Recent Updates Page 2 Toggle Comment Threads | Keyboard Shortcuts

  • Justin Pineda 12:06 pm on March 1, 2017 Permalink | Reply
    Tags: hydra, research conference   

    Proud of my students’ achievements @ UA&P event 

    Last February 24, 2017, me and my undergraduate students went to the University of Asia and the Pacific (UA&P) in Pasig City to present their project Hydra in a school-initiated research conference.

    The event was not very big but various students from undergrad to PhD were prepared to present their papers. I was really pushy but cautious to my students at the same time- I would like to guide them in their project and prepare them to present it by themselves in front of academicians.

    img_20170224_143541

    A copy of the Parallel Session schedule and Abstract

    And so the day came… my students Kent and Letty created their presentation slides. I told them to limit it to 6-10 slides only and practice explaining their project in the simplest and shortest way possible… which they were able to do very well.

    That moment when my student started presenting made me feel proud as their teacher. 🙂

    Congrats Kent and Letty for a job well done! Although I still have a lot of waiting to do for the expense reimbursement haha

     

    img_20170224_175416

    With my students, Kent Miculob and Letty Laureta

    To read the paper we submitted, you may visit this link.

     

    Post statement- Use an old Roman encryption to decrypt the message below

     

     
  • Justin Pineda 8:31 am on February 19, 2017 Permalink | Reply
    Tags: exam preparation, giac, gmob, gwapt, sans   

    8 Helpful Things You can do to Prepare and Pass a GIAC exam 

    Roughly one year after I passed the GIAC Web Application Penetration Tester (GWAPT) exam, I took the GIAC Mobile Device Security Analyst (GMOB). I became one of a less than a thousand professionals who earned the certification. One of the observations that I have is that preparations I did for both exams were pretty much the same- from the length of time I studied and the manner I created the index etc.

    I decided to write this article to help those people who are planning or studying for any GIAC exam. I also compared my preparation to others who took a different GIAC exam and the results are pretty much the same.

    I am providing exam preparations for those who are taking either the SANS boot camp (live) or a SANS on-demand course. I’m not in the position to provide tips for those taking a challenge exam because I haven’t tried it. (those who don’t have any SANS materials and solely rely on their own resources matching the GIAC exam objectives)

    So here it goes…

    8.Read all the SANS books at least 3 times .

    I know it’s quite lengthy and some people have a tendency to just read the chapter summary. But you have to read the books and its entirety. SANS sticks to its course materials. There will be a lot of trick questions along the way but all the questions will come from the course materials.So if you miss the details, then you miss the opportunity to answer it. Believe me, the summary won’t exactly tell you the specific directory where that certain Trojan hides the file.  You need to have read it.

    Also, based on my my experience, almost 50-50 of the questions in exam are theoretical and application questions. The exam won’t only check if you know how to use the tools. It will also check if you understood why, when and where to use them. These things will be explained in the books.

    Why read the books at least 3 times? The first time you read the materials, I’m sure it’s going to be information overload. But it will give you a grasp of the width and depth of the exam. You will be able to scope your study. You can start using post-its to mark the chapters of the books. The second time you read, you will give time to understand the lessons in the materials. You may start doing your index that time. The third time you read the materials, you it will refresh you with the things you already know and you can get back to the topics you might have missed.

    7.Do all the lab exercises and explore the other functionalities of the tools.

    When you go to the SANS training, you will be receiving a USB containing all the tools and lab environment that you need. You need to do all the lab exercises. Some of the tools might be familiar to you like Wireshark, Cain, Whois etc. Do the exercises still because depending on the course, the tools may be used in a different way.

    Also, be aware of the tools that are introduced in the book but don’t have any lab exercises. There are questions that will ask you about that tool and you need to have an idea how to use it.

    And don’t expect questions that ask for the same commands or actions that were used in the lab exercises. The exam will give a different scenario using different commands and functionalities of the tool. So it’s best to explore the functionalities of the tool other than the things that were given in the exercise.

    6.Create your index for the topics.

    As you would know, GIAC exams are open notes. And usually in class, the exams that are open notes are not easy exams. haha You might be tempted to skip the study and search the answers in the books during exam. That’s not good at all. You only have approximately 1.5 minutes to answer an item in the exam.

    One of the traditional ways to do it is through creating your index of the topics and tools. It can be done in MS Word or MS Excel depending on your need. You can even use a notebook to write down the notes handwritten.

    The goal of the index is to help you recall what the specific details in that topic are. There should be a short description about it and a reference on what book, chapter and page you can find more information about it.

    The goal of the index is not to copy paste the contents in the book in a different paper. That won’t be helpful. Just summarize the topic and write the reference where you can find it.

    Ideally, your index should be around 3-5 pages long.

    5.Create another index for the tools.

    When you study for the exam, you will be studying and using around 100+ tools. It’s also best to create index indicating specifically the purpose of the tool is, the known commands, the interface type (GUI or CLI) and for what platform/s it can run.

    You can put reference to the page of the book as well if that tool has a lot of notable very long commands.

    4.Set a date for your exam so you will be motivated to study.

    You have four (4) months  after the training or initial subscription to take the exam. Personally, I think that’s already a long time. With this type of time frame, you might have the notion thinking that you have a lot of time. To avoid this type of thinking, set the exam in advance so that you will be motivated (and forced) to study to meet that deadline.

    Also, don’t schedule the exam very late like setting it up on the last day that you can possibly take the exam. Provide a buffer because unavoidable incidents might happen like typhoons or flooding in the Philippines can disrupt the operations of exam centers. (or other personal issues like sickness etc) You will have to pay additional fees if you will take the exam beyond the 4-month period.

    Also, GIAC allows rescheduling of exam at least 24-hours prior from the actual date of the exam. Providing a buffer will give you a time to reschedule for free.

    3.Treat the Practice Tests like it’s the actual exam.

    SANS will provide you two (2) practice tests that simulate the certification exam. The questions there will show you the way they ask questions in the actual exam. Personally, I think the tuning point for your review is when you take the first practice test. It will tell you exactly afterwards in what exam domains you need to improve on.

    Important note: Treat the practice tests like the actual tests. In my experience, I took the practice tests free from any work or pressure. I took the practice test after I rested well. I also took the practice test in a closed room with proper ventilation and lighting, similar to the actual testing center.

    You can opt to choose to see the explanation of the wrong answers or all the answers. My default choice is to show the explanation of all the answers.

    Another important note: Don’t expect that the questions in the practice tests will appear in the exam. These practice tests will only provide you the feeling of taking the exam. You will be disappointed if you will just memorize the questions thinking that these will appear in the actual exam. haha

    2.Go to the Exam Center at least an hour early with your books, index and exam permit.

    Research very well about the Exam Center where you will be taking your exam. Check the online forum and see what people say about the exam center. Remember, that’s where you will be taking the $1,000 USD exam! It has to be able to provide the best environment for you that day. I have been taking my exam in TrendsNet in Makati. The building is already old and the elevators are slow but the exam center is newly renovated. The exam rooms are comfortable, quiet and clean. There’s no parking area so whenever I take the exam, it’s either I take a taxi, Uber or park the car in the mall. The staff is very accommodating and friendly. They are familiar how to handle GIAC exams.

    You need to be in the Exam Center early because they are strict with the time slots you have reserved to. It is better to be early than late. They won’t allow you to take the exam if you’re late and you  need to pay a penalty of around $150.

    It pays to be early because it will give you time to relax and take time to go to the restroom and do your last minute preparations. The exam center will also permit you to take the exam early if there are free slots that time.

    1.Pray hard and find time to relax.

    I’m not religious but I find time to pray, talk to God and ask for guidance. Praying gives me a positive vibe. I also find time to relax after a study time like having a massage, eating ice cream etc. haha These small things help me take things positively. Praying and relaxing surely helped me in passing the exam.

    These are some of the things that you can do to prepare for the exam.I hope these tips will help!

    Good luck for those who are studying/ will be taking the exam soon.

    For those who have taken the exam, what are your exam preparation tips? 🙂

     
  • Justin Pineda 1:58 pm on January 7, 2017 Permalink | Reply  

    7 reasons why you should take up a Master’s degree 

    I’m currently preparing for my final term for my Master in Information Systems (MIS) degree. It’s a short break from the stress in school. Looking at what I’ve learned and accomplished so far, I would like to share my top 7 reasons why you should take up a Master’s degree. (I’m not going to discuss what course to take or which school should you go to. That will be in a another blog post. 🙂 )

    7. You will meet new friends.

    They say that in grad school, having 10 students in a class is already big. In the class, there will be mixed types of people- from young professionals to management-level to self-employed individuals. There will also be returnees or transferees who will join the class. Since a lot of them will be your classmates for a couple of terms, you spend a lot of time with them during and after class.

    And you will be friends with them in no time similar to your college experience! This time, you won’t be limited to your age group. You can be a young professional and make friends with a senior manager or even a mother. And that’s fine. 🙂

    mis3

    Our Managerial Accounting class.

    mis5

    My consistent group mates hehe

    6. It’s a requirement for you to be able to teach in the Philippines.

    It’s a plain and simple requirement in the Philippines. I cannot argue and elaborate more on that. I will write another post about to pros and cons about the vertical articulation by Commission on Higher Education (CHED). Anyway for now, getting a master’s degree will make you qualified to teach.

    I just have to put my disclaimer right away that I know a lot of people who have graduate degrees but incompetent in their fields (and/or don’t possess the teaching hand). I’m sorry I just have to say it because there are still a lot who pursue the degree for the “title” and “compliance.”

    5. You can build your network of professionals that can help you in your career.

    One of my professors in the grad school said that with the variety of students who enroll in the class, he can already build a company with all of us have different roles.I agree with him. Your classmates come from different industries and fields. You can help each other out at work. I have classmates who are in banking, government, project management, academe etc. They can help you look for a job or do your job well. haha

    My professors helped me link to some consulting opportunities which I won’t be able to find had I not enrolled in grad school. The world in the corporate is quite enclosed that’s why you need an outlet to spread the network.

     4. You get to learn from experiences rather than plain textbooks.

    More than the degree, one of the main reasons why I enrolled in grad school is to listen to my classmates and professors’ stories- experiences in work that helped them succeed or even led them to failure. I can read books or Google stuff or even watch tutorials in You Tube. But to listen to the experiences is something you’ll only get if you’re in class.

    3. You have something to look forward after your routinary work.

    You will have classmates who still slack in some instances and those who are teacher’s pets. haha There are also those who study in advance and submit the deliverable very early. You’ll have classmates who don’t  have anything to submit too! haha In any case, attending the class is something you will look forward after a week of work. For some, attending a class is a challenge. For others, it is a stress reliever.

    mis6

    The class organized a KTV Christmas Party

    2. You can get promoted at work after you graduate.

    Not an assurance though. In the government, some posts require a Master’s degree to lead a division or a department. In the academe, you can get a higher rank.

    In the private sector, I’ve observed some seasoned managers have master’s degrees. Most of them have MBA’s.

    1. You learn something new.

    Sounds clichĂ© but that’s the truth. You will have classmates who will take the class just to pass and earn a degree. But majority of my classmates attend class to learn something new. I’m not a project manager. I have no project management experience but I am learning now (the hard way haha) for our capstone. I need to sell an IT business idea and make sure that I will gain profit. I learned different IS Policy frameworks and how to use them even if I’m not a manager. And I learned so much more…

    Here’s one of the learning logs I wrote in our Human Capital Management class.

    If you think these reasons are what you’re looking, then enroll now!

    I’m not advertising any school.haha  Just encouraging… 🙂

     

     

     

     
  • Justin Pineda 4:20 pm on January 2, 2017 Permalink | Reply  

    Presented at the 14th NCITE and toured Dipolog City 2016 

    It was my first time to submit a research paper in a national conference. In the academe, getting support is a challenging task because you need to convince the admin that the paper you will be presenting is worth the expenses.

    I’m happy that my boss, the dean of the school was supportive of this initiative. The research was about how to detect anonymous traffic within a local area network (LAN) using different patterns. You can read my paper here and here.

    I submitted the paper twice because of the recommendations given by the reviewers. Overall, the paper got a good rating and was given a go signal for presentation.

    20161021131648_img_1299

    Before presenting… Didn’t expect that the PM session will be moved in the auditorium!

    20161021133846_img_1307

    While presenting…

    15841041_10206116164863035_690201525_n

    With my students and co-authors, Aliana Lachica and Wisdom Abinal; my supportive fiancee, Ashley beside me

    ncite4

    With my former professor in PLM, Dr. Neil Balba, who was the session facilitator

    ====================

    The travel time from Manila to Dipolog is around 50 minutes. I stayed in Hotel Camila 1 which is 15 minutes away from the airport. Most of the hotels provide a service from the airport to their place.

    The hotel I stayed in was modest but it had the basic amenities in a usual hotel. For the 3 nights I stayed, I only paid around 3,300 pesos, although I had to buy breakfast on my own.

    Dipolog is generally safe. The city is not yet fully developed and the mode of commute around the place is through tricycles. I was surprised because majority of the time that I was in the hotel, a lot of the people there were carrying guns. Some of them were in military uniform while others were not.

    There were a couple of times too that we (Ashley and I) felt that somebody was following us. That’s why I advise those who plan to visit to remain vigilant and alert always.

    The tricycle drivers, waiters and waitresses, vendors, receptionists and majority of those I interacted with were helpful and hospitable. We were able to walk around the famous boardwalk at the Sunset Blvd. and had food trips in different restaurants/cafe such as D’Hotel and Chapters A Book Cafe. One notable thing with their food is that it is cheap but with quality.

    ncite3

    From the airport

    ncite2

    At Sunset Blvd.

    img_20161022_105635

    Selfie with Ashley en route to the Dipolog airport c/o Hotel Camila’s service

    img_20161020_111130

    One of Dipolog’s Modern malls. 🙂 

    img_20161020_110749

    Our Lady of the Most Holy Rosary Cathedral

     
  • Justin Pineda 7:42 am on March 21, 2016 Permalink | Reply  

    A Primer on Ethical Hacking & Information Security for Senior High 

    In partnership with the Admissions and Marketing office of Asia Pacific College (APC), I was invited to give a short talk on Information Security education to incoming Senior High students. Students from different schools attended the seminar.

    Slides used in the seminar can be downloaded here: A Primer on Ethical Hacking & Information Security

     
  • Justin Pineda 7:35 am on March 21, 2016 Permalink | Reply  

    Ethical Hacking & Information Security for PATTS faculty 

    Last Feb 25, 2016, I was invited by PATTS to give a talk for their faculty members about Ethical Hacking and Information Security. I would like to thank their VP for Academic Affairs, Engr. Lorenzo Naval and VP for Student Affairs Dr. Emelita Javier for the heartwarming accommodation in your school.

    To view my presentation for the event, you may see it here: PATTS_Ethical Hacking & Information Security

     
  • Justin Pineda 6:17 pm on February 20, 2016 Permalink | Reply  

    Vulnerability Proof-of-Concept and Analysis 

    The objective of this activity is to simulate and existing vulnerability (it can be an application, network, etc.) and create an analysis based on research. The ultimate goal is for the students to come up with an outlook of the vulnerability on how it has affected and will affect the computing world in the future.

    For instance, there Vulnerability X works on Platform Y.1. Computers need to update to Platform Y.2 to become protected. However, a lot of computers didn’t update because of compatibility issues. What will happen to these “unpatched computers?” How many of them are found in critical data centers etc? Will Vulnerability X evolve into a more complex and more dangerous vulnerability?

    Sample works:

    Android Rooting Vulnerability – Android Rooting

    iOs Jailbreak Vulnerability – iOS Jailbreak

    Heartbleed Vulnerability – Heartbleed

    Shellshock Vulnerability – Shellshock Vulnerability

    Remote Desktop Protocol Vulnerability – RDP

    Adobe Flash Vulnerability – Adobe Flash

     

     

     
  • Justin Pineda 5:41 pm on February 20, 2016 Permalink | Reply  

    Machine Project in Infosec 

    Objectives

    â– To be able to configure, implement an open-source security tool.

    â– To simulate a real-world attack scenario where the security tool can be used.

    â– To show how to configure necessary functionalities of the security tool.

    Tasks

    â– Each group will be assigned a specific security tool. Each group will research about the topic and download an open-source version of the tool.

    â– The group can use a recommended tool or look for a preferred application as long as it is open source.

    â– The group will configure and deploy a working prototype and simulate the functionalities of the tool with the prescribed test/s in a lab environment.

    â– The group will demonstrate the output in the 12th week of the term.

    Tools

    â– Network Firewall (PFSense)

    â– NIDS- Network Intrusion Detection System (Snort)

    â– HIDS- Host Intrusion Detection System (OSSEC)

    â– WAF- Web Application Firewall (Iron Bee)

    â– Honeypot (Honeyd)

    â– DLP- Data Loss Prevention (OpenDLP)

    â– Anti Spam (SpamAssassin)

    Tests

    Tool Test
    Firewall Allow/Block Website based on IP/hostname

    Allow/Block Website based on Category

    NIDS Detect a port scan

    Detect a backdoor connection

    HIDS Detect a keylogger

    Detect a port scan

    WAF Prevent a SQLi attack.

    Prevent a port scan.

    Honeypot Log port scan to server.

    Log remote access to server.

    DLP Prevent sending of email based on message

    Prevent sending of email based on file type

    Anti-Spam Detect SPAM based on message

    Detect SPAM based on quantity

    Milestones

    ■Week 3 – Finalization of security tool

    ■Week 6 – Security tool configured

    ■Week 7- 10 – Testing

    ■Week 12/13 – Project Demo + Documentation Submission

    Deliverables & Grading

    â– Working prototype 40%

    â– Tests completed 40%

    â– Documentation 20%

    Paper Format

    ■Abstract – Summary of your project

    ■Introduction – Discuss what the tool is all about

    ■Results and Discussion – Discuss the tests done (include screen shots)

    ■Conclusion – Lessons learned

    Sample Projects:

    Video Links

    IDS- SnortV1, SnortV2, SnortV3

    Honeypot – Honeybot, KFSensor

    Firewall – PFSense

    Documentation

    NIDS (Snort, Snorby and Barnyard Installation & Configuration) – comsecinstallation

    HIDS (OSSEC Installation, Configuration & Testing) – USER MANUAL OF OSSEC

    SPAM Filter (MailWasher) – INFOSEC_MachineProject_MailWasher

    Honeypot (Honeybot) – INFOSEC_MachineProject_Honeypot

     
  • Justin Pineda 4:21 pm on February 20, 2016 Permalink | Reply  

    Research Paper on Emerging Technologies 

    Introduction

    A Case Study will be held as an academic symposium during the midterms week to discuss various emerging technologies in the field of information security. Each group will be tasked to research on a specified topic, explore and answer key issues about the subject.

    As its culminating activity, an academic paper with a required format will be submitted and a 15-minute presentation will be presentation will be presented with the classmates and special faculty and industry guests. Question and answer will be followed after the presentation.

    Topics

    1. Security in Social Networking Sites
      1. Cite current issues pertaining to crimes/violations in social networking sites. Describe the usual scenarios.
      2. Show some statistics on social networking related crimes.
      3. What are the actions taken by social networking organizations and government agencies?
      4. How do you see the future of social networking sites? Future attacks and remedy?
    2. Mobile Malware
      1. Can mobile devices get infected by malware?
      2. State news about devices getting infected. What happens to these devices?
      3. Show statistics on mobile malware.
      4. Is there an initiative from AV companies and government about it?
      5. How do you prevent mobile devices from getting infected?
    3. Business Continuity Planning (BCP) for Disaster Prone Areas
      1. Cite news of business disruption due to a disaster and its effects on the business.
      2. Show statistics of business losses due to either natural or man-made disasters.
      3. Are there initiatives/laws that require businesses for BCP?
      4. Discuss usual business continuity planning and disaster management and recovery plans.
      5. Discuss any standard/template regarding BCP.
    4. Internet Surveillance
      1. Is Internet surveillance possible?
      2. What are ways to conduct Internet surveillance?
      3. What are limitations of current security capabilities?
      4. What are solutions for existing Internet surveillance?
    5. Cybercrime Laws and Issues (choose scope)
      1. Discuss current cybercrime laws. (if there are any)
      2. Discuss issues that warrant cybercrime laws. Prove that there is a need for these laws.
      3. Discuss limitations and or threats of these cybercrime laws.
      4. Discuss if there is a need for more laws.
    6. Security in Automated Controlled Vehicles
      1. What are automated controlled vehicles?
      2. Why is there a need for automated controlled vehicles?
      3. Research companies that are utilizing these types of vehicles.
      4. Research for news that show threats on automated controlled vehicles.
      5. Discuss solutions for automated controlled vehicles.
    7. Drones
      1. History on the implementation of drones.
      2. News and development on drones.
      3. What are positive and negative issues (factual) on drones?
      4. Do drones bypass due process?
      5. Do drones violate privacy and freedom?

    Grading

    The Case Study is 10% of your final grade.

    Group Grade is 70% (to be given by the professor)

    Individual Grade is 30% (to be given by the group leader; leader gets 100% in the individual grade)

    Criteria

    Content (Paper) – 50%

    Is the paper complete and comprehensive?

    Mastery – 30%

    Is the group knowledgeable on the topic?

    Did the group have the ability to analyze related real-world problems?

    Did the group answer the related questions?

    Delivery – 10%

    Did the group communicate the message properly?

    Presentation – 10%

    Did the presentation contain creative and comprehensible visuals?

    Required Sections in the Paper

    Section Description

     

    Abstract Your abstract is a maximum of 200-word summary of your case study. It describes briefly about your topic and what you intend to research further. You are establishing the boundaries of your study in the abstract.

     

    Introduction The introduction is a maximum of 300-word overview of the topic. This means you need to discuss the current technology of your topic. Discuss the features, benefits and limitations of the current technology.

     

    Problem Statement Based on your introduction, you have to establish your problem statement. What are the problems or issues that the current technology is facing? You have to state that piece by piece and justify why it has to be resolved.

     

    Results and Discussion Research and establish the solutions for the problems found in the problem statement. Explain processes and procedures of the solutions that you recommend and how it can be done.

     

    Conclusion and Recommendation Provide a conclusion of the case study that you have conducted. Based on your study, will your solutions be helpful in resolving the issues in the problem statement? Give recommendations that can be further investigated and researched in the future to strengthen your study. Make sure the recommendation is out of the scope of your study.

     

    References List all the references for your case study. You need to follow the IEEE reference format. For your guidance, you need to have at least:

    Five (5) technical references related to the topic (journal, scientific publication, conference proceeding)

    Five (5) news article reference related to the topic (newspaper, magazine)

    Three (3) books related to the topic.

    Note: Never plagiarize. It’s equivalent to cheating.

     

    Format of paper: MSW_A4_format

    For the presentation:
    1. Create a presentation of your paper. It should be a summary of all sections: Abstract, Introduction, Problem Statement, Discussion, Conclusion.
    2. Follow the 6×6 rule. Each slide should have a maximum of 6 bullet points with maximum of 6 words per bullet point.
    3. Use interesting font/colors. Use images that will help explain your paper.
    4. Everybody should have a part in the presentation.
    5. You have 15 minutes to present your paper followed by Q&A.
    6. Wear business attire for the presentation.

    Deliverable:
    1. Send a PDF copy of your final paper and PPT presentation to justinp@apc.edu.ph & pineda.justin@rocketmail.com with Subject- Case Study Final Deliverable – (Case topic) by Group (Group Name)
    2. Print a hard copy of the paper.
    3. Submit (1) & (2) requirements before the class.

    Sample papers:

    On Social Networking: Online Peers Can Mean Offline Perils, Online Peers Can Mean Offline Perils-Presentation

    On Mobile Malware: Prevalence of Malware in Mobiles (1), Prevalence of Malware in Mobiles

    On Internet Surveillance: Internet Surveilance by Team ZAFT_present, Internet Surveilance by Team ZAFT draft 4

    On Social Networking: Using Facebook in TOR, INFOSEC PDF

    On Internet Surveillance: Internet Surveillance

    On Drones: Drones Case Study (1), Drones

    On Cybercrime Law: Revised-Cybercrime

    On Mobile Malware: Mobile-Malware-A-Case-Study-in-Information-Security-1

     

     
  • Justin Pineda 7:01 am on November 22, 2015 Permalink  

    Process Scheduling Course Notes in Operating Systems 1 (OPESYS1) 

    This content is password protected. To view it please enter your password below:

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
%d bloggers like this: