Hacker's Hut (TU/e)
Who gives this course:
- Sandro Etalle (responsible)
- Wouter Bokslag & Jos Wetzels (lab wizards)
Semester 1. Course code: 2IF17
Time:
on Thurstday, hours 5 and 6 (13.45 -- 15.30)
Place: Autitorium 12 (yes:12!!!) (RE-RE-CHANGED) except for the lecture on October 11 and on November 22: On October 11 the lecture is going to be in the Laplace building 1.19, and on November 22 the lecture is going to take place in Auditorium 1
OWinfo:
https://venus.tue.nl/owinfo-cgi/owi_0695.opl?vakcode=2IF17&studiejaar=2012
Grading
Grading will be done via the exercises; it counts both how many exercises you solve and when (the earlier, the better).
Course material
-
Slides (which are being updated during the course) and other course material can be accessed
directly at our svn repository here.
- Additional material on writing a metasploit can be accessed
directly at our svn repository here.
- The buffer overflow challenges
explained.
- The forum, that can be used to exchange ideas and hints (but please not to post the solutions to the challenges).
Program (this is subject to change)
- 6 September. (Sandro) The trouble with webapplications.
- 13 September (???). Sandro Etalle: SQL injections, code injections, path traversal.
- 20 September. (lab): introduction to the HH lab. Exercises on SQL injections etc.
- 27 September. Sandro: Cross-Site Scripting (XSS).
- 4 October. Some handy tools. WebScarab, Live HTTP Headers, Tamperdata, WebGoat.
- 11 October (lab) wrapping up the web-based challenges.
- 18 October, No lecture
- 25 October, Sandro: Stack and Buffer Overflow explained
- 15 November (intermezzo): Madison Gurkha invited
lecture. Walter Belgers, over Social Engineering.
- 22 November: (lab): Sandro + Jos + Wouter: Stack & Buffer
overflows, Metasploit, Metasploit challenges. Exercises on Metasploit (buffer overflow and format string vulnerability).
- 29 Nobember December (lab): changed: practical hacking Hints Lecture. In this lecture we go
through the challenges presented so far and we give hints on
how they can be solved. Useful for those who have not solved
all the challenges, but perhaps also for those who have
already solved them all.
- 6 December: changed: practical hacking Hacking in real. Examples of real, interesting hacks.
- 13 December: Some hints followed by the student presentation: students explain the external CFT exercises they have done.
- 20 December: Hints on the metasploit challenges and lecture explaining few recent hacks.
- 10 January (closure) KPMG invited lecture. Hacking large
Windows networks. During this guest lecture ethical hackers from KPMG will demonstrate how to hack complex computer networks of large corporations. The topics from the previous lectures (buffer overflows, password cracking etc) will be used as basic building blocks for describing successful high-profile hacks on Fortune 500 companies.Keywords: Security Accounts Manager, NTLM authentication, Active Directory, SMB protocol, Pass-the-Hash, SEH overwrites, Heap spraying