William Bailey

FYI – Def Con Nashville (Remote Meetings)

August 31, 2021 by William Bailey Leave a Comment

One of the benefits of Covid-19 has been that many in-person events have gone virtual.

I just found out that Def Con Nashville (@defcin615) is hosting a series of ~2 hour long meetings, with a meeting this evening, August 31st!

The Skype link (the same room they’ll be using for at least the next three months): join.skype.com/PsWTdoX5dR1p

The August 31st meeting discusses OSINT, which bridges the Google Hacking we discussed last night, and into our topic for next week, Reconnaissance.

This is not a course requirement, but when I find additional materials or event(s) that may be helpful, I will share the information.

Week 02: In the News – Current Breach or Incident Article

August 30, 2021 by William Bailey 7 Comments

Ethical Hacking involves continuing education. This past weekend, some gathered in Chicago Illinois at BlueTeamCon to learn about hacks that others have discovered, exchange techniques, etc. So, while we didn’t get to go to Chicago, we can still read articles, and learn from those articles.

Please reply to this post with an article of a current breach or incident. If possible, let’s try to stay focused on how Network Architecture and/or Google Hacking was involved.

Wireless Network – Point of Entry

November 15, 2019 by William Bailey 7 Comments

I will start off this week’s discussion regarding wireless with an article that describes how a Las Vegas casino was hacked because of a fish tank that was connected to the Internet, and also a hack in which “smart pads” connected to insecure Wifi were used as the entry point.

https://money.cnn.com/2017/07/19/technology/fish-tank-hack-darktrace/index.html

Can you find other example(s) that demonstrate how wireless networks were the entry point in a successful breach / attack.

Handouts

Week 11 – Cloud Computing

November 8, 2019 by William Bailey 10 Comments

During our class, we discussed the various cloud service models. While Amazon (AWS), Microsoft (Azure), and Google Cloud services are secure, research a published article, and describe how cloud infrastructure has been compromised. Was the failure due to the cloud provider, cloud consumer, cloud carrier, or a cloud broker? How does this information benefit an ethical hacker?

Week 11 Slide Handouts

Week 02: Overview

September 6, 2019 by William Bailey 6 Comments

During the second week:

We continue discussing the Rules of Engagement

We review the importance of Networking Infrastructure
We discuss Google Hacking – How to Customize Google Searches to Get Better Results
- For those black box engagements, the client’s not providing the information.

Class Slides

Based on this week’s readings:

a. One key point you took from each assigned reading. (One or two sentences per reading)

b. One question that you would ask your fellow classmates that facilitates discussion.

Week 03: Reconnaissance

September 5, 2019 by William Bailey 13 Comments

One of the topics this week is about Reconnaissance, or learning about the target. You may be hired to think just like an outsider, someone trying to “hack” their way in. Remember that some of the “hacking” techniques may not require specific coding. There are so many methods, that for this week’s question, everyone needs to post a unique method of performing reconnaissance in order to earn full points. Describe the method of reconnaissance, and if possible, provide an example of a “hack” or other breach that can be tied back to the information learned due to reconnaissance.

I’ll start with an example that you’re likely seeing on television as part of New Jersey Transit’s “See Something, Say Something” campaign. The commercial promotes security awareness, with several suspicious actors. One of the scenes shows two people along the road, possibly looking at their potential target, but more specifically, another actor taking pictures, and the scene is shown from the viewpoint where we see that the pictures being taken are those of the CCTV system. Why? By taking pictures of the facility, the outsider is learning about the physical security controls of the facility, and can plan the attack to avoid the line of sight from these cameras.

Canadian University Scammer

August 27, 2019 by William Bailey 8 Comments

Just to kick things off. Here’s an article describing scammers using phishing techniques netted 11 million Canadian (9 Million US).

https://motherboard.vice.com/en_us/article/yww4xy/a-canadian-university-gave-dollar11-million-to-a-scammer

The article says this is not technically hacking. I don’t agree, but what do you think?

For those with an audit background, it also points out that anti-fraud controls were either not in place, or not effective.

Welcome to MIS5211 Fall 2021 – Ethical Hacking

August 19, 2016 by William Bailey

Welcome to the online section of MIS5211! Although this class is online, over the next semester we will be interacting with each other and working on group projects.

I’ve set this post for each of us to introduce ourselves:

What is your preferred name? Are you a Robert that wants to be called Bob, or vice-versa? Let us know!
Where are you based? Tell us about your City or Town.
What is your current experience in ethical hacking?
What do you hope to leave this class with?
Are you currently employed in IT or IT Security? You don’t have to divulge your employer, and may be restricted from telling outsiders, but what industry segment do you work in?
What “fun fact” do people not know about you?

Please join in, and post a reply with a bit about yourself.

Class Slides