Blue Team Red Team Exercise - Cyber Cataclysm 2020
Lead: Alex Keller, Sr. Systems Security Engineer, School of Engineering | Stanford University
A shadowy international hacker collective known only by the alias Kaos Corp has infiltrated a leading research lab at Stanford University, compromising the technology infrastructure, disabling network access by the legitimate IT staff, and demanding a ransom of 2 million dollars in cryptocurrency within 24 hours or they will delete the decryption key used to sequester the last year of research data and backups. The fate and future of the world is in your hands – gather OSINT (open source intelligence) on the threat actors to locate and commandeer their method of network access, offensively engage the lab infrastructure to regain control, capture the ransom key, decrypt the research data, and perform attribution on your adversaries all before time runs out!
Lab infrastructure with accompanying self-guided documentation will be available the week of October 12-16 for Stanford community participants to engage the scenario at their own pace. Workshop on Tuesday October 20th from 1-3PM will feature a brisk walk-through of the scenario for the first 30 minutes (observers welcome) followed by a hands-on session (space limited) for participants who would like to work through the objectives as a group.
Cyber Cataclysm starts NOW!
Lead: Annie Stevens, Information Security Officer, UIT ISO | Stanford University
Want to stop typing in your Stanford username and password? Haven’t been using the Cardinal Key? Come join us and we can get you up and running with it in less than 10 minutes!
Top Steps for Securing Workloads in the Public Cloud
Lead: Noah Abrahamson, Director Technology Consulting Group, UIT | Stanford University
This presentation will discuss cloud security measures that Stanford users of AWS, Azure and Google Cloud Platform need to take when building solutions in the cloud.
Mobile Penetration Testing and De-Identification for Digital Healthcare Application
Lead: Amir Bahmani, R&D Lead at SCGPM and a Genetics Lecturer; Arash Alavi, Software Researcher and Developer, Stanford Center for Genomics and Personalized Medicine (SCGPM) | Stanford University
Want to create a healthcare mobile app that securely collects personal health data? Got COVID-19 data? Ever wanted to de-identify time series data? If you don't have a budget to hire external big guns to run penetration testing on your mobile app, join this workshop to learn how to run a pen test on your Stanford mobile app with do-it-yourself self-scoring and remediation of your data vulnerabilities (e.g., open-source static and dynamic analysis mobile security frameworks). See how SCPMG is tackling the super-challenging question of de-identifying PHI time-series data using algorithms. Join this workshop to learn more about how to run your own penetration testing!
IR Tabletop Exercise
Lead: T.C. Chen, Information Security Officer, UIT ISO | Stanford University ; Terra Terrall, Privacy Officer, OCRO UPO | Stanford University
What should you do when you or one of your colleagues suspect a privacy or security breach? Learn what you can do to help contain a suspected incident, what information to gather, and who to contact to initiate appropriate incident response.(20 Attendee Limit - Stanford Only)
Web Security attack trends
Lead: Sam Abushariefeh, Information Security Engineer, GSB DS | Stanford University
Are you or your team building a website? Is it secure against cyber attacks? Come join us to discuss the top web security threats, ways to mitigate them, and what motivates hackers to attack.