Tuesday, December 30, 2014

Tech Tip Tuesday – Cryptoy App

GCHQ, the British version of the NSA, has developed an educational app to “help students explore the fascinating world of cryptography”. The app was designed by British STEM students. Do you know of any other student developed security tools?

http://www.gchq.gov.uk/press_and_media/news_and_features/Pages/cryptoy-app-released.aspx

If you have a #CyberPatriot Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Tuesday, December 23, 2014

Tech Tip Tuesday – $1,000 FREE from Amazon Web Services (AWS)…

AWS and edX have partnered up to offer students, who successfully complete the FREE edX Entrepreurship 101 or 102 class, $1,000 worth of AWS for FREE. This is the perfect combination for tech savvy entrepreneurs looking to build their business.

https://www.edx.org/AWS-activate

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Tuesday, December 16, 2014

Tech Tip Tuesday – Teach a Man to Phish

A recent Google study finds that the most successful phishing websites capture data from 45% of its visitors. Phishing attacks have been around since Anna Kournikova and will continue to be a thing as long as people keep clicking. They usually involve a current event (e.g. Ebola, Ferguson, Korean Air nuts) to incite some emotional response. Our friends at Intel Security put together this 10-question quiz. Take the quiz and let us know how you did.

http://www.cbsnews.com/news/mcafee-intel-security-phishing-quiz-can-you-spot-a-scam-dont-be-so-sure/

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Wednesday, December 10, 2014

Tech Tip Tuesday - Google Firing Range

Are you looking for another tool to test your web applications? Why not use what Google uses? The tool is "a collection of unique bug patterns drawn from vulnerabilities that Google has seen in the wild".

http://googleonlinesecurity.blogspot.com/2014/11/ready-aim-fire-open-source-tool-to-test.html

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Tuesday, December 2, 2014

Tech Tip Tuesday – Hour of Code

The Hour of Code is happening December 8-14, 2014. Last December 20 million students did Hour of Code. Even if you don’t plan on participating in the event, check out the website and start coding. There is age appropriate content from ages 4 to 104.

http://code.org/

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Tuesday, November 25, 2014

Tech Tip Tuesday – Cisco Games Arcade

Are you studying for the Cisco Networking Quiz for Round 2 of CyberPatriot VII? If you have gone through the Cisco Networking Academy but want something difference try out the games in the Cisco Games Academy. The “Subnet Game” can give you some virtual experience in IP subnetting.

https://learningnetwork.cisco.com/community/learning_center/games

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Tuesday, November 18, 2014

Tech Tip Tuesday – Google Guide for Technical Development

As seen on @lifehacker, Google’s Guide for Technical Development recommends academic courses available from online for FREE. This isn’t an end all be all list but it’s a great start. The fine print: “Checking off all items in this guide does not guarantee a job at Google”

http://www.google.com/edu/tools-and-solutions/guide-for-technical-development/index.html

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Tuesday, November 11, 2014

Veterans Day Tech Tip Tuesday – National Initiative for Cybersecurity Careers and Studies (NICCS) for Veterans

The NICCS has a collection of educational and career opportunities for veterans. It’s a good start for transitioning vets or vets looking to further their education.

http://niccs.us-cert.gov/home/veterans

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Tech Tip Tuesday – Gnu on Windows (GOW)

Do you want to take advantage of tools commonly found on *nix systems but can’t commit to loading a new operating system? Of course there’s the 100+MB installation of Cygwin, but why not try GOW at 18MB.

https://github.com/bmatzelle/gow/wiki

If you have a #CyberPatriot Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Wednesday, November 5, 2014

Tech Tip Tuesday - Cisco IOS Commands

Here’s a Cisco IOS command cheat sheet you can use for Round 2 of CyberPatriot VII. Don’t count on the question mark to get by.

http://www.pantz.org/software/ios/ioscommands.html

If you have a #CyberPatriot Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Tuesday, October 28, 2014

Tech Tip Tuesday - Fun with IP Subnetting

CyberPatriot VII Round is coming up November 14-16, 2014. There are three images (Ubuntu, Vista, Windows 8) AND a networking quiz on the Cisco Networking Academy site. Check out this site if you need help getting started with IP subnetting or just need a refresher. Hopefully it won’t be on IPv6.

http://www.wikihow.com/Calculate-Network-and-Broadcast-Address

If you have a #CyberPatriot Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Tuesday, October 21, 2014

Tech Tip Tuesday – Offensive Computer Security Training

Florida State University has made their lecture slides and YouTube videos available for their Spring 2014 CIS 4930/CIS 5930. I know that people are uneasy about “offensive” training but it the instructor sums up their motivation as “Teaching only defense is like teaching people only to play goalie in soccer when you don’t even know what the goal looks like.”

http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Sunday, October 19, 2014

CONTINUING PROFESSIONAL EDUCATION (CPE) Credits

If you have an industry certification, you probably have a requirement to maintain CONTINUING PROFESSIONAL EDUCATION (CPE).

By participating in CyberPatriot, you have the ability to earn qualified CPEs.  The following information was pulled from the most recent certification guidelines.  Be sure to check your certification's policy on CPEs prior to claiming them.

The most important area in regards to CPEs is documentation of what you did.

ISC2
Through CyberPatriot participation, you can obtain CPEs through three different options.

Preparing for presentation/lecture/training – Group A or B credit
CPE credits are earned for the time spent in preparing for the non-work related presentation, lecture or training materials. CPE credits are not earned for the time spent on presenting the course, lecture, or training. Members could claim Group A credits when the presentation, lecture or training, i.e., activities cover topics directly related to one of the domains of their respective credential.

However, if topics of the presentation, lecture or training, i.e., activities are not directly related to one of the domains of the credential, but content of those activities will still enhance members’ overall professional skills, knowledge, education, or competency, members could claim Group B credits.

Number of CPE credits that can be claimed under this category is based on the number of hours spent preparing for the activities – in relation to the presentation time – limited to a maximum of a 2-hour presentation (See Table 3). For example, four CPE credits could be claimed for the initial preparation of training materials, lecture or presentation for a one hour presentation. CPE’s may be earned for updating  an existing presentation as described in Table 4. This CPE activity is only relevant for short presentations up to 2 hours in length. Examples include Webinars or Pod Casts.

Credits are not earned for teaching or training courses that are of multiple days, weeks, or months in length. Tables 3 and 4 provide limits to the number of CPEs earned for preparation time.


Table 3. Initial Presentation
Presentation TimeCPEsPrep TimeNumber of CPE Credits
Allow for Prep Time
1/4 hour (15 mins)01 hour1
1/2 hour (30 mins)02 hour2
1 hour 04 hour4
1 hour06 hour4
1 1/2 hour06 hour6
2 hour08 hour8

Table 4. Updating Existing Presentation
Presentation TimeCPEs% of Presentation
Update
Number of CPE Credits
Allow for Updating
Existing Presentation
1 hour025%1

050%2

075%3
2 hours025%2

050%4

075%6



Volunteering for government, public sector, and other charitable organizations – Group A only
Members are entitled to one Group A CPE credit for each hour of volunteer work. As documentation of their volunteer efforts, members must retain a signed confirmation on the organization’s letterhead, indicating the number of hours of volunteer work they have performed. This volunteer work must be
related to a member’s (ISC)2 credential.


Preparing new or updating existing training seminar or classroom material – Group A credit
Instructors, teachers or professors can earn CPE credits for the time spent in preparing information
security training or course material to teach in training seminars or academic classes. The material must be new but not recycled or repeated one. CPE credits are not earned for the time spent for presenting the material. Members could claim Group A credits when the coursework or training material is directly related to one of the domains of their respective credential(s).

Although CPE credits are earned for preparation of the material, but it is calculated based on the length of the training, seminar or course taught (See Table 6). A 500 word essay explaining what was learned from preparing the material is required to be submitted when posting/claiming CPE credits for this category. For example, two CPE credits could be claimed for the initial preparation of new, not repeated, training or coursework materials for a 1-day seminar or class when submitted with the 500 word essay. CPE credits may be earned for updating existing seminar or course material at the same rate as described in Table 6 and must be accompanied with a 500 word essay.

Table 6
Instruction TimeCPEs for Instruction TimeCPEs for Prep Time
+500 word Essay
1 Day Course02
2 Day Course05
5-7 Day Course010
Semester (12 weeks or more)202



EC-Council
EC-Council refers to their continuing education as EC-Council Continuing Education (ECE). EC-Council may be a little harder to justify, but they do have an ECE area that may qualify.

Preparing for training classes in a related domain
This credit can only be taken for preparing for the class and can only be claimed once unless you upgrade the materials and then the upgrade can be claimed.

See this site for more info: 
http://portal.eccouncil.org/delta/announcement.htm


DOCUMENT, DOCUMENT, DOCUMENT.

There are many ways to document CPEs. My preference is to leverage Google Calendar. When I attend an event (conference, webinar, chapter lunch, etc), I put it in my calendar and I put CPE in the description.  If I receive a receipt or some other type of documentation, I take a picture with my phone and attach it to the calendar invite.

When it comes time for me to update my CPEs, I just search my calendar during a certain time frame for the term CPE and all the events come up. If I am ever audited, my documentation can be retrieved from the calendar. 

If you have information on another certification and would like us to add it to this blog, please send it to info@cyberhui.org.


Tuesday, October 14, 2014

Tech Tip Tuesday – MOOCs

MOOCs, not Moops, are Massive Open Online Courses. We’ve shared a couple of them in previous posts but wanted to share a little more. They are normally free and utilize the same content from in residence courses from MIT, Stanford, Princeton, etc. I will say that requires some internal motivation to complete. Coursera is offering one from Stanford on Surveillance Law that starts today.


If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.





Wednesday, October 8, 2014

Tech Tip Tuesday - The Power of Cron

Have you ever heard about cron? Cron allows linux users to schedule jobs to run periodically at fixed times, date or intervals. Typical uses for cron is to schedule your backups, or a script you have written.  
http://www.pantz.org/software/cron/croninfo.html 

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Wednesday, October 1, 2014

Tech Tip Tuesday - Shellshock

Have you heard about Shellshock? It has gained much attention the past week and rightly so. The folks at the Internet Storm Center have videos to explain what exactly Shellshock is. Remember to always keep your machine up to date on the latest patches.

https://isc.sans.edu/diary.html?date=2014-09-29

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Tuesday, September 23, 2014

Tech Tip Tuesday - Kali NetHunter

If you have a Google Nexus device laying around and you wanted to load Kali Linux on it, well you're in luck. Offensive Security has released NetHunter that can be installed on your Nexus devices to use as a portable penetration testing device.

http://nethunter.com

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Wednesday, September 17, 2014

Tech Tip Tuesday – Netcat

It’s known as the Swiss army knife because it can do almost anything. Port scanning, banner grabbing, DNS forward/reverse checking, transferring files, and making Julienne fries. Well maybe not the fries. The good people at the SANS Institute put together this cheat sheet to help you get started.



If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Tuesday, September 9, 2014

Tech Tip Tuesday - iPhone wiping

Whether you're planning on selling your old iPhone on Craigslist or just trading it in for an upgrade to the new iPhone 6 or 6 Plus, make sure you remove all your personal information. Apple has a couple of ways for you to do this. It will keep your Backstreet Boys playlist between you and your earphones.

http://support.apple.com/kb/HT5661

If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.

Monday, September 8, 2014

Cyber Hui CyberPatriot VII Self Assessment Survey

Last year I utilized a self-assessment survey for Leilehua. This helped me gauge the student's knowledge and skill level prior to starting my training regime with them.

Our goal was to find and develop subject matter experts for each core area: Windows, Linux, and Networking. We put together 2-person teams for each of the core areas.  We leveraged the results of the survey to help form the teams.

Additionally, the survey helped me get contact info for the students.  As a mentor, the ability to communicate and share information with the students is vital.  My main form of communication outside of the classroom was email.

I also used the survey as a post self-assessment to gauge the how much the students felt they learned from the competition and the training I provided.  This has led me to shift my training plan for this year.

I placed the survey online and made it available to any coaches or mentors that would like to use it. If you decide to use it,

1. Email info@cyberhui.org with your school name and contact info
2. Give your students this url (http://bit.ly/CPVIISA)
3. I will send you the results of what they submitted.




Wednesday, September 3, 2014

Tech Tip Tuesday – Two Factor Authentication (2FA)


Are you worried about your personal information from your Apple iCloud or Dropbox getting in the wrong hands? Trail of Bits put together a walkthrough to setup 2FA on those services. What is 2FA? Two-factor or multi-factor authentication uses a combination of these three things. 1. Something you know (password, PIN) 2. Something you have (smart card, phone) 3. Something you are (fingerprint, retina). 2FA will protect you from password guessing and brute force attacks.




If you have a Tech Tip you want to share, send them to info@cyberhui.org and we'll get them out next #TechTipTuesday.