EY Cybersecurity Internships 2018 - 2019 · internet, cloud and ‘smart’ eCommerce are continually shaping our daily lives. But at the same time, as organizations leverage new

EY CybersecurityInternships 2018 - 2019Information for internships & theses

Page 2

Cyber Security at EY

We are committed to help our clients achieve their business strategies by providing them with objective and independent assessments and advices.

Advanced Malware Protection

Business Continuity Management

(D)DOS, Load and Stress Testing

Disaster Recovery

Forensic Investigations

Information Security Risk Management

IT Audit

Infrastructure Ethical Hacking

Network Infrastructure

Physical Security Assessments

Privacy and Data Protection

Awareness Campaigns

Maturity Assessments

Security Operation Centers

Program Transformations

Source Code Reviews

Threat Intelligence

Web application ethical hacking

Services we offer to our clients

Organizations must be prepared to combat against, manage and mitigatecyberattacks that can occur anytime, anywhere. Nowadays, InformationTechnology provides the opportunity to get closer to customers and respond tothem rapidly, which can significantly enhance the effectiveness and efficiency of acompany’s operations. Online technology enablers such as social media, mobileinternet, cloud and ‘smart’ eCommerce are continually shaping our daily lives. Butat the same time, as organizations leverage new technologies, new risks emerge,and information is under constant threat from attackers.

Therefore, companies thrive to putinformation security, data privacy and protection at the forefront of their agenda. EY Advisory has now more than 20 years of experience in improving the information and cyber security posture of industry leaders all over the globe.

Page 3

We look for the mindset

Students with the mindset to achieve and persevere can easilycatch our attention with out of the box ideas, especially in thefield of Cybersecurity. Therefore we encourage everyone toapply for an internship who believe they have what it takes.After an initial interview to determine our mutual interests, weassign a subject matter expert who functions as your primarycontact.

Why should you choose EY

We contribute to launch your career

As an intern, you are part of our high performing team. Yourpersonal and professional growth is at the heart of ourculture, and you will get the freedom to take your first stepstowards a successful career path. We can offer interns ourclient connections for your surveys, our software, hardwareand lab environment for testing purposes, and our extensiveexperience on the subject matter you study. Students withinternational interests, supported by their college oruniversity’s Erasmus program, may be interested in ourinternship opportunities in Spain (Barcelona) or Ireland(Dublin).

“The best thing about my internship was that I got the

freedom to explore every option I thought was

interesting. This freedom contributed to an internship

that was never dull nor boring, but also pushed me

to learn a lot about a subject I did not have much experience with.”

Geoffrey Van Den Berghe, intern 2016

“A few days after starting my internship, my mentor told me that I’ll be using a brand new

tool called “Apache NiFi”, which was completely

different from the initial idea, so it was quite a funny start.“

Dardan Prebeza, intern 2016

Contact us at : [email protected]

The remainder of this document describes the internship topics that we currently propose forthe academic year 2018-2019. You can apply now by contacting our Internship Coordinators.When doing so, please let us know where you are currently studying, when the internshipshould/could take place, as well as which topic(s) you are the most interested in.

The EY Cybersecurity Team has been offeringinternships to Belgian and international students since2006. During the past decade we learned that studentsare more than just potential interns, they are educatedand skilled individuals.

mailto:[email protected]

Topic overview

Cobalt Strike Analysis

Red Team Automation Testing

Cloud Penetration Testing Methodology

Phishing Techniques Analysis

Block Chain Security

iOS Penetration testing Methodology

Web Assembly Research

Privilege Access Management Analysis

Authentication scheme for enterprise users in financial sector

Potential of AI in security testing

Business game to promote information security

Third party risk management

Comparison of security standards for organizations

Measuring and managing cyber risk

HELK

NIS Directive framework for Belgium

A vulnerability disclosure policy template

Cyber risk management in digital Supply Chain

Cybersecurity capabilities in a technology-driven manufacturing environment

Cyber Threat Intelligence: choosing, modelling, processing and operating information

Technology standards and technology-driven risk mitigation in an Internet-of-Things infrastructure

Cybersecurity costs, investment domains and Return On Investment

Security by design - A comparative framework for implementing core security concepts in default configurations

Robotic code review

Topic overview

This list of example topics is not anexhaustive list, we can easily update thesetopics to fit your needs or interests and anytopic you propose that is within our line ofexpertise will be taken into account. Inother words, if you have an out of the boxidea we can help.

Page 6

Cobalt Strike Analysis

Objective & context

Cobalt Strike is an attack simulation tool typically used in Red-Team assessments with a lot ofcapabilities in terms of detection evasion.

The goal of this internship would be to enumerate and evaluate existing techniques for in-memory evasion and stealthy network communications, and ultimately build and test customprofiles for this tool that could be used in real-life engagements.

Aspects that should be covered

1 Enumerate customization functionality in profiles regarding beacon customization

2

3 Evaluate the effectiveness of the various capabilities

Research the different techniques used to evade detection

Test the evasion capabilities against various security solutions4

5 Based on the previous research, develop custom network communication profiles specifically engineered to blend in with regular traffic

Page 7

Red Team Automation Testing

Objective & context

As organizations face increasingly advanced cyber-attacks, the need for extensive securitytesting has increased. While regular penetration testing on applications has become built intothe development lifecycle, security testing a full organization is growing in popularity. Theseassessments, also called Red Team Assessments, simulate how a real attacker would attempt tohack an organization, using any means at its disposal.

Red team assessments require a group of experienced security individuals to spend a lot of timeto covertly gain access to the organization, exploit vulnerabilities and move through the networkto gain full control. In order to continuously test attack paths that a red team would use, anumber of automated red team frameworks have been developed. These frameworks mimictools and techniques used, and give an organization the opportunity to test their defenses on aday to day basis.


1 Research open source tools and industry red team automation tools

2

3 Create a ranking method highlighting advantages and disadvantages

Setup a small lab network where you can test tools of your choice

Research into cyber attack chains4

5 Research how to secure the lab environment to block or detect attacks performed by the tools

Page 8

Cloud penetration testingmethodology

Objective & context

More and more companies are now moving their IT environment to the cloud, which brings newchallenges related to security. The topic of this internship would first be to list all potential cloudsetup types (SaaS, IaaS, PaaS, etc.). Once the different type of cloud setups listed anddocumented, a security methodology should be researched and document for each type of cloudsetup / cloud provider.

In addition of that, a list of common cloud vulnerabilities should be documented, including thedescription, risk and impact and recommendations.This internship would cover both the technical and configuration components of the cloudenvironment assessment.


1 Research different cloud setups

2

3 Methodology for configuration review

Methodology for setup review

Common vulnerabilities 4

Page 9

Phishing Techniques Analysis

Objective & context

On a daily basis millions of phishing emails are spread all over the world by criminalorganizations. As security professionals we face phishing from a blue or red team perspective. Inthis internship we would like the intern to investigate the different aspects of phishing.Blue team perspective:• How to detect and prevent phishing emails• Create a procedure on how to investigate a phishing email• What to do after an attack?

Red team perspective:• Research common used vulnerabilities and existing techniques• Which tools can be used to perform an effective phishing attack?

The goal of this internship would be a report that describes all the different aspects of phishingand a live phishing exercise within our internal network.


1 Research existing common phishing techniques

2

3 Research tool setup

Research common vulnerabilities that are used

Perform live exercise4

Page 10

Block Chain Security

Objective & context

In the ever changing IT landscape, block chain is a new and undiscovered technology forfinancial institutes, which they are starting to use in small, proof of concept applications. To beable to help them implement this in a secure manner, we need to first research and understandthe security implications and possibilities ourselves. R3 Corda and Hyperledger Fabric are themain players in the Belgian financial market, being pushed by KBC and Belfius respectively. Yourgoal is to research, setup and evaluate three block chain technologies and provide EY with theinside needed to be able to guide financial institutes with their implementation.


1 Set-up R3 Corda & Hyperledger Fabric instances & one enterprise block chain solution of own choice

2

3 Create a checklist to be able to verify if a certain implementation was done securely

How to implement this in a secure manner (on and off ledger)

Page 11

iOS Penetration testingMethodology

Objective & context

EY performs iOS application penetration tests on regular basis and in order to keep up with thenew developments in the iOS system we are searching for a student who can update the iOStesting methodologies we currently have at EY. This includes trying new vulnerabilities whichwere disclosed in the past, identifying the attack surface of iOS applications and search for newtools which result in more efficient testing. All this information should be processed into amethodology framework to easily apply during engagements.


1 Enumerate common vulnerabilities

2

3 Write methodology

Investigate existing standards

Investigate Technologies / tools that can be used4

5 Incorporate previous work

Page 12

Web Assembly Research

Objective & context

Web assembly is a relative new technology in browsers which could be used to run applicationwritten in assembly flavour. The main advantage is that it increases the speed of the applicationwhich opens new possibilities for applications. For instance 3D games could be created and runin the browser seamlessly. We are searching for a student who would delve into this topic andperhaps discover potential vulnerabilities. The topic would involve heavily on reverseengineering of the browser implementation of web assembly. The ideal student has experiencewith assembly code and reverse engineering tools.


1 Identifying the features/possibilities with web assembly

2

3 Map the security limitations implemented for web assembly

Research the web assembly processing in one of the major browsers

Fuzz the assembly processing in one of the major browser4

5 Find opportunities to escape the sandbox and bypass the limited API.

Page 13

Privilege Access Management Analysis

Objective & context

The goal is to make an analysis of all the solutions on the market, and compare them in detail.The point of this would be to create a chart that could be helpful when deciding on whichsolution to rely on when implementing it for a client, according to their needs. A test of thesolutions could be performed as well.


1 Research open source tools

2

3 Develop use cases

Research industry based software

Research system integration options4

5 Find opportunities to escape the sandbox and bypass the limited API.

Page 14

Authentication scheme for enterprise users in financial sector

Objective & context

Password is the traditional way of authenticating users on information systems. However, toresist different attacks, their complexity needs to increase as the same pace as computing powerevolves. Moor’s law gives us a glimpse of what our passwords will look like in some years,humans won’t probably be able to remember such a complex sequence of characters. Therefore,the financial sector, but not only, is looking for other ways of authenticating both internal usersand customers. Those new authentication schemes come also with their challenges andquestions. For example, how to react on biometric information theft? What would be the idealorder of authentication factor in a step-up authentication?


1 Review authentication factors and models

2

3 Security vs usability

Threat and vulnerability study

Step-up authentication and order of authentication factors4

5 Propose a scheme (new or evolution) for enterprise user authentication in financial sector

Page 15

Potential of AI in security testing

Objective & context

In order to secure their environment, companies usually order security testing. Many securitytesting automation tools are available on the market, capable of analysis a defined scope againstknown vulnerabilities and writing a standard report to highlight weaknesses of the organisation.While this kind of security hygiene is important, finding unknown vulnerabilities before anattacker find them is crucial. That is why companies compete to hire the best security expertsable to execute penetration testing. This is not an exact science and practitioners do not follow acookbook but rather use information like business context or threat intelligence. Some researchalready show the potential of using Artificial Intelligence in testing in general to assist the tester.Security testing is no exception and surely can take advantage of using IA.


1 Study (some of) the possibilities of using Artificial Intelligence in security testing

2

3 Describe different AI model and give pros and cons to apply to automatic software testing

Literature study to describe the current state of the art

Page 16

Business game to promote information security

Objective & context

To promote information security across a broad population, we have created a business game that provides a fun introduction to the subject without requiring any subject-related knowledge. This business game can be played individually or by large groups, in a web-based version, as a board game or even in a classroom competition.

Our current version, the classroom competition, is a first version and is designed as a business game. Participants compete in different groups and need to invest wisely to maximize profits. Just as in real life, the environment in which the participants operate is highly competitive, subject to different regulations and with a legacy (business and IT) that is costly to change.

We want to further develop this classroom version based on current experience (align available time and difficulty), make a simpler version when less time is available, and develop a board game version and web based version.


1 Further develop the current use case

2 Develop a web based version

Page 17

Third party risk management

Objective & context

Organizations have understood the need to protect their information and systems: cybersecurity has caught management’s eye and resources (people and funding) often meet the actual need. One of the areas that are often overlooked are third parties; although the information stored by a third party (such as a SAAS provider) is still under the organization’s responsibility, this is often only managed contractually. The reputational risk however can never be transferred, and organizations are looking for better ways to enforce appropriate security.

Technical assessments (such as penetration tests) or Excel-based assessments (long questionnaires) have often been used to assess the third party’s security posture. These solutions only cover a small portion of the third party and are often only executed at the start of the contract. How secure is the information stored at a third party that was assessed only briefly 10 years ago?

A new methodology to assess the risk is needed; a simple approach that focusses on the actual risks instead of compliance is requested, that covers the needs for the organization while remaining simple and time-restricted for the third party.


1 Investigate current industry practices

2 Create a new methodology

Page 18

Comparison of security standards for organizations

Objective & context

Cybersecurity is a fast-evolving domain; protection measures that were ‘cutting edge’ a decadeago are hopelessly outdated today.To keep up with this pace, several standards have been developed. Some of these standards areissued by industry organizations and take a very broad approach that enables an organization toapply the standard to any scope, withstanding evolutions over time. Other standards, oftenissued by specific regulators / governing bodies, narrow the scope down to their field of interest.

Every organization must figure out which standards are applicable to them, and what thecompliance requirements or expectations are. Apart from that, each organization must alsofigure out a way to implement these standards (all of them or a subset) and keep track of theindividual requirements. Sometimes requirements can even contradict each other, making this avery difficult objective.


1 How can you certify or ensure your organization has good security management

2

3 What are the pros and cons of each standard

What is the value of compliance with the different standards

How can an organization deal with the different standards and requirements in an efficient manner4

5 How can the standards be used in a risk-based manner when limited budget is available

Page 19

Measuring and managing cyber risk

Objective & context

Risk management aims at ensuring a good view on the risks an organization faces, and beingprepared when these risks materialize. To measure the risk, mathematical models usinghistorical data and Monte Carlo analyses are often applied. For domains such as credit risk ormarket risk, this works out just fine.

Cyber risk however is harder to measure and manage. Historical data is only scarcely availableand risks can materialize in two ways: only sporadically but with a huge impact (e.g. a databreach), or with high frequency but limited impact. Traditional approaches cannot be usedtoday, but new methods are not yet widely available.


1 What are the methods available today for risk management (in general

2

3 Which historical data is available, and what is the correctness and quality of this data

Which methods are available to measure cyber risk; important to consider in this category are the FAIR methodology and attack graphs

Page 20

HELK

Objective & context

The main idea is to test a new Incident Response framework and test the capabilities it has to detect common breaches/attack vectors. However as this project is very new we wanted to test it capabilities against a checklist of items that are crucial to use the framework at clients.HELK is a combination of well-known tools for analytics and logging. “A Hunting ELK (Elasticsearch, Logstash, Kibana) with advanced analytic capabilities.”

The are 2 key parts here. One is to check how hard/easy it is to set up each component (listed below) and identify possible pitfalls or upsides. And the second part is to see how easy it is to automatically deploy some of these components. Also identify what manual actions would still be required.

The information and knowledge collected here will help with one of the next parts “See if it is possible to set-up if multiple components are already running for other purposes.”

The reason for this is to see how much time that we would need to have to put this in place at a client. This will help determine the cost and potentially identify where we will need training/support/time to do a correct deployment.


1

Check how scalable HELK is and if it is feasible in bigger environments

2

Checking how hard/easy deploying HELK is

3 Create some use cases (+ Dashboards) and see the adaptability of the solution

Page 21

NIS Directive framework for Belgium

Objective & context

The Directive on Security of Network and Information Systems (NIS) is the first piece of EU-widelegislation on cybersecurity. It provides leagal measures to boost the overall level ofcybersecurity in the EU. The Directive aims to increase the cybersecurity capabilities oforganizations providing services that can be considered "critical" for today's society.Organizations in scope are railway companies, electricity and water suppliers, telecomproviders, ...


1 Translate requirements into practically achievable cybersecurity controls.

2

3 Draft a basic set of practical guidelines on how to implement the European and Belgian requirements regarding the Directive on Security of Network and Information Systems.

Research Belgian organizations and categories of organizations that would fall under the requirements of the Directive on Security of Network and Information Systems.

Page 22

A vulnerability disclosure policy template

Objective & context

A Vulnerability Disclosure Policy is the digital equivalent of "see something, say something". Theintent of an organization's Vulnerability Disclosure Policy is to provide guidelines for anyone -ethical hackers, regular users or other - on how to report potentially known or unknowninformation security vulnerabilities in their applications or systems.

A Vulnerability Disclosure Policy should encourage vulnerabilities to be reported to theorganization rather than to be sold on the internet. Means of encouragement could be, forexample, rewards for discovered vulnerabilities.


1 Research global cybersecurity cases where inappropriate use of technology meant an increased risk for organizations in different stages of the Supply Chain.

2

3 Research existing and upcoming technologies that can enable the increase of cybersecurity capabilities of organizations working in different stages of the Supply Chain.

Research global cybersecurity cases where appropriate use of technology not only reduced the risk for organizations in different stages of the supply chain.

Page 23

Cyber risk management in digital Supply Chain

Objective & context

Digitalization and the surge of technological development mean that more processes, includingthe management of the Supply Chain, occur in an automated or a semi-automated manner andthat more and more devices are connected with each other and the Internet.

Automation and connectivity also mean increasing cybersecurity risks and the consequences ofloss of confidentiality, integrity and/or availability of information or systems can be devastatingfor an organization that relies on these systems.

Specifically in a Supply Chain environment, we see an increase in cybersecurity risks on a globallevel and interesting use cases of how technology can not only increase the risks for anorganization, but also help reduce the risks for these organizations if implemented according toleading standards and best practices.


1 Research best practices and standards regarding a Vulnerability Disclosure Policy and the ways major technology firms deal with this type of policy.

2

3 Draft a template Vulnerability Disclosure Policy containing template guidelines for disclosing and reporting vulnerabilities based on performed research.

Research criteria that would encourage the reporting of discovered vulnerabilities and the potential Return of Investment.

Develop meaningful use cases for the use of existing or upcoming technologies to increase the cybersecurity capabilities in manufacturing environments.

4

5 Develop a proof of concept to support the use cases of existing or upcoming technologies to increase the cybersecurity capabilities in manufacturing environments.

Page 24

Cybersecurity capabilities in a technology-driven manufacturing environment

Objective & context

Manufacturing companies are investing increasing amounts of money in automating varioussteps of their production process. The automation of manufacturing environments often comeswith connecting devices, interchanging information between different devices and relying oncomputers to perform various calculations and steer machines.

While these developments increase their revenue, they also increase their exposure to cyberattacks that might endanger the confidentiality, integrity and/or availability of the informationor systems in the production environment. Aside from increasing an organization's risks,technology can also be an enabling factor to increase the cybersecurity capabilities in aproduction environment.


1 Research global cybersecurity cases where inappropriate use of technology meant an increased risk for organizations in different stages of teh manufacturing process.

2

3 Research existing and upcoming technologies that can enable the increase of cybersecurity capabilities in manufacturing environments.

Research global cybersecurity cases where appropriate use of technology not only reduced the risk for organizations in different stages of the supply chain, but also helped the organization in increased productivity through automation and increased cybersecurity capabilities.

Develop meaningful usecases for the use of existing or upcoming technologies to increase the cybersecurity capabilities in manufacturing environments.

4

5 Develop a proof of concept to support the usecases of existing or upcoming technologies to increase the cybersecurity capabilities in manufacturing environments.

Page 25

Cyber Threat Intelligence: choosing, modelling, processing and operating information

Objective & context

In an ever changing world of technological development, the landscape of cyber threats evolvesas quickly as the economic interests of any cyber villain.

Information regarding new and existing threats is very valuable in this dynamic environment tohelp organizations protect themselves against external threats. The concept of Cyber ThreatIntelligence aims to provide an answer to this need, providing information regarding the latestcyber threats in a centralized, electronically available and accessible overview.

However, at this point, both open source and enterprise organizations are providing CyberThreat Intelligence feeds for organizations to take in either freely or as a paying customer.

Key challenges in this area remain the choice of appropriate threat intelligence feeds, modellingand processing the available feeds into a centralized platform and appropriately operating yourcybersecurity capabilities according to this information.


1 Identify and research open-source and enterprise cyber threat intelligence feeds, providing benchmark analysis, quality reviews and operability of the feeds.

2 Investigate the value of various Cyber Threat Intelligence feeds and their potential for integration with EY's Cyber Threat Intelligence platform.

Page 26

Technology standards and technology-driven risk mitigation in an Internet-of-Things infrastructure

Objective & context

Internet of Thing (IoT) combines connectivity with sensors, devices and people, enabling a formof free-flowing conversation between man and machine, software and hardware. With theadvancements in artificial intelligence and machine learning, these conversations can enabledevices to anticipate, react and respond to and enhance the physical world in much the sameway that the internet currently uses networks and computer screens to enhance the informationworld.

In a world where an increasing amount of businesses chooses for interconnected environmentsand IoT-like infrastructures, it's beneficial for these organizations to set up their environment ina secure manner right from the start. The concept of security by design can be translated intotechnology standards, equipment requirements and design instructions to ensure theconfidentiality, integrity and availability of information and or systems.


1 Research existing and upcoming standards for Cybersecurity in IoT-like connected environments and IoT-setups.

2 Develop, based on performed research, a set of guidelines to build a setup that is secure by design.

3 Research use cases and build a secure-by-design proof of concept that takes into account technology standards and best practices as per the performed research.

Page 27

Cybersecurity costs, investment domains and Return On Investment

Objective & context

Organizations across the world are investing in Cybersecurity because they want to ensure thatthey are protected against the cyber threats of today and tomorrow.

To answer to the ever changing threat landscape, organizations should invest in variouscybersecurity domains:- Prevention - to prevent attackers from getting into their infrastructure and gaining access totheir information- Security - to prevent attackers from gaining access to monetize valuable information once theygain access to it (i.e. encryption technologies, ...)- Resilience - to ensure that critical business infrastructure is up and running again as quickly aspossible after an attack.

In an ideal world, organizations score top-notch marks in every aspect of cybersecurity.Unfortunately, cybersecurity costs money, organizations often have to divide their budgetsacross several cyber-related domains and not all organizations can free up enough budget toachieve a state of the art cybersecurity environment.


1 Research into various aspects of cybersecurity and criteria to objectively analyze and compare costs of different cybersecurity domains.

2 Develop a methodology to analyze and compare costs of different cybersecurity domains based on performed research.

3 Draft a cost model for the implementation of a cybersecurity program in various types of businesses.

Page 28

Security by design - A comparative framework for implementing core security concepts in default configurations

Objective & context

During the set-up of new environments, architectures or software products, organizations oftenlack the incentive to include information security principles from the very foundation. Applyingsecurity patches and taking security considerations after the development or set-up has beencompleted are often as strong as sticking patches on a dam that will sooner or later breakentirely; it's never as strong as when it's built into the very foundation of the architecture. Theconcept of security by design aims at integrating key security principles into the very foundationof an architecture to ensure that the security is guaranteed from the very setup.


1 Research into the concept of security by design to identify the core principles to take into account.

2 Compare standards and best practices from industry and market leaders to draft a generic, overarching set of principles to take into account when working with security by design.

.3 Develop an implementation guide and a reference framework containing practical and operable guidelines for organizations to take into account when setting up an environment in a secure by design manner.

Page 29

Robotic code review

Objective & context

Secure coding standards are an important tool in every developer's bag of knowledge and arekey in the development of secure software. By adhering to secure coding standards, softwarecan be developed in a consistent and secure manner, while still being readable for otherdevelopers who are knowledgeable in the same standards. While teaching developers aboutsecure coding standards is one way of ensuring the security of software code, another way isreviewing the code they actually produce. In an ideal world, this happens in an automated way.


1 Investigate core concepts of secure coding standards based on previously performed research.

2 Draft functional and non-functional requirements for a tool that continuously monitors the security of code packages in a development environment and provides suggestions.

.3 Develop an automated code reviewing environment to ensure that the core concepts of secure coding standards are flagged, alerts are raised if required and suggestions for improvement of code are made to adhere to known secure coding standards.

Documents

EY Cybersecurity Internships 2018 - 2019 · internet, cloud and ‘smart’ eCommerce are continually shaping our daily lives. But at the same time, as organizations leverage new