Control and Self-Regulation. Social Forces, 31(3), 265-273. Retrieved from http://www.jstor.org/stable/2574226. -247&site=ehost-live. doi:10.1037/0033-2909.126.2.247


파일 Gailliot, M. T., Baumeister, R. F., DeWall, C. N., Maner, J. K., Plant, E. A., Tice, D. M., . . . Schmeichel, B. J. (2007). Self-control relies on glucose as a limited energy source: Willpower is more than a metaphor

Gailliot, M. T., Baumeister, R. F., DeWall, C. N., Maner, J. K., Plant, E. A., Tice, D. M., . . . Schmeichel, B. J. (2007). Self-control relies on glucose as a limited energy source: Willpower is more than a metaphor. Journal of Personality and Social Psychology, 92(2), 325-336. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-92-2-325&site=ehost-live


파일 Wegner, D. M., Schneider, D. J., Carter, S. R., & White, T. L. (1987). Paradoxical effects of thought suppression

Wegner, D. M., Schneider, D. J., Carter, S. R., & White, T. L. (1987). Paradoxical effects of thought suppression. Journal of Personality and Social Psychology, 53(1), 5-13. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-53-1-5&site=ehost-live. doi:10.1037/0022-3514.53.1.5


파일 Logue, A. W. (1988). Research on self-control: An integrating framework

Logue, A. W. (1988). Research on self-control: An integrating framework. Behavioral and Brain Sciences, 11(04), 665-679. Retrieved from http://dx.doi.org/10.1017/S0140525X00053978. doi:doi:10.1017/S0140525X00053978

파일 Metcalfe, J., & Mischel, W. (1999). A hot/cool-system analysis of delay of gratification: Dynamics of willpower

Metcalfe, J., & Mischel, W. (1999). A hot/cool-system analysis of delay of gratification: Dynamics of willpower. Psychological Review, 106(1), 3-19. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=rev-106-1-3&site=ehost-live. doi:10.1037/0033-295x.106.1.3

파일 Muraven, M., Tice, D. M., & Baumeister, R. F. (1998). Self-control as a limited resource: Regulatory depletion patterns

Muraven, M., Tice, D. M., & Baumeister, R. F. (1998). Self-control as a limited resource: Regulatory depletion patterns. Journal of Personality and Social Psychology, 74(3), 774-789. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-74-3-774&site=ehost-live. doi:10.1037/0022-3514.74.3.774

파일 Kuijer, R., de Ridder, D., Ouwehand, C., Houx, B., & van den Bos, R. (2008). Dieting as a case of behavioural decision making. Does self-control matter?

Kuijer, R., de Ridder, D., Ouwehand, C., Houx, B., & van den Bos, R. (2008). Dieting as a case of behavioural decision making. Does self-control matter? Appetite, 51(3), 506-511. Retrieved from <Go to ISI>://WOS:000259930900014. doi:10.1016/j.appet.2008.03.014

파일 McCrae, R. R., & Costa, P. T. (1987). Validation of the five-factor model of personality across instruments and observers

McCrae, R. R., & Costa, P. T. (1987). Validation of the five-factor model of personality across instruments and observers. Journal of Personality and Social Psychology, 52(1), 81-90. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-52-1-81&site=ehost-live. doi:10.1037/0022-3514.52.1.81

16.12.@16:45 Team assignment overview IS POSPTPONED. Today: UNPACKING MALWARE and a short Q&A if there are any. 파일 Presentation [pptx]