седмица Име Опис
21.10@16:30 online and in P19 -> Outline of the Course, and Hacking Ethics URL COURSE SLACK CHANNEL

This is the slack channel for the course.

Датотека Presentation (outline and ethics) [pdf]

These are the slides from the lecture

URL Wannacry - outline

A bit about WannaCry

URL A set of links about notPetya

Additional links:

https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/

https://www.bleepingcomputer.com/news/security/security-firms-find-thin-lines-connecting-notpetya-to-ukraine-power-grid-attacks/


Датотека Fiske, Alan Page, & Tetlock, Philip E. (1997). Taboo Trade-offs: Reactions to Transactions That Transgress the Spheres of Justice

Fiske, Alan Page, & Tetlock, Philip E. (1997). Taboo Trade-offs: Reactions to Transactions That Transgress the Spheres of Justice. Political Psychology, 18(2), 255-297. doi: 10.1111/0162-895X.00058

Датотека Slovene criminal law (6th edition) in Slovene

Kaznivih dejanj lažnega izdajanja za uradno ali vojaško osebo po 1. odstavku 305. člena KZ-1 – kazen do 1. leta zapora vsakič.

Kraja identitete se vodi po kz kot zloraba osebnih podatkov: http://pravninasvet.com/blog/kraja-identitete-2del (praviloma okoli 3 leta zapora)

Kraja poslovnih skrivnosti: https://zakonodaja.com/zakon/kz-1/236-clen-izdaja-in-neupravicena-pridobitev-poslovne-skrivnosti


Датотека Kohlberg's theory of Moral development (1958)

Summary by Saul McLeod

https://www.simplypsychology.org/kohlberg.html


Датотека Sykes, Gresham M., & Matza, David. (1957). Techniques of Neutralization: A Theory of Delinquency

-Sykes, Gresham M., & Matza, David. (1957). Techniques of Neutralization: A Theory of Delinquency. American Sociological Review, 22(6), 664-670.

28.10.@16:30 -> PENetration TESTing, and Breach databases Датотека Penetration Testing process and Breach databases [slides]

Slides for lecture 2 and 3

URL EU Data Protection Directive

The EU law that specifies handling of sensitive data (amongst other things)

URL SI-CERT resource on SI laws on cybercrime (In SLO)
Датотека A sample penetration testing report (by offensive security)

https://www.offensive-security.com/reports/penetration-testing-sample-report-2013.pdf

Датотека Nasu, H. (2015). STATE SECRETS LAW AND NATIONAL SECURITY

Nasu, Hitoshi. (2015). STATE SECRETS LAW AND NATIONAL SECURITY. International and Comparative Law Quarterly, 64(2), 365-404. doi: 10.1017/S0020589315000056

(... When to disclose, and when not to, because this jeopardises national security)

URL Ars Technica article on a huge passwords leak
URL nmap cheat sheet

Sample commands for nmap

URL haveibeenpwned?

Online resource to check your password security.

4.11.@16:30 -> Open source Intelligence Gathering Датотека Lecture 5. OSINT

SLides for OSINT Lecture

Датотека NATO OSINT Manual

NATO OSINT Manual [now declassified]

URL Google hacking tutorial

Google hacking cheat-sheet

Датотека The Google Hacker’s Guide

Long, Johnny. (2005). The Google Hacker’s Guide: Understanding and Defending Against the Google Hacker. online: self-published.

Датотека Lovell, K. , Modic, D., & Maennel, O.M.. (2018). Exercise Mercury [REPORT]

Lovell, Kieren , Modic, David, & Maennel, Olaf Manuel. (2018). Exercise Mercury: An Ethical Hacking Exercise [report] (U. I. Services, Trans.) (pp. 9). Cambridge, UK: University of Cambridge.

URL kovter (malware package)

About a popular malware package, called kovter...

URL Password reuse statistics

... 52% of the users studied have the same passwords (or very similar and easily hackable ones) for different services....

... With 85% of passwords reused or slightly changed in the case of online shopping, and 62% for email ...

Датотека Modic, D., Anderson, R., & Palomäki, J. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale

Modic, David, Anderson, Ross, & Palomäki, Jussi. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale. PLOS ONE, 13(3), e0194119. doi: 10.1371/journal.pone.0194119

Датотека Long, Johnny, E, Skoudis, & A., van Eijkelenborg. (2004). Google hacking for penetration testers

Long, Johnny, E, Skoudis, & A., van Eijkelenborg. (2004). Google hacking for penetration testers. Burlington, MA: Syngress Pub.

Датотека Wilhelm, Thomas, & Andress, Jason. (2011). Ninja hacking : unconventional penetration testing tactics and techniques

Wilhelm, Thomas, & Andress, Jason. (2011). Ninja hacking : unconventional penetration testing tactics and techniques. Burlington, MA: Syngress/Elsevier.

18.11@16:30 -> Shodan Датотека Shodan Presentation

SHODAN

Датотека Shodan search terms

Keywords used in Shodan searches.

URL Shodan null-byte Online tutorial
URL Shodan API overview
URL Shodan Beginner tutorial
Датотека Lee, Seungwoon, Shin, Seung-Hun, & Roh, Byeong-hee. (2017). Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning

Lee, Seungwoon, Shin, Seung-Hun, & Roh, Byeong-hee. (2017). Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning. Paper presented at the Ninth International Conference on Ubiquitous and Future Networks (ICUFN), Milan. 

Датотека Ercolani, V. J., Patton, M. W., & Chen, H. (2016). Shodan visualized

Ercolani, V. J., Patton, M. W., & Chen, H. (2016). Shodan visualized. Paper presented at the IEEE Conference on Intelligence and Security Informatics (ISI), Tucson, AZ. 

Датотека Phan, Thai, Krum, David M., & Bolas, Mark. (2016). ShodanVR Immersive visualization of text records from the Shodan database

Phan, Thai, Krum, David M., & Bolas, Mark. (2016). ShodanVR Immersive visualization of text records from the Shodan database. Paper presented at the 2016 Workshop on Immersive Analytics (IA), Greenville, SC, . 

Датотека Harsha, M. S., Bhavani, B. M., & Kundhavai, K. R. (2018). Analysis of vulnerabilities in MQTT security using Shodan API and implementation of its countermeasures via authentication and ACLs

Harsha, M. S., Bhavani, B. M., & Kundhavai, K. R. (2018). Analysis of vulnerabilities in MQTT security using Shodan API and implementation of its countermeasures via authentication and ACLs. Paper presented at the 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, India. 

Датотека Al-Alami, H., Hadi, A., & Al-Bahadili, H. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan

Al-Alami, H., Hadi, A., & Al-Bahadili, H. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan. Paper presented at the, 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS), Amman 

Датотека Matherly, J. (2016). The Complete Guide to Shodan

Matherly, J. (2016). The Complete Guide to Shodan. Collect. Analyze. Visualize. Make Internet Intelligence Work For You. Kindle Edition Amazon.

18.11@17:30 -> metasploit Датотека metasploitable presentation

(c) Aleksander Mundjar

URL More in-depth tutorial course (recommended)

More in-depth tutorial course (recommended)

URL Metasploitable2 os guide
Metasploitable2 os guide
25.11.@16:30 -> Human Attack Vectors Part 1 Датотека Presentation slides (part 1) [pdf]

Psychology of Security part 1

Датотека Humphrey, N. (1976). The Social Function of Intellect

Humphrey, N. (1976). The Social Function of Intellect. In P. P. G. Bateson & R. A. Hinde (Eds.), Growing Points in Ethology (pp. 303-317). Cambridge, UK: Cambridge University Press.


Датотека Modic, D., Anderson, R., & Palomäki, J. (2018). We will make you like our research

Modic, D., Anderson, R., & Palomäki, J. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale. PLoS One, 13(3), e0194119. Retrieved from https://doi.org/10.1371/journal.pone.0194119. doi:10.1371/journal.pone.0194119

Датотека Herley, C. (2009). So Long, And No Thanks for the Externalities

Herley, C. (2009). So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users. New York: Assoc Computing Machinery.

Датотека Dyrud, M. A. (2005). I Brought You a Good News: An Analysis of Nigerian 419 Letters

Dyrud, M. A. (2005). I Brought You a Good News: An Analysis of Nigerian 419 Letters. Paper presented at the 70th Annual Convention of The Association for Business Communication, Irvine, CA. Analysis retrieved from http://www.businesscommunication.org/conventions/Proceedings/2005/PDFs/07ABC05.pdf

Датотека Shadel, D. P., & Pak, K. B. S. (2007). The Psychology of Consumer Fraud

Shadel, D. P., & Pak, K. B. S. (2007). The Psychology of Consumer Fraud. (PhD), Tillbrook University, Stanford Center on Longevity. 

Датотека Fischer, P., Lea, S., & Evans, K. (2009). The Psychology of Scams

Fischer, P., Lea, S., & Evans, K. (2009). The Psychology of Scams: Provoking and Commiting Errors of Judgement. Research for the Office of Fair Trading (OFT1070). Retrieved from Exeter, UK: http://www.oft.gov.uk/shared_oft/reports/consumer_protection/oft1070.pdf

Датотека Modic, D., & Lea, S. E. G. (2011). How neurotic are scam victims, really? The big five and Internet scams

Modic, D., & Lea, S. E. G. (2011). How neurotic are scam victims, really? The big five and Internet scams. Paper presented at the 2011 Conference of the International Confederation for the Advancement of Behavioral Economics and Economic Psychology, Exeter, United Kingdom.

Датотека Modic, D., & Anderson, R. (2015). It’s All Over but the Crying

Modic, D., & Anderson, R. (2015). It’s All Over but the Crying: The Emotional and Financial Impact of Internet Fraud. Ieee Security & Privacy, 13(5), 99-103. doi:10.1109/MSP.2015.107

Датотека Titus, R. M., & Dover, A. R. (2001). Personal Fraud: The Victims and the Scams

Titus, R. M., & Dover, A. R. (2001). Personal Fraud: The Victims and the Scams. Crime Prevention Studies, 12, 133-151. 

Датотека Copes, H., Kerley, K. R., Mason, K. A., & Van Wyk, J. (2001). Reporting behavior of fraud victims and Black's theory of law: An empirical assessment

Copes, H., Kerley, K. R., Mason, K. A., & Van Wyk, J. (2001). Reporting behavior of fraud victims and Black's theory of law: An empirical assessment. Justice Quarterly, 18(2), 343-363. doi:10.1080/07418820100094931


Датотека Modic, D., & Lea, S. E. G. (2013). Scam Compliance and the Psychology of Persuasion

Modic, D., & Lea, S. E. G. (2013). Scam Compliance and the Psychology of Persuasion [pre-print]. Social Sciences Research Network, Available at SSRN: http://ssrn.com/abstract=2364464. Retrieved from http://ssrn.com/abstract=2364464. 

Датотека Kanfer, F. H., & Karoly, P. (1972). Self-control: A behavioristic excursion into the lion's den

Kanfer, F. H., & Karoly, P. (1972). Self-control: A behavioristic excursion into the lion's den. Behavior Therapy, 3(3), 398-416. Retrieved from http://www.sciencedirect.com/science/article/pii/S0005789472801400. doi:10.1016/s0005-7894(72)80140-0


Датотека Muraven, M., & Baumeister, R. F. (2000). Self-regulation and depletion of limited resources: Does self-control resemble a muscle?

Muraven, M., & Baumeister, R. F. (2000). Self-regulation and depletion of limited resources: Does self-control resemble a muscle? Psychological Bulletin, 126(2), 247-259. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=bul-126-2


Датотека Nadel, S. F. (1953). Social Control and Self-Regulation

Nadel, S. F. (1953). Social Control and Self-Regulation. Social Forces, 31(3), 265-273. Retrieved from http://www.jstor.org/stable/2574226. -247&site=ehost-live. doi:10.1037/0033-2909.126.2.247


Датотека Gailliot, M. T., Baumeister, R. F., DeWall, C. N., Maner, J. K., Plant, E. A., Tice, D. M., . . . Schmeichel, B. J. (2007). Self-control relies on glucose as a limited energy source: Willpower is more than a metaphor

Gailliot, M. T., Baumeister, R. F., DeWall, C. N., Maner, J. K., Plant, E. A., Tice, D. M., . . . Schmeichel, B. J. (2007). Self-control relies on glucose as a limited energy source: Willpower is more than a metaphor. Journal of Personality and Social Psychology, 92(2), 325-336. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-92-2-325&site=ehost-live


Датотека Wegner, D. M., Schneider, D. J., Carter, S. R., & White, T. L. (1987). Paradoxical effects of thought suppression

Wegner, D. M., Schneider, D. J., Carter, S. R., & White, T. L. (1987). Paradoxical effects of thought suppression. Journal of Personality and Social Psychology, 53(1), 5-13. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-53-1-5&site=ehost-live. doi:10.1037/0022-3514.53.1.5


Датотека Logue, A. W. (1988). Research on self-control: An integrating framework

Logue, A. W. (1988). Research on self-control: An integrating framework. Behavioral and Brain Sciences, 11(04), 665-679. Retrieved from http://dx.doi.org/10.1017/S0140525X00053978. doi:doi:10.1017/S0140525X00053978

Датотека Metcalfe, J., & Mischel, W. (1999). A hot/cool-system analysis of delay of gratification: Dynamics of willpower

Metcalfe, J., & Mischel, W. (1999). A hot/cool-system analysis of delay of gratification: Dynamics of willpower. Psychological Review, 106(1), 3-19. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=rev-106-1-3&site=ehost-live. doi:10.1037/0033-295x.106.1.3

Датотека Muraven, M., Tice, D. M., & Baumeister, R. F. (1998). Self-control as a limited resource: Regulatory depletion patterns

Muraven, M., Tice, D. M., & Baumeister, R. F. (1998). Self-control as a limited resource: Regulatory depletion patterns. Journal of Personality and Social Psychology, 74(3), 774-789. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-74-3-774&site=ehost-live. doi:10.1037/0022-3514.74.3.774

Датотека Kuijer, R., de Ridder, D., Ouwehand, C., Houx, B., & van den Bos, R. (2008). Dieting as a case of behavioural decision making. Does self-control matter?

Kuijer, R., de Ridder, D., Ouwehand, C., Houx, B., & van den Bos, R. (2008). Dieting as a case of behavioural decision making. Does self-control matter? Appetite, 51(3), 506-511. Retrieved from <Go to ISI>://WOS:000259930900014. doi:10.1016/j.appet.2008.03.014

Датотека McCrae, R. R., & Costa, P. T. (1987). Validation of the five-factor model of personality across instruments and observers

McCrae, R. R., & Costa, P. T. (1987). Validation of the five-factor model of personality across instruments and observers. Journal of Personality and Social Psychology, 52(1), 81-90. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-52-1-81&site=ehost-live. doi:10.1037/0022-3514.52.1.81

16.12.@16:45 Team assignment overview IS POSPTPONED. Today: UNPACKING MALWARE and a short Q&A if there are any. Датотека Presentation [pptx]