Updates from March, 2017 Toggle Comment Threads | Keyboard Shortcuts

  • Justin Pineda 12:06 pm on March 1, 2017 Permalink | Reply
    Tags: hydra, research conference   

    Proud of my students’ achievements @ UA&P event 

    Last February 24, 2017, me and my undergraduate students went to the University of Asia and the Pacific (UA&P) in Pasig City to present their project Hydra in a school-initiated research conference.

    The event was not very big but various students from undergrad to PhD were prepared to present their papers. I was really pushy but cautious to my students at the same time- I would like to guide them in their project and prepare them to present it by themselves in front of academicians.


    A copy of the Parallel Session schedule and Abstract

    And so the day came… my students Kent and Letty created their presentation slides. I told them to limit it to 6-10 slides only and practice explaining their project in the simplest and shortest way possible… which they were able to do very well.

    That moment when my student started presenting made me feel proud as their teacher. 🙂

    Congrats Kent and Letty for a job well done! Although I still have a lot of waiting to do for the expense reimbursement haha



    With my students, Kent Miculob and Letty Laureta

    To read the paper we submitted, you may visit this link.


    Post statement- Use an old Roman encryption to decrypt the message below


  • Justin Pineda 1:58 pm on January 7, 2017 Permalink | Reply  

    7 reasons why you should take up a Master’s degree 

    I’m currently preparing for my final term for my Master in Information Systems (MIS) degree. It’s a short break from the stress in school. Looking at what I’ve learned and accomplished so far, I would like to share my top 7 reasons why you should take up a Master’s degree. (I’m not going to discuss what course to take or which school should you go to. That will be in a another blog post. 🙂 )

    7. You will meet new friends.

    They say that in grad school, having 10 students in a class is already big. In the class, there will be mixed types of people- from young professionals to management-level to self-employed individuals. There will also be returnees or transferees who will join the class. Since a lot of them will be your classmates for a couple of terms, you spend a lot of time with them during and after class.

    And you will be friends with them in no time similar to your college experience! This time, you won’t be limited to your age group. You can be a young professional and make friends with a senior manager or even a mother. And that’s fine. 🙂


    Our Managerial Accounting class.


    My consistent group mates hehe

    6. It’s a requirement for you to be able to teach in the Philippines.

    It’s a plain and simple requirement in the Philippines. I cannot argue and elaborate more on that. I will write another post about to pros and cons about the vertical articulation by Commission on Higher Education (CHED). Anyway for now, getting a master’s degree will make you qualified to teach.

    I just have to put my disclaimer right away that I know a lot of people who have graduate degrees but incompetent in their fields (and/or don’t possess the teaching hand). I’m sorry I just have to say it because there are still a lot who pursue the degree for the “title” and “compliance.”

    5. You can build your network of professionals that can help you in your career.

    One of my professors in the grad school said that with the variety of students who enroll in the class, he can already build a company with all of us have different roles.I agree with him. Your classmates come from different industries and fields. You can help each other out at work. I have classmates who are in banking, government, project management, academe etc. They can help you look for a job or do your job well. haha

    My professors helped me link to some consulting opportunities which I won’t be able to find had I not enrolled in grad school. The world in the corporate is quite enclosed that’s why you need an outlet to spread the network.

     4. You get to learn from experiences rather than plain textbooks.

    More than the degree, one of the main reasons why I enrolled in grad school is to listen to my classmates and professors’ stories- experiences in work that helped them succeed or even led them to failure. I can read books or Google stuff or even watch tutorials in You Tube. But to listen to the experiences is something you’ll only get if you’re in class.

    3. You have something to look forward after your routinary work.

    You will have classmates who still slack in some instances and those who are teacher’s pets. haha There are also those who study in advance and submit the deliverable very early. You’ll have classmates who don’t  have anything to submit too! haha In any case, attending the class is something you will look forward after a week of work. For some, attending a class is a challenge. For others, it is a stress reliever.


    The class organized a KTV Christmas Party

    2. You can get promoted at work after you graduate.

    Not an assurance though. In the government, some posts require a Master’s degree to lead a division or a department. In the academe, you can get a higher rank.

    In the private sector, I’ve observed some seasoned managers have master’s degrees. Most of them have MBA’s.

    1. You learn something new.

    Sounds clichĂ© but that’s the truth. You will have classmates who will take the class just to pass and earn a degree. But majority of my classmates attend class to learn something new. I’m not a project manager. I have no project management experience but I am learning now (the hard way haha) for our capstone. I need to sell an IT business idea and make sure that I will gain profit. I learned different IS Policy frameworks and how to use them even if I’m not a manager. And I learned so much more…

    Here’s one of the learning logs I wrote in our Human Capital Management class.

    If you think these reasons are what you’re looking, then enroll now!

    I’m not advertising any school.haha  Just encouraging… 🙂




  • Justin Pineda 6:17 pm on February 20, 2016 Permalink | Reply  

    Vulnerability Proof-of-Concept and Analysis 

    The objective of this activity is to simulate and existing vulnerability (it can be an application, network, etc.) and create an analysis based on research. The ultimate goal is for the students to come up with an outlook of the vulnerability on how it has affected and will affect the computing world in the future.

    For instance, there Vulnerability X works on Platform Y.1. Computers need to update to Platform Y.2 to become protected. However, a lot of computers didn’t update because of compatibility issues. What will happen to these “unpatched computers?” How many of them are found in critical data centers etc? Will Vulnerability X evolve into a more complex and more dangerous vulnerability?

    Sample works:

    Android Rooting Vulnerability – Android Rooting

    iOs Jailbreak Vulnerability – iOS Jailbreak

    Heartbleed Vulnerability – Heartbleed

    Shellshock Vulnerability – Shellshock Vulnerability

    Remote Desktop Protocol Vulnerability – RDP

    Adobe Flash Vulnerability – Adobe Flash



  • Justin Pineda 5:41 pm on February 20, 2016 Permalink | Reply  

    Machine Project in Infosec 


    â– To be able to configure, implement an open-source security tool.

    â– To simulate a real-world attack scenario where the security tool can be used.

    â– To show how to configure necessary functionalities of the security tool.


    â– Each group will be assigned a specific security tool. Each group will research about the topic and download an open-source version of the tool.

    â– The group can use a recommended tool or look for a preferred application as long as it is open source.

    â– The group will configure and deploy a working prototype and simulate the functionalities of the tool with the prescribed test/s in a lab environment.

    â– The group will demonstrate the output in the 12th week of the term.


    â– Network Firewall (PFSense)

    â– NIDS- Network Intrusion Detection System (Snort)

    â– HIDS- Host Intrusion Detection System (OSSEC)

    â– WAF- Web Application Firewall (Iron Bee)

    â– Honeypot (Honeyd)

    â– DLP- Data Loss Prevention (OpenDLP)

    â– Anti Spam (SpamAssassin)


    Tool Test
    Firewall Allow/Block Website based on IP/hostname

    Allow/Block Website based on Category

    NIDS Detect a port scan

    Detect a backdoor connection

    HIDS Detect a keylogger

    Detect a port scan

    WAF Prevent a SQLi attack.

    Prevent a port scan.

    Honeypot Log port scan to server.

    Log remote access to server.

    DLP Prevent sending of email based on message

    Prevent sending of email based on file type

    Anti-Spam Detect SPAM based on message

    Detect SPAM based on quantity


    ■Week 3 – Finalization of security tool

    ■Week 6 – Security tool configured

    ■Week 7- 10 – Testing

    ■Week 12/13 – Project Demo + Documentation Submission

    Deliverables & Grading

    â– Working prototype 40%

    â– Tests completed 40%

    â– Documentation 20%

    Paper Format

    ■Abstract – Summary of your project

    ■Introduction – Discuss what the tool is all about

    ■Results and Discussion – Discuss the tests done (include screen shots)

    ■Conclusion – Lessons learned

    Sample Projects:

    Video Links

    IDS- SnortV1, SnortV2, SnortV3

    Honeypot – Honeybot, KFSensor

    Firewall – PFSense


    NIDS (Snort, Snorby and Barnyard Installation & Configuration) – comsecinstallation

    HIDS (OSSEC Installation, Configuration & Testing) – USER MANUAL OF OSSEC

    SPAM Filter (MailWasher) – INFOSEC_MachineProject_MailWasher

    Honeypot (Honeybot) – INFOSEC_MachineProject_Honeypot

  • Justin Pineda 4:21 pm on February 20, 2016 Permalink | Reply  

    Research Paper on Emerging Technologies 


    A Case Study will be held as an academic symposium during the midterms week to discuss various emerging technologies in the field of information security. Each group will be tasked to research on a specified topic, explore and answer key issues about the subject.

    As its culminating activity, an academic paper with a required format will be submitted and a 15-minute presentation will be presentation will be presented with the classmates and special faculty and industry guests. Question and answer will be followed after the presentation.


    1. Security in Social Networking Sites
      1. Cite current issues pertaining to crimes/violations in social networking sites. Describe the usual scenarios.
      2. Show some statistics on social networking related crimes.
      3. What are the actions taken by social networking organizations and government agencies?
      4. How do you see the future of social networking sites? Future attacks and remedy?
    2. Mobile Malware
      1. Can mobile devices get infected by malware?
      2. State news about devices getting infected. What happens to these devices?
      3. Show statistics on mobile malware.
      4. Is there an initiative from AV companies and government about it?
      5. How do you prevent mobile devices from getting infected?
    3. Business Continuity Planning (BCP) for Disaster Prone Areas
      1. Cite news of business disruption due to a disaster and its effects on the business.
      2. Show statistics of business losses due to either natural or man-made disasters.
      3. Are there initiatives/laws that require businesses for BCP?
      4. Discuss usual business continuity planning and disaster management and recovery plans.
      5. Discuss any standard/template regarding BCP.
    4. Internet Surveillance
      1. Is Internet surveillance possible?
      2. What are ways to conduct Internet surveillance?
      3. What are limitations of current security capabilities?
      4. What are solutions for existing Internet surveillance?
    5. Cybercrime Laws and Issues (choose scope)
      1. Discuss current cybercrime laws. (if there are any)
      2. Discuss issues that warrant cybercrime laws. Prove that there is a need for these laws.
      3. Discuss limitations and or threats of these cybercrime laws.
      4. Discuss if there is a need for more laws.
    6. Security in Automated Controlled Vehicles
      1. What are automated controlled vehicles?
      2. Why is there a need for automated controlled vehicles?
      3. Research companies that are utilizing these types of vehicles.
      4. Research for news that show threats on automated controlled vehicles.
      5. Discuss solutions for automated controlled vehicles.
    7. Drones
      1. History on the implementation of drones.
      2. News and development on drones.
      3. What are positive and negative issues (factual) on drones?
      4. Do drones bypass due process?
      5. Do drones violate privacy and freedom?


    The Case Study is 10% of your final grade.

    Group Grade is 70% (to be given by the professor)

    Individual Grade is 30% (to be given by the group leader; leader gets 100% in the individual grade)


    Content (Paper) – 50%

    Is the paper complete and comprehensive?

    Mastery – 30%

    Is the group knowledgeable on the topic?

    Did the group have the ability to analyze related real-world problems?

    Did the group answer the related questions?

    Delivery – 10%

    Did the group communicate the message properly?

    Presentation – 10%

    Did the presentation contain creative and comprehensible visuals?

    Required Sections in the Paper

    Section Description


    Abstract Your abstract is a maximum of 200-word summary of your case study. It describes briefly about your topic and what you intend to research further. You are establishing the boundaries of your study in the abstract.


    Introduction The introduction is a maximum of 300-word overview of the topic. This means you need to discuss the current technology of your topic. Discuss the features, benefits and limitations of the current technology.


    Problem Statement Based on your introduction, you have to establish your problem statement. What are the problems or issues that the current technology is facing? You have to state that piece by piece and justify why it has to be resolved.


    Results and Discussion Research and establish the solutions for the problems found in the problem statement. Explain processes and procedures of the solutions that you recommend and how it can be done.


    Conclusion and Recommendation Provide a conclusion of the case study that you have conducted. Based on your study, will your solutions be helpful in resolving the issues in the problem statement? Give recommendations that can be further investigated and researched in the future to strengthen your study. Make sure the recommendation is out of the scope of your study.


    References List all the references for your case study. You need to follow the IEEE reference format. For your guidance, you need to have at least:

    Five (5) technical references related to the topic (journal, scientific publication, conference proceeding)

    Five (5) news article reference related to the topic (newspaper, magazine)

    Three (3) books related to the topic.

    Note: Never plagiarize. It’s equivalent to cheating.


    Format of paper: MSW_A4_format

    For the presentation:
    1. Create a presentation of your paper. It should be a summary of all sections: Abstract, Introduction, Problem Statement, Discussion, Conclusion.
    2. Follow the 6×6 rule. Each slide should have a maximum of 6 bullet points with maximum of 6 words per bullet point.
    3. Use interesting font/colors. Use images that will help explain your paper.
    4. Everybody should have a part in the presentation.
    5. You have 15 minutes to present your paper followed by Q&A.
    6. Wear business attire for the presentation.

    1. Send a PDF copy of your final paper and PPT presentation to justinp@apc.edu.ph & pineda.justin@rocketmail.com with Subject- Case Study Final Deliverable – (Case topic) by Group (Group Name)
    2. Print a hard copy of the paper.
    3. Submit (1) & (2) requirements before the class.

    Sample papers:

    On Social Networking: Online Peers Can Mean Offline Perils, Online Peers Can Mean Offline Perils-Presentation

    On Mobile Malware: Prevalence of Malware in Mobiles (1), Prevalence of Malware in Mobiles

    On Internet Surveillance: Internet Surveilance by Team ZAFT_present, Internet Surveilance by Team ZAFT draft 4

    On Social Networking: Using Facebook in TOR, INFOSEC PDF

    On Internet Surveillance: Internet Surveillance

    On Drones: Drones Case Study (1), Drones

    On Cybercrime Law: Revised-Cybercrime

    On Mobile Malware: Mobile-Malware-A-Case-Study-in-Information-Security-1


  • Justin Pineda 8:12 am on September 19, 2015 Permalink | Reply
    Tags: , mobile security, websecurity   

    Vulnerability Scanning & Risk Mitigation Project 

    In INFOSEC, the focus of the discussion is a bird’s eye view of the different domains of Information Security. More importantly, the curriculum followed is the CompTIA Security+ lessons. The final project’s objective is to be able to explore on security tools and software such as firewall, IDS, honeypot and to demonstrate the functionalities by doing test scenarios.

    For COMSEC1, the focus shifts into a more specific topic on ethical hacking. The course discusses the steps on ethical hacking and its importance. For the final project, students are required to conduct a static code analysis and vulnerability scan in an existing project and fix the risks to an acceptable risk level.

    Some of the projects include:

    Web application – Web_COMSEC1

    Mobile application – Mobile_COMSEC1

Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc
%d bloggers like this: