Request Info

1st step 2nd step 3rd step
Provide your information below and an Admissions Advisor will contact you shortly to answer your questions about UAT and your Advancing Technology degree program of interest.

 
 
Next
Previous
 
Next
University of Advancing Technology (UAT) is pleased to provide you with additional information about the college and its programs. By hitting submit, you give us permission to use either direct-dialed, autodialed and/or pre-recorded telemarketing to call or text you at the phone number you provided. Please note that such consent is not required to attend UAT.
Previous
 
Submit

ABOUT UAT
University of Advancing Technology is an elite, private college that serves its student body by fostering knowledge creation and academic excellence in an environment that embraces the young technophiles of the world. With three centers of research and a suite of technology-centered undergraduate and graduate degrees, the University is a recognized leader in technology education.

Learn More About UAT

    GitHub Wants Your Policy Proposals


    In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their policies for server...

    In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their policies for server configuration and standardizing metrics for use by developers on GH. With everything from indexing methodologies to configuration policies, GH has started a campaign that is aimed at gathering policy proposals from the developer community, in order to get a more diverse view of the situation and a wider range of potential solutions. A couple examples of proposed policies already are from GitHub developers TC39 and WebAssembly, covering a proposed indexing method and content security policies, respectively.

    GitHub

    TC39’s proposal covers a relative indexing method that is being requested to be added to JavaScript, which would enable the user to access the index of an array using negative indexing syntax. This method does not exist in JavaScript, as it doesn’t allow the user to count from the back of an array. This method does exist in Python, but since Python is not built for the web, the only methods for web-based developing are hacked together and insecure. The policy proposal by WebAssembly is a sandbox-type security model, that enables modules that were developed in GitHub to have limited interaction with the host, compensating for security issues such as the manipulation of return addresses or other stack data from the host.

    GitHub’s encouragement of policy creation by its developers isn’t something that resulted directly from this Twitch leak – however, it has most certainly had an influence on their search for, response to, and implementation of developer policies in the future. Had some of these policies and methodologies been implemented before the leak, chances are, the configuration issue that resulted in a third-party gaining access would have been closed off, and millions of lives and livelihoods would not have been destroyed. Despite the basis for this attack, which, according to 4chan, is because Twitch is a ‘toxic cesspool’ (which I will not disagree with), it still disrupted the daily routines and income of many. Building a wider base of policy proposals (which you can contribute to here) and new approaches to online functions, we can only hope that GH and other source-hosting services can prevent such disasters in the future.


    References

    GitHub. (2021). Setting policies for organizations in your enterprise account. Retrieved from https://docs.github.com/en/github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account 

    GitHub. (2021). GitHub policy · GitHub. Retrieved from https://github.com/about/developer-policy/ 

    GitHub. (2021, August 9). Defining Standardized GitHub Metrics for International Development, Public Policy and Economics Research and Indexes. Retrieved from https://socialimpact.github.com/assets/img/GitHub_RFP-StandardizedMetrics_FINAL.pdf 

    GitHub. (n.d.). ECMA TC39. Retrieved from https://github.com/tc39 

    GitHub. (n.d.). Tc39/proposal-relative-indexing-method: A TC39 proposal to add an .at() method to all the basic indexable classes (Array, string, TypedArray). Retrieved from https://github.com/tc39/proposal-relative-indexing-method 

    GitHub. (n.d.). WebAssembly. Retrieved from https://github.com/WebAssembly 

    Hamilton, I. A. (2021, October 7). Twitch gave a brief explanation for the giant leak that exposed creator payouts, source code, and more. Retrieved from https://www.businessinsider.com/twitch-leak-hacked-explained-how-hackers-breached-data-2021-10?op=1 

    Kumar, M. (2021, September 20). Request for proposals: Defining standardized GitHub metrics. Retrieved from https://github.blog/2021-08-31-request-for-proposals-defining-standardized-github-metrics/ 

    Shape_Grifter. (2021, October 6). Twitch hacked, entirety leaked on 4Chan. Retrieved from https://gaming.ebaumsworld.com/articles/twitch-hacked-entirety-leaked-on-4chan/87000534/#:~:text=space%2C%E2%80%9D%20calling%20Twitch%20a-,%E2%80%9Ctoxic%20cesspool.%E2%80%9D,-Which%20is%2C%20admittedly 

    TC39. (2021, August 3). Tc39/proposal-relative-indexing-method: A TC39 proposal to add an .at() method to all the basic indexable classes (Array, string, TypedArray). Retrieved from https://github.com/tc39/proposal-relative-indexing-method 

    W3schools. (n.d.). Python string negative indexing. Retrieved from https://www.w3schools.com/python/gloss_python_string_negative_indexing.asp 

    read more
    less

    2FA Cyber Support


    How Two-Factor Authentication Aids Cybersecurity Two-Factor authentication is a vital piece of the cyber security puzzle. By adding an additional layer of protection to our authentication methods, we can enhance our security and defend against many forms of attack that would normally ruin our day. ...

    How Two-Factor Authentication Aids Cybersecurity

    Two-Factor authentication is a vital piece of the cyber security puzzle. By adding an additional layer of protection to our authentication methods, we can enhance our security and defend against many forms of attack that would normally ruin our day. 

    Two-Factor authentication, or 2FA, is a process in which you possess an object that typically provides a rotating code to be used in addition to your typical username and password. These codes are usually referred to as one time pass codes (OTP) when provided by SMS and Time-Based one-time password (TOTP) when provided by an application like Google Authenticator. 

    So if there are at least two forms of 2FA, which one is better?

    It is ALWAYS better to use a tool like Google Authenticator than to use SMS. SMS is vulnerable to an attack in which bad actors intercept your cell phone messages. This type of attack is not rare and companies like Coinbase and others have all been affected by this type of attack. Therefore you should always use a tool like Google Authenticator or similar when offered the chance to do so.

    2FA is invaluable for keeping your accounts safe, but not all 2FA is created equal. Do your best to use the top protection available, but also understand that many companies will not use alternative methods to SMS because it is easier to implement, even if it is less secure.

    Regardless, you should use the tool that is available to you and don't hesitate to request better protections from companies you do business with.

    kelly-sikkema-mouse-unsplash


    SECURE YOUR FUTURE WITH A CYBER SECURITY DEGREE

    Network Security degree students will use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

    Don't wait. Apply now!

    read more
    less

    Zero Day: the Cyber Glitter Bomb


    Welcome to Zero Day  No, it’s not the day when people are celebrated for the lack of accomplishments in their life. Keeping with the times and our ever-evolving language, “Zero Day” isn’t even a day at all. It’s more of an awareness. And, at that, it’s an...

    Welcome to Zero Day 

    No, it’s not the day when people are celebrated for the lack of accomplishments in their life. Keeping with the times and our ever-evolving language, “Zero Day” isn’t even a day at all. It’s more of an awareness. And, at that, it’s an awareness of vulnerability—the vulnerability in a piece of software.  

    But Zero Day is too cool and ominous-sounding to be the label for something so metaright? 

    That’s true. But what warrants its cool/ominous epithet is that this vulnerability isn’t necessarily known by the guys in the white hats.  

    See, as soon as anyone—including the guys in the black hats—finds a vulnerability in your favorite app, operating system, website, etc., that’s a Zero Day. And all the bad stuff that can occur because of this awareness is also wrapped up in this terrible glitter bomb we call Zero Day. 

    Zero Day: The Origin Story 

    “Zero Day” now refers to the number of days since a particular app’s vulnerability has become exposed, but that wasn’t always the case. 

    Once upon a time, when apps were called programs and the internet was beginning to stir in the primordial ooze that was made up of the digital bulletin board systems (BBS) around the world, the idea of Zero Day came into being. 

    Back in those dark times, hackers would prowl the internet looking for software to steal and pirate on the BBS. 

    It became something of a competition to steal a program as soon as possible and then post the number of days since its public release alongside the pirated program itself. The digital pirates would break into the systems housing a piece of software that was ready for release, yet unreleased to the public. When such a program was stolen from hard-working software developers, the pirated software fell into the ignoble class of Zero Day software. 

    Because of this, the idea of a Zero Day became synonymous with vulnerability, and now, even into today’s much more digitally advanced age, the name has stuck. 

    Cyber Skeleton

    Noteworthy Zero Day Instances Making Headlines 

    Zero Day attacks occur several times every year and with unpleasant implications for everyday people. 

    In what might be the most devastating Zero Day hack attack in the brief but brilliant time civilization has been accelerating down the information superhighway came the Zero Day attack that befell Sony Pictures in 2014. And while the exact vulnerability that led to the attack is still unknown to the public, the results are well-documented.  

    For weeks, hackers tromped around the corporation’s system network, stealing everything they could get their hands on. From emails and confidential employee records to financial data, unreleased movie scripts and even a handful of finished movies, they stole all of this and published it all on multiple file share websites. Then, to really rub salt in the wound, they completely wiped Sony’s network. 

    A few years later, in 2016 a Russian cybercriminal found another major Zero Day vulnerability that he sold on the dark web. This particular vulnerability allowed the wielder to gain admin-level rights on any Windows-based machine using the current Windows 10. It had the added benefit of being backwards compatible all the way to Windows 2000. Used alongside other malware that would give a hacker basic access to an innocent person’s operating system, this vulnerability was able to hurt everyone from corporations to the innocent individual. 

    In 2017, exploiting a zero-day vulnerability in Microsoft Word, hackers were able to trick users into clicking ‘yes’ on a seemingly benign pop-up, only to have their bank accounts exposed.  

    And in 2020, with most of the world working from home and using Zoom to stay in touch with co-workers and loved ones, hackers found multiple zero-day instances in the beloved app allowing them to remotely access a user’s operating system. If that user had admin privileges, then the hacker had free reign over all their personal data. 

    How a Zero Day Makes the Bad Things Happen 

    Hackers and cybercriminals use a variety of techniques to seek out the vulnerabilities in the software and apps we all know, love and use every day, like an automated static analyzer.  

    This type of tool analyzes the program without actually running the program (that would be a dynamic analyzer). And it doesn’t analyze the program like we would if we were using it. It actually pokes and prods at the source code itself to find the weaknesses that are likely hidden from normal use.  

    Another common method for exploiting Zero Day issues is an old favorite of the internet: phishing.  

    You know this trick. The bad guys send out an email in broken English to people like your Uncle Terry, promising riches to whoever clicks on their suspicious hyperlink string of alphanumeric characters. Uncle Terry already has a bad leg and is barely making it on government help, so what does he have to lose? He clicks the link and winds up on some crazy website filled with GIFs of flying monkeys singing the theme song to Donnie Darko before realizing he’s been had. Yes, he shuts down the browser, but not before his computer downloads all sorts of files from the malicious website. Files that are now sitting on Uncle Terry’s computer. Now, everything Uncle Terry does, from watching cat videos to reapplying for government help and sending out resumes for his next job—giving out his social security number and other personal details with abandon—have now found their way onto the darker side of the internet. 

    And those files that are sitting on his computer, they aren’t just stealing his information. They are viruses and worms and ransomware, or at least the seeds of them. Remember that Zero Day from the Russian cybercriminal? What if some of his files were uploaded during the opening insane melody of the Donnie Darko theme? At night while Uncle Terry has nightmares of flying monkeys, the guys in the black hats can access Uncle Terry’s computer and do all sorts of bad things in Uncle Terry’s name. And the really awful thing is that the bad guys are always looking for new ways to take advantage of people. Before long there will be a new way for the bad guys to do their worst. And who’s going to find and stop the next threat?  

    cyber security hacker

    What should you do if you’re involved in a Zero Day hack attack? 

    In terms of a Zero Day attack, the best thing individuals and companies can do to protect themselves and their employees is to have a strategy that addresses the inevitable. It’s really just a numbers game at this point. If we are going to have a presence on the internet, we will without a doubt find ourselves in a position of vulnerability at some point in the future. So how do you deal with it? 

    In terms of your personal computer, the first and easiest step is protecting your system from malware. The market is filled with good, commercially available (and sometimes free) resources to help protect a person’s computer against malicious apps meant to open windows and back doors for the guys in the black hats. 

    If a Zero Day hack has happened to an institution or company that has your personal information on file (remember the Sony attack of 2014?), it’s a good idea to change all of your passwords. Like, immediately.  

    This is a good habit to get into regularly anyway, but especially after there has been a breach involving your personal data. And remember, don’t reuse old passwords. This is a terrible habit to get into. Yes, it’s easiest just to add a number at the end of your “regular” password and cycle through, adding one to that number every time you change your password. But seriously, if you came up with that idea without any thought, imagine how easy it would be for someone who wanted to break into your computer to do so with such a weak protection scheme before them. 

    Can’t I Do Anything Else About a Zero Day Attack!? 

    You can, but it’s not for everyone. For most people, just keeping a good defensive strategy in place is a great answer.  

    I mean, it would be great if everyone understood the basics of object-oriented programming and could explain the difference between static and dynamic IP addresses, but again, it isn’t for everyone. 

    But for some… 

    For some, reacting to a bad situation after the fact isn’t good enough. For some, just putting up a firewall and hoping the bad guys don’t get through, isn’t enough. 

    Some people feel a sense of responsibility for their loved ones and their loved ones’ loved ones and for the strangers all around them. For these people, a little education can go a long way to protecting people everywhere. And at UAT, you can get your degree in one of our industry and government-recognized Cyber Security degree programs including Network SecurityNetwork Engineering or Technology Forensics and be on the frontlines of defending those who can’t defend themselves. You can also take your career opportunities to an advanced level with UAT’s Master of Science in Cyber Security 

    So, if you have a technical, creative mind, contact us at UAT today to learn more about our Cybersecurity degree programs. After over 20 years, we have one of the longest-running cyber security degrees in the southwest, and our complete continuum of undergraduate and graduate cyber security degrees have prepared thousands of ethical hacking, network security, and cyber security graduates. On top of that, the NSA has designated UAT as a Center for Academic Excellence training center in cyber defense—we don’t take this lightly! 

    Before you know it, you may find yourself uncovering a potential Zero Day attack before the bad guys do. 

    Your Uncle Terry will thank you. 

    UAT SOC Lab

    read more
    less

    Special Topics in Technology: Open Source Intelligence


    Using Shodan to Look for Vulnerable Critical Infrastructure Students at the University of Advancing Technology are often tasked with real world goals designed to make them flex and grow while experimenting with genuine...

    Using Shodan to Look for Vulnerable Critical Infrastructure

    Students at the University of Advancing Technology are often tasked with real world goals designed to make them flex and grow while experimenting with genuine technology. One of those students, Aaron Miller, did a fantastic job while searching for potentially vulnerable infrastructure posing a threat to United States interests. As the Cyber Security program champion, I felt it was relevant to highlight the work he is doing and to showcase what UAT students are capable of accomplishing.

    Here is his description of the project:

    Using Shodan to find different internet facing devices and to identify those that may pose a threat was my assigned goal, and I discovered that, with a little research, you can use Shodan to find different industrial control devices. These ICS devices are used to operate different functions within a physical system remotely. The control unit can open valves, AC controls, and even chemical disbursement in a public drinking system, as a small example. Any mechanical device that needs to have functions related to physical control of a device but aren’t easily accessible may be attached to an ICS connectivity device. A little research on Shodan and you can find the proper syntax to find these devices.

    When researching the security of such devices, we can look for certain identifiers. These identifiers could be models, types, and manufacturer names. Using google you can find the manuals, and even default passwords. If, after research, you learn the common functions of the controller, you can identify the weaknesses of the system. It is also possible to get into the main network from that device and also cause havoc by misuse of the device.

    Network Security means protecting your systems that should be on the network, but it also means protecting devices you may not expect to see on a network. Proper documentation and diagrams of the network are crucial in making sure all ends of the network are secure. Audits and proper knowledge of your network will help when thinking security. By following best practices and following standards, you can stand on the shoulders of giants when designing your security footprint.

    Locating and reporting potentially vulnerable infrastructure using Shodan is ethical as well as legal, but going beyond that enters a gray area that we avoid. You should not abuse the information you might find about devices in their online manuals, but instead only use approved tools while following the laws. Security research doesn't mean making bombastic claims or causing Earth shattering upheaval to businesses but is about being a contributing member of society while giving an uplifting hand to others.

    View Aaron Miller's full description of Shodan:


    Interested in studying cyber?
    More about UAT’s Cyber Programs

    Our cyber security degree majors and cyber security lab are recognized by industry and government entities alike for their ability to help generate the future innovators of the cyber security industry. We focus on creating true leaders who will have mastery in ethical hacking and uphold the highest industry standard of cyber integrity in our quickly evolving world of cyber security technology and online security.

    Visit the University of Advancing Technology for more information on all our cyber security majors. 

    Ready to start? Apply now at uatfastapp.com.

    read more
    less

    Warning: Your iPhone has been Hacked


    Latest Apple Hack Leaves Users Open to Spyware You may have recently heard about the ...

    Latest Apple Hack Leaves Users Open to Spyware

    You may have recently heard about the extremely important update being pushed out to Apple iOS devices (iOS 14.8). You may have heard terms like zero click, Pegasus, or zero day. So how do you find out if you have been hacked or is it even detectable? There are some things you can do to protect yourself.

    A zero click vulnerability does what it says. It allows an attacker to force your system to install software without user interaction. This could be devastating if you rely on your phone like most people do. So how do you protect yourself?

    First, you should keep an eye on the performance of your device. Has it suddenly started running sluggish or slow? Takes a long time to initialize or shut down? Is your battery running down quicker than ever? This could be an indicator that the system is doing business in the background you need to be aware of. You should also monitor the top right hand corner of your Apple device. An orange dot means something is using the microphone on your phone and a green dot indicates something has accessed the camera and or microphone.

    Other indicators of compromise could include weird popups, pornographic content being displayed without your request, and new applications being installed that you did not install. Often times these odd applications will look like calculators, music apps, or even masquerade as other popular applications but will be capable of intercepting requests and causing you harm.

    spyware

    Technologically literate users could also connect their phone to a WiFi network and use a tool like wireshark on the network to monitor requests and connections. You can then filter that data and look for all URL and IP addresses connected to and then attempt to discover if there is inappropriate communication happening. This research requires a higher level of skill and technical acumen but would be the most accurate method of discovering if someone is exploiting your device.

    Students at the University of Advancing Technology are provided in depth training on tools like wireshark early on in their education and given the skills necessary to identify many types of harmful traffic. The technological adversary of today and tomorrow is skilled, motivated, and working hard to cause harm. It is our job to do all we can to protects others and ourselves from these kinds of threats.

    However, the vast majority of users do not need to panic about these types of attacks. Serious attacks are rare, targeted, and intended for high value targets related to oppressive governments and big businesses. Methods to protect yourself will depend on the attack used. Some malware is removed by simply hard restarting your device. Other malware is more insidious and can survive an imaging of the device by adding itself to your automatically downloaded applications. If you do discover someone has added something to your device, use iCloud to roll back the phone and then take time to change passwords on your accounts. If you’re still having issues, communicate concerns with the device manufacturer as well.

    UAT Security Operations Center

    read more
    less

    Protecting Kids from Online Predators


    Cyber students at UAT quickly learn the importance of ethics in the world of online security. The possibilities of what they can do online is both exciting and scary, as they learn about the misuse of the internet by predators.  Students Monte Gualtiere and Emilio Cress are Network Security majors who recognize the severity of predatory behavior...

    Cyber students at UAT quickly learn the importance of ethics in the world of online security. The possibilities of what they can do online is both exciting and scary, as they learn about the misuse of the internet by predators. 

    Students Monte Gualtiere and Emilio Cress are Network Security majors who recognize the severity of predatory behavior that targets children. They put together the following thoughts and tips concerning online safety for children. 

    Protecting Kids from Online Predators

    Children go missing every day, with the FBI reporting in the USA around 460,000 children go missing yearly. The internet has made it possible for criminals from countries all over the world to gain access to kids, and abuse is rampant on social media and in online games.

    Yet keeping children safe from predators online has been a major concern for parents since the internet has appeared in homes. Alicia Kozakiewicz was the first victim of an internet-based child abduction. She was kidnapped by a 38-year-old man who pretended to be a 13-year-old boy, and she was lured from her home near Pittsburgh. This event happened in 2002 but many of the lessons are still useful today because protecting our children from online predators is vital. Enforcement of rules, limiting engagement, and being aware of the dangers can tremendously benefit the children and make the online world a safer place.

    One of the methods by which a parent can protect their child is to limit screen time. By limiting screen time, parents can reduce the footprint that an attacker or abuser can use to take advantage of the child. Children who are unsupervised when using devices are easier prey when compared to those who have some level of supervision and structure to their device usage.

    Another of the biggest internet safety problems facing children is the number of applications they have access to. Social media is one of the main ways predators can get access to victims without parents ever being aware. Fortunately, every device and the applications that functions on it likely comes with parental controls which can help limit the potential threat of a child encountering a predator.

    And there are more ways to get help.

    Schools and other venues offer help that can be utilized, often hosting seminars or rallies
    where guest speakers come and do talks on topics such as drug abuse or cyber bullying.

    Last year, the U.S. Attorney’s Office offered recommendations for parents to become extra vigilant as COVID-19 drove children online even more:

    1. Discuss Internet safety with children of all ages that are online. Many children do not realize that people may not be who they claim to be online. Similarly, many do not understand that someone who seems like a friend online could have a deviant motive.
    2. Set limits around who your children are allowed to communicate with. You may consider limiting young children to communicating only with people you have personally met. For older children, you may consider limiting them to communicating only with people they have met in person.
    3. Set limits around the kinds of devices and applications your children use. Online child sexual predators often use new technologies to avoid detection by law enforcement. If your child is using an application you have not heard of before, consider researching the application online or testing it out using your child’s account.
    4. Use technology to protect them. Many devices and programs allow parents to set parameters around which applications children may use and for how long. Similarly, many of these programs allow parents to see what their children are doing while using those applications.
    5. Pay attention to warning signs. Children who are sexually exploited are often embarrassed and hesitate to tell parents or other authority figures about their experiences. Pay attention if your child is withdrawing or changing their mood while their Internet activity increases.
    6. Report suspected abuse. Reporting can help minimize or stop further victimization. If you believe your child has been sexually exploited online, contact the United States Attorney’s Office, your local F.B.I. office, or report online at www.cybertipline.org.

    Find additional tips at https://www.end-violence.org/safeonlinecovid.

    Children rarely listen to their parents, that is no secret, but if we had multiple voices and ways to spread awareness in a holistic and family first format, we could combat these issues with greater effectiveness. The fight for children to have the right to just be kids again doesn't seem so steep a climb when we work together.

    child playing video game


    More about the authors:

    Monte Gualtiere is a student at the University of Advancing Technology and majoring in Computer Security. He has a passion for protecting others though computer safety. He loves to participate in different activities on campus, work on his car, and one of his favorite video games is Rocket League. 

    MonteG-2-1

    Emilio Cress is a student at the University of Advancing Technology and is majoring in Network Security and Network Engineering. He has a passion for computers and protecting others. He can often be found at his desk tinkering with his computer or playing video games. He is a hardworking, straight A student, a well-known community theater performer, and he loves to spend time with his friends and family.

    Emilo_Cress-1


    Leading cyber security education in the southwest, University of Advancing Technology (UAT) has surpassed 20 successful years since the inception of its elite Network Security degree program. As one of the longest-running cyber security degrees in the southwest, our complete continuum of undergraduate and graduate cyber security degrees have prepared thousands of ethical hacking, network security, and cyber security graduates. The NSA has designated UAT as a CAE training center in cyber defense.

    Our prestigious cyber security degrees include the undergraduate Network Security, Network Engineering, and Technology Forensics, and the elite graduate degree in Information Assurance transporting graduates to the leading edge of industry.

    Cyber Security Passion

    read more
    less

    What's Trending in the Security Industry Association (SIA)


    SIA and Safe Cyber Hygiene 2021 is only halfway over, and the cyber community is seeing an ever-growing number of attacks on infrastructure and the cyber landscape at large. Some of the largest attacks so far have been through supply chain attacks, or methods by which individuals can attack a company by...

    SIA and Safe Cyber Hygiene

    2021 is only halfway over, and the cyber community is seeing an ever-growing number of attacks on infrastructure and the cyber landscape at large. Some of the largest attacks so far have been through supply chain attacks, or methods by which individuals can attack a company by intercepting devices or data between the supplier and the consumer. We saw this with SolarWinds, as an attacker successfully broke into the SolarWinds code repository and made changes that were pushed out to their customers, facilitating an attack.

    We are also in the midst of increasing tension and hostilities between governments. Foreign adversaries have been executing more flagrant and obviously hostile attacks against industry and infrastructure that is presenting an opportunity for escalation. Some members of the government have questioned whether we can or should be providing a kinetic or violent response to some of these attacks due to their devastating effect on the American people.

    We can protect ourselves from some of these threats by continuing to practice safe cyber hygiene. It's pretty simple: Don't click strange links, keep your computer up-to-date, and avoid opening unsolicited attachments.

    While we cannot defend against all attacks, we can certainly modify our behavior to reduce the threat footprint that we generate.


    Check out the SolarWinds attack timeline:

    GAO SolarWinds Infographic April 2021

    More about UAT’s Cyber Programs

    Our cyber security degree majors and cyber security lab are recognized by industry and government entities alike for their ability to help generate the future innovators of the cyber security industry. We focus on creating true leaders who will have mastery in ethical hacking and uphold the highest industry standard of cyber integrity in our quickly evolving world of cyber security technology and online security.

    Visit the University of Advancing Technology for more information on all our cyber security majors. 

    Ready to start? Apply now at uatfastapp.com.

    Cyber Security Cave at UAT

    read more
    less

    What is a WAF?


    A Defense Against Common Cyber Threats A web application firewall, or WAF, is a filtering and monitoring tool that can function in the space between a website or application and the internet. A WAF is used to defend against numerous common threats and can be combined with other tools to create a layered approach to...
    A Defense Against Common Cyber Threats
    A web application firewall, or WAF, is a filtering and monitoring tool that can function in the space between a website or application and the internet. A WAF is used to defend against numerous common threats and can be combined with other tools to create a layered approach to security that enhances your protection tremendously. 
     
    The WAF can look and potentially defend against cross-site forgery, SQL injection, cross-site-scripting or XSS, and other forms of attack. If someone decides to execute a distributed denial of service attack against your server, you can quickly implement policies that will assist in mitigating the attack. This can be done in combination with other tools to help counter act malicious traffic.
     
    There exist three typical types of WAF and each has positives as well as negatives when deployed in your stack. You can deploy a standalone box that functions as a WAF for your network. It may cost a large amount of cash and often requires a dedicated team to provide care and maintenance for. You could also deploy a software based WAF like a plugin for a WordPress site. This type of WAF is typically localized and focused on protecting one asset. Prices vary but are often less expensive but provide less features as well.
     
    The final type of WAF would be a cloud-based solution provided by a company who handles your DNS. Cloudflare provides a WAF to their customers and this solution can vary wildly in price. A major issue with a cloud-based solution is that you are completely at the mercy of your provided and rarely have insight into their methodology, so you must have a high level of trust with said provided.
     
    Choosing a WAF is an important decision that will be dictated by your budget, skill level, and functional need. You should also spend time monitoring the current traffic of your site while reviewing what attacks are being deployed against you to best choose what tool to deploy. You should weigh each option carefully and then commit to implementing the tool that you are interested in as part of a greater security plan.
     
    Cyber Security Laptop  

    Find out more about the Cyber Security Degrees offered at UAT! 

    Leading cyber security education in the southwest, University of Advancing Technology (UAT) has surpassed 20 successful years since the inception of its elite Network Security degree program. As one of the longest-running cyber security degrees in the southwest, our complete continuum of undergraduate and graduate cyber security degrees have prepared thousands of ethical hacking, network security, and cyber security graduates. The NSA has designated UAT as a CAE training center in cyber defense.

    Visit University of Advancing Technology for more information on all our cyber security majors.

    read more
    less

    Is a Degree in Cyber Security Worth it? – Facts & Job Prospects


    Cyber Security: Is a Degree Worth It? It seems you can hardly go a week without reading about a security or ...

    Cyber Security: Is a Degree Worth It?

    It seems you can hardly go a week without reading about a security or data breach. With cyber security on the mind, it’s no wonder that people are turning to this field as a possible career choice.

    In fact, there has been a notable shortage of cyber security professionals, making this field appear even more lucrative and enticing. And with that, more individuals are going to college to earn a degree in cyber security.

    But is a college degree in cyber security really worth it? Do you need one in order to be successful?

    In this guide, we are answering these questions and more so you can make the best, most financially sound decision for yourself.

    What is Cyber Security?

    The field of cyber security (also written as “cybersecurity”) focuses on securing computer systems, servers, networks, mobile devices, and more against malicious attacks and intruders.

    Hackers often launch attacks against digital devices in order to access private data; cyber security professionals protect individuals and businesses from these threats.

    What is a Cyber Security Degree?

    A cyber security degree will give you the foundation, skills, and coursework to help you pursue a career in cyber security. At most institutions, this comes in the form of a bachelor’s or master’s degree with an emphasis on information security.

    This degree tends to be more rigorous and challenging than many other degrees but can lead to a very fulfilling and lucrative career.

    Popular Areas of Cyber Security

    The field of cyber security is broad and far-reaching, but most individuals tend to focus on a few key areas of computer science. These are the areas that are in the highest demand, but you can always specialize according to your own unique interests and skillset.

    Network Security

    Network security professionals work to help individuals and businesses better protect the integrity of their network and data access. They defend networks against data breaches and other security threats – often using antivirus software, firewalls, VPNs, network analytics, and more.

    Technology Forensics

    Also known as “digital forensics”, technology forensics involves the investigation and recovery of information and data found in digital devices. These professionals help individuals and businesses recover “lost” data, defend against cybercrime, and report on their computer system’s performance.

    Network Engineering

    Network engineers design, construct, and manage networks to ensure they are functioning at optimal performance. Individuals and organizations need optimized and secure networks in order to maintain uptime, keep their data secure, and stay connected across devices.

    Why Study Cyber Security?

    If recent news stories are any indication, it’s becoming increasingly more dangerous for businesses and individuals to ignore digital security threats. With more touchpoints for hackers to take advantage of, we see an increasing need for cyber security professionals to come to the defense.

    You might want a degree in cyber security if you:

    • Love solving complex problems
    • Enjoy working with computers and systems
    • Are interested in designing and building networks
    • Are looking for a field that is challenging yet fulfilling
    • Want to enter a field with massive job opportunities and growth
    • Want a high salary and unending earning potential
    • Want a Recession-proof industry/job
    • Corporate and government job opportunities
    • Want to make an investment in your future by entering a lucrative field

    Is It Worth Getting an Undergraduate Cyber Degree?

    We can say outright that Yes, getting a degree in cyber security is definitely worth it. While the benefits of entering the field of cyber security are limitless, earning a degree is the best way to set you up for success from the get-go.

    Here are some reasons why earning an undergraduate degree in cyber studies is the best path:

    A degree is more applicable than free resources.

    Many aspiring cyber security professionals turn to free resources in order to obtain their skills and experience on a budget. But these free resources can only take you so far.

    For one, you risk learning outdated or inaccurate information. Second, this “unofficial” education very rarely translates well (in the eyes of hiring managers) when it’s time to apply for cyber security jobs. For these reasons and others, it’s best to take the traditional path and earn a degree from an accredited institution.

    You gain access to a wide range of resources.

    Colleges not only provide degrees but help set students up for success by providing access to a wide range of resources, events, skill-building sessions and more.

    Most colleges offer internship opportunities, networking events, career counseling, and other services to help students not only gain more skills in their field but be better prepared to land a job after graduation.

    A degree lands you a higher starting salary and better job prospects.

    The reality is that earning a degree in cyber security opens the door to a higher starting salary and better job prospects compared to jumping straight into the field with no education or experience.

    In fact, recent studies show that a degree in cyber security can boost a job applicant’s “appeal factor” and lead to a higher salary. Also, keep in mind that many companies actually require applicants to have a degree in order to land the job.

    Is a Master's Degree in Cyber Security Worth It?

    A master’s degree in cyber security can also help you appear more attractive to hiring managers and present an opportunity to improve your skills, specialize in a specific area, and/or pivot to a different area of focus.

    The average starting salary of someone with a Master’s of Science in cyber security is higher than that of someone with a bachelor’s degree.

    And with online learning options available, plus on-campus and hybrid options, getting a master’s degree is more accessible than ever.

    Can I Land a Cyber Security Job with No Experience?

    In short, yes, it is possible to land a cyber security job with no experience. But is it easy? Not necessarily.

     In one of our recent posts, UAT professor Aaron Jones shared his thoughts on getting a cyber security job right out the gate:

    “Information technology is hyper-competitive and the level of success you attain will often directly correlate with the amount of effort you are willing to put into it…

    The degree is part of the equation… If the job does not require one but favors that degree, I have put myself above all other seekers lacking that degree.”

     In other words, a degree may not be required in order to land a cyber security position, but it definitely helps. For your best chance of landing a high salary, we recommend earning at least a bachelor’s degree and attending an accredited college that can set you up for success.

    Career Outlook

    According to the U.S. Bureau of Labor Statistics, the median salary for an Information Security Analyst in the United States is $103,590 per year. The career outlook for cyber security analysts is 31%, which is much faster than the national average. Recent projections anticipate the field of cyber security adding over 40,000 new jobs between 2021 and 2029.

    “Demand for information security analysts is expected to be very high, as these analysts will be needed to create innovative solutions to prevent hackers from stealing critical information or causing problems for computer networks.” – bls.gov

    How to Get a Job in Cyber Security

    One of the best ways to prepare you for a career in cyber security is to attend a college that offers internships, networking opportunities, and access to career services. These resources will help you prepare for job interviews, gain hands-on experience, and find job opportunities through your college’s exciting connections.

    Plus, earning an advanced degree in cyber science is a great way to land an even better position and increase your earnings.

    Applying for Cyber Security Jobs

    Here are some tips for applying to cyber security jobs:

    • Read job descriptions thoroughly and write your cover letter to match the requirements the company is looking for.
    • Have a friend or advisor review your resume, checking for errors and providing tips on how to make it more appealing to hiring managers.
    • Look into additional certifications to improve your skills and appeal to employers.
    • Practice your job interviewing skills to master your interviews.
    • Follow up with employers via email to keep your name top of mind and thank them for their consideration in interviewing you.

    Earn a Degree In Cyber Security at UAT

    UAT offers a Master’s of Science in Cyber Security, as well as bachelor’s degrees in Network Engineering, Network Security, and Technology Forensics. Our Cyber Security Degree for Ethical Hackers and Network Security Curriculum has been certified through the NSA/DHS National Information Assurance Training Program in Information Assurance and Cyber Defense.

    Designated as a Center of Academic Excellence by the National Centers of Information Assurance Education (CAE/IAE), UAT’s Network Security Bachelor’s of Science degree prepares students to take on the ever-evolving world of information security.

    If you believe a career in cyber security may be right for you, request information about our degree programs. At the University of Advancing Technology, we’re passionate about helping students enter STEM fields and acquire the skills they need to land a rewarding career in cyber security and beyond.

    read more
    less

    Steps You Can Take to Secure Your Identity Online


    Being a victim of a security breach is frightening and disruptive. Unfortunately, it is becoming an increasingly common part of our digital lives. The FTC states that 7-10% of U.S. citizens are victims...

    Being a victim of a security breach is frightening and disruptive. Unfortunately, it is becoming an increasingly common part of our digital lives. The FTC states that 7-10% of U.S. citizens are victims of identity fraud. On a long enough timeline, most of us become victims of a security breach in one form or another. In fact, you may already be a victim and are unaware.

    A simple method to check for security compromise can be performed at the "have i been pwned?" site. This site was created by Troy Hunt, a Microsoft Director, in order to help increase security breach awareness and prevent exploitation of multiple user accounts. Troy researches breaches and pastebins (a hacker preferred text storage sites) on behalf of others as a public service.

    Here are some simple steps that can help secure your identity and increase your online security posture:

    1. Use unique, complex (upper-case, lower-case, numbers and special characters) and long (greater than 12 characters) passphrases for passwords and change them regularly
    2. Use multifactor authentication, or two-factor authentication whenever possible
    3. Freeze your credit with the three credit bureaus

    Password reuse is very common, as are weak and short passwords. One way to help eliminate this problem is to create an audit list of all accounts that you have created—try to recall all of them. Go through the list and change all of the passwords to something, unique, complex and long. While you’re there, set up multifactor authentication as well. This prevents the hackers from succeeding with multiple account access with the same credentials.

    Network Security degree at University of Advancing Technology


    This audit and password change process can be daunting with the large number of accounts we tend to create, but it's easier to facilitate with a password manager. A password manager is an application that stores and generates strong passwords using the latest encryption algorithms and will outperform even the best human memory. Speaking of imperfect memory, changing all passwords quarterly is a best practice. Some recommendations for password managers to help facilitate this process are:

    Multifactor authentication (MFA) can be implemented by setting up a sign-on generated pin number text to a mobile device, an email, or a code sent to an MFA application hosted on a second device. There are numerous ways to implement this process and it can often be performed natively through the website you interface with. Having MFA and unique, long, complex passwords exponentially decrease your chances of being compromised.

    Finally, there’s the process of freezing your credit. All three bureaus—Equifax, Experian and Transunion—have a free method to freeze your credit from inquiries and new account creation. By blocking your credit, it’s not possible for a threat actor to create an account falsely under your identity. When you need to have a credit inquiry performed, or an account opened, you simply unfreeze your credit during that time period, then re-freeze the accounts when done. It’s a free layer of protection. Here are the links to freeze your credit:

    If you’re in doubt about your personal security, these steps are helpful in assisting you to increase your security posture and reduce risk of identity theft. 


    SECURE YOUR FUTURE WITH A CYBER SECURITY DEGREE

    Network Security degree students will use critical thinking to research current and evolving cyber security trends and become experts in network security industry standards and regulations. Graduates from the cyber security program will have the essential knowledge and experience to automate their own security processes through extensive training in network security programs and scripts, and be prepared for careers in government and multinational corporations seeking certified ethical hacking professionals.

    Don't wait. Apply now!

    Cyber Security Passion

    read more
    less

    Wireless Security Myths: How to Make Security Harder for Just the Good Guys


    Not all advice is created equally—especially when it comes to technology security. There are things you can do which greatly increase your security and protection. And there are things you can do that provide only minimal, if any, protection. Let's look at wireless security. Whenever I can, I use a wired connection. It tends to be faster and more stable. However, wireless...

    Not all advice is created equally—especially when it comes to technology security. There are things you can do which greatly increase your security and protection. And there are things you can do that provide only minimal, if any, protection. Let's look at wireless security.

    Whenever I can, I use a wired connection. It tends to be faster and more stable. However, wireless is incredibly convenient and relatively easy to set up, so it’s pretty prevalent everywhere. But with any networking technology, network security must be considered.

    The average home user, when it comes to wireless security, may do some googling, and come upon some very popular advice. But is it GOOD advice? I googled "how to secure a wireless network", and the first result was from the Cybersecurity & Infrastructure Security Agency with a list of suggested actions, including the following two popular options to minimize the risks to your wireless network.

    • "Restrict access. Only allow authorized users to access your network. Each piece of hardware connected to a network has a media access control (MAC) address. You can restrict access to your network by filtering these MAC addresses. Consult your hardware's user documentation for specific information about enabling these features. You can also utilize the “guest” account, which is a widely used feature on many wireless routers. This feature allows you to grant wireless access to guests on a separate wireless channel with a separate password, while maintaining the privacy of your primary credentials.

    • Protect your Service Set Identifier (SSID). To prevent outsiders from easily accessing your network, avoid publicizing your SSID. All Wi-Fi routers allow users to protect their device’s SSID, which makes it more difficult for attackers to find a network. At the very least, change your SSID to something unique. Leaving it as the manufacturer’s default could allow a potential attacker to identify the type of router and possibly exploit any known vulnerabilities."

    Pretty authoritative, right? I mean, it comes from a government website; certainly, we should heed it. This advice, in a nutshell, sounds pretty reasonable: use MAC address filtering, and disable the broadcasting of your SSID address. I'm going to be radical, though, and tell you to ignore both of those as relatively useless advice, which needlessly complicates things, when there are simpler and better options.

    Let's discuss MAC address filtering first. Basically, you find the MAC address of your network cards, and then add them to a list of "allowed" network cards. If you need to connect a new device to wireless, you need to find the MAC address of the device and add that MAC address to allowed devices—otherwise, it cannot connect. This sounds pretty great, though it is a lot of work if family comes to visit regularly and wants to connect their devices, administrative overhead increases.

    Cyber Security Degrees at University of Advancing Technology


    Does it keep the bad guys off your network? The bad guys need to be near your network, and they need to have the WPA2-PSK you use—the password you give out. They also need to have an approved MAC address. But guess what? A popular tool around for over a decade, Kismet, allows anyone to see the clients connected to your wireless access point, and it lists the MAC address for those clients. Then, the bad guys can change their MAC address to one of these approved clients—it'll take them about 60 seconds or less. How long does it take you to add MAC addresses to the approved list? Probably longer. So, we have a layer of security—and I'm all for layers of security—but this layer of security makes things harder for the good guys and doesn't present any hindrance to the bad guys. It’s not worth the time.

    A similar method is disabling the broadcast of your SSID address. This is another popular recommendation that is effectively like filtering your MAC address. Anyone who comes over to use your wireless will need you to provide your SSID to them to type in, along with your WPA2-PSK wireless password. All the devices you set up in your home will need to be set up manually as well, as they won't be able to "see" your wireless network. This is a lot of overhead. Worth it? Unfortunately, no. Once again, it's work for the good guys, and no hindrance to the bad guys. The bad guys, once again using Kismet, are able to "see" the names of all hidden, non-broadcast SSIDs in the area.

    Both of these options would be like putting your front door on the roof of your house—harder to get to, better security—right? Except every time you want to get in your house, you have to climb a ladder, meanwhile, the bad guys just break a window.

    Instead, focus on the WPA2-PSK key, the password you use to connect to your network. Longer and complex is always better, just like with your passwords. Simply adding a few characters can significantly improve the security of the password and better secure your network, without making things harder for you (and negligible for the bad guys) like MAC filtering and SSID broadcast disabling.

    Work smarter—and be harder to hack!


    SECURE YOUR FUTURE WITH A CYBER SECURITY DEGREE

    Designated as a Center of Academic Excellence by the National Centers of Information Assurance Education (CAE/IAE), UAT’s Network Security bachelor of science degree prepares students to take on the ever-evolving world of information security. Network security students will receive hands-on technical training and learn best of class software and network programming and essential network security analysis.

    IMG_6729-1

    read more
    less

    Cyber Security best practices and what not to do. How to keep your system and organization safe from cyber threats.


    Cyber Security Best Practices Human psychology is a fascinating yet troublesome area of interest for me as a cybersecurity professional. In over 30 years in the industry, the primary “unsolvable” problem has been human behavior. Most people...

    Cyber Security Best Practices

    Human psychology is a fascinating yet troublesome area of interest for me as a cybersecurity professional. In over 30 years in the industry, the primary “unsolvable” problem has been human behavior. Most people don’t intentionally try to create problems, but they sometimes can’t help themselves. Take for example, the continued growth of phishing campaigns, which allows malware into your environment.

    Malware (short for malicious software) is unwanted programs that can cause your system slower speeds, damage or can result in the loss of data or control of your operational systems. Types of malware are extensive, but some of the terms you have heard include virus, worms, ransomware, adware, and more.

    If you aren’t familiar with the term “phishing”, it is a play on the word fishing, where you are trying to bate or entice someone, normally via email or a web advertisement, to click a link. That link will then take you to a compromised site or download the malware onto your system. If your system or network has exploitable vulnerabilities, then you can further compromise your environment, resulting in the loss of confidentiality, integrity and/or availability of your critical data or operational environments. Phishing may be used to ask for your credentials to a specific site (bank, credit card, social media).

    How do people get caught up in these types of activities? Well, here are just a few of the more common reasons.

    Curiosity

    The email header reads: “Queen announces retirement from Royal Duties”. In the email is a link that says “read the latest news here”. Of course, you are curious; but do you click the link? Of course NOT.  If you think it is real news, you can find it on reputable news sites. If you scan the headers of your emails, you might find a few dozen or more headers with attempts to catch you with something you would be interested in. 

    Rewards

    The email header reads: “Complete this survey and get a $100 Walmart gift card”. Inside the email is a link that appears to go to a survey. Of course, it likely isn’t legitimate. 

    Fear, Uncertainty and Doubt (FUD)

    The email header reads: “Action Required: Your PayPal Account is Suspended”. Inside the email is a professional looking button that says PayPal Login. Looks legitimate? Do you have a PayPal Account? Maybe your wife set one up in your name? Don’t click the link. You can check the status of your account by going directly to the vendor’s known legitimate website.

    Boredom

    You are just sitting there trying to find something new and interesting to read or do. Those kinds of situations get us all into trouble.

    Exhaustion or In a Hurry

    Sadly, the faster we try to go or more tired we get, the more likely we are to make a bad decision or just not analyze the situation correctly. This is the same reason why most people don’t read the terms and conditions associated with their applications and memberships. With an average attention span of 8 seconds, people tend to look for “instant gratification”.

    pexels-junior-teixeira-2047905

    Can You Prevent Cyber Security Threats?

    How do you stop humans from “clicking the link”? Better to ask, can you? The human nature will revert to its habits, so cybersecurity education, training and awareness will only take you so far. Don’t get me wrong, education is still essential, but you do have to assume somebody will click a malicious link, and organizations must be ready when they do.

    1. Don’t default to administrator rights so software can be automatically installed. This will help to prevent malware installation and escalation of privileges compromises. You can force any software installation to require additional actions or privileges. While inconvenient, this closes a lot of opportunities for malware installation.

    2. Deploy malware detection tools on the systems and networks. This additional layer of security helps address two possible point of entry.

    3. Logically or physically separate operations on your network. Production operations is normally where your most critical operations occur. Keeping this network segment (or vlan) away from more administrative types of functions moves entry points further away from critical operations.

    4. Seriously consider whether you allow non-organization-owned equipment to connect inside your network. This would include smart phones, tablets, and laptops that don’t have confirmed protections.

    5. Limit the number ports and applications allowed onto your systems and network to the bare minimum needed for operations. While malware can use common communication channels, many will try to use some of the less common channels.

    6. Monitor your network and systems for unexpected issues. This would include performance impacts, attempts to use uncommon communication channels, loss of storage, or increases in resource utilization.

    Sadly, there is no perfect prevention; however, a few pre-emptive actions can significantly reduce the likelihood of a successful malware attack.

    University of Advancing Technology Cyber Security student


    Find out more about the Cyber Security Degrees offered at UAT! 

    Our cyber security degree majors and cyber security lab are recognized by industry and government entities alike for their ability to help generate the future innovators of the cyber security industry. We focus on creating true leaders who will have mastery in ethical hacking and uphold the highest industry standard of cyber integrity in our quickly evolving world of cyber security technology and online security.

    Visit University of Advancing Technology for more information on all our cyber security majors . 

    read more
    less

    H@xc0rd


    H@xc0rd is a simple yet powerful Discord bot for the utilization of common tools frequently used in network security, without the need to understand Linux. “With only one command to start it, there’s no reason not to love it,” says H@xc0rd mastermind Bradley Chavis (Advancing Computer Science, ...

    H@xc0rd is a simple yet powerful Discord bot for the utilization of common tools frequently used in network security, without the need to understand Linux.

    “With only one command to start it, there’s no reason not to love it,” says H@xc0rd mastermind Bradley Chavis (Advancing Computer Science, Network Security). “No more struggling to set up a Linux machine, or trying to find all the tools compatible with Windows. It’s just one command and you’re done.”

    H@xc0rd tools range from exploit to recon, including Hashcat, Hydra, Nmap, Shodan and many more. Each tool has its own custom-built help section to guide the user through understanding what the tool is, how to use it and how to use the results gained from it.

    H@xc0rd was built off the node.js run time library, leveraging many libraries along the way, such as Discord.js and axios. The different commands are based on modules, enabling them to be loaded dynamically. This offers another benefit — the ability to limit users to certain tools and commands. Since many tools within this project can be intrusive to the local network that it’s hosted off of, the bot owner can adjust who has access to what tool at any time, significantly limiting the chance for it to be abused.

    H@xc0rd is even simpler to use on the server this bot is hosted on — only a Discord account and a basic knowledge of the platform is needed. To use the bot, simply tighten the specified prefix that can be found packaged sub.js on file and the command you want to run. Such as a “!ping” command, which gives you latency to the bot.

    Crack a password hash with java ripper and show off the results to everyone on the server. You no longer need to export the results of the tool to a file and send that file to others, time and time again. Better yet, want to find information on how many times a certain password has been compromised, like password? Use the “!haveibeenpwed,” which utilizes the haveibeenpwed guy to query and display the results.

    Want to find out information about a machine accessible to the public internet through “!shodan,” and don’t know where to start? Start with H@xc0rd. Just add the help argument after any command for a comprehensive description of the tool, arguments that can be used with the command and external resources to learn more about that specific tool.

    Now you may ask, how do I know all the commands in the first place? Well, the command “!commands” of course, which lists out all the available commands. Currently, there are approximately 15 types of tools implemented into this project.

    As time goes on, new tools come along and current ones slowly fall out of date by not getting updated. To accommodate this, Bradley and project partner David Austad (Network Security) will consistently update the tools within the project, removing and replacing them with new ones that provide similar results.

    If there is a tool that hasn’t been implemented yet, but you really want to use it, you have the freedom to add it yourself. H@xc0rd was built so that a new tool can be implemented in a matter of minutes!

    During the building of this project, Bradley and David ran into a big issue — at first, the only way to run H@xc0rd was on Linux. Since this didn’t comply with the final goal of utilization by everyone, they searched for a solution and found Docker, a virtualization platform that allows operating systems’ environments, like Linux, to run on systems that generally wouldn’t support that, such as Windows or Mac OS. Docker’s implementation into this project allowed H@xc0rd to be hosted on nearly every operating system and can easily be tuned if one doesn’t work perfectly through the provided install script.

    Another goal of the project was to make it as simple as possible for the user to set it up through install scripts. The entire install process was automated through bash scripts to run natively on most Linux systems.

    Saving the best part for last, it’s free and open source. Bradley states, “You will never be limited with what you can do with this project, only by your imagination.” As time goes on, Bradley hopes others will contribute to it as well. Currently, H@xc0rd is only available via GitHub with plans in the works to host it through Docker as well.

     

    Take your ideas and make them happen with UAT’s Advancing Computer Science degree.

    read more
    less

    Smart House Security Solutions


    Inspired by the lack of Internet of Things (IoT) security in homes and small business environments, Andrew Maddox (Network Security) created Smart House Security Solutions, a budget solution to network segmentation for home use of IoT networks. The project provides underutilized methods and tools for securing everyday IoT environments...

    Inspired by the lack of Internet of Things (IoT) security in homes and small business environments, Andrew Maddox (Network Security) created Smart House Security Solutions, a budget solution to network segmentation for home use of IoT networks. The project provides underutilized methods and tools for securing everyday IoT environments through a less expensive means of network segmentation, which is vital for the future and creates a demilitarized zone for the IoT devices.

    To create the project demo, Andrew and fellow peers took advantage of the equipment in the lab and quickly got their hands dirty making IoT devices.

    UAT’s segmented network was used as an example for this project. UAT’s primary segmented network leads to the primary front facing router with the switch delegating internet access based on IP range from the primary front facing router to personal computers or any computer that might be connected to the network. The IoT network has a wireless access point that facilitates all IoT communication between the devices and server.

    The primary (public) router cannot ping the IoT network or device. As far as the front-facing router is concerned, the information was already passed to the IoT network router which distributes the information to the IoT devices for a more downstream flow. Without direct communication between the primary router and the IoT device/network, the IoT network becomes a demilitarized zone and handles the primary server communicating with the IoT devices and io network.

    Andrew pursued the IoT project because of the experience he would gain and the opportunity it presented. The project involved systems administrative experience, network engineering, team management, problem solving and more. Throughout this project, Andrew learned a great deal about network segmentation as a component of the layers of network security, which is becoming more relevant as IoT becomes more pervasive.

    Andrew is currently a Network Security major in his eighth semester at UAT, a previous CCDC team member and student ambassador and now a full-time employee at Norton LifeLock as a site reliability engineer.

     

    Take security into your hands with a Network Security degree from UAT.

    read more
    less

    Student Spotlight: Daniel “Kody” Mitchell


    Always interested in technology, Daniel “Kody” Mitchell grew up watching his father play World of Warcraft and StarCraft. He quickly fell for these games and soon after, developed a love for programming while taking computer science classes in high school. Kody came to UAT for the nerd and geek vibes. Since attending, he loves the family community...

    Always interested in technology, Daniel “Kody” Mitchell grew up watching his father play World of Warcraft and StarCraft. He quickly fell for these games and soon after, developed a love for programming while taking computer science classes in high school.

    Kody came to UAT for the nerd and geek vibes. Since attending, he loves the family community aspect, the collaborative teamwork-focused environment, the combination of hard work and having fun and how the University truly prepares students for the real world. Kody feels that he has already learned so much about the industry and has gained the basic skills he will need to thrive.

    Studying Artificial Intelligence and Network Security at UAT, Kody chose these degrees because he’s always been fascinated with artificial intelligence and knew that the world needs more cyber security professionals. So, he thought why not combine the two for a unique education and skillset! 

    Kody is a Student Ambassador for UAT and was involved in Nerf Warz! In his free time, Kody has been working on a project to create a calendar-budget program in Python that allows the user to see things at a glance, or hover over days for more details. The basis of the idea consists of the user inputting transactions they make on any given day (expense or income), and based on any recurring fees or payments, the program will show what day the user might run out of money (if there is one).

    After taking a couple of classes taught by Mason Galatas, Kody was inspired by his expertise in his field and hopes to one day know as much as him, be as helpful and have as much fun!

    Kody’s hobbies include 3D printing, programming, playing video games, singing in the car and watching movies. Once Kody gets out in the real world, he can't wait to put the skills he’s learned from UAT to the test and make a positive difference!

    UAT is for people like you. Discover where you fit in at UAT.

    read more
    less

    Golang the new standard for malware langauge?


    In a recent security report by cybersecurity firm Intezer, they reported that a huge spike of malware strains being coded in Go programming has increased about 2,000% in recent years.  This new trend was backed by this report that...
    In a recent security report by cybersecurity firm Intezer, they reported that a huge spike of malware strains being coded in Go programming has increased about 2,000% in recent years. 
    wp7041189
    This new trend was backed by this report that malware writers are actually moving away from C and C++ to Go. This language was released back in 2007 by Google. The first malware written in Go was discovered in 2012.
     
    Intezer states "Before 2019, spotting malware written in Go was more a rare occurrence and during 2019 it became a daily occurrence," Now that has changed since Golang is now becoming common.
     
    Why is it so popular all of a sudden? Well due to Go is fairly easy to be cross-platform. Which in turn allows Malware writers to only needing to write code once and put in binaries from other platforms to be able to cross-platform. So, they can target Windows, Mac, and Linux. Making the malware versatile, another reason is how Golang binaries are a pain to analyze and reverse engineer by security researchers. For Malware writers that's extremely good as it makes the malware detection lower.
     
    The final reason is how Go is built to work extremely well with network packets and requests, it has cloud-native applications already built into it. It's easy to work with especially when it comes to C++ network services.
     
    It's a big plus for these malware writers/developers to have everything they need in one place. Saves them time and probably headaches so it's no wonder Golang malware's are popular all of a sudden. 
     
     
    "Many of these malware [families] are botnets targeting Linux and IoT devices to either install crypto miners or enroll the infected machine into DDoS botnets. Also, ransomware has been written in Go and appears to become more common," (Intezer, 2021)
     
    Here are some of the malware seen using Golang in the past year:

    Zebrocy - Russian state-sponsored group APT28 created a Go-based version of their Zebrocy malware.

    WellMess - Russian state-sponsored group APT29 deployed new upgraded versions of their Go-based WellMess malware.

    Godlike12 - A Chinese state-sponsored group deployed Go-based backdoors for attacks on the Tibetan community.

    Go Loader - The China-linked Mustang Panda APT deployed a new Go-based loader.

    GOSH - The infamous Carbanak group deployed a new RAT named GOSH written in Golang back in August.
     
    Glupteba - New versions of the Glupteba loader were seen in 2020, more advanced than ever.
    A new RAT targeting Linux servers running Oracle WebLogic was seen by Bitdefender.

    CryptoStealer.Go - New and improved versions of the CryptoStealer.Go malware was seen in 2020. This malware targets cryptocurrency wallets and browser passwords.
    read more
    less

    How to Choose a Technology Major for 2021 and Beyond


    Choosing a college major is a big undertaking. Even more daunting is planning for a career that will grow and remain exciting for decades. Getting a college degree is more than just a rite of passage or something you have to do. It is the first step to a journey that will shape your present, your future and how you want to contribute to society. If you have a...

    Choosing a college major is a big undertaking. Even more daunting is planning for a career that will grow and remain exciting for decades. Getting a college degree is more than just a rite of passage or something you have to do. It is the first step to a journey that will shape your present, your future and how you want to contribute to society.

    If you have a passion for technology, you are in for a great adventure.

    Fueling economic growth, improving standards of living and creating new jobs are just some of the benefits of technology. With an economic impact of $1,879b and over 4.6 million US job postings, tech jobs are exploding.


    So how do you know which major to choose?

    The key is to select a major that:

    1. Offers strong job opportunities after graduation
      Technology jobs are hot in 2021. Arming yourself with strong skills gives you a great advantage when you are ready to start your career. Coding and programming, understanding data analysis and knowing best practices for your chosen field are skillsets that employers look for.

    2. Opens doors to industries that excite you
      Technology companies and non-profits are working to solve some of the most important problems in the world. From climate change to eliminating hunger, from nanoprocessors to self-driving vehicles, technology is leading the way to breathtaking human progress.

    3. Helps you realize your passion and ways to express it
      Your life can be immensely enriched if you are fortunate enough to figure out what excites you and find work in that area. Choosing the right major can help you earn a living and build a life doing what you love.

    4. Provides long-term opportunities for income, growth, and experiences
      A rewarding career should provide you with the opportunity to learn constantly, advance toward your goals and grow as a person. 

    Choosing the right college major can lead to a career that lets you take on new challenges and experience the rewards of solving big problems using technology. Ideally, it will provide you with a platform for launching your career and a foundation for a meaningful long-term adventure.

    An Overview of the Top 10 IT Jobs by Projected Growth Rate
    Tech Job Median Pay Projected Growth Rate
    Artificial Intelligence Engineer $146,085 344%
    Information Security Analyst $99,370 31%
    Software Engineer $107,510 22%
    DevOps Engineer $111,311 21%
    Java Developer $103,464 19%
    Data Analyst $118,370 16%
    Computer Research Scientist $122,840 15%
    Data Scientist $100,560 15%
    PHP Developer $86,616 13%
    IT Manager $146,360 10%

    High Demand Technology Majors with Long-Term Potential

    As a technology major, you are ideally positioned to take part in some of the most exciting trends in history. These tech trends are growing quickly in 2021 and offer strong career potential over the longer term.

    Trend 1: An Explosion of Data
    By the year 2024, an estimated 149 zettabytes — the equivalent of more than 149T gigabytes —will be created globally every single day. The challenge is to take all that data, store it and deploy it in ways that help businesses, organizations and entire societies.

    From small e-commerce shops to huge government agencies, organizations of every size and type know they need to use their data more effectively. It is among their highest priorities. That is the role of the data scientist. They integrate math, computing and critical thinking to answer deep questions, solve big problems and invent data-centric tools and technologies.

    Some data scientists shape huge data stores to optimize traffic and services in large cities. Others monitor the click flows and user patterns on huge web platforms. Some help to create IoT solutions that make driving safer. Data scientists use raw data to develop insights and tools that unlock the future.

    Short-term Demand: Data Science, Data Analysis or Machine Learning appear on nearly every list of top career options for 2021. The US Bureau of Labor Statistics (BLS) lists Data Scientists among its most in-demand professions now.

    Long-term Outlook: The best opportunities in data science combine AI and machine learning to connect create new knowledge. That trend is just starting. The BLS expects 15% growth in the demand for Data Scientists between now and 2029.

    Trend 2: Growth in AI
    Artificial Intelligence is coming into its own as a stand-alone technology that helps humans make decisions, create media and manage large-scale online platforms, among many other things.

    It is also a sort of "operating system" for other leading-edge technologies such as automation, DevOps, chatbots, and robotics. AI-driven applications will touch nearly every area of our lives. That's why AI majors’ study human cognition decision-making along with networks, programming and computer science.

    Short-term Demand: Artificial intelligence specialists are in strong demand now. AI is a young, expanding field that is creating outstanding career opportunities.

    Long-term Outlook: Forbes reports that AI will create $15.7 trillion in economic value by 2030 and lead to 12 million new jobs by 2025. Recruiting site ZipRecruiter.com calls the career prospects for AI professionals "excellent." The site notes that AI is expected to grow "explosively" over the coming decades as the technology matures and finds its way into more uses.

    University of Advancing Technology offers multiple Cyber Security Degrees

    Trend 3: The Scourge of Cybercrime

    The cost of cybercrime is expected to exceed $6.1 trillion in 2021, according to Cyber Security Ventures. That's $190,000 every second.

    Whether they are guarding against identity theft, preventing destructive hacking or detecting and defeating espionage, fighting cybercrime is a growth area for well-trained professionals. Sadly, as long as there are cyber targets, there will be cybercrime. Society depends on a new generation of cybersecurity superheroes to deter, detect and defeat it.

    Short-term Demand: 74% of companies worry that a lack of cybersecurity talent will put their data at immediate risk, Forbes reports. The New York Times calls the current employment market a "mad dash" to find qualified information security professionals.

    Long-term Outlook: The Bureau of Labor Statistics expects the demand for cybersecurity experts to remain strong for the next decade, at least.


    Choosing a Technology-Focused University

    An investment in education is an investment in your future. We have seen that one way to maximize your investment is to consider both immediate and longer-term career implications. Choosing which college to attend is just as important as choosing the right major. Just like your degree, you want to make sure your university is the right fit for you.

    Technology changes fast. So, it is crucial to choose a university that is fully dedicated to preparing you for your future. Rigorous academic coursework and extensive hands-on skills building will provide a broad and deep foundation on which to build your technology career. Ask your potential college how often they update the technologies, software, and tools you will be using. You can’t learn the newest advancing technologies if you’re working with outdated equipment.

    Life-long learning is important for any degree major but even more so for technology majors. Technology is exciting because it is constantly changing, and you need to be ready to change with it. Seek out a university that offer opportunities for continued learning after you graduate. Look for alumni programs and benefits that will help you advance in your career long after your graduation date.

    Classes, studying, and working on course projects will make up the bulk of your college career, however, don’t forget to look outside the classroom for more to learn. Take advantage of social clubs, student events, and networking opportunities to build a group of like-minded friends and maybe even future colleagues or business partners.

    College can be expensive so invest wisely. Speak with financial advisors to learn what programs and scholarships are available. Spend some time researching grants or private sources of aid. Consider the length of time you will be in college too. Most bachelor’s degrees require four-years of study however, if your university of choice offers accelerated programs or year-round study, then you may be able to graduate sooner. That means you can be earning a salary and moving up the company ladder while your peers are still in school paying for tuition, books and room and board.


    Putting it all Together: Choosing Your Tech Major and College

    Choosing a technology major should be fun and exciting and done with some planning for the future. Technology careers can be rewarding and long-lived with the right plan of action in place. That plan starts with choosing a major that aligns with your interests and goals for what you want to accomplish in your career. Selecting the right university will ensure that you get a solid academic foundation in your major of choice, build lasting relationships with like-minded people, and provide the tools and resources for life-long learning that will help you build and grow a great tech career.

    If you're interested in a career in technology, University of Advancing Technology is a great place to start. UAT is an elite, private university that offers cutting-edge technology majors at it's Tempe, Arizona campus, online, and hybrid classes. This tech-focused University has the status of being among a select few 100% STEM-based universities in the nation. Learn more at UAT.edu or request information.

    University of Advancing Technology campus in Tempe, AZ. Students gathering in the courtyard

    read more
    less

    UAT Promotes Cyber Security Awareness Month with Tips & Anecdotes


    UAT has led the way in cyber security since the late 90s, writing the rule books for cyber security education in Arizona.   Marking over 20 successful years since the inception of its elite Network Security degree program, UAT is proud to participate in Cyber Security Awareness Month, during the month of October, allowing our faculty of experts to share important...

    UAT has led the way in cyber security since the late 90s, writing the rule books for cyber security education in Arizona.

     

    Marking over 20 successful years since the inception of its elite Network Security degree program, UAT is proud to participate in Cyber Security Awareness Month, during the month of October, allowing our faculty of experts to share important information on cyber security with the public.

     

    UAT recognizes the importance of training cyber security experts, in its students, alumni, faculty and in local members of the community.

     

    We have compiled a few tips and anecdotes about our students below.

     

    From Cyber Security Program Champion Greg Miles:

     

    • Security isn’t an instant solution. It's a lifetime process that must be integrated from the very first steps of any project.
    • Introducing the concepts of cyber security and identity protection at an early age, will help you in the battle against the bad guys a.k.a. hackers.
    • UAT provides students with a security education that includes traditional theory, extensive hands-on, innovation projects, and industry exposure. UAT strives to provide employers with well-rounded and well-educated employees to support this rapidly-growing field. We're priming white hat, ethical hackers for good
    • UAT students and alumni have the opportunity to work as paid volunteers at Black Hat and attend DEFCON. These epic experiences provide students with extensive exposure to multiple cyber security companies, which is better than any job fair, and awesome experience to add to their resume.

     

    UAT Cyber Security students at Black Hat
    UAT Cyber Security students at Black Hat

     

     

     

    From Network Security Professor Mason Galatas:

     

    • Cyber security is really, really important. These figures help illustrate why.
    • The network security attack surface is expected to reach 4 billion by 2020, just over two years from today. Cyber crime is expect to triple during this time. Now is the time to educate yourself.
    • A hack can cripple a company. A security breach, without appropriate remediation measures and response capability, both of which are expensive, can force a company out of business. According to the NCSA, 60 percent of small and medium companies that experience a data breach go out of business within six months.

     

    Cyber Security Awareness Month at University of Advancing Technology Professor Mason Galatas with Cyber Security Alumni Will Peterson

     

    From UAT President Jason Pistillo:

    • Having started a degree teaching students how to defend networks in 1998, we’ve helped contribute to the Arizona cyber security industry by pre-populating the talent pool for 20 years.
    • That’s allowed a record amount of cyber companies to germinate here in Arizona, Including Trusona (headed by Ori Eisen), Terraverde (Ed Vasko) and CellTrust (Sean Moshir).
    • With the momentum of talent and active cyber companies in Arizona, we have the opportunity to cement Arizona as a central hub for cyber security like the silicon valley of cyber.
    • Anyone can be a script kiddie, it’s takes brilliance, creativity and discipline to be a true cyber security professional and that’s why UAT is so passionate about making sure graduates have proven they have the skills, have competed and won multiple competitions including WRCCDC and created an innovation in their field.

     

    Cyber Security students at WRCCDC - Take 2nd Place Cyber Security students at WRCCDC - Take 2nd Place

     

    • Our information and privacy is becoming more precarious by the second. The more connected the world gets, the more vulnerable we are; but the worst part is the societal apathy that’s emerging towards breaches of confidential information, privacy and the disregard for Intellectual Property.

    Want to know more about cyber security from UAT's experts?

     

    UAT is hosting a Cyber Security Open House on Oct. 12, with industry experts, faculty and alumni to offer tips on how to stay safe online and talk about the importance of Cyber Security education to the public.

     

    Learn more about protecting yourself online. Dive into what it's like working for the Cyber Security Industry. Celebrate Cyber Security Awareness month on October 12, with a full slate of activities, industry talks, and topics involving some of industry's top professionals. Don’t miss out on this incredible educational event!

     

    What: UAT Cyber Security Open House

    When: Thursday, Oct. 12, from 6:30-8:30 p.m.

    Where: University of Advancing Technology: 2625 W. Baseline Rd. Tempe, AZ 85283

    Why: To celebrate Cyber Security Awareness Month and educate the public on tips to stay safe online.

    Event is Over

     

    See you on Thursday night!

     

    read more
    less

    UAT Hosted 2nd Annual Cyber Security Open House


    UAT held the 2nd Annual Cyber Security Open House on Thursday, Oct. 12, in conjunction with the national cause, Cyber Security Awareness Month.   UAT Cyber Security professors Wayne Kibbe and Mason Galatas teamed up to present a slideshow on the basics of cyber security and how to protect yourself the best you can from hackers.   Professor...

    UAT held the 2nd Annual Cyber Security Open House on Thursday, Oct. 12, in conjunction with the national cause, Cyber Security Awareness Month.

     

    UAT Cyber Security professors Wayne Kibbe and Mason Galatas teamed up to present a slideshow on the basics of cyber security and how to protect yourself the best you can from hackers.

     

    Professor Wayne Kibbe said, “Cyber Security education is very important for several reasons. First, the demand for cyber security skills is rapidly growing and US Labor Department reports claim shortages for the foreseeable future. Second, as more and more devices connect to the internet, the chances of individuals getting hacked is increasing. A career in the field could be very rewarding by protecting not only individual consumers, but private businesses and government agencies as well.”

     

    Some important takeaways from the presentation include:

    • Online shopping is a risk - make sure to use credit cards versus debit cards due to extra built-in protection from credit card companies. Gift cards are even more secure.
    • Social media can give away too much personal information. Avoid sharing your address, phone number, birthdate and schools you or your family has attended. Also, don't advertise on social media that you are on vacation. You'll catch attention from the wrong people!

     

    Cyber Security - tips to stay safe online by UAT Cyber Security experts Cyber Security - tips to stay safe online by UAT Cyber Security experts

     

    • Social engineering - be careful what information you share with people who are randomly and overly curious in specific personal questions.
    • Free WiFi may look legit, but beware it could be disguised with a common name like "Starbucks Guest" so the customer is likely to assume it's safe and for the use of Starbucks customers. Use a Virtual Private Network (VPN) to be sure communications are safe, even on a public network.
    • Be aware of other tech in your house that may connect to the Internet such as an XBox, Smart TV's, refrigerators, thermostats and more. These devices can be vulnerable to attacks, as well.
    • Update your software. Hackers commonly target software that does not update automatically because users are less likely to run updates regularly themselves. This can create opportunities for bad guys to infiltrate the program.
    • Passwords are hugely important so don't be generic. If you struggle in creating a unique password, try multi-factor authentication. In addition to multi-factor authentications, applications such as Lastpass can create lengthy and random passwords for you.

     

    For more information on cyber security and how you can reach a higher level of training and education, please click to learn more about UAT.

    read more
    less

    Evening Open House


    Curious about a career in tech?     Stop by the University of Advancing Technology during our open house event to learn how our exciting technology degrees will prepare you for a future-proof career in ...

    Curious about a career in tech?

     

    openhouseCyber-1

     

    Stop by the University of Advancing Technology during our open house event to learn how our exciting technology degrees will prepare you for a future-proof career in cybersecurity, computer science, artificial intelligence, robotics, business technology and more.

     

    Ready to take your career to the next level? Check out our patent-pending graduate degree programs in technology leadership or game production and management.

     

    Busy with work? No problem. We use SyncFlex, a flexible learning model, which enables students to attend class in person, participate via livestream or watch a recording of class anytime.

     

    When:
    Thursday June 27th

    5:30pm - 7:30pm

     

    Where:

    University of Advancing Technology

    2625 West Baseline Road

    Tempe, AZ 85283

     

    Here's the schedule:

     

    1. Faculty Meet & Greet (5:30 p.m. - 6 p.m.)
    2. Cyber Security Degree Focus (6 p.m. - 7 p.m.)
    3. Campus Tours (7 p.m. - 7:30 p.m.)

     

    Click here to RSVP

     

    Questions? Reach out to Erin: eeichhorst@uat.edu. She is awesome!

     

    Logo 172x172

     

    read more
    less