Surveying WiFi Access Points with Drones

Aaron Gudrian and Nicholas Ingersoll developed a method of performing large scale wireless access point surveys by pairing a DJI Phantom 3 drone with a Hak5 Wifi Pineapple Nano as a project for Dr. Bull’s CSC432 – Computer & Network Security course.




ANYCon 2017 Talk – The Stuffer




DEF CON 24 Talk – (Dr. Ronny Bull, Dr. Jeanna Matthews, & Ms. Kaitlin Trumbull)




Fall 2016: CSC206 Cybersecurity Scripting

We are offering a new course in Cybersecurity Scripting for the Fall 2016 semester, and I wanted to use this post to explain the scope of the class and its objectives, the skill-set required to take this course, and what you will get out of it.

Let’s take a look at the course description, then I will provide an example of the types of topics that will be covered, and what will be expected in terms of assignments.

Course Description: This course presents the student with an understanding of information security programming and script writing utilizing Python and other scripting languages.

Okay, the catalog description is a bit short, but it does state that the course will be using Python and other scripting languages. On of those “other” scripting languages is BASH.

While progressing through the course, you will be given programming assignments that will focus on exploiting, redirecting, or monitoring network traffic and services. From day one, you should be comfortable writing a Python program that uses functions and classes to solve a problem. Along with simple data structures like multi-dimensional arrays, linked-lists, and dictionaries. As for the networking side of things, since we are writing programs that exploit standard network protocols and services, you have to have a good understanding of how the protocols and services work in order to “hand craft” packets in Python.

For example, one of the first programs we will work on is a Python program that will send a basic ICMP packet to a host, collect the response, and dump it to a .pcap file. You will be required to create and transmit the ICMP packet using only Python code. Then, a BASH script will be created that uses the tcpdump command to read the .pcap file, or you can have a Python program parse it directly.

At this point your asking if I am just trying to make people run away from the course, right? Scary stuff? I say, not really… If you can code in Python and read that example, and you understand what an ICMP packet is, as well as how the request and response process works, then you are off to a good start.

Maybe you know what tcpdump is, and have played with it a bit before, and you recognized what a .pcap file is, if so even better. If not, no sweat, we will be covering it. So really at this point the only hurdle is to know how do I make that ICMP packet, and send it out using Python. And, what do I do to collect that response and analyze it? Ahh!!! Now the curiosity comes out, this is where your mind should be if you are looking to enter this course. You realize that an ICMP packet is just a simple ping, but the tool you are creating cannot use the ping command without doing a system call. Instead, it would be more efficient to do things in a different way. So you learn to use the power of Python and its libraries in order to craft your own ICMP packet using your knowledge of the OSI model and network protocols and make that ping a reality! Your code is also so l33t that it is running a separate thread that is sniffing the network at the same time and waiting, watching for that response to come back from the target…. IT’S ALIVE!!!

Okay, so I got a bit carried away there, but my intent is to provide enough information to students interested in taking the course so that when enrolling in it, they can make an informed decision on whether they are “ready” for this or not. So if you are interested, come talk to me, and we will discuss the course in more detail and find out if it’s a fit for you, or not, in the Fall. My goal is to get you to succeed and learn as much as possible in this course, not to set you up for failure.

Ronny




Spring 2016 CNY Hackathon Event – Special Announcement

We were not supposed to share this yet. But, we just are so excited… check out this cool new badge for the upcoming CNY Hackathon. The artwork was donated by Romanelli Communications and the Production costs have been picked up by our friends at AIS. We are very thankful to have such great local businesses involved with this excellent event for the students!

Sponsor Badge Front

Sponsor Badge Back




Spring 2016 CNY Hackathon Job Fair Participant List

Remember to bring your resumes to the Hackathon event this semester! The following companies will be present during the event to talk with students about job and internship opportunities. They will also have the chance to walk around during the event and observe student teams in action!

M.A. Polce Consulting, Inc.
AIS (Assured Information Security)
Harris Critical Networks
BNY Mellon
Critical Technologies, Inc.
GrayCastle Security
NYCM Insurance
Utica College




Creating SSH keys for password-less access to chewy

If you want to SSH into the CS department SSH server (chewy) without having to type your password each time use the following instructions to create a SSH public/private key pair. This is a handy skill to learn especially if you are looking to script processes that require the SSH service. If you do not use keys when scripting then each time an SSH connection is made the script will fail since no one will be around to type in the SSH password.

In order to setup a SSH key pair use the ssh-keygen command on a Linux system to create the public and private keys.

This will start up a dialog with a few prompts that you must respond to. In most cases you can just hit enter in order to accept the defaults:

Some things to note:

  • You can enter a passphrase when creating the key pair which will make it more secure, but this will also require you to type the passphrase whenever you SSH into the system. This will defeat the purpose of using the key pair for automation.
  • Your keys will be generated in /home/your_uesrname/.ssh which is a HIDDEN directory. Make sure the private key (id_rsa) is copied the /home/your_username/.ssh folder on each client system that you would like to use to access the SSH server.
  • You will need to add your public key to the /home/your_username/.ssh/authorized_keys file in order to use your key pair to connect to the system.

Adding your public key to the authorized keys file:

Make sure the permissions are set correctly on the authorized_keys file:

That should do it! Now try to SSH into the server from the client using the key pair, if all went well you should be logged right in without being prompted for a password. If you are still being prompted for your password make sure that the permissions are set correctly.

List of permissions:




Fall 2015 CS Department Get Together

We will be having our annual gathering event Tuesday, 10/20, from 3pm to 5pm, in L100 in the Library basement.

– Learn about what’s happening in the department and how it affects you.
– Meet our new faculty member, Prof. Ronny Bull
– Hack Halloween
– Have some munchies while chatting with your fellow CS majors.




Fall 2015 CNY Hackathon Event

The Fall 2015 CNY Hackathon event will be held on Nov 6th and 7th at Mohawk Valley Community College. Visit http://cnyhackathon.org for more information. If you wish to participate in the event you can sign up here:

http://www.cnyhackathon.org/?page_id=433




DefCon 23 Videos

All of the DefCon 23 videos are available at http://cs.utica.edu/~defcon

The content is username and password protected.  If you would like access please see Prof. Ronny Bull or get the credentials from someone who already has them.