User Tools
course_on_offensive_technologies
Differences
This shows you the differences between two versions of the page.
|
course_on_offensive_technologies [2019/09/16 15:24] giorgio.ditizio@unitn.it [Lectures] |
course_on_offensive_technologies [2021/01/29 11:58] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Offensive Technologies ====== | ||
| - | |||
| - | This course is one of the [[teaching_activities|security courses]] of the [[start|Security Group]] in Trento. | ||
| - | |||
| - | |||
| - | It is offered at the University of Trento in the framework of the [[https://masterschool.eitdigital.eu/programmes/cse/|Cyber Security track]] of the [[https://www.eitdigital.eu/|European Institute of Innovation and Technology (EIT Digital)]] Master School programme. | ||
| - | |||
| - | It is also available in the normal[[http://web.unitn.it/en/scienze/6859/master-science-computer-science|Master Degree in Computer Science]] and in [[http://offertaformativa.unitn.it/en/lm/information-and-communications-engineering |Information and Communications Engineering]] at the University of Trento. | ||
| - | |||
| - | ===== General Information ===== | ||
| - | |||
| - | The course aims at advancing students’ concrete knowledge of attacks on operating systems, networks, and applications witha significant spur of creativity. Security notices (and even proof of concept exploits) are a little more than research ideas. They tells that something may be possible but do not explain the details (for obviosu security reasons). The students must use their creativity to understand what can possibly work and transforms the gaps and holes in the description into a workable product. | ||
| - | |||
| - | This course is also part of the [[http://10Kstudents.eu|10K students]] {{:teaching:offtech:2014:10k_students_logo.png?80|}}, an European (so far) initiative to improve cyber-security education. | ||
| - | |||
| - | ==== Syllabus ==== | ||
| - | |||
| - | The goal of the 2019/2020 course is //Class Capture The Flag in Security Testbeds//. | ||
| - | |||
| - | Students learn how to set-up an operational environments (complex networks) in the [[https://deter-project.org/about_deterlab|DETER Cyber Security Testbed]] and then we will run through several case studies for the set-up of a network and its defense (Students will play alternatively attack and defense). | ||
| - | |||
| - | This is a practical hand-on course. There would be few lectures and mostly they would be presentations by students themselves to report how they are going. | ||
| - | |||
| - | If the number of attendees is too small, individual projects will be assigned for the EIT students who need to attend the course. | ||
| - | |||
| - | |||
| - | ** Qualification for the Course ** | ||
| - | |||
| - | The course includes having access to software that may be used to damage other people's computers. Hence, students who wishes to participate to this course //**must**// sign an ethical code of conduct and a non-disclosure agreement. | ||
| - | |||
| - | Since the course requires mastering complex techniques, a self-assessment questionnaire followed by an on-line test will be used to determined whether you have the right skills for the project. | ||
| - | |||
| - | This will be followed by two exercises for pre-qualification | ||
| - | * Identify actual vulnerabilities from a sample of source code (when given an indication of the type of vulnerabilities and the fragment of the source code) - **Exercise to be held on Mon. 23/09 (See Schedule)** | ||
| - | * be able run some basic Linux operating systems tasks in the Testbed - ** Exercise to be held remotely by each student and discussed in class by Fri. 27/09 ** | ||
| - | |||
| - | ==== Credits ==== | ||
| - | |||
| - | This is an eligible course. This course is available for 12 ECTS Credits. | ||
| - | |||
| - | Grading is organized as follows: | ||
| - | * 2-4 points for the vulnerability exercise | ||
| - | * 15 points for the DETERLab exercises | ||
| - | * 15 points for the DETERLab CCTF reports | ||
| - | * 3 points for the advanced presentations | ||
| - | |||
| - | ===== Lecturers ===== | ||
| - | * [[https://disi.unitn.it/~massacci/|Fabio Massacci]] | ||
| - | * [[https://giorgioditizio.github.io/| Giorgio Di Tizio (TA)]] | ||
| - | |||
| - | ===== Sample of Projects in Past Academic Years ==== | ||
| - | |||
| - | We also report a selection of past projects successfully pursued by students. | ||
| - | |||
| - | [[course_on_offensive_technologies_2014|Offensive Technologies (2014/2015)]]. Development of ROP exploits. | ||
| - | * Francesco LaSpina. | ||
| - | * {{:teaching:offtech:2014:report_la_spina_168100.pdf| ROP Exploit (1) CVE-2011-3659 + Snort detection, Integer overflow exploit CVE-2013-0750}} | ||
| - | * Davide Martintoni. | ||
| - | * {{:teaching:offtech:2014:appsecprj_report-_rev2015-01.pdf|Heap overflow CVE-2009-3373}} | ||
| - | * {{:teaching:offtech:2014:martintonidavide_secondexploit_v3.pdf|ROP Exploit (2) CVE-2011-3659}} | ||
| - | |||
| - | [[course_on_offensive_technologies_2015|Offensive Technologies (2015/2016)]]. Analysis of Governmental malware. | ||
| - | * Amit Gupta, Ali Davanian. | ||
| - | * {{:teaching:offtech:2015:reports:mswordexploitanalysis_hackingteam.pdf|MS Word Exploit Analysis.}} | ||
| - | * {{:teaching:offtech:2015:reports:codeanalysis_hackingteam.pdf|Malware repo analysis}} | ||
| - | * Martin Pozdena, Zhongying Qiao. | ||
| - | * {{:teaching:offtech:2015:reports:d3_pozdena_qiao_exploit.pdf|Internet Explorer Exploit Analysis}} | ||
| - | * {{:teaching:offtech:2015:reports:d3_qiao_pozdena_rcs-backdoor.pdf|RCS Backdoor analysis}} | ||
| - | * {{:teaching:offtech:2015:reports:d3_pozdena_qiao_core-linux.pdf|Core backdoor for Linux}} | ||
| - | * {{:teaching:offtech:2015:reports:d3_pozdena_qiao_core-android.pdf|Core backdoor for Android}} | ||
| - | |||
| - | [[course_on_offensive_technologies_2016|Offensive Technologies (2016/2017)]]. From Vulnerabilities to Exploits | ||
| - | |||
| - | [[course_on_offensive_technologies_2017|Offensive Technologies (2017/2018)]]. Class Capture the Flag on DETERLab | ||
| - | |||
| - | |||
| - | ===== Schedule ===== | ||
| - | |||
| - | The lectures/seminars etc. are on | ||
| - | |||
| - | * Mon. 11:30-13:30 room A203 | ||
| - | * Fri. 13:30-16:30 room A223 | ||
| - | |||
| - | On **Mon Sept. 23** the vulnerability exercise will be in A202. | ||
| - | ===== Lectures ===== | ||
| - | |||
| - | ==== Lectures ==== | ||
| - | Lectures timeline ** TO BE CONFIRMED ** | ||
| - | ^ Date ^ Topic ^ Slides ^ Other Material ^ | ||
| - | | 2019-09-16 | Course and DeterLab Introduction | | | | ||
| - | | 2019-09-20 | Introduction to Vulns | | | | ||
| - | | 2019-09-23 | Vulnerability Exam | | | | ||
| - | | 2019-09-27 | Scanning attacks and Nmap | | | | ||
| - | | 2019-09-30 | Technological vectors pt.1 | | | | ||
| - | | 2019-10-04 | Debriefing | | | | ||
| - | | 2019-10-07 | Technological vectors pt.2 | | | | ||
| - | | 2019-10-11 | Debriefing | | | | ||
| - | | 2019-10-14 | Denial of Service | | | | ||
| - | | 2019-10-18 | Debriefing | | | | ||
| - | | 2019-10-21 | Snort| | | | ||
| - | | 2019-10-25 | Debriefing | | | | ||
| - | | 2019-10-28 | BGP | | | | ||
| - | | 2019-11-01 | ** No lecture (Holiday) ** | | | | ||
| - | | 2019-11-04 | Debriefing | | | | ||
| - | | 2019-11-08 | Debriefing | | | | ||
| - | | 2019-11-11 | APTs | | | | ||
| - | | 2019-11-15 | Debriefing | | | | ||
| - | | 2019-11-18 | Mass Attackers | | | | ||
| - | | 2019-11-22 | CCTF #1| | | | ||
| - | | 2019-11-25 | Debriefing CCTF| | | | ||
| - | | 2019-11-29 | CCTF #2| | | | ||
| - | | 2019-12-02 | Debriefing CCTF| | | | ||
| - | | 2019-12-06 | SOC experiments| | | | ||
| - | | 2019-12-09 | ** No lecture ** | | | | ||
| - | | 2019-12-13 | ** No lecture ** | | | | ||
| - | | 2019-12-16 | CCTF Presentation | | | | ||
| - | | 2019-12-20 | CCTF Presentation | | | | ||
| - | ===== Other Material ===== | ||
| - | |||
| - | Other material is available in Google Classroom or in the Malware Lab Shares. | ||
course_on_offensive_technologies.txt · Last modified: 2021/01/29 10:58 (external edit)
Page Tools
