Aici sunt prezentate diferențele dintre versiunile selectate și versiunea curentă a paginii.
Both sides previous revision Versiuni anterioare Urmatoarea versiune | Versiuni anterioare | ||
studenti:summer-schools:security [2014/05/10 19:53] razvan.deaconescu [Period] |
studenti:summer-schools:security [2015/03/06 15:34] razvan.deaconescu șters |
||
---|---|---|---|
Linia 1: | Linia 1: | ||
- | = Ixia Summer School | + | = Security |
+ | **From " | ||
+ | |||
+ | Proudly brought to you by [[http:// | ||
+ | |||
+ | {{ : | ||
== Period == | == Period == | ||
23rd of June - 10th of August 2014 | 23rd of June - 10th of August 2014 | ||
- | == Website | + | == Links == |
- | http:// | + | * [[http:// |
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[sss-contact@security.cs.pub.ro|E-mail contact address]] | ||
== Summary == | == Summary == | ||
- | The first edition of a new Security Summer School focused on Practical Software Exploitation will take place between June 23rd and August | + | The first edition of a new Security Summer School focused on Practical Software Exploitation will take place between June 23rd and August |
+ | |||
+ | Activities | ||
== Application == | == Application == | ||
- | The selection is done based on a practical systems programming test as well as a submitted CVs & letter of intent in case of ties. | + | We welcome students to apply via [[http:// |
- | The internships are available on http://stagiipebune.ro. Please use this platform to submit your CV & letter | + | Apart from filling out your CV, we want to see your h4x0r sk111z by solving a set of three challenges. Please [[http://security.cs.pub.ro/ |
+ | |||
+ | After May 25th we will organize a set of interviews to decide who will take place in the Security Summer School. | ||
+ | |||
+ | === Requirements === | ||
+ | |||
+ | We expect good programming skills and a fair knowledge of the C programming language. Python and shell scripting skills are welcome. | ||
+ | |||
+ | More than anything we expect a proactive attitude, a love for challenges and " | ||
== Location & Schedule == | == Location & Schedule == | ||
- | Computer Science & Engineering Department, | + | The Security Summer School will take place in Faculty of Automatic Control and Computers, University POLITEHNICA of Bucharest, |
Activities will take place twice a week: | Activities will take place twice a week: | ||
* Monday, 4pm-8pm | * Monday, 4pm-8pm | ||
* Thursday, 9am-1pm | * Thursday, 9am-1pm | ||
+ | |||
+ | Each session will be highly practical: a presentation of a set of basic concepts on slides followed by hands-on activities (tutorials and tasks). | ||
The 9th-10th of August week-end is reserved for the final CTF contest and awards ceremony. | The 9th-10th of August week-end is reserved for the final CTF contest and awards ceremony. | ||
== Syllabus == | == Syllabus == | ||
- | # Introduction | + | - Introduction |
- | ## Dissecting a real-life exploit | + | - 23rd of June: OS (pmap, strace, ltrace, file descriptors, |
- | ## Assembly Language Refresher | + | - 26th of June: assembly intro: registers, mnemonics, the stack, gdb (step instruction/ |
- | ## Operating Systems Concepts Refresher | + | - Binary Formats |
- | ## Types of Security Exploits | + | - 30th of June: writing assembly, executable code analysis (IDA) |
- | ## Vulnerability databases | + | - 3rd of July: from ELF to a process, PLT, PIC -> gdb / IDA |
- | # Vulnerability Assessment | + | |
- | ## Introduction to debugging on Windows | + | - 7th of July: overwrite data in GDB, overflow of all kinds: function pointers, vtable, local variables, format string, use after free |
- | ## Introduction to disassemblers | + | - 10th of July: CTF Demo (4 challenge tasks) |
- | # Vulnerability Discovery | + | - Vulnerability Discovery |
- | ## Fuzzing Methods | + | - 14th of July: stateless fuzzing |
- | ## Fuzzing Frameworks | + | - 17th of July: stateful fuzzing |
- | ## Fuzzing Examples | + | - Weaponizing the vulnerability |
- | # Weaponizing the vulnerability | + | - 21st of July: shellcode + stack, null character, call trampoline |
- | ## Exploit protection mechanisms & getting past them | + | - 24th of July: DEP, ASLR |
- | ## Shellcode | + | |
- | ## Methods | + | - 28th of July: information leak, canary value, format strings |
- | # Preventing vulnerabilities in your own code | + | - 31st of July: ROP, remote + socket reuse |
- | ## Code auditing | + | |
- | ## Secure | + | - 4th of August: secure |
+ | - 7th of August: Windows: shell code exploit on windows (Immunity, WinDbg) | ||
== Team == | == Team == | ||
Linia 68: | Linia 89: | ||
* Vlad Dumitrescu | * Vlad Dumitrescu | ||
+ | In case of any inquiries please [[sss-contact@security.cs.pub.ro|send us an e-mail]]. |