Table of Contents

Offensive Technologies (2016/2017)

This course is one of the security courses of the Security Group in Trento.

It is offered in the framework of the Security and Privacy Master| of the European Institute of Innovation and Technology (ICT Labs).

It is also available in the normalMaster Degree in Computer Science and in Communication Engineering at the University of Trento.

Please se the current course on Offensive Technologies for up to date information.

General Information

The course aims at advancing students’ concrete knowledge of attacks on operating systems, networks, and applications witha significant spur of creativity. Security notices (and even proof of concept exploits) are a little more than research ideas. They tells that something may be possible but do not explain the details (for obviosu security reasons). The students must use their creativity to understand what can possibly work and transforms the gaps and holes in the description into a workable product.

This course is also part of the 10K students , an European (so far) initiative to improve cyber-security education.

Syllabus

The goal of the 2016/2017 course is from Vulnerabilities to Exploit.

This course will be divided in essentially two tracks: analytic and technical.

The technical track will include the actual development of the exploit an a successful grade will mean that the student has been able to successful craft his or her own exploit. In the analytic track students will analyze other exploits from the wild and discuss their similarities.

This is a practical hand-on course. There would be few lectures and mostly they would be presentations by students themselves to report how they are going.

The course include having access to software that may be used to damage other people's computers. Hence, students who wishes to particpate to this course must sign an ethical code of conduct and a non-disclosure agreement.

Qualification for the Course

In order to be admitted to the course students will have to pass the following lab exercises

Admission to the course is guaranteed if at least 50% of BOTH exercises is completed by the student (at least 2 vulnerabilities approximately identified AND the completed setup of the first exploit kit, bleeding life).

Credits

This is an eligible course. This course is available for 12 ECTS Credits.

Lecturers

Past Lectures

Date Topic Track Slides Other Material
14.09 First lectureAll students Admin. Technical Introd.
19.09 General introduction to vulnerabilities All Vulnerabilities
21.09 Finding vulns. in source code (excercise, all students) All See Google Classroom
26.09 General lecture on Exploit Kits All Exploit kits Cybercrime surveys and reports: Targeted attacks in a world of scale Folk models of home comp. sec. Threat inflation; Ekits: Large scale XSS detection Anatomy of Exploit Kits Explit-as-a-service Exploiting ad-based url shortening
28.09 Exercise on Exploit Kits All See Google Classroom
3.1 Malware Markets All
5.1 Task assignment All
10.1 Feedback on vulnerabilities All
12.1 Feedback on vulnerabilities All
17.1 Presentation on vulnerabilities Analysts See Google Classroom
19.1 Presentation on vulnerabilities Technical See Google Classroom
24.1 Recent Attacks to USA All NYT Coverage of the attack to Dyn and earlier coverage, Mirai's reported distribution, NYT Coverage of Mirai, OVH and Krebs; OVH initial attack and Mirai's description, Kreb's moaning, read the posts!, The actual vulnerability and one of the first IoT Botnet
26.1 Feedback on exploits All Exploit assignment
2.11 Feedback on exploits All ,
7.11 Presentation on Linux 0-day, Tomcat, HT exploits Analysts
9.11 Demo of Tomcat Exploits Technical
14.11 Feedback session All offtech-2016-06-final-report.pdf
16.11 Feedback session All
21.11 Feedback session All
23.11 Feedback session All
28.11 Presentation on NSA attacks/targets Analysts
30.11 Demo of Jenkins and Spring Exploits Technical
5.12 Feedback session (problems, failures, ideas) All
7.12 Feedback session (problems, failures, ideas) All
12.12 Presentation on comparison between exploits Analysts
14.12 Presentation on comparison between exploits Analysts
19.12 Skeleton of final report All Optional submission of a skeleton to get feedback of content
19.12 Demo of working exploit Technical
21.12 Demo of working exploit Technical
15.01 Report Submission All See Google Classroom
22.01 Grading and Discussion All For final day see Google Classroom/ESSE3
06.02 Resubmission All

Other Material

Other material is available in Google Classroom or in the Malware Lab Shares.