8/29 |
Introduction and Basic Concepts
Recommended Reading
Why Offensive Security Needs Engineering Textbooks
Hacker Curriculum
|
8/31 |
Ethics
|
9/5 |
Labor Day - No Class
|
9/7 |
Reconnaissance and Information Gathering
Recommended Reading
nmap
The Art of Port Scanning
A Brief History of Scanning
An Internet-Wide View of Internet-Wide Scanning
|
9/12 |
Network Traffic Interception
Recommended Reading
IP-spoofing Demystified
New Tricks For Defeating SSL In
Practice
Analyzing Forged SSL Certificates in the Wild
|
9/14 |
x86 101
Recommended Reading
Intel® 64 and IA-32 Architectures Software Developer Manuals
x86 Assembly
Introduction to x64 Assembly
Gustavo Duarte's Software Illustrated blog posts
NASM Assembly Language Tutorials
Computer Science from the Bottom Up
|
9/19 |
Reverse Engineering
Recommended Reading
Introduction to Reverse Engineering Win32 Applications
Reverse Engineering for Beginners
Reverse Engineering Challenges
crackmes.de
|
9/21 |
Memory Corruption 1
Recommended Reading
Smashing The Stack For Fun And Profit
Tao of Windows Buffer Overflow
The Internet Worm Program: An Analysis
Crash course on buffer overflows by the 10K Students initiative
Using GDB to Develop Exploits - A Basic Run Through
|
9/26 |
Paper Presentations
ZMap: Fast Internet-Wide Scanning and its Security Applications
Don’t Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy
|
9/28 |
No Class
|
10/3 |
Memory Corruption 2
Recommended Reading
Format String Attacks
Vudo malloc tricks
Once upon a free()...
Basic Integer Overflows
The past, the present and the future of software exploitation techniques [.pptx]
Low-level Software Security: Attacks and Defenses
Memory Errors: The Past, the Present, and the Future
SoK: Eternal War in Memory
|
10/5 |
Paper Presentations
Cross-Architecture Bug Search in Binary Executables
Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner
|
10/10 |
Code Reuse
Recommended Reading
Getting around non-executable stack (and fix)
non-exec stack
The advanced return-into-lib(c) exploits: PaX case study
x86-64 buffer overflow exploits and the borrowed code
chunks exploitation technique
The Geometry of Innocent Flesh on the Bone:
Return-into-libc without Function Calls (on the x86)
|
10/12 |
Paper Presentations
Q: Exploit Hardening Made Easy
On the Expressiveness of Return-into-libc Attacks
|
10/17 |
Paper Presentations
Unleashing MAYHEM on Binary Code
(State of) The Art of War: Offensive Techniques in Binary Analysis
|
10/19 |
Post-exploitation
Recommended Reading
Remote Exec
Attacking NTLM with Precomputed Hashtables
Post Exploitation Wiki
Post Exploitation Using Meterpreter
Hack Back! A DIY Guide
|
10/24 |
Paper Presentations
Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization
|
10/26 |
No Class
|
10/31 |
Paper Presentations
Out Of Control: Overcoming Control-Flow Integrity
Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks
|
11/2 |
Paper Presentations
Too LeJIT to Quit: Extending JIT Spraying to ARM
The Devil is in the Constants: Bypassing Defenses in Browser JIT Engines
|
11/7 |
Malware and Rootkits
Recommended Reading
VX Heaven
NTIllusion: A portable Win32 userland rootkit
A Catalog of Windows Local Kernel-mode Backdoor Techniques
Evasive Malware Exposed and Deconstructed
|
11/9 |
Paper Presentations
Automatic Generation of Data-Oriented Exploits
Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks
|
11/14 |
Web Application Exploitation
Recommended Reading
One-Way Web Hacking
35 Pentesting Tools Used for Web Vulnerability Assessment
CGI Security Holes
NT Web Technology Vulnerabilities
Perl CGI problems
|
11/16 |
Paper Presentations
ret2dir: Rethinking Kernel Isolation
Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector
|
11/21 |
Paper Presentations
EKHUNTER: A Counter-Offensive Toolkit for Exploit Kit Infiltration
Code Reuse Attacks in PHP: Automated POP Chain Generation
|
11/23 |
Thanksgiving Break - No Class
|
11/28 |
Paper Presentations
Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data
Persistent Data-only Malware: Function Hooks without Code
|
11/30 |
Paper Presentations
Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity
Evaluating the Effectiveness of Current Anti-ROP Defenses
|
12/5 |
Paper Presentations
Cookies That Give You Away: The Surveillance Implications of Web Tracking
ZMap: Fast Internet-Wide Scanning and its Security Applications
|
12/7 |
Wrap Up
|