It is offered in the framework of the Security and Privacy Master| of the European Institute of Innovation and Technology (ICT Labs).
It is also available in the normalMaster Degree in Computer Science and in Communication Engineering at the University of Trento.
The course aims at advancing students’ concrete knowledge of attacks on operating systems, networks, and applications witha significant spur of creativity. Security notices (and even proof of concept exploits) are a little more than research ideas. They tells that something may be possible but do not explain the details (for obviosu security reasons). The students must use their creativity to understand what can possibly work and transforms the gaps and holes in the description into a workable product.
This course is also part of the 10K students , an European (so far) initiative to improve cyber-security education.
The goal of the 2017/2018 course is Class Capture The Flag in Security Testbeds.
Students learn how to set-up an operational environments (complex networks) in the DETER Cyber Security Testbed and then we will run through several case studies for the set-up of a network and its defense (Students will play alternatively attack and defense).
This is a practical hand-on course. There would be few lectures and mostly they would be presentations by students themselves to report how they are going.
If the number of attendees is too small, individual projects will be assigned for the EIT students who need to attend the course.
Qualification for the Course
The course includes having access to software that may be used to damage other people's computers. Hence, students who wishes to participate to this course must sign an ethical code of conduct and a non-disclosure agreement.
Since the course requires mastering complex techniques, a self-assessment questionnaire followed by an on-line test will be used to determined whether you have the right skills for the project.
This will be followed by two exercises for pre-qualification
This is an eligible course. This course is available for 12 ECTS Credits.
Grading is organized as follows:
We also report a selection of past projects successfully pursued by students.
Offensive Technologies (2014/2015). Development of ROP exploits.
Offensive Technologies (2015/2016). Analysis of Governmental malware.
Offensive Technologies (2016/2017). From Vulnerabilities to Exploits
The lectures/seminars etc. are on
|2017-09-12||Course Introduction||Introduction to DETERLab|
|2017-09-19||Introduction to Vulns in code||Slides|
|2017-09-20||Introduction to DETERLab||Guidelines for Students||Linux Exercise|
|2017-09-26||Vulnerability Test||Solutions||Exercises 1, 2, 3, 4, 5, 6|
|2017-09-27||Targeted Attacks||Slides First Part|
|2017-10-03||Untargeted Attacks||Slides Second Part|
|2017-10-04||Internetworking debriefing||Slides Third Part||Internetworking Exercise on DETERLab|
|2017-10-10||Shellcode writing||Slides||See Hacking the Art of Exploitation|
|2017-10-11||Debriefing||Secure Server Exercise (Buffer Overflow) on DETERLab|
|2017-10-17||Denial of Service||Slides||Krebs attacked by DDoS, Technical analysis of the Mirai DDoS|
|2017-10-18||Debriefing (contd)||Secure Server Exercise (Other Exercises) on DETERLab|
During the Debriefing sessions a random selection of students discuss their material and solutions.
|2017-10-25||Debriefing||DoS Syn Flood Exercise|
|01/11/17||No lecture (Holidays)|
|07/11/17||No Lecture (prof is at ESEM)|
|2017-11-08||Debriefing||Snort Exercise on DETERlab|
|2017-11-14||CCTF-Resilient||CCTF Resilient Server Exercise on DETERLab|
|2017-11-21||CCTF-Snort||CCTF SNORT Exercise on DETERLab|
|2017-11-28||No lecture (prof is at FDSE)|
|2017-11-29||No lecture (prof is at FDSE)|
|2017-12-05||CCTF Secure Server||CCTF Secure Server Exercise on DETERLab|
|2017-12-12||CCTF (TBC Secure Server Headstart)|
|2017-12-19||Presentations by students on Advanced Topics|
|2017-12-20||Presentations by students on Advanced Topics|
Other material is available in Google Classroom or in the Malware Lab Shares.