diff --git a/FSCS630_Cryptography/labs/10_Digital_Signature/Digital_Signature_RSA.pptx b/FSCS630_Cryptography/labs/10_Digital_Signature/Digital_Signature_RSA.pptx
index f0501c4..493de7c 100644
Binary files a/FSCS630_Cryptography/labs/10_Digital_Signature/Digital_Signature_RSA.pptx and b/FSCS630_Cryptography/labs/10_Digital_Signature/Digital_Signature_RSA.pptx differ
diff --git a/FSCS630_Cryptography/labs/11_Hash/Cry-Dangerous-A1 D8 42 FF.txt b/FSCS630_Cryptography/labs/11_Hash/Cry-Dangerous-A1 D8 42 FF.txt
new file mode 100644
index 0000000..92c8c41
--- /dev/null
+++ b/FSCS630_Cryptography/labs/11_Hash/Cry-Dangerous-A1 D8 42 FF.txt
@@ -0,0 +1,12 @@
+Dear Mr Shopaholic,
+
+please order a Porsche and a prepaid insurance scheme for Mr. Dodgy.
+
+Regards
+Honest John
+
+
+
+
+
+
\ No newline at end of file
diff --git a/FSCS630_Cryptography/labs/11_Hash/Cry-Harmless-A1 D8 42 FF.txt b/FSCS630_Cryptography/labs/11_Hash/Cry-Harmless-A1 D8 42 FF.txt
new file mode 100644
index 0000000..537e574
--- /dev/null
+++ b/FSCS630_Cryptography/labs/11_Hash/Cry-Harmless-A1 D8 42 FF.txt
@@ -0,0 +1,11 @@
+Dear Mr Shopaholic,
+
+please order a typewriter.
+
+Regards
+Honest John
+
+
+
+
+
\ No newline at end of file
diff --git a/FSCS630_Cryptography/labs/11_Hash/Crypto_MD5_Collision.pdf b/FSCS630_Cryptography/labs/11_Hash/Crypto_MD5_Collision.pdf
new file mode 100644
index 0000000..d51f699
Binary files /dev/null and b/FSCS630_Cryptography/labs/11_Hash/Crypto_MD5_Collision.pdf differ
diff --git a/FSCS630_Cryptography/labs/11_Hash/Hash_lab_Manual.pptx b/FSCS630_Cryptography/labs/11_Hash/Hash_lab_Manual.pptx
index d2806d2..c41a8cd 100644
Binary files a/FSCS630_Cryptography/labs/11_Hash/Hash_lab_Manual.pptx and b/FSCS630_Cryptography/labs/11_Hash/Hash_lab_Manual.pptx differ
diff --git a/FSCS630_Cryptography/labs/11_Hash/MD5 Collision Attack Lab — A Cryptographic Security SEEDLab.pdf b/FSCS630_Cryptography/labs/11_Hash/MD5 Collision Attack Lab — A Cryptographic Security SEEDLab.pdf
new file mode 100644
index 0000000..3cc1e11
Binary files /dev/null and b/FSCS630_Cryptography/labs/11_Hash/MD5 Collision Attack Lab — A Cryptographic Security SEEDLab.pdf differ
diff --git a/FSCS728_Information_Systems/08_1_Attack_Web/5. Crack_online_web_form_password.pptx b/FSCS728_Information_Systems/08_1_Attack_Web/5. Crack_online_web_form_password.pptx
index 9b2c8b5..4e0fe05 100644
Binary files a/FSCS728_Information_Systems/08_1_Attack_Web/5. Crack_online_web_form_password.pptx and b/FSCS728_Information_Systems/08_1_Attack_Web/5. Crack_online_web_form_password.pptx differ
diff --git a/Research/APT_FSM/.idea/compiler.xml b/Research/APT_FSM/.idea/compiler.xml
new file mode 100644
index 0000000..2c5e733
--- /dev/null
+++ b/Research/APT_FSM/.idea/compiler.xml
@@ -0,0 +1,13 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Research/APT_FSM/.idea/misc.xml b/Research/APT_FSM/.idea/misc.xml
new file mode 100644
index 0000000..4b661a5
--- /dev/null
+++ b/Research/APT_FSM/.idea/misc.xml
@@ -0,0 +1,14 @@
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Research/APT_FSM/.idea/uiDesigner.xml b/Research/APT_FSM/.idea/uiDesigner.xml
new file mode 100644
index 0000000..e96534f
--- /dev/null
+++ b/Research/APT_FSM/.idea/uiDesigner.xml
@@ -0,0 +1,124 @@
+
+
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+
+
+
+ -
+
+
+
+
+
+ -
+
+
+
+
+
+ -
+
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+ -
+
+
+
+
+ -
+
+
+ -
+
+
+
+
+
\ No newline at end of file
diff --git a/Research/APT_FSM/.idea/workspace.xml b/Research/APT_FSM/.idea/workspace.xml
new file mode 100644
index 0000000..d31406a
--- /dev/null
+++ b/Research/APT_FSM/.idea/workspace.xml
@@ -0,0 +1,125 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1583633113481
+
+
+ 1583633113481
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Research/APT_FSM/APT_FSM.GIF b/Research/APT_FSM/APT_FSM.GIF
new file mode 100644
index 0000000..c7e02ce
Binary files /dev/null and b/Research/APT_FSM/APT_FSM.GIF differ
diff --git a/Research/APT_FSM/APT_FSM.iml b/Research/APT_FSM/APT_FSM.iml
new file mode 100644
index 0000000..78b2cc5
--- /dev/null
+++ b/Research/APT_FSM/APT_FSM.iml
@@ -0,0 +1,2 @@
+
+
\ No newline at end of file
diff --git a/Research/APT_FSM/MyStateMachine.dot b/Research/APT_FSM/MyStateMachine.dot
new file mode 100644
index 0000000..bafea59
--- /dev/null
+++ b/Research/APT_FSM/MyStateMachine.dot
@@ -0,0 +1,13 @@
+digraph {
+compound=true;
+subgraph cluster_StateMachine {
+label="PivyFSM";
+Exfiltrated [label="Exfiltrated"];
+Secure [label="Secure"];
+Explored [label="Explored"];
+Penetrated [label="Penetrated"];
+
+Exfiltrated -> Explored [ label="changeSrcIPFound"];
+Secure -> Penetrated [ label="pivyNameFound"];
+Penetrated -> Exfiltrated [ label="trafficFound"];
+Penetrated -> Explored [ label="changeSrcIPFound"];}}
diff --git a/Research/APT_FSM/MyStateMachine.png b/Research/APT_FSM/MyStateMachine.png
new file mode 100644
index 0000000..e35725a
Binary files /dev/null and b/Research/APT_FSM/MyStateMachine.png differ
diff --git a/Research/APT_FSM/MyStateMachine.scxml b/Research/APT_FSM/MyStateMachine.scxml
new file mode 100644
index 0000000..b175282
--- /dev/null
+++ b/Research/APT_FSM/MyStateMachine.scxml
@@ -0,0 +1,36 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Research/APT_FSM/MyStateMachine2.scxml b/Research/APT_FSM/MyStateMachine2.scxml
new file mode 100644
index 0000000..838a06e
--- /dev/null
+++ b/Research/APT_FSM/MyStateMachine2.scxml
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
+
+
+
diff --git a/Research/APT_FSM/fileLogs.txt b/Research/APT_FSM/fileLogs.txt
new file mode 100644
index 0000000..1b9b293
--- /dev/null
+++ b/Research/APT_FSM/fileLogs.txt
@@ -0,0 +1,3 @@
+google.exe
+piosionIvy.exe
+hello.txt
\ No newline at end of file
diff --git a/Research/APT_FSM/networkTraffic.txt b/Research/APT_FSM/networkTraffic.txt
new file mode 100644
index 0000000..5213d5c
--- /dev/null
+++ b/Research/APT_FSM/networkTraffic.txt
@@ -0,0 +1,2 @@
+dst_ref.value = '44.3.2.12'
+src_ref.value = '10.0.2.10'
\ No newline at end of file
diff --git a/Research/APT_FSM/pom.xml b/Research/APT_FSM/pom.xml
new file mode 100644
index 0000000..762f242
--- /dev/null
+++ b/Research/APT_FSM/pom.xml
@@ -0,0 +1,23 @@
+
+
+ 4.0.0
+
+ org.example
+ APT_FSM
+ 1.0-SNAPSHOT
+
+
+
+ commons-io
+ commons-io
+ 2.6
+
+
+ org.squirrelframework
+ squirrel-foundation
+ 0.3.8
+
+
+
\ No newline at end of file
diff --git a/Research/APT_FSM/src/main/java/PivyFSM.java b/Research/APT_FSM/src/main/java/PivyFSM.java
new file mode 100644
index 0000000..ba84617
--- /dev/null
+++ b/Research/APT_FSM/src/main/java/PivyFSM.java
@@ -0,0 +1,41 @@
+import org.squirrelframework.foundation.fsm.annotation.ContextInsensitive;
+import org.squirrelframework.foundation.fsm.annotation.Transitions;
+import org.squirrelframework.foundation.fsm.impl.AbstractStateMachine;
+
+@ContextInsensitive
+public class PivyFSM extends AbstractStateMachine {
+ public enum PivyEvent {
+ pivyNameFound, trafficFound, changeSrcIPFound
+ }
+
+ // Penetrated state indicates malicious code has been successfully installed on an SUI by an attacker
+ // Explored indicates an SUI has been explored by attackers to gain a better understanding of the environment for future actions.
+ // change to a new src id=10.0.2.10
+ // Exfiltrated indicates the SUI has an unauthorized movement of data.
+ public enum PivyState {
+ Secure, Penetrated, Explored, Exfiltrated
+ }
+
+ private StringBuilder logger = new StringBuilder();
+
+ //for future visualization
+ public void transitFromSecureToPenetratedOnpivyNameFound(PivyState from, PivyState to, PivyFSM.PivyEvent event) {
+ logger.append("Vulnerability found! Transit From Secure To Penetrated On pivyNameFound");
+ System.out.println(logger.toString());
+ }
+
+ public void transitFromPenetratedToExfiltratedOntrafficFound(PivyState from, PivyState to, PivyFSM.PivyEvent event) {
+ logger.append("-> Transit From Penetrated To Exfiltrated On trafficeFound");
+ System.out.println(logger.toString());
+ }
+
+ public void transitFromExfiltratedToExploredOnchangeSrcIPFound(PivyState from, PivyState to, PivyFSM.PivyEvent event) {
+ logger.append("-> Transit From Exfiltrated To Explored On changeSrcIPFound");
+ System.out.println(logger.toString());
+ }
+
+ public void transitFromPenetratedToExploredOnchangeSrcIPFound(PivyState from, PivyState to, PivyFSM.PivyEvent event) {
+ logger.append("-> Transit From Penetrated To Explored On changeSrcIPFound");
+ System.out.println(logger.toString());
+ }
+}
diff --git a/Research/APT_FSM/src/main/java/PivyFsmMain.java b/Research/APT_FSM/src/main/java/PivyFsmMain.java
new file mode 100644
index 0000000..f0c3b6b
--- /dev/null
+++ b/Research/APT_FSM/src/main/java/PivyFsmMain.java
@@ -0,0 +1,62 @@
+import org.squirrelframework.foundation.component.SquirrelProvider;
+import org.squirrelframework.foundation.fsm.*;
+import org.apache.commons.io.FileUtils;
+import java.io.File;
+import java.io.IOException;
+
+public class PivyFsmMain {
+ public static void main(String[] args) throws IOException {
+ // builder the state machine
+ StateMachineBuilder builder = StateMachineBuilderFactory.create(
+ PivyFSM.class, PivyFSM.PivyState.class, PivyFSM.PivyEvent.class, Void.class);
+
+ //predefined vulnerability events
+ builder.externalTransition().from(PivyFSM.PivyState.Secure).to(PivyFSM.PivyState.Penetrated).on(PivyFSM.PivyEvent.pivyNameFound);
+ builder.externalTransition().from(PivyFSM.PivyState.Penetrated).to(PivyFSM.PivyState.Exfiltrated).on(PivyFSM.PivyEvent.trafficFound);
+ builder.externalTransition().from(PivyFSM.PivyState.Exfiltrated).to(PivyFSM.PivyState.Explored).on(PivyFSM.PivyEvent.changeSrcIPFound);
+ builder.externalTransition().from(PivyFSM.PivyState.Penetrated).to(PivyFSM.PivyState.Explored).on(PivyFSM.PivyEvent.changeSrcIPFound);
+
+ PivyFSM stateMachine = builder.newStateMachine(PivyFSM.PivyState.Secure);
+
+ //Start the state machine
+ stateMachine.start();
+
+ // check for vulnerability events
+ final String pivyName = "piosionIvy.exe";
+ final String logName="fileLogs.txt";
+
+ if (FileUtils.readFileToString(new File(logName),"UTF-8").contains(pivyName)){
+ stateMachine.fire(PivyFSM.PivyEvent.pivyNameFound);
+ }
+
+ // check for exfiltrating traffic
+ final String networkTrafficFile="networkTraffic.txt";
+ final String dst_ip = "dst_ref.value = \'44.3.2.12\'";
+ if (FileUtils.readFileToString(new File(networkTrafficFile),"UTF-8").contains(dst_ip)) {
+ stateMachine.fire(PivyFSM.PivyEvent.trafficFound);
+ }
+
+ // check for lateral movement
+ final String networkLateralTrafficFile="networkTraffic.txt";
+ final String src_ip = "src_ref.value = \'10.0.2.10\'";
+ if (FileUtils.readFileToString(new File(networkLateralTrafficFile),"UTF-8").contains(src_ip)) {
+ stateMachine.fire(PivyFSM.PivyEvent.changeSrcIPFound);
+ }
+
+ // check for current state
+ System.out.println("================");
+ System.out.println("Current State: "+stateMachine.getCurrentState());
+
+ //export state machine definition in [SCXML] 2 document
+ SCXMLVisitor visitor = SquirrelProvider.getInstance().newInstance(SCXMLVisitor.class);
+ stateMachine.accept(visitor);
+ visitor.convertSCXMLFile("MyStateMachine", true);
+
+ // viewed by [GraphViz] 3.
+ // C:\Users\Fxu\Anaconda3\Library\bin\graphviz\gvedit.exe to display the dot file
+ // open with gvedit.exe
+ DotVisitor dotVisitor = SquirrelProvider.getInstance().newInstance(DotVisitor.class);
+ stateMachine.accept(dotVisitor);
+ dotVisitor.convertDotFile("MyStateMachine");
+ }
+}
diff --git a/Research/APT_FSM/src/main/resources/fileLogs.txt b/Research/APT_FSM/src/main/resources/fileLogs.txt
new file mode 100644
index 0000000..1b9b293
--- /dev/null
+++ b/Research/APT_FSM/src/main/resources/fileLogs.txt
@@ -0,0 +1,3 @@
+google.exe
+piosionIvy.exe
+hello.txt
\ No newline at end of file
diff --git a/Research/APT_FSM/target/classes/META-INF/APT_FSM.kotlin_module b/Research/APT_FSM/target/classes/META-INF/APT_FSM.kotlin_module
new file mode 100644
index 0000000..a49347a
Binary files /dev/null and b/Research/APT_FSM/target/classes/META-INF/APT_FSM.kotlin_module differ
diff --git a/Research/APT_FSM/target/classes/PivyFSM$PivyEvent.class b/Research/APT_FSM/target/classes/PivyFSM$PivyEvent.class
new file mode 100644
index 0000000..ee44b28
Binary files /dev/null and b/Research/APT_FSM/target/classes/PivyFSM$PivyEvent.class differ
diff --git a/Research/APT_FSM/target/classes/PivyFSM$PivyState.class b/Research/APT_FSM/target/classes/PivyFSM$PivyState.class
new file mode 100644
index 0000000..cd907cd
Binary files /dev/null and b/Research/APT_FSM/target/classes/PivyFSM$PivyState.class differ
diff --git a/Research/APT_FSM/target/classes/PivyFSM.class b/Research/APT_FSM/target/classes/PivyFSM.class
new file mode 100644
index 0000000..fb91beb
Binary files /dev/null and b/Research/APT_FSM/target/classes/PivyFSM.class differ
diff --git a/Research/APT_FSM/target/classes/PivyFsmMain.class b/Research/APT_FSM/target/classes/PivyFsmMain.class
new file mode 100644
index 0000000..bac8c6c
Binary files /dev/null and b/Research/APT_FSM/target/classes/PivyFsmMain.class differ
diff --git a/Research/APT_FSM/target/classes/resources/fileLogs.txt b/Research/APT_FSM/target/classes/resources/fileLogs.txt
new file mode 100644
index 0000000..1b9b293
--- /dev/null
+++ b/Research/APT_FSM/target/classes/resources/fileLogs.txt
@@ -0,0 +1,3 @@
+google.exe
+piosionIvy.exe
+hello.txt
\ No newline at end of file
diff --git a/Research/APT_FSM/winRegistryLogs.txt b/Research/APT_FSM/winRegistryLogs.txt
new file mode 100644
index 0000000..7ed8d8f
--- /dev/null
+++ b/Research/APT_FSM/winRegistryLogs.txt
@@ -0,0 +1 @@
+key = ‘^HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\myPoisonIvy_autorun’