User Tools

Site Tools


course_on_offensive_technologies

Offensive Technologies

This course is one of the security courses of the Security Group in Trento.

It is offered at the University of Trento in the framework of the Cyber Security track of the European Institute of Innovation and Technology (EIT Digital) Master School programme.

It is also available in the normalMaster Degree in Computer Science and in Information and Communications Engineering at the University of Trento.

General Information

The course aims at advancing students’ concrete knowledge of attacks on operating systems, networks, and applications witha significant spur of creativity. Security notices (and even proof of concept exploits) are a little more than research ideas. They tells that something may be possible but do not explain the details (for obviosu security reasons). The students must use their creativity to understand what can possibly work and transforms the gaps and holes in the description into a workable product.

This course is also part of the 10K students , an European (so far) initiative to improve cyber-security education.

Syllabus

The goal of the 2017/2018 course is Class Capture The Flag in Security Testbeds.

Students learn how to set-up an operational environments (complex networks) in the DETER Cyber Security Testbed and then we will run through several case studies for the set-up of a network and its defense (Students will play alternatively attack and defense).

This is a practical hand-on course. There would be few lectures and mostly they would be presentations by students themselves to report how they are going.

If the number of attendees is too small, individual projects will be assigned for the EIT students who need to attend the course.

Qualification for the Course

The course includes having access to software that may be used to damage other people's computers. Hence, students who wishes to participate to this course must sign an ethical code of conduct and a non-disclosure agreement.

Since the course requires mastering complex techniques, a self-assessment questionnaire followed by an on-line test will be used to determined whether you have the right skills for the project.

This will be followed by two exercises for pre-qualification

  • Identify actual vulnerabilities from a sample of source code (when given an indication of the type of vulnerabilities and the fragment of the source code) - Exercise to be held on Tue. 26 (See Schedule)
  • be able run some basic Linux operating systems tasks in the Testbed - Exercise to be held remotely by each student and discussed in class by Wed. 27

Credits

This is an eligible course. This course is available for 12 ECTS Credits.

Grading is organized as follows:

  • 2-4 points for the vulnerability exercise
  • 15 points for the DETERLab exercises
  • 15 points for the DETERLab CCTF
  • 3 points for the advanced presentation on Malware Lab software

Lecturers

Sample of Projects in Past Academic Years

We also report a selection of past projects successfully pursued by students.

Offensive Technologies (2014/2015). Development of ROP exploits.

Offensive Technologies (2015/2016). Analysis of Governmental malware.

Offensive Technologies (2016/2017). From Vulnerabilities to Exploits

Schedule

The lectures/seminars etc. are on

  • Tue. 13-15 room A212
  • Wed. 13-15 room A212

On Wed Oct 25 we are in A211.

Lectures

Past Lectures

Date Topic Slides Other Material
2017-09-12 Course Introduction Introduction to DETERLab
2017-09-19 Introduction to Vulns in code Slides
2017-09-20 Introduction to DETERLab Guidelines for Students Linux Exercise
2017-09-26 Vulnerability Test Solutions Exercises 1, 2, 3, 4, 5, 6
2017-09-27 Targeted Attacks Slides First Part
2017-10-03 Untargeted Attacks Slides Second Part
2017-10-04 Internetworking debriefing Slides Third Part Internetworking Exercise on DETERLab
2017-10-10 Shellcode writing Slides See Hacking the Art of Exploitation
2017-10-11 Debriefing Secure Server Exercise (Buffer Overflow) on DETERLab
2017-10-17 Denial of Service Slides Krebs attacked by DDoS, Technical analysis of the Mirai DDoS
2017-10-18 Debriefing (contd) Secure Server Exercise (Other Exercises) on DETERLab
2017-10-24 BGP Lecture offtech-2017-07-bgpsecurity.pdf
2017-10-25 Debriefing DoS Syn Flood Exercise
2017-10-31 Debriefing BGP Exercises

Upcoming Lectures

During the Debriefing sessions a random selection of students discuss their material and solutions.

Date Topic Slides Other Material
01/11/17 No lecture (Holidays)
07/11/17 No Lecture (prof is at ESEM)
2017-11-08 Debriefing Snort Exercise on DETERlab
2017-11-14 CCTF-Resilient CCTF Resilient Server Exercise on DETERLab
2017-11-15 Debriefing
2017-11-21 CCTF-Resilient
2017-11-22 Debriefing
2017-11-28 No lecture (prof is at FDSE)
2017-11-29 Trial CCTF Secure Server CCTF Secure Server Exercise on DETERLab
2017-12-05 CCTF Secure Server
2017-12-06 Debriefing
2017-12-12 Attack Presentations
2017-12-13 Defense Presentations
2017-12-19 CCTF Advanced
2017-12-20 Exploit Kit Lab

Other Material

Other material is available in Google Classroom or in the Malware Lab Shares.

course_on_offensive_technologies.txt · Last modified: 2017/11/20 12:53 by elena.bortolotti@unitn.it