Hacker's Hut (TU/e)
Who gives this course:
- Sandro Etalle (responsible)
- Andries Brouwer
- Wouter Bokslag & Jos Wetzels (lab wizards)
Semester 1. Course code: 2IF17
Time:
on Thurstday, hours 5 and 6 (13.45 -- 15.30)
Place: TBD
OWinfo:
https://venus.tue.nl/owinfo-cgi/owi_0695.opl?vakcode=2IF17&studiejaar=2012
Grading
Grading will be done via the exercises; it counts both how many exercises you solve and when (the earlier, the better).
Course material
-
The additional material regarding the lectures of Andries Brouwer can vbe
found at the old
hacker's hut page.
-
Slides of the second part (which are updated along the course) and other course material can be accessed
directly at our svn repository here.
- Additional material on writing a metasploit can be accessed
directly at our svn repository here.
- The buffer overflow challenges
explained.
- The forum, that can be used to exchange ideas and hints (but please not to post the solutions to the challenges).
Program
- 6 September, 13 September, 20 September, 27 Semptember Andries Brouwer, covering
- Discovery
- Buffer Overflows: Smashing the Stack, Exploiting the Heap, Format string exploits
- Networking
- Password Cracking
- WIFI (in)security
- Forensics
- 5 October, Sandro Etalle: SQL injections, code injections, path traversal.
- 12 October (lab): introduction to the HH lab. Exercises on SQL injections etc.
- 19 October, No lecture
- 26 October, Sandro: Cross-Site Scripting (XSS).
- 16 November (intermezzo): Madison Gurkha invited
lecture. Walter Belgers, over Social Engineering.
- 23 November: (lab): Sandro + Jos + Wouter: Stack & Buffer
overflows, Metasploit, Metasploit challenges.
- 30 Nobember December (lab): Hints Lecture. In this lecture we go
through the challenges presented so far and we give hints on
how they can be solved. Useful for those who have not solved
all the challenges, but perhaps also for those who have
already solved them all.
- 7 December: (lab): Exercises on Metasploit (buffer overflow and format string vulnerability).
- 14 December (lab): TENTATIVE: CAPTURE THE
FLAG!!!!!!. We start at the usual place at the usual
time. For those who can stay, the lecture will last up to 4
hours. We stay the whole time in Auditorium 3.
- 21 December: Most likely no lecture.
- 13 January (closure) KPMG invited lecture. Hacking large
Windows networks. During this guest lecture ethical hackers from KPMG will demonstrate how to hack complex computer networks of large corporations. The topics from the previous lectures (buffer overflows, password cracking etc) will be used as basic building blocks for describing successful high-profile hacks on Fortune 500 companies.Keywords: Security Accounts Manager, NTLM authentication, Active Directory, SMB protocol, Pass-the-Hash, SEH overwrites, Heap spraying