Today I went to my internship and we talked about types of places someone can work for in computer security. One think that I thought was really interesting was how everyone has flex hours, which means you decide what hours during the day you work, as long as you put in the number of hours needed. You can also work from home, which is another perk. Here is a list of various branches of work:

The other part of the day was spent working on creating ciphers. Today I made a shift cipher. A shift cipher converts the text input into numbers (ascii table). We then add "key" (which is a number you establish in the beginning of the program) to the converted number which changes the letter the number now represents. Because of this when you print the message to the screen it is no longer decipherable. Below is an example:

Shift Cipher: white is python code, black is the command line that runs the program

On Wednesday I went to my internship. I learned how to run a dll file in order to analyze it with malware and I also learned some beginning python programming. In order to run a dll you need to go to the command line (cmd) and go to the C directory type in rundll32.exe dllname, Exportname then press enter. Then do dynamic analysis on the dll.


In python I learned how to write print to the screen in python. I also learned the for loop "for i in range x" which prints the variables in the string x vertically. I also learned how to shift the letters in the string, which is the start of learning how to encrypt a message. I then began trying ( but did not finish) trying to encrypt a message that can be unencrypted.

Below are some pictures of my python code and what occurs when you run the program:

AAAS Conference

      This past weekend I went to the AAAS Conference in Boston. It very interesting and a lot of fun. At the conference there were talks ranging from medicine to physics to art. An important thing I noticed, however, is that many of the talks were interdisciplinary. My favorite exhibit at the exhibition is a good example of this.  The exhibit was done by both postdoc and graduate students from Canada, who wanted to model the human brain and with its firing synapses.  At the exhibit they had both a robot and a computer model. In order to make the model they had a group of biologists, neuroscientists, computer scientists, and engineers all working together. They said that some of the hardest things are to make a model that has a similar synaptic firing rate (computing rate) as the actual human brain and to create a physical model that both looks and acts like the computer model.
   
    The talk I liked most was about strokes and how we can help patients recover better. My favorite part was on regenerative strategies. The two methods of regeneration that they covered were Endogenous Stem Cell Stimulation and Exogenous Stem Cell Transplantation. The speaker was doing research on mice and rats for both of these methods and found them both to be effective.

Below is a link to the paper written by one of the speakers on Endogenous Stem Cell Stimulation.

http://www.ecf.utoronto.ca/~molly/publications/hydrogel%20delivery%20of%20erythropoietin...after%20stroke%20injury.pdf

Some other things I enjoyed while at the conference were...

Sticking a wooden stick through a balloon without popping it! A balloon is made out of polymers. When polymers are stretched, they become very ridged and easy to break, which is why a balloon normally pops. However, at the ends of the balloon the polymers are not stretched very tightly at all, allowing them to be flexible, therefore preventing them from breaking.

 Below is an example of two enantimors:

Yesterday I went to my internship. I learned how to do basic dynamic analysis on malware. First make sure you are in the virtual machine and that it is not connected to the internet. After that the next step is to open process explorer and Regshot. In Regshot take the first snapshot. Then open process monitor. After opening process monitor and quickly open the malware. After about a minute stop process monitor. Apply filters, such as the name of the executable and some operations like WriteFile and RegSetKey. Look for new executables (exe) created and find their location. If the exe. is created in HKLM\Software\Microsoft\Windows\CurrentVersion\run than the file will be started automatically when the computer starts up. This is a common place that malware creates new files. If you see that a file is created, find the file, hash it, and compare the hash to the hash of the original malware file. If they are the same the malware has copied itself. The next step is to take the second snapshot in Regshot, compare them and see what has changed. After doing so, check to see if the malware tries to connect to the network by using ApateDNS and Wireshark. Use ApateDNS to set up a fake network and to see what websites the malware tries to connect to. Then use Wireshark to see the ports it uses and to analyze the packets that the malware tries to send. You can also use another VM that uses Linux to listen in on what the malware is sending.

These are the basic steps in dynamic analysis. I will describe later what exactly each tool is used for.

I was not able to go to my internship on Friday because of the snow.

On Friday I went to my internship. I learned that there are two types of analysis. Static and Dynamic. In static analysis we do not run the malware. We look at the strings, the dlls, the imports, exports, and functions. If the malware is packed this can be a difficult tactic to use, because most of the code is hidden from our view. There are ways to unpack malware, but I have not gotten that far in the lesson. Dynamic analysis is when you run the malware and see what it does and how it affects the machine. It is important that you do dynamic analysis in a virtual machine, so you do not harm your computer or spread the malware. In class we also "cracked" the game solitaire. We changed the program so that are any valid move, you would win the game. This was one of my favorite parts of class this week. It was fun.