Web Application Security
Created a controlled Docker environment to deploy servers such as an http reverse proxy, mod security, dvwa (Damn Vulnerable Web Application), and bwapp (A Buggy Web Application), to perform server side attacks such as SQL Injections, Command Injection and Remote File Inclusion, as well as client side attacks such as Cross-site Scripting, Cross-site Request Forgery and Clickjacking. Also wrote a web scraping script as well as a script to authenticate to different sites using GET and POST request headers.
Penetration Testing
Experimented with different well known red-team attack methods in a controlled environment including brute-force password cracking, SQL Injections, and meterpreter exploits. Performed two OSINT metadata project throughout the semester including one on a professor, and another on a selected company.
Authentication and Security Models
Discussed different security models, biometric authentication, Discretionary/Mandatory Access Controls, Wirelss security, and Quantum Computing. Collaborated with 3 other students on an end of the semester paper that was based on the topic "Can an AI crack Multi-Factor Authentication?"
Network Security and Forensics
Examine the areas of intrusion detection, evidence collection, network auditing, network security policy design and implementation as well as preparation for and defense against attacks. End of the year project included getting a thoretical CTI report that explained an attack that occured. Was also given a network topology. Wrote a 10 page report as to what security tools we have learned throughout the semester such as IPTables firewall, IPSec encryption. Snort3, and Zeek monitoring, to help prevent such attacks.
System Administration I
Created an environment via the universitys remote learning software that contained a pfsense router, Windows 2012 and 2016 servers, as well as Linux and Windows clients. Kept a site book to document any changes to the environment. Course content and topics added to the environment included Windows Active Directory, DNS server, DHCP server, user accounts that can be used to log into Windows and Linux clients, file transfer protocol, lightweight directory access protocol, kerberos, apache web servers, cronjobs, and RAID file storages.
System Administration II
Created two separate networks connected to one router, and they have been connected together via a two-way trust. Used Free IPA server with Redhat to provide domain information and DNS services, as well as a DHCP relay over a router to provide DHCP services to one of the networks, and used Windows Active Directory, DHCP server, and DNS server to provide services on the other network. Implemented Kerberos for authentication and Kubernetes for automation, as well as Zabbix and Greylog for monitoring. Created a presentation about how transport layer security and certificate authority servers operate. Other topics covered in the course and used within the network are lightweight directory access protocol, pluggable authentication modules, and docker containers.
Network Services
Created two different networks that could communicate with each other through static routing. Created a virtual DHCP server as well as a virtual DNS server. Used the created virtual network to experiment with other network protocols including SSH and TCP/UDP among others. Used Cisco Packet Tracer to create a network to experiment with VOIP phones virtually.
Intro to Routing and Switching
Worked with routers and switches during the entirety of the course. Topics included how source address tables are updated, how spanning tree protocols determine port roles and states, IPv4 addressing, how to calculate subnets, Address Resolution Protocol tables and how they get filled with MAC addresses, how host routing tables are traversed when sending messages, Access Control Lists, and routing and static routes.
Computer Science I
Was taught the basics of the Python scripting language. Topics included loops, dictionaries, recursion, sorting, stacks, queues, debugging and hashing. Project was to write a python script to check misspelt words in a dictionary.
Computer Science II
Was taught the basics of the Java scripting language. Topics included classes, interfaces, inheritance, java collections framework, exceptions, multi threading, java networking, java guis, and Dijkstra heaps. Projects included creating an algorithm to compute a derivative, as well as a group project to create a wack-a-mole game.
Programming for InfoSec
Was taught Python, C, and Assembly programming languages. Course topics included threads, exceptions, and sockets all in python, sockets, pointers, heap, data structures, Linux and Windows system calls all in C, and debugging, x86 coding, and stack overflows in assembly.
Intro to Database and Data Modeling
Was taught the basics of the SQL database scripting language. Created multiple databases throughout the semester and added information into them such as contact information, changing information that has already been put into a table, as well as transposing E-R diagrams. Other topics included data organization, relational model and other modeling techniques, relational mapping and normalization, as well as relational algebra.
Reverse Engineering Fundamentals
Coded in assembly programming language for the entirety of the course. Topics included basic static and dynamic analysis as well as advanced static and dynamic analysis. Would use these topics to break down bits of malware to try and figure out what its ultimate goal was. Some tools to perform this reverse engineering of malware were IDA Pro, Regshoot, Strings, Olly Debug, Apate DNS, Netcat, and FLOSS.
Intro to Cryptography
Was taught the mathematical foundations that are in relation to cryptography and also cyber security. This is one through covering private-key cryptosystems including DES and AES, hash functions and public-key cryptosystems including RSA. Other topics covered in the course are different ciphers and registers.
Computer System Forensics
Used tools such as FTK Imager for incident response on computer system forensics on Windows and Linux machines. Other topics covered in the course include Linux file sharing system, Windows and Linux memory investigation, Windows and Linux system forensic analysis as well as FTK case studies. Course included group project to which I worked with two other people on picking a forensic based tool and modify the tool so resolve a real world issue.
Cyber Defense Techniques
Split into three teams for the entirety of the semester. Had three cyber competitions throughout the semester where I gained experience as a blue team, red team, and grey team members. As a grey team member, we set up a fake twitter website using apache, and sent out "tweets" to help the red team try to take down the blue team. This was all done via VMWare vsphere.
Task Automation Using Interpret Languages
Learned more in depth about the Linux operating system and scripting in the Python and Linux shell languages. Learned about basic user-level commands to the Linux operating system, followed by basic control structures, and data structures in Python. Created scripts with 2 other people that collected data about the systems memory and CPU in both the process and system levels in bash; as well as a script to filter out pcap file packets in Python.
