System Security 1

Practice classes for System Security 1 lecture for Master's track

The classes are held each Thursday at 18:55, room 312b building D1. The contents is strictly connected to laboratory classes (see webpage here: 0xfeedface ). During these classes students present solutions to tasks from the list below. For each problem it is required (unless stated otherwise) to give theoretical background, example code illustrating the case at hand and, if the subject is a vulnerability - to provide means for aleviating it. The audience is allowed to and will ask questions and may provide their own solutions to the discussed problem. The overal aim is for these classes to provide a platform for exchange of knowledge acquired about a given problem.

Passing this class is a function of student's activity, as measured by the number of topics presented, and the quality of these presentations.
Note. There is another form of grading under consideration, TBA shortly. (rejected after in-class discussion)

Issues to be discussed

  • access passwords in log-in systems
  • OWASP Top 10 -- most popular vulnerabilities of Web applications
  • network mechanisms - layers 2. and 3. of ISO/OSI
  • networking software - netcat, socat
  • scripting languages - Python (ScaPy, etc. )
  • assembler - obfuscating/de-obfuscating code, payload injection
  • powershell - Windows's scripting language
  • algebraic and built-in weaknesses of chosen (in)secure protocols
  • ...

List of tasks

Below is the list of tasks from which students shall choose their topics and prepare a 10-20 minutes talks/discussions. When choosing a topic, please inform me (via email) about your choice; I will mark the topic with a tag (). The more tags there are next to a topic, the smaller the probability that you will be selected to present it. Still, taking part in a discussion during someone else's presentation is also profitable, so try to read up a bit on every problem! Questions marked with have already been discussed during classes.

SQL injection

regular and blind injections, sqlmap in action
  1. Write code vulnerable to SQL injection (union based, error based). Show and discuss the vulnerabilities.
  2. Write code vulnerable to SQL injection (boolean based blind, time based blind). Show and discuss the vulnerabilities.
  3. Write code vulnerable to SQL injection. Use sqlmap as exploitation tool. Show its capabilities.

XSS (stored/reflected/DOM-based)

stealing session cookies, BeEF in action
  1. Write code susceptible to stored and reflected XSS. Show the exploit and what it can be used for (cookie stealing, fake content display)
  2. Write code susceptible to XSS, show exploit with BeEF framework.

Insecure Direct Object References

local file inclusion, remote file inclusion
  1. Write code with Insecure Direct Object References. Discuss the exploit and safemeasures.

Security misconfiguration

  1. Write a simple application running on a badly configured services (http, DB server, etc.). Show how configuration errors can lead to compromising data stored on the server.

Passwords

  1. Give a presentation of hashcat/oclhascat/cudahascat tools applied to testing the robustness of passwords stored using different algorithms (md5, lm, ntlm, wpa2, etc.).
  2. Give an overview of methods for password storage, which are considered safe as of today.

Network tools - reconnaissance

  1. (27.04) Present basic options for nmap. Demonstrate tool's capabilities for discovering network's topography.
  2. (27.04) Discuss types of scans available in nmap -- what they are used for. Demonstrate their effects using Wireshart or tcpdump.
  3. (20.04) Discuss DNS records and related tools: host, nslookup, whois, dnsmap, dig, fierce, etc.
  4. Present websites that can be used in reconnaissance phase (shodan.io, riddler.io, bing.com etc) with examples.
  5. (27.04) Present queries and tricks using google.com for information gathering (aka Google Hacking), with examples.
  6. Present Maltego and its capabilities as an information gathering tool.
  7. Discuss what interesting can be found in a document's metadata. Show Foca in action

Powershell

  1. (11.05) Discuss Windows domain -- controllers, administration, privileges
  2. (11.05) Present Powershell as a tool for remote administration of a Windows machine (user management, system maintenance, local/external scripts execution)
  3. Present Empire project and its interesting modules.
  4. Present powercat in a few scenarios.
  5. Present nishang project and its interesting modules.
  6. Present PowerSploit and its few modules.

Security algebra and protocols

  • (6 tasks - one per student) Choose one scheme from this list and answer the question.
  • (6 tasks - one per student) Choose one scheme from here list and answer the question.