Aici sunt prezentate diferențele dintre versiunile selectate și versiunea curentă a paginii.
Both sides previous revision Versiuni anterioare Urmatoarea versiune | Versiuni anterioare | ||
studenti:summer-schools:security [2014/05/10 19:51] razvan.deaconescu [Supporting members] |
studenti:summer-schools:security [2015/03/06 15:34] razvan.deaconescu șters |
||
---|---|---|---|
Linia 1: | Linia 1: | ||
- | = Ixia Summer School | + | = Security |
+ | **From " | ||
+ | |||
+ | Proudly brought to you by [[http:// | ||
+ | |||
+ | {{ : | ||
== Period == | == Period == | ||
- | 23 June - 8 August 2014 | + | 23rd of June - 10th of August 2014 |
- | == Website | + | == Links == |
- | http:// | + | * [[http:// |
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[sss-contact@security.cs.pub.ro|E-mail contact address]] | ||
== Summary == | == Summary == | ||
- | The first edition of a new Security Summer School focused on Practical Software Exploitation will take place between June 23rd and August | + | The first edition of a new Security Summer School focused on Practical Software Exploitation will take place between June 23rd and August |
+ | |||
+ | Activities | ||
== Application == | == Application == | ||
- | The selection is done based on a practical systems programming test as well as a submitted CVs & letter of intent in case of ties. | + | We welcome students to apply via [[http:// |
- | The internships are available on http://stagiipebune.ro. Please use this platform to submit your CV & letter of intent. | + | Apart from filling out your CV, we want to see your h4x0r sk111z by solving a set of three challenges. Please [[http://security.cs.pub.ro/ |
- | == Location & Schedule == | + | After May 25th we will organize a set of interviews to decide who will take place in the Security Summer School. |
- | Computer Science & Engineering Department, Faculty | + | === Requirements === |
+ | |||
+ | We expect good programming skills and a fair knowledge | ||
+ | |||
+ | More than anything we expect a proactive attitude, a love for challenges and " | ||
+ | |||
+ | == Location & Schedule == | ||
- | === Proposed Agenda === | + | The Security Summer School will take place in Faculty of Automatic Control and Computers, University POLITEHNICA of Bucharest, room EG106 (Ixia lab), first floor, EG wing. |
- | Two 4 hour sessions/week. The days of the week in which the sessions will be held will be established based on the availability of both students and the course instructors at the start of the summer school. | + | Activities will take place twice a week: |
+ | * Monday, 4pm-8pm | ||
+ | * Thursday, 9am-1pm | ||
- | * Session program: 10AM-12PM / 1 - 3PM | + | Each session will be highly practical: a presentation of a set of basic concepts on slides followed by hands-on activities (tutorials and tasks). |
- | * Lunch Break: 12-1PM | + | |
+ | The 9th-10th of August week-end is reserved for the final CTF contest and awards ceremony. | ||
== Syllabus == | == Syllabus == | ||
- | # Introduction | + | - Introduction |
- | ## Dissecting a real-life exploit | + | - 23rd of June: OS (pmap, strace, ltrace, file descriptors, |
- | ## Assembly Language Refresher | + | - 26th of June: assembly intro: registers, mnemonics, the stack, gdb (step instruction/ |
- | ## Operating Systems Concepts Refresher | + | - Binary Formats |
- | ## Types of Security Exploits | + | - 30th of June: writing assembly, executable code analysis (IDA) |
- | ## Vulnerability databases | + | - 3rd of July: from ELF to a process, PLT, PIC -> gdb / IDA |
- | # Vulnerability Assessment | + | |
- | ## Introduction to debugging on Windows | + | - 7th of July: overwrite data in GDB, overflow of all kinds: function pointers, vtable, local variables, format string, use after free |
- | ## Introduction to disassemblers | + | - 10th of July: CTF Demo (4 challenge tasks) |
- | # Vulnerability Discovery | + | - Vulnerability Discovery |
- | ## Fuzzing Methods | + | - 14th of July: stateless fuzzing |
- | ## Fuzzing Frameworks | + | - 17th of July: stateful fuzzing |
- | ## Fuzzing Examples | + | - Weaponizing the vulnerability |
- | # Weaponizing the vulnerability | + | - 21st of July: shellcode + stack, null character, call trampoline |
- | ## Exploit protection mechanisms & getting past them | + | - 24th of July: DEP, ASLR |
- | ## Shellcode | + | |
- | ## Methods | + | - 28th of July: information leak, canary value, format strings |
- | # Preventing vulnerabilities in your own code | + | - 31st of July: ROP, remote + socket reuse |
- | ## Code auditing | + | |
- | ## Secure | + | - 4th of August: secure |
+ | - 7th of August: Windows: shell code exploit on windows (Immunity, WinDbg) | ||
== Team == | == Team == | ||
Linia 70: | Linia 89: | ||
* Vlad Dumitrescu | * Vlad Dumitrescu | ||
+ | In case of any inquiries please [[sss-contact@security.cs.pub.ro|send us an e-mail]]. |