Grad School Papers and Presentations

This paper introduces the Security Operations Data Engineering Framework (SODEF), a groundbreaking approach to Security Information and Event Management (SIEM) that promises to significantly reduce complexity and costs associated with cybersecurity operations. Amidst the evolving cybersecurity landscape, where effective security measures have transitioned from a luxury to a necessity for business operations, SODEF offers a comprehensive guide to streamline security data management. By dissecting the SIEM architecture into key components such as IT Systems, Data, Data Pipelines, and others, the framework emphasizes the crucial role of data pipelines in achieving operational efficiency and cost savings. Through a detailed exploration of SODEF, this study illustrates how security teams can enhance threat detection capabilities while judiciously managing resources. The implementation of SODEF not only addresses the pressing need for sophisticated yet financially viable cybersecurity solutions but also aligns with the strategic objective of simplifying IT architectures for better security outcomes.

This study, inspired by BlackHillsInfoSec, delves into cyber deception tactics, emphasizing the strategic deployment of honey (decoy) accounts within a Windows Active Directory (AD) environment to detect password spray attacks effectively. Rooted in the asymmetrical warfare of cybersecurity, where defenders must secure all vulnerabilities against attackers who need exploit only one, this research proposes a proactive defense strategy leveraging the inherent knowledge advantage of defenders. Through a comprehensive purple teaming exercise, the study evaluates the efficacy of decoy accounts against conventional univariate time series anomaly detection, such as STL decomposition. Findings demonstrate that while traditional methods have their merits, the directness, simplicity, and versatility of honey accounts offer a superior detection mechanism against password sprays, particularly in countering Advanced Persistent Threats (APTs). By illustrating the strategic value of cyber deception, this paper contributes to the cybersecurity discourse, advocating for its integration into modern defense strategies to recalibrate the balance of power in cybersecurity operations.

I explore the secure exposition of self-hosted services, extending insights beyond PostgreSQL databases to a variety of internet-accessible applications. It contrasts traditional security configurations, marked by complex firewall setups and direct port exposures, with the innovative application of Cloudflare Tunnels. A key focus of the research is on how Cloudflare Tunnels simplify the secure exposure process by removing the necessity for open firewall ports, significantly lowering the likelihood of unauthorized access and cyber-attacks. Further, the paper elaborates on the integration of Cloudflare Access to implement Multi-Factor Authentication (MFA), reinforcing the security framework by adding an essential layer of user authentication. This combination not only obscures services from potential external threats but also ensures that access to these services is tightly controlled and monitored. Through practical experiments and Nmap scanning, the study demonstrates the effectiveness of Cloudflare Tunnels coupled with MFA in enhancing service security. The findings advocate for the broader adoption of Cloudflare Tunnels and Cloudflare Access as superior methods for the secure and efficient exposition of internet-facing services. This contribution to cybersecurity highlights the critical need for simple, yet powerful, security strategies in protecting against sophisticated digital threats in today's complex digital environment.

This paper presents a fictitious, yet meticulously crafted scenario involving BrainArray, an AI development company, victim to a complex data breach within its CloudNova hosted cloud infrastructure. Orchestrated as a creative exercise, this narrative delves into innovative potential attacks leveraging a disgruntled employee's collusion with a foreign Advanced Persistent Threat (APT). The story unfolds Forenzotica, a digital forensics firm, tasked with the intricate process of volatile and non-volatile data acquisition, highlighting groundbreaking Digital Forensics and Incident Response (DFIR) strategies. This hypothetical exploration showcases the deployment of state-of-the-art forensic tools and methodologies, emphasizing the criticality of cloud security, the nuances of insider threats, and the sophistication of APTs. Through this imaginative tale, the paper aims to illuminate the importance of creativity and innovation in formulating and preempting potential cybersecurity threats. It underscores the need for robust security measures, advanced forensic capabilities, and the perpetual evolution of DFIR strategies to stay ahead in the ever-dynamic landscape of cyber threats. This fictitious narrative serves as a testament to the pivotal role of storytelling in enhancing our understanding and preparedness for real-world cybersecurity challenges.

This paper explores the integration of cyber deception technologies within cloud environments, focusing on automating the implantation of database canarytokens as a method to enhance cloud security. "Eleplanter," a Python-based tool, leverages APIs and artificial intelligence to seamlessly insert canary tokens into PostgreSQL databases, aiming to mitigate the challenges posed by cloud abstraction and control layers. Through the application of Thinkst Canary tokens and the strategic use of OpenAI's GPT model for data generation and decision-making, Eleplanter introduces a novel approach to creating early-warning systems for database breaches. The research underscores the significance of portable, external deception technologies that operate independently of cloud service provider interfaces, offering a cost-effective and universally applicable solution for improving security visibility and incident detection in cloud infrastructures. The findings highlight the potential of canary tokens as tripwires that alert defenders to unauthorized data access, thereby enabling rapid response to security breaches. The paper discusses the technical stack, implementation challenges, and the effectiveness of Eleplanter in a cloud context, advocating for further exploration and adoption of cyber deception techniques as a critical component of cloud security strategies.

This paper introduces ReXplorer, a pioneering Python-based tool designed to automate the training of Generative Pretrained Transformer (GPT) models by efficiently mining various internet data sources to improve problem-solving in chat-based interactions. Despite initial challenges and unmet expectations with ReXplorer's performance, the endeavor sheds light on the complexities of information retrieval and the limitations of current search engines in supporting AI learning processes. The insights gained underscore the necessity for innovative approaches to training AI, specifically GPT models, highlighting the critical role of topic extraction and expansion in refining AI's problem-solving abilities. Through a detailed examination of ReXplorer's design and its optimization strategies, the paper articulates both the potential and the hurdles of leveraging AI for more dynamic and contextually aware information retrieval, paving the way for future breakthroughs in AI training methodologies. The findings emphasize the evolving landscape of AI-driven solutions and the imperative for ongoing research to overcome the inherent challenges in training AI models to navigate the vast and complex terrain of the internet efficiently.

I discuss the lack of focus on home network security, as most consumers and IT workers perceive the home network as a less appealing or critical target for attackers. This results in poor security and a lack of visibility on home networks, making it difficult to identify and report attacks, not to mention rare. I suggest that implementing solutions for increased visibility on home networks is the first step towards better security, as visibility and "mapping" is crucial for understanding and protecting networks in the corporate and consumer worlds. Various methods for home network security monitoring are presented, supported by research and experience in enterprise security operations. Some of these are obvious, but these practices have not been innovatively adapted into consumer living and home security hygiene.

This paper discusses the use of Open Source Intelligence (OSINT) techniques to curate memorable and publicly available information about a person in order to build targeted wordlists for password-guessing attacks. The paper proposes that the security of memorable passwords relies on the ability of AI models to generate targeted wordlists and the availability of such models to malicious actors. The paper conducts targeted wordlist generation using a traditional manual “permutative” approach and an AI and machine learning approach using 4 public tools. The process uses the author's social media page as an OSINT data source and compares the generated wordlists to an old password using string similarity algorithms. The results show that GPT-3 and OMEN+ wordlist generation underperforms when compared to the a modular permutative approach such as the “Mentalist” GUI-based program. The paper hypothesizes that AI and ML-based implementations are currently more useful for cracking large compromised sets of password hashes and that manual permutative methods are currently more performant in targeted attacks. However, this is only the case if the attacker happens to choose the right combinations of the OSINT data or the user doesn’t use some very personal slang or phrases in their passphrase. The paper concludes that targeted attacks require more sophistication and maturity before becoming a viable method for the average hacker.

This paper focuses on the problem of vulnerable road users (VRUs), such as bicyclists, pedestrians, and motorcyclists, who are at a high risk of injury when on the road. Recently, the C-V2X communication technology was introduced to replace DSRC, which has led to multiple industries working together to provide a safer experience for both drivers and VRUs. The paper examines a specific use case called vulnerable road user collision warning (VRUCW) that will be implemented into autonomous C-V2X vehicles. Through research, the paper identifies several wireless security issues that need to be addressed in order to ensure the safety of VRUs. The paper provides solutions to 3 problematic scenarios that may arise when implementing VRUCWs. The first scenario involves issues with non-line-of-sight and other road side unit related path loss / radio interference, vehicle congestion, and denial of service attacks against vehicles at urban intersections. The solution involves better placement of road side units (use 5G or 4G to communicate warnings to autonomous vehicles), designing better channel models, and using the TESLA cryptography method which is cheaper and more performant in an urban setting than PKI (public key infrastructure.) The second scenario involves issues with cameras not covering an intersection fully. The solution involves using additional cameras or sensors on vehicles and dynamically deciding which sensor source to trust via processing at the road side unit. The third scenario involves issues with road side unit failure from factors such as weather damage and power loss. The solution involves using redundant networks of road side units at intersections to handle losses of other units.

This research paper discusses how businesses can achieve cyber resilience, the ability to withstand and recover from cyber-attacks. The paper argues that relying on a small team or expensive technology is not enough for a business to be resilient, and that every problem in a business that involves information technology should be solved with a bit of security in mind. The paper posits that if a business can get its employees to think about security more and use it daily, then all the people, processes, and technology in a business can benefit. The research is focused on whether personal security practices, such as using a password manager, legitimately affect business cyber resilience, and is constrained to the 4Rs framework (robustness, redundancy, resourcefulness, and rapidity) and the PPT model (people, processes, technology). The research uses numerous resources, reports, and statistics to show the value of simple habits or adopting new workflows such as using knowledge management software. The paper presents recommendations based on research evidence, and also includes a basic security education training and awareness program to motivate employees to adopt personal security habits.