At the center of the cybersecurity conversation.

Modern Computing systems are increasingly heterogeneous. This is true at every scale, from high-end servers and high-performance computing clusters all the way down to low-power end-user devices including mobile phones and tablets. Typically heterogeneous systems combine one or more traditional processors (CPUs) to run the operating system and traditional workloads along with general-purpose or specialized accelerators to perform application-specific computations. While these systems offer superior performance and power efficiency, they also expose new vulnerabilities and security problems due to their complex architectures. It is necessary to understand the security properties of such systems and develop systems that are not only performant but also secure. In this talk, I will present my research on security of heterogeneous systems against microarchitectural attacks, with a focus on covert- and side-channel attacks. Such attacks exploit shared microarchitectural resources to exfiltrate sensitive information. I will also discuss research opportunities and my planned research at the intersection of emerging heterogeneous architectures and security.

Location: https://captechu.zoom.us/j/664120328d
Log in as “Guest” and enter your name.

In recent years, as mobile technologies have proliferated, cybercrimes involving smartphones keep growing. However, due to the high mobility of smartphones and tablets as well as the transient nature of those attacks, previous forensic approaches become inadequate to quickly retrieve forensic data and respond to cybersecurity incidents in time, especially when the investigation involves a large number of mobile devices. In this talk, a remote live forensics system for Android smartphones and tablets called ReLF is introduced. ReLF enables forensic investigators to effectively triage operating Android devices and acquire a wide range of forensic artifacts at scale. Compared to existing Android forensic tools that are publicly available, ReLF provides a more comprehensive set of collectible artifacts and better OS compatibility. Our evaluation results demonstrate that the ReLF client only slightly increases the energy consumption of Android devices and that the ReLF server is capable of handling a large number of Android devices with growing workloads.

Location: https://captechu.zoom.us/j/664120328
Log in as “Guest” and enter your name.

Steganography is the art and science of writing hidden messages. The goal is to hide information in files so that even if the files with hidden information are intercepted, it is not clear that information is hidden in those files. Steganalysis is the process of analyzing a file or files for hidden content. Steganalysis can show the likelihood that a given file has additional information hidden in it, by using tools such as S-Tools and Invisible Secrets. A forensic examiner must be very familiar with techniques and trends in steganography and steganalysis. This means a forensic examiner should be able to do steganography and steganalysis by knowing multiple techniques and best practices for hiding/scrambling and recovering information.

Location: https://caecommunity.zoom.us/j/83488759886
Just log in as “Guest” and enter your name. No password required.

Join the Cybersecurity & Infrastructure Security Agency (CISA) and Girls Who Code (GWC) as we celebrate Cybersecurity Awareness Month and Cybersecurity Career Awareness Week!

In this virtual workshop, CISA will provide a topic overview on an incident response technique and then demonstrate the technique in a practice range environment. This is a great opportunity for students to learn about jobs and technology in the cyber field.

Register Here: https://girlswhocode.zoom.us/webinar/register/WN_A22n0P53TeqQDhH2eBEOHA

Artificial intelligence (AI) techniques have been widely employed to monitor, control, and manage Cyber-Physical Power Systems (CPPS). AI algorithms provide several advantages over analytical algorithms including modeling flexibility and applicability to real-time control and operation. However, AI algorithms, especially those dependent on machine learning (ML), could be exposed to multiple attack vectors through unsecured and unencrypted communications. Recent attacks have shown several vulnerabilities of ML algorithms to adversarial attacks. Attacks can include fabricated samples, poisoned data, and changes in model architecture to make deliberate errors. Therefore, it has become crucial to ensure the security, reliability, and robustness of deployed ML algorithms against adversarial attacks. This chapter discusses the vulnerabilities of ML algorithms to adversarial attacks, possible attack vectors, real-work examples of adversarial attacks on ML algorithms, numerical examples, and discussions to enhance ML algorithms against adversarial attacks in CPPS.

Location: https://caecommunity.zoom.us/j/83488759886
Just log in as “Guest” and enter your name. No password required.

A walkthrough of a lesson that has helped Cybersecurity students understand Asymmetric Cryptography. Public-Private keys and digital signatures are exchanged in this fun exercise.

Location: https://caecommunity.zoom.us/j/83488759886
Just log in as “Guest” and enter your name. No password required.

Although the Transport Layer Security (TLS) has been widely adopted to protect communications between IoT devices and servers, we find that the timeout detection in the TCP layer is decoupled from data protection in the Transport Layer Security (TLS) layer. This makes it possible to delay IoT messages without triggering alerts. Based on observation, we propose novel the Phantom-Delay attack and Delay-based Automation Interference (DAI) attack for smart home IoT systems that can induce hazardous and persistent consequences stealthily. Our evaluation demonstrates the applicability of our attacks on more than 50 popular IoT devices. The problem has been reported to the corresponding vendors and acknowledged by Google, Ring, and SimpliSafe.

Location: https://caecommunity.zoom.us/j/83488759886
Just log in as “Guest” and enter your name. No password required.

The National Cybersecurity Training and Education (NCyTE) Center and the Centers of Academic Excellence (CAE) in Cybersecurity Community are hosting the sixth annual National Cybersecurity Virtual Career Fair (VCF), on September 16, 2022, from 9:00 am-1:00 pm PT. This event is open to students and alumni from over 380 institutions designated as Centers of Academic Excellence in Research (CAE-R), Cyber Defense (CAE-CD), and Cyber Operations (CAE-CO), and institutions in the Candidate’s Program (pending approval).

As the CAE in Cybersecurity program continues to designate new CAEs, the number of students participating in the VCF grows each year. Last year, over 1100 students and alumni participated in the virtual career fair. Many students find careers through the VCF, and many of the same employers return each year to participate.

The Fair is for CAE designated institutions students and alumni, including Excelsior

Link for information: https://www.caecommunity.org/news/2022-national-cybersecurity-virtual-career-fair-registration-now-open

Registration link: https://caecommunity.6connex.com/event/virtual/vcf2022students/login

Interested in jumpstarting your career in cybersecurity? Join us for a webinar to learn about CrowdStrike’s mission, open positions (both intern and full-time), and their internship program. We’ll also have a Q&A session with members of CrowdStrike’s Falcon Complete, Professional Services, and Intelligence teams to share their day-to-day and career journey.

Register at: https://crowdstrike.zoom.us/webinar/register/WN_uVJ3HqZDS1O3dj1HOt_8yQ

The Fall 2022 NCL Season will begin with the Gymnasium on August 22, 2022 and wrap up with the Team Game November 4-5, 2022

NCL hosts two Seasons every year, once in the Spring and once in the Fall, aligning to US academic calendars. All participants play the games simultaneously during Practice Game, Individual Game, and Team Game.

NCL allows players of all levels to play. Between easy, medium and hard challenges, students have multiple opportunities to really shine in areas as they excel.

Learn more about the competition.

Join Vermont’s U.S. Senator Patrick Leahy; Dr. Mark Anarumo, President, Norwich University; LTG Maria Barrett, USA; distinguished experts and special guests for a day-long discussion on the latest innovations in cybersecurity and the importance of cyber education and workforce development in Vermont.

This event is free. Registration is required at: NULeahyCyber.eventbrite.com

This event is open to U.S. based academic institutions. Here is the 2022 scenario: A US company has been crippled by a ransomware attack, and NSA is standing by to provide technical assistance to FBI agents responding. Your mission is to: investigate the attack and discover the tools and techniques used; unravel and expose a ransomware-as-a-service ring; and recover the victim’s files and save the day.

Register at: nsa-codebreaker.org

The US Cyber Open CTF is for all skill levels. Beginner, Intermediate, and Advanced challenges will test your knowledge and skills in Cryptography, Forensics, Reverse Engineering/Binary Exploitation, Networking, Web, and Reconnaissance. And if you’re looking to win a spot on the next US Cyber Team, make sure to request an invitation to the US Cyber Combine.

Apply to play

The NICE Conference is the annual convening of community members and thought leaders from education, government, industry, and non-profits to explore ways of developing a skilled cybersecurity workforce ready to meet the challenges of the future. This event provides an opportunity to share best practices from around the world and across sectors in order to build the workforce we need to confront cybersecurity risks today and in years to come.
This event is hosted by Florida International University and New America, supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce.

Learn more and register

Volatility is an open-source memory forensics framework for incident response and malware analysis. The presentation is of practical nature and will involve a hands-on analysis of a memory image. The presentation will extract network information, process information, event logs, and hive registers. We will recover event logs and show how they would like at the time of the actual acquisition. Ban accounts will be recovered. We will also include hybrid malware analysis of our processes and determine which process caused the malware infection.

Join Event Log in as “Guest” and enter your name. No password required.

Will discuss how Ransomware has become our biggest threats on the Cyber landscape and how organizations are using the Zero-Trust framework to help mitigate those threats. How can both the public and private sectors be working together to help mitigate these risks against Ransomware? Also, how are organizations using current Zero-Trust security best practices?

Join Event Log in as “Guest” and enter your name. No password required.

The summit is designed to educate, elevate, and empower women of color technologists and techpreneurs across the nation. The global summit will take place virtually as a kick-off event for Philly Tech Week.

In keeping with our “No More Hidden Figures” mantra and in celebrating 5 years, the 2022 summit welcomes women from around the world. This years’ tracks include topics pertaining to Connectivity, Education, and Health.
Learn more and register

Manufacturing is not only the backbone of U.S. military technical advantage, but also a major contributor to the U.S. economy. A healthy, innovative, and vibrant manufacturing sector is essential to the economic strength and national security of the United States. The Industrial IoT, coupled with 5G, security in IIoT, machine learning and artificial intelligence, is impacting the future and growth of manufacturing. In this tech talk, we will discuss and live-demo how we use zero trust model, machine learning, and 5G to design and implement a secure smart manufacturing testbed in a lab environment. Further discussion also includes how we collaborate with the manufacturing outreach center to engage local manufacturers and show business use cases that smart factory can drive value.

Click to Access Just log in as “Guest” and enter your name. No password required.

A recording of the live presentation will be available following the presentation at: https://www.caecommunity.org/resources/cae-forum-resources

In today’s environment, private sector and government executives face the constant challenge of managing the emergence of these new cyber threats. Our goal is to provide a framework for understanding the capabilities of threat actors in a future where cyber arms are the norm. Hosted by solarwinds and FCW.
Learn more and register

As cloud computing and data outsourcing become increasingly prevalent, the need for data privacy is critical. Homomorphic encryption allows for algorithms and analytics to be computed on outsourced encrypted data without leaking any information about the underlying plaintexts, while zero-knowledge proofs allow for data verification without revealing secret data to the other party. In this talk, the presenters will briefly introduce these two technologies and discuss state-of-the-art applications utilizing HE and ZKP. Homomorphic encryption techniques can be used to conduct private machine learning inferences on the cloud without revealing any information about user inputs. For instance, a user could encrypt a picture of a patch of skin, upload it to a cloud server, and receive an inference result indicating whether or not he has skin cancer without ever exposing the picture itself. In terms of ZKP, a user could prove that she casted her vote correctly without revealing who she voted for. This enables building secure and trustworthy electronic voting.

Click to Access Just log in as “Guest” and enter your name. No password required.

Cyber competitions and capture-the-flag (CTF) events are a valuable tool for motivating and engaging students and professionals in cybersecurity and cyber operations beyond traditional education and training. Reverse engineering and binary exploitation challenges are common components of online CTFs, but the tools, techniques and procedures for performing reverse engineering and binary exploitation have a steep learning curve and are not taught in many computer science, IT, and cybersecurity degree programs. Angr is a Python framework for analyzing binaries across a number of platforms and architectures, originally developed as part of a DARPA Cyber Grand Challenge. It combines both static and dynamic, concrete and symbolic (or “concolic”) analysis to enable users to easily analyze how different inputs change the path of a program’s execution. For CTF exercises, angr allows competitors to quickly determine the correct input(s) that would satisfy a program’s constraints leading to a successful solution, thereby capturing the flag. This introductory presentation will demonstrate how angr can be used to solve CTF challenges (or find real-world vulnerabilities) in a fraction of the time required by debuggers, disassemblers, and decompilers alone.

Click to Access Just log in as “Guest” and enter your name. No password required.