Wiki-ul Departamentului de Calculatoare

Unelte utilizator

Unelte site

Ești aici: Wiki-ul Departamentului de Calculatoare » Informații studenți » Summer Schools » security
Traseu: SCSS 2014 - 2015
studenti:summer-schools:security

Diferențe

Aici sunt prezentate diferențele dintre versiunile selectate și versiunea curentă a paginii.

Link către această vizualizare comparativă

Both sides previous revision Versiuni anterioare
Urmatoarea versiune 		Versiuni anterioare
studenti:summer-schools:security [2014/05/10 19:56]
razvan.deaconescu [Website] 		studenti:summer-schools:security [2015/03/06 15:34]
razvan.deaconescu șters
Linia 1: Linia 1:
-Ixia Summer School on Practical Software Exploitation =+Security Summer School =
  
 +**From "Voodoo" to "You Do" via hex and fun.**
 +
 +Proudly brought to you by [[http://acs.pub.ro/|ACS]], [[http://www.ixiacom.com/|Ixia]] and [[http://koala.cs.pub.ro/hexcellents/wiki/home|Hexcellents]].
 +
 +{{ :studenti:summer-schools:sss-poster.png?400 |}}
 == Period == == Period ==
  
Linia 14: Linia 19:
 == Summary == == Summary ==
  
-The first edition of a new Security Summer School focused on Practical Software Exploitation will take place between June 23rd and August 9th 2014, at University POLITEHNICA of Bucharest. Students will be submitted through a hands-on experience of what it means to discover, successfully exploit and patch a software vulnerability and develop the necessary skills and insights needed to embark on such an endeavor. The school programe will consist of two intensive training sessions per week as well as two Capture the Flag (CTF) competitions held mid-term and at the end of the summer school in which students will be able to showcase the skills they’ve learned. Both competitions will also boast prizes offered by Ixia. +The first edition of a new Security Summer School focused on Practical Software Exploitation will take place between June 23rd and August 10th 2014, at the Faculty of Automatic Control and Computers, University POLITEHNICA of Bucharest. Students will go through an in-depth tour of what it means to discover, successfully exploit and patch a software vulnerability and develop the necessary skills and insights needed to embark on such an endeavor. 
 + 
 +Activities will take place during two intensive training sessions per week as well as two Capture the Flag (CTF) contests that will be held mid-term and at the end of the summer school. The final CTF contest will be the highlight of the summer school and students will be able to showcase the skills they have learned and be awarded prizes offered by Ixia. 
  
 == Application == == Application ==
  
-The selection is done based on a practical systems programming test as well as a submitted CVs letter of intent in case of ties+We welcome students to apply via [[http://www.stagiipebune.ro/stagii.html&id=1789|Stagii pe Bune]]. Choose "Security Summer School" under the "Summer Schools" heading, for the company "Facultatea de Automatica si Calculatoare, UPB".
  
-The internships are available on http://stagiipebune.ro. Please use this platform to submit your CV & letter of intent.+Apart from filling out your CV, we want to see your h4x0r sk111z by solving a set of three challenges. Please [[http://security.cs.pub.ro/summer-school/challenges.tgz|download the challenge tasks]], go through the README and then submit your solution [[https://docs.google.com/forms/d/19qNWLFrv4hndXSXrrXQze8PG7eSsnVDkbLJxhoXgEd4/viewform|on this Google form]]; you may edit your submission if you forget something during the first try. The deadline for submitting your answers is Sunday, May 25th. 
 + 
 +After May 25th we will organize a set of interviews to decide who will take place in the Security Summer School. 
 + 
 +=== Requirements === 
 + 
 +We expect good programming skills and a fair knowledge of the C programming language. Python and shell scripting skills are welcome. 
 + 
 +More than anything we expect a proactive attitude, a love for challenges and "tinkering" and an interest in security and hacking.
  
 == Location & Schedule == == Location & Schedule ==
  
-Computer Science & Engineering Department, Faculty of Automatic Control and Computers, University POLITEHNICA of Bucharest, Room EG106, First Floor, EG Wing+The Security Summer School will take place in Faculty of Automatic Control and Computers, University POLITEHNICA of Bucharest, room EG106 (Ixia lab)first floor, EG wing.
  
 Activities will take place twice a week: Activities will take place twice a week:
   * Monday, 4pm-8pm   * Monday, 4pm-8pm
   * Thursday, 9am-1pm   * Thursday, 9am-1pm
 +
 +Each session will be highly practical: a presentation of a set of basic concepts on slides followed by hands-on activities (tutorials and tasks).
  
 The 9th-10th of August week-end is reserved for the final CTF contest and awards ceremony. The 9th-10th of August week-end is reserved for the final CTF contest and awards ceremony.
 == Syllabus == == Syllabus ==
  
-Introduction to the world of software exploitation +  - Introduction into the World of Security 
-## Dissecting a real-life exploit +    23rd of June: OS (pmap, strace, ltrace, file descriptors, lsof, ldd), Linux dinamic analysis 
-## Assembly Language Refresher +    - 26th of June: assembly intro: registers, mnemonics, the stack, gdb (step instruction/read-only) 
-## Operating Systems Concepts Refresher +  - Binary Formats 
-## Types of Security Exploits +    - 30th of June: writing assembly, executable code analysis (IDA) 
-## Vulnerability databases +    - 3rd of July: from ELF to a process, PLT, PIC -> gdb / IDA 
-Vulnerability Assessment +  Vulnerability Assessment 
-## Introduction to debugging on Windows (Immunity Debugger) (dynamic analysis+    - 7th of July: overwrite data in GDB, overflow of all kinds: function pointers, vtable, local variables, format string, use after free 
-## Introduction to disassemblers (IDA) (static analysis+    - 10th of July: CTF Demo (4 challenge tasks) 
-# Vulnerability Discovery +  - Vulnerability Discovery 
-## Fuzzing Methods +    - 14th of July: stateless fuzzing (on files), fuzzer + gdb 
-## Fuzzing Frameworks +    - 17th of July: stateful fuzzing (on protocol
-## Fuzzing Examples +  - Weaponizing the vulnerability 
-Weaponizing the vulnerability +    - 21st of July: shellcode + stack, null character, call trampoline 
-## Exploit protection mechanisms & getting past them +    - 24th of July: DEP, ASLR 
-## Shellcode +  Weaponizing the vulnerability II 
-## Methods of inserting and calling the shellcode +    - 28th of July: information leak, canary value, format strings 
-Preventing vulnerabilities in your own code +    - 31st of July: ROP, remote + socket reuse 
-## Code auditing +  Preventing vulnerabilities in your own code + Windows 
-## Secure programming standards+    - 4th of August: secure programming techniques (sanitizing, system()) 
 +    - 7th of August: Windows: shell code exploit on windows (Immunity, WinDbg)
  
 == Team == == Team ==
Linia 71: Linia 89:
 * Vlad Dumitrescu * Vlad Dumitrescu
  
 +In case of any inquiries please [[sss-contact@security.cs.pub.ro|send us an e-mail]].

Unelte pagină

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki