PLaintext paste btw, no formatting yet.
SISMAT 2012 Agenda
This page holds links, topics, exercises, and the schedule for SISMAT 2012. Please feel free to improve and augment it with links, notes, or information. Please do give attribution to other sources if you include them. Monday 18 June
Everybody arrives. Tuesday 19 June (Overview, Introduction)
12:00 - 13:30 Welcome lunch / remarks (Sudi 213) Roundtable introduction Pre-test Papers Assigned 13:30 - 13:45 Break 13:45 - 14:00 Discussion Brief review of read-ahead materials: SISMAT Prep Material What do you want to see? Topics? Culture shock and shedding normal academic interaction Security Mailing Lists 14:00 - 16:30 “Security” What is security? (and Wordle) No-tech hacking: http://www.youtube.com/watch?v=5CWrzVJYLWw Linux command line basics strace
make sure you have access to a Unix or Linux platform vmware player virtualbox xen QEMU
Ethics http://www.dartmouth.edu/~reg/regulations/undergrad/acad-honor.html CACM Code of Ethics: http://www.acm.org/about/code-of-ethics
Wednesday 20 June (Ethics, System Basics, Shellcode)
08:30 - 09:00 Breakfast (Sudi 213) 09:00 - 10:30 Lecture 1 (Sudi 213) Ethics Discussion 10:30 - 11:00 Break 11:00 - 12:30 Lecture 2 (Sudi 213) Intro to IA-32, ELF format, ELF toolchain (readelf, objdump) 12:30 - 14:30 Lunch (2 hour break) 14:30 - 16:00 Lab 1 (Sudi 002) IA-32 Assembly Programming with NASM / System Calls on Linux 16:00 - 16:15 Break 16:15 - 18:00 Lab 2 (Sudi 002) Shellcode Disassembly
Setup: see how gcc produces x86 assembly. Examine assembly. How can we write small amount of assembly code and directly assemble from that to a valid ELF binary? For task 2, where do we find syscall definitions? What is the system call calling convention on Linux?
Task 1: Your task is to print out the distribution of instructions in glibc on your Linux machine. Task 2: Write a small assembly program to output “hello, world” Task 2b: (Optional) If you are ambitious, modify above program to read from a file or stdin and echo to stdout Task 3: (Optional) Modify your program to execve a shell
This lab further illustrates the system call calling conventions and how to spawn a shell via execve(2)
Task 1: Hand-execute a piece of shellcode ( http://www.shell-storm.org/shellcode/files/shellcode-606.php ) Task 2: Analyze the semantics of this shellcode (fix broken -p, patch xor ecx,ecx) Task 3: (Advanced: hand-execute a piece of polymorphic shellcode)
Goals / Outcomes
The purpose of these labs is to provide you with an introduction to low-level assembly programming and viewing the execution of programs from multiple layers of abstraction (source code, assembly code, ELF, system call API).
Things you should know after doing these labs:
Difference between a system call and a library call How to invoke a system call in Linux at the assembly level Understand how a program is loaded and executed by the OS Understand the ELF concept and format Understand the tools available for static disassembly (ndisasm, udcli, objdump -d) Understand how individual instructions manipulate various parts of the process address space
Reading for Wed. Night
http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html AoE: pages 19 - 37 AoE: pages 281 - 295 http://www.phrack.org/issues.html?issue=59&id=5&mode=txt
http://udis86.sourceforge.net/ (tool we can use for disassembly of byte sequences at the command line) http://www.phrack.com/issues.html?issue=56&id=9#article http://www.hick.org/code/skape/papers/needle.txt Intel Software Developers Manual, Volume 3A: System Programming Guide, Part 1 Sections 2.1, 2.2, 2.3, 2.4, 2.5 and 2.7 http://www.unixwiz.net/techtips/win32-callconv-asm.html
Ethical Considerations in Information Security
Notes Thursday 21 June (System Instrumentation)
08:30 - 09:00 Breakfast (Sudi 213) 09:00 - 10:30 Lecture 1 (Sudi 213) Hardware Support for Protection 10:30 - 11:00 Break 11:00 - 12:30 Lecture 2 (Sudi 213) understanding ptrace(2) kernel implementation 12:30 - 14:30 Lunch (2 hour break) 14:30 - 16:00 Lab 1 (Sudi 002) Guest Lecture: Dickie George 16:00 - 16:15 Break 16:15 - 18:00 Lab 2 (Sudi 002) ptrace exercises
template code is here http://tsg.cpsc.ucalgary.ca/teaching/ptrace/
These links point to various places in the Linux kernel source code dealing with ptrace.
The ptrace API: http://lxr.linux.no/#linux+v2.6.37/include/linux/ptrace.h (defines function prototypes for internal kernel service routines related to ptrace and “types” for ptrace requests) The platform-specific ptrace API: http://lxr.linux.no/#linux+v2.6.37/arch/x86/include/asm/ptrace.h The architecture-specific ABI: http://lxr.linux.no/#linux+v2.6.37/arch/x86/include/asm/ptrace-abi.h Definition of sys_ptrace system call function signature: http://lxr.linux.no/#linux+v2.6.37/include/linux/syscalls.h#L704 enumeration of sys_ptrace in the system call list (number 26): http://lxr.linux.no/#linux+v2.6.37/arch/x86/kernel/syscall_table_32.S#L28 Definition of Linux “task_struct”, the Process Control Block. Note particularly the location of ptrace-related flags and signal-related flags like 'ptrace', 'parent', 'real_parent', etc. http://lxr.linux.no/#linux+v2.6.37/include/linux/sched.h#L1182 The “highest” layer of ptrace's implementation dealing with finding the process to trace and attaching: http://lxr.linux.no/#linux+v2.6.37/kernel/ptrace.c#L697 (note the use of the SYSCALL_DEFINE4 macro) See definition of the SYSCALL_DEFINE macros: http://lxr.linux.no/#linux+v2.6.37/include/linux/syscalls.h#L188 The part of ptrace's implementation dealing with architecturally-specific requests: http://lxr.linux.no/#linux+v2.6.37/arch/x86/kernel/ptrace.c#L804
Intel Developer Manual Section 6.1 (Interrupt and Exception Overview) Section 6.2 (Exception and Interrupt Vectors) Section 6.10 (Interrupt Descriptor Table (IDT)) Section 6.11 IDT Descriptors Figure 2-1 (specifically, the IDTR+IDT use) Section 2.7 (System Instruction Summary) Table 2-2 Links http://wiki.osdev.org/Interrupt_Descriptor_Table http://www.logix.cz/michal/doc/i386/chp09-00.htm http://ece.wpi.edu/~wrm/Courses/EE3803/Labs/roehrl.html http://wiki.osdev.org/GDT_Tutorial VDSO definition: http://kernelnewbies.org/KernelGlossary#V Linux-gate vdso insight: http://www.trilithium.com/johan/2005/08/linux-gate/ SYSENTER/SYSEXIT trivia: http://lkml.org/lkml/2002/12/18/218
Friday 22 June (Debugging and Simple Vulnerabilities)
08:30 - 09:00 Breakfast (Sudi 213) 09:00 - 10:30 Lecture 1 (Sudi 213) Guest Lecture by Doug Madory, Renesys 10:30 - 11:00 Break 11:00 - 12:30 Lecture 2 (Sudi 213) GDB basics, stack setup/activation record layout/calling conventions 12:30 - 14:30 Lunch (2 hour break) 14:30 - 15:00 Lecture 3: Studying Risk, Wreckage, and Errors 15:00 - 16:00 Lab 1 (Sudi 002) libpng vuln analysis 16:00 - 16:15 Break 16:15 - 18:30 Lab 2 (Sudi 002) Inject small shellcode into target
Notes / References
This lab is a guided exercise and walkthrough of this vulnerability and a PoC exploit.
http://scary.beasts.org/security/CESA-2004-001.txt link to proof of concept PNG exploit: http://scary.beasts.org/misc/pngtest_bad.png http://www.kb.cert.org/vuls/id/388984 http://www.libpng.org/pub/png/libpng.html
Your machine likely has a number of these in place already, and performing basic exploit research to understand the basic concepts (e.g., those presented in “Smashing the Stack for Fun and Profit” http://www.phrack.com/issues.html?issue=49&id=14&mode=txt ) requires you to turn them off to remove some complexity. This includes (but isn't limited to:
compiling programs with fno-stack-protector turning off ASLR: as root, `echo 0 > /proc/sys/kernel/randomize_va_space' marking executables as needing executable data areas: `execstack -s a.out'
This lab is a joint class exercise to design the various pieces and then implement them.
Write a small piece of standalone assembly code that executes a system call (do something interesting, like open, read, or write to a file, or fetch the process ID) store the resulting bytes in a file write a small, intentionally-vulnerable program that opens the “payload” file and reads in the bytes to a buffer on the program's stack; you should construct this buffer and the payload so that you overwrite the return address make sure to disable any protections and enable something else FIXME running your victim program on your payload should cause your “injected” shellcode to execute and achieve the goal of your shellcode
Lab 3 (option)
“weaponize” the PoC libpng vulnerability
Lab 4 (option)
Profile ASLR w/ assembly code
Saturday 23 June (Shellcode Injection cont.)
noon - 1pm: prepare for shellcode injection exercise 1 - 2pm: pizza 2 - 5pm: shellcode injection lab 5 - 6pm: movie
Sunday 24 June (Off) Monday 25 June (Introduction to Network Security)
08:30 - 09:00 Breakfast (Sudi 213) 09:00 - 10:30 Lecture 1 (Sudi 213) Participant paper presentations (4) 10:30 - 11:00 Break 11:00 - 12:30 Lecture 2 (Sudi 213) Introduction to Web Security 12:30 - 14:30 Lunch (2 hour break) 14:30 - 16:00 Lab 1 (Sudi 002) Lecture: Introduction to networking (Sergey Bratus) 16:00 - 16:15 Break 16:15 - 18:00 Lab 2 (Sudi 002) Lab: Introduction to network (cont).
http://www.netfilter.org/documentation/HOWTO/netfilter-hacking-HOWTO.html ICMP message types: http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xml on IDS evasion: http://www.stanford.edu/~stinson/paper_notes/nids/ptacek_newsham.txt http://www.insecure.org/stf/secnet_ids/secnet_ids.pdf on IDS evasion: http://www.icir.org/vern/papers/norm-usenix-sec-01.pdf (multiple traceroutes picture) http://tsg.cpsc.ucalgary.ca/research/cloud/pathlock.png on the legal and ethical issues involved in sniffing network traffic: http://www.imconf.net/imc-2007/papers/imc152.pdf VM-based Security Overkill: A Lament for Applied Systems Security Research. Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. Proceedings of the 19th New Security Paradigms Workshop (NSPW 2010). September 2010. Concord, MA, USA. http://www.webmonkey.com/2012/06/error-451-this-page-has-been-burned/
Friday Night Reading
TCSS, Chapter 12.1 “The Web and Security: Basic Structure”
Tuesday 26 June (Network Manipulation)
08:30 - 09:00 Breakfast 09:00 - 10:30 Lecture 1: Paper presentations 10:30 - 11:00 Break 11:00 - 12:30 Lecture/Lab 1: networking utilities: nc, ifconfig, ping/icmp, tcpdump, traceroute 12:30 - 14:30 Lunch (on own) 14:30 - 16:30 Lab 2: packet construction 16:30 - 16:45 Break 16:45 - 17:45 Lab 3: Google Gruyere
Traceroute and tcpdump. Draw your network associations. Reproduce this kind of graph, using GraphViz, for your machine.
The purpose of this lab is to gain experience with command-line packet crafting tools.
Task 0: Warmup. Install sendip or dnet. I find dnet to be easier to use than sendip. Install netcat. Task 1: Pair up. Find out what your neighbor's IP address is. Verify that you can contact them. Examine your ARP table. Examine your routing table. Task 2: Stretch. Use the netcat tool to initiate a port scan of your partner's machine. Do not use nmap. Have your partner run tcpdump, filtering by packets from your machine, to observe the scan. What type of packets do you see? Does a full TCP handshake occur for each port? Task 3: Have your partner run netcat on a port of their choosing. Use dnet or sendip to craft a nice message to this netcat instance. Task 4: Using dnet or sendip only, convince your partner's machine that your machine has the gateway's IP and MAC address by crafting the appropriate ARP messages and sending them to the network. Challenge: use an existing tool like Graphviz to illustrate the evolution of your machine's ARP table. Task 5: Using tcpdump, observe only DHCP traffic on the network. Task 6: Inject DHCP offers into the network. You may wish to read the DHCP RFC Task 7: Hint: you may wish to read the DHCP RFC. You may also wish to peruse the DHCP RFC, after which you should refresh your knowledge of the DHCP RFC.
You can tackle these in any order.
Task 1: Visit http://www.hack-test.com/ and get as far through it as possible. Task 2: Visit http://google-gruyere.appspot.com/ and work through these exercises.
Notes and Resources
http://en.wikipedia.org/wiki/MacGuffin Google's Browser Security Handbook: http://code.google.com/p/browsersec/wiki/Main Platform for Privacy Preferences (P3P) http://www.w3.org/P3P/ http://www.owasp.org/index.php/Top_10_2010-Main (list appears midway down page) HTTP Request/Response Modifiers https://addons.mozilla.org/en-US/firefox/addon/9727 (RequestPolicy) https://addons.mozilla.org/en-US/firefox/addon/967 (ModifyHeaders) OWASP WebScarab Project http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project https://panopticlick.eff.org/ http://googleonlinesecurity.blogspot.com/2010/05/do-know-evil-web-application.html reviewed web application architecture http://xkcd.com/327/ http://www.w3.org/Protocols/rfc2616/rfc2616.html http://www.whattheinternetknowsaboutyou.com/ OWASP Top Ten Web Security Issues for 2007 OWASP Top Ten Web Security Issues for 2010 OWASP Top Five PHP Security Issues http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string PHP Prepared Statements and Stored Procedures http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ http://www.phpbuilder.com/columns/ryan_mcgeehan20060627.php3?print_mode=1 http://duartes.org/gustavo/articles/Hands-on-Sql-Injection.aspx (link is broken, see his blog) http://code.google.com/p/skipfish/wiki/SkipfishDoc (Web App Vulnerability Scanner) http://code.google.com/p/owaspbwa/ (OWASP “broken” web app examples)
dnsspoof arpspoof dsniff fragrouter
Wednesday 27 June (Organizational Security, Intrusion Detection)
08:30 - 09:00 Breakfast 09:00 - 10:30 Lecture 1: Guest Lecture: Steve Nyman, CISO of Dartmouth PKCS 10:30 - 11:00 Break 11:00 - 12:30 Lecture 2: Intrusion detection. Intrusion recovery scenario; libpcap, libvei 12:30 - 14:30 Lunch (on own) 14:30 - 16:30 Lab 1: Building an intrusion sensor. intrusion sensor engineering. Intrusion detection planning exercise 16:30 - 16:45 Break 16:45 - 17:45 Lab 2: finish presentations
Wed 27 Notes
http://pages.cpsc.ucalgary.ca/~locasto/papers/boulders.pdf http://www.usenix.org/event/lisa09/tech/slides/locasto.pdf Verizon's Data Breach Report (2008) Big-Box Breach: The Inside Story of Wal-Mart’s Hacker Attack Chronicle of a Server Break-In (see link to Paul's actual postmortem) Abe Singer. “Tempting Fate,” ;login:, Volumn 30, #1, Usenix Association, November 2005. Cliff Stoll. The Cuckoo's Egg IDS evasion http://www.symantec.com/connect/articles/ids-evasion-techniques-and-tactics http://www.symantec.com/connect/articles/evading-nids-revisited http://insecure.org/stf/secnet_ids/secnet_ids.html
Lab 1 / Team 1
Your task is to produce a set of valid x86 sequences that end in RET from the glibc (a ROP gadget toolkit).
Lab2 / Team GelatoR001Z
Your task to to build, as a large team, an intrusion sensor that reads network packets from the network and tries to disassemble them.
Programming Notes for Lab 1
Locasto's libpcap tutorial: http://wiki.ucalgary.ca/page/Libpcap_tutorial programming systems sense if you are on public: http://www.cs.dartmouth.edu/~kelps/seans_notes/ else, http://www.cs.dartmouth.edu/~cs58/lectures/oct20/index.shtml “Hints for Computer System Design”: http://research.microsoft.com/en-us/um/people/blampson/33-Hints/WebPage.html Concurrent programming help: http://www.cs.dartmouth.edu/~cs58/lectures/index.shtml https://computing.llnl.gov/tutorials/pthreads/
Thursday 28 June (Attacks and Bugs)
08:30 - 09:00 Breakfast 09:00 - 10:30 Lecture 1: Guest Lecture: Adam Goldstein (Dartmouth PKCS) 10:30 - 11:00 Break 11:00 - 12:30 Lecture 2: Guest Lecture: Richard Weiss “On the Attack Chain” 11:30 - 13:30 Lunch (on own) 13:30 - 14:00 Meet at 002 14:00 - 14:30 SISMAT group photo 14:30 - 16:00 Lab 1: Nessus lab (scan Apache) 16:00 - 16:15 Break 16:15 - 17:45 Lab 2: Polymorphic shellcode lab (see links below) 17:45 - 18:45 Outwash and Ethics Discussion (wrap up)
Scanning for vulnerabilities.
Install Apache and Nessus. Scan.
What do these pieces of shellcode do? Hand-execute them to find out.
28 June Notes
Ethical Considerations in Information Security
Notes Friday 29 June (Capture the Flag / Packetwars)
08:30 - 09:00 breakfast 09:00 - 10:00 Introduction to Packetwars 10:00 - 12:30 Session 1 PacketWars (plus video, photos) 12:30 - 14:00 Lunch break (1 hour) 14:00 - 16:30 Session 2 PacketWars 16:30 - 17:00 post-CtF outwash (do we want to form an official SISMAT CtF team?) 17:00 - 17:30 SISMAT 2012 Post test
29 June Notes
Today Bryan Fite will guide us in an all-day capture-the-flag style team competitive exercise called PacketWars. Take-Home Exercises
digital footprint size experiment: how big is your digital footprint? how much entropy do your passwords have? (z-strings) bug diagnoses (find and analyze a bug in real software) beat up your OS: http://pages.cpsc.ucalgary.ca/~locasto/teaching/2012/CPSC457/hw2.txt
Pick a paper and prepare a 20 minute presentation on it pretending that you are the author defending the work and providing a summary of it. Prepare for 5..10 minutes of questions on the paper from other students and the instructors. Your presentations will take place next week. Paper Presenter Monday 1 2 Philip Monday 1 3 Dibyo Monday 1 4 Trey Monday 1 5 Evaristo Tuesday 1 7 Mike Tuesday 1 8 Corey Tuesday 1 9 Stefan Tuesday 1 11 Daniel Tuesday 1 13 Eman Tuesday 1 14 Wadha Wednesday 3 18 Michele Wednesday 3 10 Nathan Wednesday 3 17 Jordan
Protection in an information processing utility A hardware architecture for implementing protection rings Protection in Operating Systems SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes Intrusion Recovery Using Selective Re-execution XFI: Software Guards for System Address Spaces "Transparent Runtime Defense Against Stack Smashing Attacks" "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks" "On the Effectiveness of Address Space Randomization" "Return Oriented Rootkits" by Hund, Holz, and Freiling "Building Diverse Computer Systems" "Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks" or "Countering Code-Injection Attacks with Instruction-Set Randomization" "The Geometry of Innocent Flesh on the Bone" "A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention" StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks PointGuard(TM): Protecting Pointers From Buffer Overflow Vulnerabilities RIPE:Runtime Intrusion Prevention Evaluator Hit 'em Where it Hurts: A Live Security Exercise on Cyber Situational Awareness
News and Links
https://www.trustedsec.com/july-2012/yahoo-voice-website-breached-400000-compromised/ http://news.cnet.com/8301-1009_3-57470878-83/yahoo-breach-swiped-passwords-by-the-numbers/?tag=txt;title http://news.cnet.com/8301-1023_3-57469950-93/obama-signs-order-outlining-emergency-internet-control/?tag=postrtcol;mostPop http://news.cnet.com/8301-1009_3-57470786-83/hackers-post-450k-credentials-pilfered-from-yahoo/ http://security.blogs.cnn.com/2012/07/04/homeland-security-cites-sharp-rise-in-cyber-attacks/?hpt=hp_t2 Operation Shady Rat (as reported by The Register) Operation Shady Rat (the McAffee report) Random Number Generation (what has Intel been doing?) Ethics (plagiarism hurts everyone) Swatting Attack (ethics; using the digital to affect the real) Who Are Attackers After? (money) Govt "Fights" "Hackers" (two unrelated stories: Anonymous/Wikileaks arrests, and the arrest of Aaron Swartz for downloading JSTOR articles) Deep Packet Inspection (Canada Digital Freedom) The Windows Heap (Microsoft knows that the heap keeps on giving) Disguising Malware is Easy Frustrating Facial Analysis GRSecurity (these guys are awesome) Recurity (these guys are also awesome) Update on RSA Hack of 2011 (it is much worse than initially admitted, but this was an open secret…) http://dev.metasploit.com/redmine/projects/framework/repository/revisions/13225/entry/modules/post/windows/gather/memory_grep.rb ARP: http://sid.rstack.org/arp-sk/ disclosure policy cite: http://www.huffingtonpost.com/2011/11/16/charlie-miller-apple-cybersecurity-bug-hacker_n_1095330.html Bugs stay unpatched http://www.neowin.net/news/windows-has-a-17-year-old-un-patched-vulnerability technical approaches to avoiding cross-border data examination (by the EFF) https://www.eff.org/wp/defending-privacy-us-border-guide-travelers-carrying-digital-devices http://blogs.wsj.com/digits/2012/01/13/u-s-business-defenses-against-hackers-are-like-the-maginot-line-nsa-chief-says/ usenet flamewar on “hackers”: https://groups.google.com/forum/?fromgroups#!topic/comp.security.unix/Q_eI2DUsiGQ http://blogs.computerworld.com/19073/dirty_little_secrets_revealed_by_ethical_hackers http://money.cnn.com/2012/03/05/technology/hacker_school/index.htm?source=cnn_bin http://www.cbc.ca/news/canada/british-columbia/story/2012/03/06/bc-stolen-ubc-computer-personal-info.html http://arstechnica.com/business/news/2012/03/porn-site-digital-playground-hacked-hackers-say-too-enticing-to-resist.ars Was AntiSec an FBI front? http://gizmodo.com/5893703/was-the-antisec-hacking-spree-an-fbi-front-all-along Cyber-bullying: http://arstechnica.com/tech-policy/news/2012/03/rutgers-cyberbully-found-guilty-of-privacy-invasion-hate-crimes.ars * http://t.co/oWyp9Msm * http://t.co/sgDWBW4c https://banu.com/blog/42/openbsd-bug-in-the-random-function/ http://us.cnn.com/2012/04/03/tech/mobile/police-phone-tracking-gahran/index.html?hpt=hp_t3 http://us.cnn.com/2012/04/05/world/europe/uk-sky-hacking/index.html?hpt=hp_t2 Ethics: Stanford prison experiment http://www.prisonexp.org/ Privacy/Ethics: Should we let children on Facebook: http://www.economist.com/node/21556578?fsrc=scn/tw/te/ar/letthenippersnetwork A Case Study of the Application of Dynamic Symbolic Execution to Real-World Binary Programs http://www.reddit.com/r/ReverseEngineering/comments/uqodq/a_case_study_of_the_application_of_dynamic/ Free malware and security tools: http://www.foocodechu.com/?q=node/70 Duqu Analysis: http://www.securelist.com/en/blog/667/The_Mystery_of_the_Duqu_Framework Chris Evans on Browser security: http://scarybeastsecurity.blogspot.ca/2012/01/dirty-secret-of-browser-security-1.html The Problem With OAuth: http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html Observations about Linux ASLR: http://scarybeastsecurity.blogspot.ca/2012/03/some-random-observations-on-linux-aslr.html VMWare Backdoor: http://www.securityfocus.com/archive/1/522141 INFILTRATE presentations: http://www.immunityinc.com/presentations.shtml http://recon.cx/2012/training.html Recurity (Security Industry Research) http://recurity-labs.com/content/pub/papers.shtml mail list post: exploiting NULL dereferences: http://seclists.org/dailydave/2009/q4/23 FLAME: http://www.wired.com/threatlevel/2012/05/flame/ FLAME crypto breakthrough: http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/ Connection btwn stuxnet and flame? http://www.securelist.com/en/blog/208193568/Back_to_Stuxnet_the_missing_link supply chain vulns (hardware backdoors) https://www.cl.cam.ac.uk/~sps32/sec_news.html#Assurance or not: http://erratasec.blogspot.ca/2012/05/bogus-story-no-chinese-backdoor-in.html cybersecurity demand growing: http://www.washingtonpost.com/business/economy/cybersecurity-experts-needed-to-meet-growing-demand/2012/05/29/gJQAtev1yU_story.html (demand grows, but does real actual need grow?) Security fail? in MySQL: http://seclists.org/oss-sec/2012/q2/493 Mindset: http://www.schneier.com/blog/archives/2012/06/teaching_the_se.html Mindset: http://www.nukees.com/d/20070328.html Security Indicators: why cybersecurity experiments may be flawed: http://www.andrewpatrick.ca/essays/commentary-on-research-on-new-security-indicators Code is complex: http://www.laputan.org/mud/ Concealing XSS injection in HTML5: http://samuli.hakoniemi.net/how-to-conceal-xss-injection-in-html5/ See also: advanced topics in privacy: http://www.cs.indiana.edu/~kapadia/courses/I590-Fall-10/schedule.html Bellovin Network Security class: https://www.cs.columbia.edu/~smb/classes/f06/lectures.html Google Apps doesn't meet LAPD security requirements (how do you do that, anyway?) http://arstechnica.com/business/2011/10/google-apps-hasnt-met-lapds-security-requirements-city-demands-refund/ You Selling Your Priavcy: http://us.cnn.com/2012/02/24/tech/web/owning-your-data-online/index.html?hpt=hp_t2 Ethical Disclosure: OK to publish bird flu studies? http://thechart.blogs.cnn.com/2012/04/23/nih-ok-to-publish-controversial-bird-flu-studies/?hpt=hp_t2 embedded device hacking: http://www.devttys0.com/blog/ attacking linux kernel security: http://forums.grsecurity.net/viewtopic.php?f=7&t=2596 disclosure and patch battle: https://igurublog.wordpress.com/2011/03/16/the-forbidden-subject/ data integrity of backups and remote storage: http://www.daemonology.net/blog/2011-06-03-insecurity-in-the-jungle.html protected mode execution as an anti-debugging feature: http://j00ru.vexillium.org/?p=866 It's OK to let students hack: http://geekout.blogs.cnn.com/2012/04/23/students-chow-down-on-cyber-security-weaknesses/?hpt=hp_bn10 Information Security Audit class / case study: http://www.cs.uwp.edu/staff/lincke/infosec/ MintChip audit anyone? http://developer.mintchipchallenge.com/devguide/index.php Sheila: a client-side honeypot: http://www.cs.vu.nl/~herbertb/misc/shelia/
ERESI: http://www.eresi-project.org/ (reverse engineering) Google NaCL: Native Client http://code.google.com/p/nativeclient/ TrustVisor: http://www.google.ca/search?q=trustvisor&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
JPEG COM: http://www.openwall.com/articles/JPEG-COM-Marker-Vulnerability link to NULLHttpd: http://www.securityfocus.com/bid/5774/references NULLhttpd exploit: http://downloads.securityfocus.com/vulnerabilities/exploits/nullhttpd.c ghttpd vuln: http://www.securityfocus.com/bid/2879/info ghttpd exploit: http://downloads.securityfocus.com/vulnerabilities/exploits/ghttp.c MS06-001: http://technet.microsoft.com/en-us/security/bulletin/ms06-001 (WMF vulnerability) glibc: http://www.nodefense.org/eglibc.txt
pull student's network cable: what did you leave exposed? ethics: cell phone survillence exercise: decoy documents intro: what is security? beautiful security: TSA visualization, topics from confs. legality of drones digital sit ins ==? DDoS? http://donttrack.us/ propaganda: http://www.google.com/green/ coding exercise: write as many lines of code as you can in 5 minutes; must compile and run with no errors. language of your choice. http://networkconference.netstudies.org/2012/death-and-the-persistent-identity/ http://www.theatlantic.com/technology/archive/2012/05/how-the-professor-who-fooled-wikipedia-got-caught-by-reddit/257134/ http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/ http://www.darkreading.com/vulnerability-management/167901026/security/antivirus/240000174/fbi-warns-travelers-using-hotel-networks-about-new-attack http://arstechnica.com/security/2012/06/printer-bomb-pandimonium/