Неделя Название Описание
21.10@16:30 online and in P19 -> Outline of the Course, and Hacking Ethics Гиперссылка COURSE SLACK CHANNEL

This is the slack channel for the course.

Файл Presentation (outline and ethics) [pdf]

These are the slides from the lecture

Гиперссылка Wannacry - outline

A bit about WannaCry

Гиперссылка A set of links about notPetya

Additional links:

https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/

https://www.bleepingcomputer.com/news/security/security-firms-find-thin-lines-connecting-notpetya-to-ukraine-power-grid-attacks/


Файл Fiske, Alan Page, & Tetlock, Philip E. (1997). Taboo Trade-offs: Reactions to Transactions That Transgress the Spheres of Justice

Fiske, Alan Page, & Tetlock, Philip E. (1997). Taboo Trade-offs: Reactions to Transactions That Transgress the Spheres of Justice. Political Psychology, 18(2), 255-297. doi: 10.1111/0162-895X.00058

Файл Slovene criminal law (6th edition) in Slovene

Kaznivih dejanj lažnega izdajanja za uradno ali vojaško osebo po 1. odstavku 305. člena KZ-1 – kazen do 1. leta zapora vsakič.

Kraja identitete se vodi po kz kot zloraba osebnih podatkov: http://pravninasvet.com/blog/kraja-identitete-2del (praviloma okoli 3 leta zapora)

Kraja poslovnih skrivnosti: https://zakonodaja.com/zakon/kz-1/236-clen-izdaja-in-neupravicena-pridobitev-poslovne-skrivnosti


Файл Kohlberg's theory of Moral development (1958)

Summary by Saul McLeod

https://www.simplypsychology.org/kohlberg.html


Файл Sykes, Gresham M., & Matza, David. (1957). Techniques of Neutralization: A Theory of Delinquency

-Sykes, Gresham M., & Matza, David. (1957). Techniques of Neutralization: A Theory of Delinquency. American Sociological Review, 22(6), 664-670.

28.10.@16:30 -> PENetration TESTing, and Breach databases Файл Penetration Testing process and Breach databases [slides]

Slides for lecture 2 and 3

Гиперссылка EU Data Protection Directive

The EU law that specifies handling of sensitive data (amongst other things)

Гиперссылка SI-CERT resource on SI laws on cybercrime (In SLO)
Файл A sample penetration testing report (by offensive security)

https://www.offensive-security.com/reports/penetration-testing-sample-report-2013.pdf

Файл Nasu, H. (2015). STATE SECRETS LAW AND NATIONAL SECURITY

Nasu, Hitoshi. (2015). STATE SECRETS LAW AND NATIONAL SECURITY. International and Comparative Law Quarterly, 64(2), 365-404. doi: 10.1017/S0020589315000056

(... When to disclose, and when not to, because this jeopardises national security)

Гиперссылка Ars Technica article on a huge passwords leak
Гиперссылка nmap cheat sheet

Sample commands for nmap

Гиперссылка haveibeenpwned?

Online resource to check your password security.

4.11.@16:30 -> Open source Intelligence Gathering Файл Lecture 5. OSINT

SLides for OSINT Lecture

Файл NATO OSINT Manual

NATO OSINT Manual [now declassified]

Гиперссылка Google hacking tutorial

Google hacking cheat-sheet

Файл The Google Hacker’s Guide

Long, Johnny. (2005). The Google Hacker’s Guide: Understanding and Defending Against the Google Hacker. online: self-published.

Файл Lovell, K. , Modic, D., & Maennel, O.M.. (2018). Exercise Mercury [REPORT]

Lovell, Kieren , Modic, David, & Maennel, Olaf Manuel. (2018). Exercise Mercury: An Ethical Hacking Exercise [report] (U. I. Services, Trans.) (pp. 9). Cambridge, UK: University of Cambridge.

Гиперссылка kovter (malware package)

About a popular malware package, called kovter...

Гиперссылка Password reuse statistics

... 52% of the users studied have the same passwords (or very similar and easily hackable ones) for different services....

... With 85% of passwords reused or slightly changed in the case of online shopping, and 62% for email ...

Файл Modic, D., Anderson, R., & Palomäki, J. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale

Modic, David, Anderson, Ross, & Palomäki, Jussi. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale. PLOS ONE, 13(3), e0194119. doi: 10.1371/journal.pone.0194119

Файл Long, Johnny, E, Skoudis, & A., van Eijkelenborg. (2004). Google hacking for penetration testers

Long, Johnny, E, Skoudis, & A., van Eijkelenborg. (2004). Google hacking for penetration testers. Burlington, MA: Syngress Pub.

Файл Wilhelm, Thomas, & Andress, Jason. (2011). Ninja hacking : unconventional penetration testing tactics and techniques

Wilhelm, Thomas, & Andress, Jason. (2011). Ninja hacking : unconventional penetration testing tactics and techniques. Burlington, MA: Syngress/Elsevier.

18.11@16:30 -> Shodan Файл Shodan Presentation

SHODAN

Файл Shodan search terms

Keywords used in Shodan searches.

Гиперссылка Shodan null-byte Online tutorial
Гиперссылка Shodan API overview
Гиперссылка Shodan Beginner tutorial
Файл Lee, Seungwoon, Shin, Seung-Hun, & Roh, Byeong-hee. (2017). Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning

Lee, Seungwoon, Shin, Seung-Hun, & Roh, Byeong-hee. (2017). Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning. Paper presented at the Ninth International Conference on Ubiquitous and Future Networks (ICUFN), Milan. 

Файл Ercolani, V. J., Patton, M. W., & Chen, H. (2016). Shodan visualized

Ercolani, V. J., Patton, M. W., & Chen, H. (2016). Shodan visualized. Paper presented at the IEEE Conference on Intelligence and Security Informatics (ISI), Tucson, AZ. 

Файл Phan, Thai, Krum, David M., & Bolas, Mark. (2016). ShodanVR Immersive visualization of text records from the Shodan database

Phan, Thai, Krum, David M., & Bolas, Mark. (2016). ShodanVR Immersive visualization of text records from the Shodan database. Paper presented at the 2016 Workshop on Immersive Analytics (IA), Greenville, SC, . 

Файл Harsha, M. S., Bhavani, B. M., & Kundhavai, K. R. (2018). Analysis of vulnerabilities in MQTT security using Shodan API and implementation of its countermeasures via authentication and ACLs

Harsha, M. S., Bhavani, B. M., & Kundhavai, K. R. (2018). Analysis of vulnerabilities in MQTT security using Shodan API and implementation of its countermeasures via authentication and ACLs. Paper presented at the 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Bangalore, India. 

Файл Al-Alami, H., Hadi, A., & Al-Bahadili, H. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan

Al-Alami, H., Hadi, A., & Al-Bahadili, H. (2017). Vulnerability scanning of IoT devices in Jordan using Shodan. Paper presented at the, 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS), Amman 

Файл Matherly, J. (2016). The Complete Guide to Shodan

Matherly, J. (2016). The Complete Guide to Shodan. Collect. Analyze. Visualize. Make Internet Intelligence Work For You. Kindle Edition Amazon.

18.11@17:30 -> metasploit Файл metasploitable presentation

(c) Aleksander Mundjar

Гиперссылка More in-depth tutorial course (recommended)

More in-depth tutorial course (recommended)

Гиперссылка Metasploitable2 os guide
Metasploitable2 os guide
25.11.@16:30 -> Human Attack Vectors Part 1 Файл Presentation slides (part 1) [pdf]

Psychology of Security part 1

Файл Humphrey, N. (1976). The Social Function of Intellect

Humphrey, N. (1976). The Social Function of Intellect. In P. P. G. Bateson & R. A. Hinde (Eds.), Growing Points in Ethology (pp. 303-317). Cambridge, UK: Cambridge University Press.


Файл Modic, D., Anderson, R., & Palomäki, J. (2018). We will make you like our research

Modic, D., Anderson, R., & Palomäki, J. (2018). We will make you like our research: The development of a susceptibility-to-persuasion scale. PLoS One, 13(3), e0194119. Retrieved from https://doi.org/10.1371/journal.pone.0194119. doi:10.1371/journal.pone.0194119

Файл Herley, C. (2009). So Long, And No Thanks for the Externalities

Herley, C. (2009). So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users. New York: Assoc Computing Machinery.

Файл Dyrud, M. A. (2005). I Brought You a Good News: An Analysis of Nigerian 419 Letters

Dyrud, M. A. (2005). I Brought You a Good News: An Analysis of Nigerian 419 Letters. Paper presented at the 70th Annual Convention of The Association for Business Communication, Irvine, CA. Analysis retrieved from http://www.businesscommunication.org/conventions/Proceedings/2005/PDFs/07ABC05.pdf

Файл Shadel, D. P., & Pak, K. B. S. (2007). The Psychology of Consumer Fraud

Shadel, D. P., & Pak, K. B. S. (2007). The Psychology of Consumer Fraud. (PhD), Tillbrook University, Stanford Center on Longevity. 

Файл Fischer, P., Lea, S., & Evans, K. (2009). The Psychology of Scams

Fischer, P., Lea, S., & Evans, K. (2009). The Psychology of Scams: Provoking and Commiting Errors of Judgement. Research for the Office of Fair Trading (OFT1070). Retrieved from Exeter, UK: http://www.oft.gov.uk/shared_oft/reports/consumer_protection/oft1070.pdf

Файл Modic, D., & Lea, S. E. G. (2011). How neurotic are scam victims, really? The big five and Internet scams

Modic, D., & Lea, S. E. G. (2011). How neurotic are scam victims, really? The big five and Internet scams. Paper presented at the 2011 Conference of the International Confederation for the Advancement of Behavioral Economics and Economic Psychology, Exeter, United Kingdom.

Файл Modic, D., & Anderson, R. (2015). It’s All Over but the Crying

Modic, D., & Anderson, R. (2015). It’s All Over but the Crying: The Emotional and Financial Impact of Internet Fraud. Ieee Security & Privacy, 13(5), 99-103. doi:10.1109/MSP.2015.107

Файл Titus, R. M., & Dover, A. R. (2001). Personal Fraud: The Victims and the Scams

Titus, R. M., & Dover, A. R. (2001). Personal Fraud: The Victims and the Scams. Crime Prevention Studies, 12, 133-151. 

Файл Copes, H., Kerley, K. R., Mason, K. A., & Van Wyk, J. (2001). Reporting behavior of fraud victims and Black's theory of law: An empirical assessment

Copes, H., Kerley, K. R., Mason, K. A., & Van Wyk, J. (2001). Reporting behavior of fraud victims and Black's theory of law: An empirical assessment. Justice Quarterly, 18(2), 343-363. doi:10.1080/07418820100094931


Файл Modic, D., & Lea, S. E. G. (2013). Scam Compliance and the Psychology of Persuasion

Modic, D., & Lea, S. E. G. (2013). Scam Compliance and the Psychology of Persuasion [pre-print]. Social Sciences Research Network, Available at SSRN: http://ssrn.com/abstract=2364464. Retrieved from http://ssrn.com/abstract=2364464. 

Файл Kanfer, F. H., & Karoly, P. (1972). Self-control: A behavioristic excursion into the lion's den

Kanfer, F. H., & Karoly, P. (1972). Self-control: A behavioristic excursion into the lion's den. Behavior Therapy, 3(3), 398-416. Retrieved from http://www.sciencedirect.com/science/article/pii/S0005789472801400. doi:10.1016/s0005-7894(72)80140-0


Файл Muraven, M., & Baumeister, R. F. (2000). Self-regulation and depletion of limited resources: Does self-control resemble a muscle?

Muraven, M., & Baumeister, R. F. (2000). Self-regulation and depletion of limited resources: Does self-control resemble a muscle? Psychological Bulletin, 126(2), 247-259. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=bul-126-2


Файл Nadel, S. F. (1953). Social Control and Self-Regulation

Nadel, S. F. (1953). Social Control and Self-Regulation. Social Forces, 31(3), 265-273. Retrieved from http://www.jstor.org/stable/2574226. -247&site=ehost-live. doi:10.1037/0033-2909.126.2.247


Файл Gailliot, M. T., Baumeister, R. F., DeWall, C. N., Maner, J. K., Plant, E. A., Tice, D. M., . . . Schmeichel, B. J. (2007). Self-control relies on glucose as a limited energy source: Willpower is more than a metaphor

Gailliot, M. T., Baumeister, R. F., DeWall, C. N., Maner, J. K., Plant, E. A., Tice, D. M., . . . Schmeichel, B. J. (2007). Self-control relies on glucose as a limited energy source: Willpower is more than a metaphor. Journal of Personality and Social Psychology, 92(2), 325-336. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-92-2-325&site=ehost-live


Файл Wegner, D. M., Schneider, D. J., Carter, S. R., & White, T. L. (1987). Paradoxical effects of thought suppression

Wegner, D. M., Schneider, D. J., Carter, S. R., & White, T. L. (1987). Paradoxical effects of thought suppression. Journal of Personality and Social Psychology, 53(1), 5-13. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-53-1-5&site=ehost-live. doi:10.1037/0022-3514.53.1.5


Файл Logue, A. W. (1988). Research on self-control: An integrating framework

Logue, A. W. (1988). Research on self-control: An integrating framework. Behavioral and Brain Sciences, 11(04), 665-679. Retrieved from http://dx.doi.org/10.1017/S0140525X00053978. doi:doi:10.1017/S0140525X00053978

Файл Metcalfe, J., & Mischel, W. (1999). A hot/cool-system analysis of delay of gratification: Dynamics of willpower

Metcalfe, J., & Mischel, W. (1999). A hot/cool-system analysis of delay of gratification: Dynamics of willpower. Psychological Review, 106(1), 3-19. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=rev-106-1-3&site=ehost-live. doi:10.1037/0033-295x.106.1.3

Файл Muraven, M., Tice, D. M., & Baumeister, R. F. (1998). Self-control as a limited resource: Regulatory depletion patterns

Muraven, M., Tice, D. M., & Baumeister, R. F. (1998). Self-control as a limited resource: Regulatory depletion patterns. Journal of Personality and Social Psychology, 74(3), 774-789. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-74-3-774&site=ehost-live. doi:10.1037/0022-3514.74.3.774

Файл Kuijer, R., de Ridder, D., Ouwehand, C., Houx, B., & van den Bos, R. (2008). Dieting as a case of behavioural decision making. Does self-control matter?

Kuijer, R., de Ridder, D., Ouwehand, C., Houx, B., & van den Bos, R. (2008). Dieting as a case of behavioural decision making. Does self-control matter? Appetite, 51(3), 506-511. Retrieved from <Go to ISI>://WOS:000259930900014. doi:10.1016/j.appet.2008.03.014

Файл McCrae, R. R., & Costa, P. T. (1987). Validation of the five-factor model of personality across instruments and observers

McCrae, R. R., & Costa, P. T. (1987). Validation of the five-factor model of personality across instruments and observers. Journal of Personality and Social Psychology, 52(1), 81-90. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=pdh&AN=psp-52-1-81&site=ehost-live. doi:10.1037/0022-3514.52.1.81

16.12.@16:45 Team assignment overview IS POSPTPONED. Today: UNPACKING MALWARE and a short Q&A if there are any. Файл Presentation [pptx]