User Tools

Site Tools


course_on_offensive_technologies

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
course_on_offensive_technologies [2017/11/20 12:53]
elena.bortolotti@unitn.it [Offensive Technologies]
course_on_offensive_technologies [2021/01/29 10:58] (current)
Line 16: Line 16:
 ==== Syllabus ==== ==== Syllabus ====
  
-The goal of the 2017/2018 course is //Class Capture The Flag in Security Testbeds//.+The goal of the 2019/2020 course is //Class Capture The Flag in Security Testbeds//.
  
 Students learn how to set-up an operational environments (complex networks) in the [[https://​deter-project.org/​about_deterlab|DETER Cyber Security Testbed]] and then we will run through several case studies for the set-up of a network and its defense (Students will play alternatively attack and defense). Students learn how to set-up an operational environments (complex networks) in the [[https://​deter-project.org/​about_deterlab|DETER Cyber Security Testbed]] and then we will run through several case studies for the set-up of a network and its defense (Students will play alternatively attack and defense).
Line 32: Line 32:
  
 This will be followed by two exercises for pre-qualification This will be followed by two exercises for pre-qualification
-  * Identify actual vulnerabilities from a sample of source code (when given an indication of the type of vulnerabilities and the fragment of the source code) - **Exercise to be held on Tue26 (See Schedule)** +  * Identify actual vulnerabilities from a sample of source code (when given an indication of the type of vulnerabilities and the fragment of the source code) - **Exercise to be held on Mon23/09 (See Schedule)** 
-  * be able run some basic Linux operating systems tasks in the Testbed - ** Exercise to be held remotely by each student and discussed in class by Wed. 27 **+  * be able run some basic Linux operating systems tasks in the Testbed - ** Exercise to be held remotely by each student and discussed in class by Fri. 27/09 **
  
 ==== Credits ==== ==== Credits ====
Line 42: Line 42:
   * 2-4 points for the vulnerability exercise   * 2-4 points for the vulnerability exercise
   * 15 points for the DETERLab exercises   * 15 points for the DETERLab exercises
-  * 15 points for the DETERLab CCTF +  * 15 points for the DETERLab CCTF reports 
-  * 3  points for the advanced ​presentation on Malware Lab software+  * 3  points for the advanced ​presentations
  
 ===== Lecturers ===== ===== Lecturers =====
-  * [[http://www.massacci.org|Fabio Massacci]] +  * [[https://disi.unitn.it/​~massacci/​|Fabio Massacci]] 
-  * Federico Casano ​(TA) +  * [[https://​giorgioditizio.github.io/​| Giorgio Di Tizio (TA)]]
  
 ===== Sample of Projects in Past Academic Years ==== ===== Sample of Projects in Past Academic Years ====
Line 71: Line 71:
  
 [[course_on_offensive_technologies_2016|Offensive Technologies (2016/​2017)]]. From Vulnerabilities to Exploits [[course_on_offensive_technologies_2016|Offensive Technologies (2016/​2017)]]. From Vulnerabilities to Exploits
 +
 +[[course_on_offensive_technologies_2017|Offensive Technologies (2017/​2018)]]. Class Capture the Flag on DETERLab
 +
  
 ===== Schedule ===== ===== Schedule =====
Line 76: Line 79:
 The lectures/​seminars etc. are on  The lectures/​seminars etc. are on 
  
-  * Tue13-15 room A212 +  * Mon11:30-13:30 room A203 
-  * Wed. 13-15 room A212+  * Fri. 13:30-16:30 room A223
  
-On **Wed Oct 25** we are in A211.+On **Mon Sept. 23** the vulnerability exercise will be in A202.
 ===== Lectures ===== ===== Lectures =====
  
-==== Past Lectures ==== +==== Lectures ==== 
 +Lectures timeline ** TO BE CONFIRMED **
 ^ Date ^ Topic ^ Slides ^ Other Material ^ ^ Date ^ Topic ^ Slides ^ Other Material ^
-2017-09-12 | Course Introduction | | [[http://​docs.deterlab.net/​education/​student-intro/​|Introduction to DETERLab]] ​+2019-09-16 | Course ​and DeterLab ​Introduction | |  
-2017-09-19 | Introduction to Vulns in code {{:​teaching:​offtech:​2017:​offtech-2017-02-vulnerabilities.pdf|Slides}}| | +2019-09-20 | Introduction to Vulns | | | 
-2017-09-20 | Introduction to DETERLab | [[http://​docs.deterlab.net/​education/​guidelines-for-students/​|Guidelines for Students]] | [[https://​www.isi.deterlab.net/​file.php?​file=/​share/​shared/​LinuxandDeterLabintro|Linux Exercise]] | +2019-09-23 | Vulnerability ​Exam   
-| 2017-09-26 ​| Vulnerability ​Test {{:​teaching:​offtech:​2017:​offtech-2017-vuln-exercise-solutions.pdf|Solutions}} | Exercises [[https://​goo.gl/​EVZivn|1]],​ [[https://​goo.gl/​KM8x9T|2]],​ [[https://​goo.gl/​FwYq7r|3]],​ [[https://​goo.gl/​DivBgL|4]],​ [[https://​goo.gl/​yD3j59|5]],​ [[https://​goo.gl/​AV4Srf|6]] ​+2019-09-27 ​  ​| ​Scanning attacks and Nmap | |  | 
-2017-09-27 ​  ​| ​Targeted Attacks ​{{:​teaching:​offtech:​2017:​offtech-2017-intrusion-1.pdf|Slides First Part}} ​|  | +2019-09-30   | Technological vectors pt.| |  
-2017-10-03   | Untargeted Attacks | {{:​teaching:​offtech:​2017:​offtech-2017-3-untargeted.pdf|Slides Second Part}}| | +2019-10-04 ​  ​| ​Debriefing ​| |  
-2017-10-04 ​  ​| ​Internetworking debriefing ​{{:​teaching:​offtech:​2017:​offtech-2017-4-technologicalvectors.pdf|Slides Third Part}} | [[https://​www.isi.deterlab.net/​file.php?​file=/​share/​shared/​Internetworking|Internetworking Exercise]] on DETERLab ​+2019-10-07   | Technological vectors pt.| | | 
-2017-10-10   | Shellcode writing | {{:​teaching:​offtech:​2017:​offtech-2017-5-shallcode.pdf|Slides}} ​See Hacking the Art of Exploitation ​+2019-10-11 ​  | Debriefing | | | 
-2017-10-11 ​  | Debriefing | | [[https://​www.isi.deterlab.net/​file.php?​file=/​share/​shared/​Softwareexploitsexercise|Secure Server Exercise]] (Buffer Overflow) on DETERLab ​|  +2019-10-14   | Denial of Service | | |  
-2017-10-17   | Denial of Service | {{:​teaching:​offtech:​2017:​offtech-2017-06-ddos.pdf|Slides}} ​[[https://​krebsonsecurity.com/​2016/​09/​krebsonsecurity-hit-with-record-ddos/​|Krebs attacked by DDoS]], [[https://​www.incapsula.com/​blog/​malware-analysis-mirai-ddos-botnet.html|Technical analysis of the Mirai DDoS]]|  ​ +2019-10-18 ​  | Debriefing |  | |   
-2017-10-18 ​  | Debriefing ​(contd) ​| | Secure Server Exercise (Other Exercises) on DETERLab ​+2019-10-21   | Snort| | | 
-2017-10-24   | BGP Lecture | {{:​teaching:​offtech:​2017:​offtech-2017-07-bgpsecurity.pdf|}}| | +2019-10-25 ​  | Debriefing | | | 
-2017-10-25 ​  | Debriefing ​ | | [[https://​www.isi.deterlab.net/​file.php?​file=/​share/​shared/​TCPSYNFloodexercise|DoS Syn Flood Exercise]] ​|  +2019-10-28   | BGP  ​| | |  
-2017-10-31   | Debriefing ​| | [[https://​www.isi.deterlab.net/​file.php?​file=/​share/​shared/​BGPhijacking|BGP Exercises ]] | +2019-11-01   | ** No lecture (Holiday** | | | 
- +2019-11-04   | Debriefing | | | 
- +2019-11-08 ​ | Debriefing | | | 
-==== Upcoming Lectures ==== +2019-11-11  ​| ​APTs | | | 
- +2019-11-15 ​ | Debriefing | | | 
-During the Debriefing sessions a random selection of students discuss their material and solutions.  +2019-11-18  ​| ​Mass Attackers ​| | | 
- +2019-11-22 ​ | CCTF #1| | | 
-^ Date ^ Topic ^ Slides ^ Other Material ^ +2019-11-25  ​| ​Debriefing CCTF| | | 
-01/11/17   | No lecture (Holidays) | | | +2019-11-29 ​ | CCTF #2| | | 
-07/11/17   | No Lecture (prof is at ESEM) | |  +2019-12-02  ​| ​Debriefing ​CCTF| | | 
-2017-11-08 ​ | Debriefing | | [[https://​www.isi.deterlab.net/​file.php?​file=/​share/​shared/​SecuringlegacysystemswithSnort|Snort Exercise]] on DETERlab ​+2019-12-06 ​ | SOC experiments| | | 
-2017-11-14  ​| ​CCTF-Resilient ​| | [[https://​www.isi.deterlab.net/​file.php?​file=/​share/​shared/​ResilientserverCCTF|CCTF Resilient Server Exercise on DETERLab]] ​|  +2019-12-09   ** No lecture ** | | | 
-2017-11-15 ​ | Debriefing | | |  +2019-12-13 ​  ​** No lecture ** | | | 
-2017-11-21  ​| ​CCTF-Resilient  ​| |  +2019-12-16   | CCTF Presentation ​| | | 
-2017-11-22 ​ | Debriefing ​| | | +2019-12-20 ​  ​CCTF Presentation ​| | |
-2017-11-28  ​| ​No lecture (prof is at FDSE) | | | +
-2017-11-29 ​ | Trial CCTF Secure Server ​| |  ​[[http://​steel.isi.edu/​Projects/​Intel/​CTF/​ctf2.html|CCTF Secure Server Exercise on DETERLab]] ​+
-2017-12-05  | CCTF Secure Server ​| | | +
-2017-12-06 ​ | Debriefing ​| | | +
-2017-12-12  ​Attack Presentations ​| | | +
-2017-12-13 ​ Defense Presentations ​| | | +
-2017-12-19  ​| CCTF Advanced ​| | | +
-2017-12-20 ​ Exploit Kit Lab | | | +
 ===== Other Material ===== ===== Other Material =====
  
 Other material is available in Google Classroom or in the Malware Lab Shares. Other material is available in Google Classroom or in the Malware Lab Shares.
  
course_on_offensive_technologies.txt · Last modified: 2021/01/29 10:58 (external edit)