User Tools

Site Tools


course_on_offensive_technologies

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

course_on_offensive_technologies [2018/10/02 02:13]
fabio.massacci@unitn.it
course_on_offensive_technologies [2019/09/16 15:24] (current)
giorgio.ditizio@unitn.it [Lectures]
Line 16: Line 16:
 ==== Syllabus ==== ==== Syllabus ====
  
-The goal of the 2017/2018 course is //Class Capture The Flag in Security Testbeds//.+The goal of the 2019/2020 course is //Class Capture The Flag in Security Testbeds//.
  
 Students learn how to set-up an operational environments (complex networks) in the [[https://deter-project.org/about_deterlab|DETER Cyber Security Testbed]] and then we will run through several case studies for the set-up of a network and its defense (Students will play alternatively attack and defense). Students learn how to set-up an operational environments (complex networks) in the [[https://deter-project.org/about_deterlab|DETER Cyber Security Testbed]] and then we will run through several case studies for the set-up of a network and its defense (Students will play alternatively attack and defense).
Line 32: Line 32:
  
 This will be followed by two exercises for pre-qualification This will be followed by two exercises for pre-qualification
-  * Identify actual vulnerabilities from a sample of source code (when given an indication of the type of vulnerabilities and the fragment of the source code) - **Exercise to be held on Tue26 (See Schedule)** +  * Identify actual vulnerabilities from a sample of source code (when given an indication of the type of vulnerabilities and the fragment of the source code) - **Exercise to be held on Mon23/09 (See Schedule)** 
-  * be able run some basic Linux operating systems tasks in the Testbed - ** Exercise to be held remotely by each student and discussed in class by Wed. 27 **+  * be able run some basic Linux operating systems tasks in the Testbed - ** Exercise to be held remotely by each student and discussed in class by Fri. 27/09 **
  
 ==== Credits ==== ==== Credits ====
Line 42: Line 42:
   * 2-4 points for the vulnerability exercise   * 2-4 points for the vulnerability exercise
   * 15 points for the DETERLab exercises   * 15 points for the DETERLab exercises
-  * 15 points for the DETERLab CCTF +  * 15 points for the DETERLab CCTF reports 
-  * 3  points for the advanced presentation on Malware Lab software+  * 3  points for the advanced presentations
  
 ===== Lecturers ===== ===== Lecturers =====
-  * [[http://www.massacci.org|Fabio Massacci]] +  * [[https://disi.unitn.it/~massacci/|Fabio Massacci]] 
-  * Federico Casano (TA) +  * [[https://giorgioditizio.github.io/| Giorgio Di Tizio (TA)]]
  
 ===== Sample of Projects in Past Academic Years ==== ===== Sample of Projects in Past Academic Years ====
Line 71: Line 71:
  
 [[course_on_offensive_technologies_2016|Offensive Technologies (2016/2017)]]. From Vulnerabilities to Exploits [[course_on_offensive_technologies_2016|Offensive Technologies (2016/2017)]]. From Vulnerabilities to Exploits
 +
 +[[course_on_offensive_technologies_2017|Offensive Technologies (2017/2018)]]. Class Capture the Flag on DETERLab
 +
  
 ===== Schedule ===== ===== Schedule =====
Line 76: Line 79:
 The lectures/seminars etc. are on  The lectures/seminars etc. are on 
  
-  * Tue13-15 room A212 +  * Mon11:30-13:30 room A203 
-  * Wed. 13-15 room A212+  * Fri. 13:30-16:30 room A223
  
-On **Wed Oct 25** we are in A211.+On **Mon Sept. 23** the vulnerability exercise will be in A202.
 ===== Lectures ===== ===== Lectures =====
  
-==== Past Lectures ==== +==== Lectures ==== 
 +Lectures timeline ** TO BE CONFIRMED **
 ^ Date ^ Topic ^ Slides ^ Other Material ^ ^ Date ^ Topic ^ Slides ^ Other Material ^
-2017-09-12 | Course Introduction | | [[http://docs.deterlab.net/education/student-intro/|Introduction to DETERLab]] +2019-09-16 | Course and DeterLab Introduction | |  
-2017-09-19 | Introduction to Vulns in code {{:teaching:offtech:2017:offtech-2017-02-vulnerabilities.pdf|Slides}}| | +2019-09-20 | Introduction to Vulns | | | 
-2017-09-20 | Introduction to DETERLab | [[http://docs.deterlab.net/education/guidelines-for-students/|Guidelines for Students]] | [[https://www.isi.deterlab.net/file.php?file=/share/shared/LinuxandDeterLabintro|Linux Exercise]] | +2019-09-23 | Vulnerability Exam   
-| 2017-09-26 | Vulnerability Test {{:teaching:offtech:2017:offtech-2017-vuln-exercise-solutions.pdf|Solutions}} | Exercises [[https://goo.gl/EVZivn|1]], [[https://goo.gl/KM8x9T|2]], [[https://goo.gl/FwYq7r|3]], [[https://goo.gl/DivBgL|4]], [[https://goo.gl/yD3j59|5]], [[https://goo.gl/AV4Srf|6]] +2019-09-27   | Scanning attacks and Nmap | |  | 
-2017-09-27   | Targeted Attacks | {{:teaching:offtech:2017:offtech-2017-intrusion-1.pdf|Slides First Part}} |  | +2019-09-30   | Technological vectors pt.| |  
-2017-10-03   | Untargeted Attacks | {{:teaching:offtech:2017:offtech-2017-3-untargeted.pdf|Slides Second Part}}| | +2019-10-04   | Debriefing | |  
-2017-10-04   | Internetworking debriefing {{:teaching:offtech:2017:offtech-2017-4-technologicalvectors.pdf|Slides Third Part}} | [[https://www.isi.deterlab.net/file.php?file=/share/shared/Internetworking|Internetworking Exercise]] on DETERLab +2019-10-07   | Technological vectors pt.| | | 
-2017-10-10   | Shellcode writing | {{:teaching:offtech:2017:offtech-2017-5-shallcode.pdf|Slides}} See Hacking the Art of Exploitation +2019-10-11   | Debriefing | | | 
-2017-10-11   | Debriefing | | [[https://www.isi.deterlab.net/file.php?file=/share/shared/Softwareexploitsexercise|Secure Server Exercise]] (Buffer Overflow) on DETERLab |  +2019-10-14   | Denial of Service | | |  
-2017-10-17   | Denial of Service | {{:teaching:offtech:2017:offtech-2017-06-ddos.pdf|Slides}} [[https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/|Krebs attacked by DDoS]], [[https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html|Technical analysis of the Mirai DDoS]]|   +2019-10-18   | Debriefing |  | |   
-2017-10-18   | Debriefing (contd) | | Secure Server Exercise (Other Exercises) on DETERLab +2019-10-21   | Snort| | | 
-2017-10-24   | BGP Lecture | {{:teaching:offtech:2017:offtech-2017-07-bgpsecurity.pdf|}}| | +2019-10-25   | Debriefing | | | 
-2017-10-25   | Debriefing  | | [[https://www.isi.deterlab.net/file.php?file=/share/shared/TCPSYNFloodexercise|DoS Syn Flood Exercise]] |  +2019-10-28   | BGP  | | |  
-2017-10-31   | Debriefing | | [[https://www.isi.deterlab.net/file.php?file=/share/shared/BGPhijacking|BGP Exercises ]] +2019-11-01   | ** No lecture (Holiday** | | | 
-01/11/17   | No lecture (Holidays) | | | +2019-11-04   | Debriefing | | | 
-07/11/17   | No Lecture (prof is at ESEM) | |  +2019-11-08  | Debriefing | | | 
-2017-11-08  | Debriefing | | [[https://www.isi.deterlab.net/file.php?file=/share/shared/SecuringlegacysystemswithSnort|Snort Exercise]] on DETERlab +2019-11-11  | APTs | | | 
-2017-11-14  | CCTF-Resilient | | [[https://www.isi.deterlab.net/file.php?file=/share/shared/ResilientserverCCTF|CCTF Resilient Server Exercise on DETERLab]] |  +2019-11-15  | Debriefing | | | 
-2017-11-15  | Debriefing | | |  +2019-11-18  | Mass Attackers | | | 
-2017-11-21  | CCTF-Resilient  | |  +2019-11-22  | CCTF #1| | | 
-2017-11-22  | Debriefing | | | +2019-11-25  | Debriefing CCTF| | | 
-2017-11-28  | No lecture (prof is at FDSE) | | | +2019-11-29  | CCTF #2| | | 
-2017-11-29  | Trial CCTF Secure Server | |  [[http://steel.isi.edu/Projects/Intel/CTF/ctf2.html|CCTF Secure Server Exercise on DETERLab]] +2019-12-02  | Debriefing CCTF| | | 
-2017-12-05  | CCTF Secure Server | | | +2019-12-06  | SOC experiments| | | 
-2017-12-06  | Debriefing | | | +2019-12-09   ** No lecture ** | | | 
-2017-12-12  Attack Presentations | | | +2019-12-13   ** No lecture ** | | | 
-2017-12-13  Defense Presentations | | | +2019-12-16   | CCTF Presentation | | | 
-2017-12-19  | CCTF Advanced | | | +2019-12-20   CCTF Presentation | | |
-2017-12-20  Exploit Kit Lab | | | +
 ===== Other Material ===== ===== Other Material =====
  
 Other material is available in Google Classroom or in the Malware Lab Shares. Other material is available in Google Classroom or in the Malware Lab Shares.
  
course_on_offensive_technologies.1538439207.txt.gz · Last modified: 2018/10/02 02:13 by fabio.massacci@unitn.it