Member-only story
When Teaching Mirrors Real-life … Sunburst, Solarwinds and Soaring Cybersecurity Stock Prices
We are proud of our Network Security and Cryptography module which myself and Rich Macfarlane teach. And so for the coursework (which had a submission date this week) we setup a fake bot and a controller using .NET programs, and then get students to analyse the bot. They must then understand the traffic generated from the bot, its static code, its behaviours, and its running code. We also encode messages with ciphers and hashes, so that students can use their skills they have learnt on the module to crack them. For this they have Wireshark, a firewall, and Snort at their finger tips [here]:
For this, each student has their own virtual infrastructure (within our vSoC infrastruture), and then ask them to protect the network using a firewall and to implement a detector with Snort. And guess what was announced this week? The Sunburst backdoor within the Solarwinds hack, and which sent the stock prices of companies such as FireEye Inc, Palo Alto Networks and CrowdStrike Holdings soaring. And what did it use? A .NET backdoor, with DNS encoded cipher messages, and where Snort is then used to detect the backdoor. The current…
