Cyber Security Opportunities at Argonne

COAR is looking for creative individuals with strong problem-solving skills to join our dynamic group! As a cybersecurity team, our mission is to strengthen and defend our nation’s critical infrastructure by analyzing, developing, and implementing novel cyber solutions that penetrate three key areas: cyber intelligence, cyber physical, and cyber resilience.

Those joining in our mission will have the resources to pursue new research ideas, flexibility that supports a healthy work-life balance, and fulfillment through numerous career advancement and professional development opportunities.

This post was written by: COAR

Cyber Defense Competition – Puzzle #1

A Challenge.

Argonne National Laboratory’s Second Cyber Defense Competition (CDC) will be held on April 1, 2017.

Test your hacking skills by cracking puzzle #1.

There will be four puzzles, each of which increases in complexity.

The puzzle can be found here: Puzzle 1

May the odds be in your favor.

If you think you have the correct solution, email [email protected], and the puzzlemaster will let you know if you have successfully completed your mission.

47 6f 6f 64 20 4c 75 63 6b 0d 0a

This post was written for the 2017 Cyber Defense Competition.

Moving Target Defense Collaboration with AFRL, Ratheon BBN, and FIT

more-anim12-for_gif2In October, the COAR team launched an initial collaboration with the Air Force Research Laboratory, Ratheon BBN, and Florida Institute of Technology to test our Multiple OS Rotational Environment for Moving Target Defense (MORE MTD) technology. MORE is a rotational environment that runs an application on several different OS platforms to thwart attacker reconnaissance efforts and improve application resilience to the threat of zero day exploits. Read more about our Moving Target Defense technologies here.

This post was written by: Mike Thompson

International Cyber Incident Repository System: Information Sharing on a Global Scale

COAR team members Amanda Joyce and Nate Evans published an article entitled, “International Cyber Incident Repository System: Information Sharing on a Global Scale” in the George Mason University’s September/October Cybersecurity focused CIP Report. The CIP Report is a digital collection of articles written by various industry, government, academia, and national laboratories. The article looks to highlight the current information/intelligence sharing landscape and looks to propose a global cyber incident sharing system. This system would allow for a more global look at intelligence sharing in a controlled environment. To read the whole article, please visit: International Cyber Incident Repository System: Information Sharing on a Global Scale.

This post was written by: Amanda Joyce and Nate Evnas

Flip Feng Shui + Rowhammer: Attacking Neighbors in the Cloud

Modern cloud environments offer cheap access to virtual private servers (VPS) by sharing a server’s hardware to run multiple operating system instances on a single machine using virtualization software. One role of the virtualization software is to ensure the separation of resources between VPS instances to ensure each VPS acts as if it had its own physical hardware. While this separation is adequately maintained under normal operating conditions, hardware vulnerabilities in RAM such as Rowhammer can be exploited to allow one attacker VPS to manipulate data on another VPS hosted on the same server without explicit permission from the virtualization software.

Read more

Security of Electronic Voting in the United States

COAR team member Mike Thompson along with graduate research associate Charity King published an article entitled, “Security of Electronic Voting in the United States” in the George Mason University’s September/October Cybersecurity focused CIP Report. The CIP Report is a digital collection of articles written by various industry, government, academia, and national laboratories. The article looks to highlight the current high-profile 2016 presidential election and the potential for a cyber attack to disrupt or alter the data within voting machines. It summarizes that while a single cyber attack would be unlikely to bring down all the voting machines within the United States, any attack would impact the confidence level of the election. The article goes into the current landscape of voting machines and how industry manufacturers of the voting machine have drastically changed within the last decade. To read the whole article, please visit: Security of Electronic Voting in the United States.

This post was written by: Mike Thompson & Charity King

COAR Attends DEF CON 24

28821925312_a7758ea297_bWe’re a little late posting about this, but wanted to share the experience… DEF CON is a conference tailored to “hackers”, but grabs much attention from security professionals, students, and many hobbyists. The conference was founded in 1993 by Jeff Moss and has been held in Las Vegas, Nevada ever since. DEF CON has evolved to arguably the largest “hacking” and computer security conference in the world with over 22,000 attendees, according to Paul Szolda in his article “Here’s what happens when 20,000 hackers invade Las Vegas for a week of hacking, booze, and debauchery”.

Read more

COAR is Hiring!

The Cyber Operations, Analysis, and Research (COAR) team is hiring!
The program is growing and Argonne is opening several positions in cyber security, cyber analysis, and cyber research at all levels of appointment starting at the junior all the way to highest level, including leadership positions.

What We Do in COAR
The COAR team develops and implements the tools and provides the expertise to conduct extensive analysis to support Federal agencies, military sponsors, and commercial organizations in efforts to improve the security and resilience of their network design and operations. The COAR team has analyzed vulnerabilities and potential consequences within cloud infrastructure, blood banks, and industrial control systems, etc. The team also has current research being done in moving target defense, vehicle security, botnet research, and visualizing dependencies.

What do we do at Argonne
Argonne is a multidisciplinary science and engineering research center, where “dream teams” of world-class researchers work alongside experts from industry, academia and other government laboratories to address vital national challenges in clean energy, environment, technology and national security. We pursue big, ambitious ideas that redefine what is possible. Our pursuit of groundbreaking discoveries pushes the boundaries of fundamental science, applied science and engineering to solve complex challenges and develop useful technologies that can transform the marketplace and change the world.

Why Work at Argonne?
The world’s best and brightest cyber minds come to Argonne; minds that have a passion for excellence and a desire to apply their technical expertise to solve problems of national and global significance. The emphasis here is on work excellence in a relaxed atmosphere. Similar to a university campus, you will experience groups of employees working, talking, and walking together within Argonne’s wooded grounds formulating the next scientific breakthrough.

Take a look at the positions that are open within COAR today.
Cyber Security Analyst
Cyber Security Specialist
Cyber Analysis and Research Team Lead
Secure Operations and Hosting Section Lead
Cyber Security Intern : 192-GSS-1 OR 193-GSS-1

If you have any questions regarding these positions or the team please email [email protected].

This post was written by the COAR team.

Reverse Engineering Fake XP Antivirus Malware

Malware is one of the most common problems for the average computer user, which can result in unexpected behavior, slow response times, and possible privacy or data breaches. While the typical user may spend their time trying to remove malware,  security researchers spend their time exploring the inner workings of these programs. This process is called reverse engineering which focuses on finding out exactly what these programs do, how they do it, and how to recognize or defeat their malicious actions. This work can lead to better antivirus software which, in turn, can recognize and stop malware from running and as well as even reverse damage done to the infected computer.

Read more