Calendar
Software Security
- Day 1 (1/10)
- Intro and Course Logistics
- Seed Chs. 1 and 2
- Lab SEED Lab Setup
- Day 2 (1/12)
- Exploiting Access Control and Software Environments
- Lab SetUID and Env. Vars
- Your Daily Phrack: The Underground Scene
- Lab SetUID and Env. Vars
- Day 3 (1/19)
- Shellcode
- Lab Shellcode
- Required reading: Smashing the stack
- Your Daily Phrack: UNIX for the moderate
- Lab Shellcode
- Day 4 (1/24)
- Stack Smashing
- Seed Ch. 4
- Lab Buffer Overflows
- Your Daily Phrack: Frame Pointer Overwriting
- Day 5 (1/26)
- Stack Smashing (cont’d)
- Your Daily Phrack: Non-terminating adjacent memory spaces
- Day 6 (1/31)
- Return-oriented Programming
- Seed Ch. 5
- Lab ROP
- Your Daily Phrack: Advanced return-to-libc
- Day 7 (2/2)
- ROP Lab Work
- Your Daily Phrack: Bypassing StackGuard
- Day 8 (2/6)
printf
for fun and for profit- Seed Ch. 6
- Lab Format String Vulnerability Lab
- Your Daily Phrack: Exploiting JIT Engines
- Day 9 (2/9)
- Format String Lab Work
- Your Daily Phrack: Bypassing ASLR
- Day 12 (2/14)
- Shellshock
- Seed Ch. 3
- Lab Shellshock Lab
- Your Daily Phrack: Unix Nasties
- Day 13 (2/16)
- Fuzzing
- Optional Lab Fuzzing Lab
- Your Daily Phrack: Dynamic Program Analysis
- Optional Lab Fuzzing Lab
System Security
- Day 12 (2/21)
- Lab Code Injection and Binary Exploitation
- Your Daily Phrack: Shared library call redirection
- Lab Code Injection and Binary Exploitation
- Day 13 (2/23)
- Exploiting Speculative Execution
- Your Daily Phrack: Hijacking Linux Page Faults
- Day 14 (2/28)
- Kernel Backdoors and Rootkits
- Lab Backdoor to the Kernel
- Your Daily Phrack: Infecting LKMs
- Lab Backdoor to the Kernel
- Day 15 (3/2)
- Dropped Drive Attacks
- Optional Lab Dropped Drive Attacks
- Your Daily Phrack: Advances in Kernel Hacking
- Optional Lab Dropped Drive Attacks
Crypto
- Day 16 (3/7)
- Password Cracking
- Optional Lab Password Cracking
- Your Daily Phrack: Guide to encryption
- Optional Lab Password Cracking
- Day 17 (3/9)
- Rootkit/Password Lab Work
- Your Daily Phrack: BIOS
- Day 18 (3/21)
- Intro to Crypto
- SEED Ch. 21
- Lab Symmetric Key Encryption
- Your Daily Phrack: Elliptic Curve Crypto
- Day 19 (3/23)
- Public Key Crypto
- SEED Ch. 23
- Lab RSA
- Your Daily Phrack: VM Escape
Web Security
- Day 20 (3/28)
- Cross-site Scripting
- SEED Ch. 11
- Your Daily Phrack: The Shadow over Firefox
- Day 21 (3/30)
- SQL Injection
- SEED Ch. 12
- Your Daily Phrack: Adobe Shockwave
- Lab SQL Injection
Network Security
- Day 22 (4/4)
- Packet Sniffing and Spoofing I
- SEED Ch. 15
- Your Daily Phrack: Packet-Switched Network Security
- Day 23 (4/6)
- Packet Sniffing and Spoofing II
- SEED Ch. 15
- Lab Packet Sniffing
- Your Daily Phrack: Blind TCP/IP Hijacking
- Day 24 (4/11)
- TCP Attacks I
- SEED Ch. 16
- Your Daily Phrack: Linux Network Layer
- Day 25 (4/13)
- TCP Attacks II
- SEED Ch. 16
- Lab TCP Attacks
- Your Daily Phrack: Hacking the Network Stack
- Day 26 (4/18)
- Firewalls I
- SEED Ch. 17
- Your Daily Phrack: Breaking through a Firewall
- Day 27 (4/20)
- Firewalls II
- SEED Ch. 17
- Lab Firewall Lab
- Your Daily Phrack: IP Spoofing Demystified
- Day 28 (4/25)
- DNS Attacks I
- SEED Ch. 18
- Your Daily Phrack: DNS Linenoise
- Day 29 (4/27)
- DNS Attacks II
- SEED Ch. 18
- Lab DNS Attacks
- Your Daily Phrack: LOKI2