System Security 1
Practice classes for System Security 1 lecture for Master's track
The classes are held each Thursday at 18:55, room 312b building D1.
The contents is strictly connected to laboratory classes (see webpage here:
During these classes students present solutions to tasks from the list below. For each
problem it is required (unless stated otherwise) to give theoretical background, example
code illustrating the case at hand and, if the subject is a vulnerability - to provide
means for aleviating it. The audience is allowed to and will ask questions and may provide
their own solutions to the discussed problem. The overal aim is for these classes to provide
a platform for exchange of knowledge acquired about a given problem.
Passing this class is a function of student's activity, as measured by the number
of topics presented, and the quality of these presentations.
Note. There is another form of grading under consideration, TBA shortly. (rejected after in-class discussion)
Issues to be discussed
- access passwords in log-in systems
- OWASP Top 10 -- most popular vulnerabilities of Web applications
- network mechanisms - layers 2. and 3. of ISO/OSI
- networking software - netcat, socat
- scripting languages - Python (ScaPy, etc. )
- assembler - obfuscating/de-obfuscating code, payload injection
- powershell - Windows's scripting language
- algebraic and built-in weaknesses of chosen (in)secure protocols
List of tasks
Below is the list of tasks from which students shall choose their topics and prepare a 10-20
minutes talks/discussions. When choosing a topic, please inform me (via email) about your choice;
I will mark the topic with a tag (). The more tags there are
next to a topic, the smaller the
probability that you will be selected to present it. Still, taking part in a discussion during someone
else's presentation is also profitable, so try to read up a bit on every problem! Questions marked with
have already been discussed during classes.
regular and blind injections,
- Write code vulnerable to SQL injection (union based, error based). Show and discuss
- Write code vulnerable to SQL injection (boolean based blind, time based blind). Show and discuss
- Write code vulnerable to SQL injection. Use sqlmap as exploitation tool. Show its capabilities.
stealing session cookies,
- Write code susceptible to stored and reflected XSS. Show the exploit and what it
can be used for (cookie stealing, fake content display)
- Write code susceptible to XSS, show exploit with BeEF framework.
Insecure Direct Object References
local file inclusion, remote file inclusion
- Write code with Insecure Direct Object References. Discuss the exploit and safemeasures.
- Write a simple application running on a badly configured services (http, DB server, etc.).
Show how configuration errors can lead to compromising data stored on the server.
- Give a presentation of hashcat/oclhascat/cudahascat tools applied to testing the robustness
of passwords stored using different algorithms (md5, lm, ntlm, wpa2, etc.).
- Give an overview of methods for password storage, which are considered safe as of today.
Network tools - reconnaissance
- (27.04) Present basic options for nmap. Demonstrate tool's capabilities for discovering network's topography.
- (27.04) Discuss types of scans available in nmap -- what they are used for. Demonstrate their effects using Wireshart or tcpdump.
- (20.04) Discuss DNS records and related tools: host, nslookup, whois, dnsmap, dig, fierce, etc.
- Present websites that can be used in reconnaissance phase (shodan.io, riddler.io, bing.com etc) with examples.
- (27.04) Present queries and tricks using google.com for information gathering (aka Google Hacking), with examples.
- Present Maltego and its capabilities as an information gathering tool.
- Discuss what interesting can be found in a document's metadata. Show Foca in action
- (11.05) Discuss Windows domain -- controllers, administration, privileges
- (11.05) Present Powershell as a tool for remote administration of a Windows machine (user management, system maintenance, local/external scripts execution)
- Present Empire project and its interesting modules.
- Present powercat in a few scenarios.
- Present nishang project and its interesting modules.
- Present PowerSploit and its few modules.
Security algebra and protocols
- (6 tasks - one per student) Choose one scheme from this list and answer the question.
- (6 tasks - one per student) Choose one scheme from here list and answer the question.