Aici sunt prezentate diferențele dintre versiunile selectate și versiunea curentă a paginii.
Both sides previous revision Versiuni anterioare Urmatoarea versiune | Versiuni anterioare | ||
studenti:summer-schools:security [2014/05/10 22:04] razvan.deaconescu [Security Summer School] |
studenti:summer-schools:security [2015/03/06 15:34] razvan.deaconescu șters |
||
---|---|---|---|
Linia 19: | Linia 19: | ||
== Summary == | == Summary == | ||
- | The first edition of a new Security Summer School focused on Practical Software Exploitation will take place between June 23rd and August 10th 2014, at the Faculty of Automatic Control and Computers, University POLITEHNICA of Bucharest. Students will be go through an in-depth tour of what it means to discover, successfully exploit and patch a software vulnerability and develop the necessary skills and insights needed to embark on such an endeavor. | + | The first edition of a new Security Summer School focused on Practical Software Exploitation will take place between June 23rd and August 10th 2014, at the Faculty of Automatic Control and Computers, University POLITEHNICA of Bucharest. Students will go through an in-depth tour of what it means to discover, successfully exploit and patch a software vulnerability and develop the necessary skills and insights needed to embark on such an endeavor. |
- | Activities will take place during two intensive training sessions per week as well as two Capture the Flag (CTF) contests that will be held mid-term and at the end of the summer school. The final CTF contest will be the highlight of the summer school and students will able to showcase the skills they have learned and be awarded prizes offered by Ixia. | + | Activities will take place during two intensive training sessions per week as well as two Capture the Flag (CTF) contests that will be held mid-term and at the end of the summer school. The final CTF contest will be the highlight of the summer school and students will be able to showcase the skills they have learned and be awarded prizes offered by Ixia. |
== Application == | == Application == | ||
Linia 27: | Linia 27: | ||
We welcome students to apply via [[http:// | We welcome students to apply via [[http:// | ||
- | Apart from filling out your CV, we want to see your h4x0r sk111z by solving set of three challenges. Please [[http:// | + | Apart from filling out your CV, we want to see your h4x0r sk111z by solving |
After May 25th we will organize a set of interviews to decide who will take place in the Security Summer School. | After May 25th we will organize a set of interviews to decide who will take place in the Security Summer School. | ||
Linia 33: | Linia 33: | ||
=== Requirements === | === Requirements === | ||
- | We expect good programming skills and a fair knowledge of C programming language. Python and shell scripting skills are welcome. | + | We expect good programming skills and a fair knowledge of the C programming language. Python and shell scripting skills are welcome. |
- | More than anything we expect a proactive attitude, a love for challenges and " | + | More than anything we expect a proactive attitude, a love for challenges and " |
== Location & Schedule == | == Location & Schedule == | ||
Linia 45: | Linia 45: | ||
* Thursday, 9am-1pm | * Thursday, 9am-1pm | ||
- | Each session will be highly practical: a presentation of a set of basic concepts on slides | + | Each session will be highly practical: a presentation of a set of basic concepts on slides |
The 9th-10th of August week-end is reserved for the final CTF contest and awards ceremony. | The 9th-10th of August week-end is reserved for the final CTF contest and awards ceremony. | ||
Linia 51: | Linia 51: | ||
- Introduction into the World of Security | - Introduction into the World of Security | ||
- | - 23rd of June: crash course CTF, OS (pmap, strace, ltrace, file descriptors, | + | - 23rd of June: OS (pmap, strace, ltrace, file descriptors, |
- 26th of June: assembly intro: registers, mnemonics, the stack, gdb (step instruction/ | - 26th of June: assembly intro: registers, mnemonics, the stack, gdb (step instruction/ | ||
- Binary Formats | - Binary Formats | ||
Linia 57: | Linia 57: | ||
- 3rd of July: from ELF to a process, PLT, PIC -> gdb / IDA | - 3rd of July: from ELF to a process, PLT, PIC -> gdb / IDA | ||
- Vulnerability Assessment | - Vulnerability Assessment | ||
- | - 7th of July: overwrite data in GDB, overflow of allkinds: function pointers, vtable, local variables, format string, use after free | + | - 7th of July: overwrite data in GDB, overflow of all kinds: function pointers, vtable, local variables, format string, use after free |
- 10th of July: CTF Demo (4 challenge tasks) | - 10th of July: CTF Demo (4 challenge tasks) | ||
- Vulnerability Discovery | - Vulnerability Discovery | ||
Linia 63: | Linia 63: | ||
- 17th of July: stateful fuzzing (on protocol) | - 17th of July: stateful fuzzing (on protocol) | ||
- Weaponizing the vulnerability | - Weaponizing the vulnerability | ||
- | - 21st of July: shellcode + stack, | + | - 21st of July: shellcode + stack, |
- 24th of July: DEP, ASLR | - 24th of July: DEP, ASLR | ||
- Weaponizing the vulnerability II | - Weaponizing the vulnerability II |