Spring 2013 Lectures & Videos

This page contains all the lecture Lecture Slides and youtube videos for the Spring 2013 semester of this course.



HD Video Download:

You can download and watch each lecture for this class at the following URL.
Simply streaming them from dropbox will not work. Dropbox will cut the stream off about 1/4 of the way through the video.

Video download URL
Lecture Video Torrent

The videos are much higher quality than their youtube versions.



Course Lecture Videos / Slides / Reading:

Below you can find and watch all the course videos, required reading, and lecture slides for each lecture (where applicable). The videos hosted on youtube are lower quality than the ones avaiable for direct download (see above). On the left you can find a navigation sidebar which will help you find the lectures relevant to each meta-topic.


Week 1 (Intro / Overview):

Lecture 1: Intro, Ethics, & Overview:




[No video was recorded for this lecture due to technical difficulties]

This lecture covers the course Intro, syllabus review, distinction between hacking vs. penetration testing, ethics discussion, course motivation, threat models and some of the basics.

Resources:
  • [Lecture Slides]
  • Required reading:
    Chapter 1 in CHR and SAND2007-5791
  • Lecture 2: Linux Overview:


    This lecture covers the basics to an OS, Kernel vs user space, system calls, unix permissions, ruid vs euid etc..., ext file system (for the limited focus of forensics), persistence mechanisms used by malware, and /var/log, and more.

    Resources:
  • [Lecture Slides]
  • Required reading:
    Chapter 3 in CHR.

  • Week 2 (Overview / Code Auditing):

    Lecture 3: Windows Overview


    This lecture provides an overview of the registry and registry hives, persistence mechanisms used by malware, Portable Executable (PE) file format overview, window systems calls commonly used by malware, and the windows API.

    Resources:
  • [Lecture Slides]
  • Required reading:
    Chapter 4 in CHR.
  • Related reading:
    The Windows PE File Format
  • Lecture 4: Rootkits; Code Auditing


    The first half of this lecture covers rootkits and rootkit techniques for windows and linux. The second half covers code auditing concepts like design flaws, software analysis, vulnerability identification, signed bugs (int over/under flows), incorrect use of length params (strncpy, strncat, snprintf), format strings, …

    Resources:
  • [Lecture Slides]
  • Required reading:
    Chapter 0x200 up to 0x250 in HAOE.

  • Week 3 (Reverse Engineering Workshop Week):

    Lecture 5: x86 Reverse engineering


    This lecture is day one of our weeklong x86 reverse engineering workshop lead by guest lecturer Mitch Adair.

    Resources:
  • [PDF Lecture Slides; PPTX Lecture Slides]
  • [Binaries Download]
  • Required reading:
    Read 0x250 up to 0x270 in HAOE
  • Related reading (not required):
    ASSEMBLY PRIMER FOR HACKERS (PART 1) SYSTEM ORGANIZATION
  • Lecture 6:


    This lecture is day two of our weeklong x86 reverse engineering workshop lead by guest lecturer Mitch Adair.

    Resources:
  • Stand alone exercise download
  • [PDF Lecture Slides; PPTX Lecture Slides]
  • [Binaries Download]
  • Required reading:
    Read 0x250 up to 0x270 in HAOE

  • Week 4 (Exploit Development)

    Lecture 7: Fuzzing and Exploit Development 101


    This lecture covers a fuzzing overview, the basics of exploit development, environment variables, stack attacks, buffer overflow, nop-sleds, etc...

    Resources:
  • [Lecture Slides]
  • Required reading:
    Read 0x300 up to 0x340 in HAOE
  • Lecture 8: Shellcode and Exploit Development 102


    Lectore topics: more on writing Shellcode (linux vs windows), win32 process memory map ...

    Resources:
  • [Lecture Slides]
  • Required reading:
    Read 0x500 up to 0x540 (HAOE) (Writing shellcode)
    Read 0x6A0 up to 0x700 (HAOE)
  • Related reading (not required):
    Constant Insecurity: Things you didn’t know about Portable Excutable File Format”, 2011 Blackhat presentation by Mario Vuksan & Tomislav Pericin (Reversing Labs)

  • Week 5 (Exploit Dev / Networking)

    Lecture 9: Exploit Development 103: SEH Exploitation, Heap Sprays, and Executable Security Mechanisms


    This lecture covers SEH exploitation, heap sprays, and executable security mechanisms like ASLR, DEP/NX, Stack Cookies...

    Resources:
  • [Lecture Slides]
  • Required reading:
    Read 0x680 up to 0x6A0 in HAOE
  • Lecture 10: Networking 101: Data Layer, Link Layer, and IP layer




    [No video was recorded for this lecture due to technical difficulties]

    This lecture covers an overview of networking concepts and network security concepts. Topics covered: Wireshark, Nmap, nc, Hubs vs switches vs routers, manufacturer default logins / backdoors... ARP & dns (dnssec), proxies, weak IP vs strong IP model (RFC 1122)

    Resources:
  • [Lecture Slides]
  • Required reading (choice offered):
    Read Chapter 2 and Chapter 8 in CHR
    OR Read 0x400 up to 0x450 in HAOE.
  • Related reading (not required):
    Defcon 18 - How to hack millions of routers- Craig Heffner

  • Week 6 (Networking / Web Application Hacking)

    Lecture 11: Networking 102: TCP layer, Important Protocols, Services, Portscanning, ARP




    [No video was recorded for this lecture due to technical difficulties]

    This lecture finishes up the networking overview from last time.

    Resources:
  • [Lecture Slides]
  • Required reading:
    Chapter 8 in CHR (pages 470-510)
    Read 0x460 up to 0x500 (HAOE) (20 pages)
    Read 0x540 through 0x550 (HAOE) (11 pages)
  • Related reading (not required):
    Defcon 18 - Mastering the Nmap Scripting Engine - Fyodor - David Fifield
  • Lecture 12: Web application Hacking 101


    Its a bit shorter than other videos as the class time was taken up going over homework beforehand. This lecture addresses some of the big picture with the topics covered so far, and moves into web application security topics.

    Resources:
  • [Lecture Slides]
  • Required reading:
    Read Chapter 7 in CHR, Page 406-435
    Reading: Open Web Application Security Project (OWASP) Top 10
  • Related reading (not required):
    DEFCON 17: Advanced SQLi by Joseph McCray

  • Week 7 (Web Application Hacking)

    Lecture 13: Web Application Hacking 102: Big picture of topics so far, SQLi, XSS


    This lecture's topices cover HTTP proxies, SQLi and XSS
    Resources:
  • [Lecture Slides]
  • Required reading:
    None this time
  • Lecture 14: Web Application Hacking 103: SSL attacks, advanced techniques


    This lecture's topics cover SSL/TLS, Certificate Authorities, and the serious problems with the Certificate Authority infrastructure, and a history of CA hacks / breaches, and SSL hacking tools like sslstrip ...

    Resources:
  • [Lecture Slides]
  • Required reading:
    Video: [Black hat] SSL and the future of Authenticity.
  • Related reading (not required):
    Related Video: Whitfield Diffie and Moxie Marlinspike talk about certificate authorities, DNSSEC, SSL, dane, trust agility, and etc.

  • Week 8 (Web Application Hacking / Exploit dev)

    Lecture 15: Web Application Hacking 104 & Exploit Development 104


    This class was two lectures in one. In the web application 104 lecture we cover topics like WAF, and IDS and how to evade them - which leads into the exploit development 104 lecture. In the exploit dev 104 section we cover topics like networking shellcode, polymorphic shellcode / encoders, and the methodology for defeating IDS/WAF

    Resources:
  • [Lecture Slides]
  • Required reading:
    Read 0x550 in HAOE
  • Related reading (not required):
    Defcon 18 - You spent all that money and you still got owned - Joseph McCray
  • Lecture 16: Midterm review & Exploit Development 105 (ROP)


    This lecture's first half is a review of topics for the midterm. The second half introduces Return Oriented Programming.

    Resources:
  • [Lecture Slides]
  • Required reading:
    N/A (just study)
  • Related reading (not required):
    Dino Dai Zovi - Practical Return-Oriented Programming

  • Week 9: (Special Topics)

    Lecture 17: The Modern History of Cyber Warfare


    This lecture covers just a small sample of the major events one might consider part of the history of cyber warfare. The lecture discusses some of the potential tactical and strategic differences between traditional warfare and cyber warfare - as well as the policy and perspective hurdles we face today. This lecture happened shortly after the ground-breaking APT1 report from Mandiant.

    Resources:
  • [Lecture Slides]
  • Required reading:
    ars technica - How Georgia doxed a Russian hacker (and why it matters)
    ars technica - US cyber-weapons exempt from “human judgment” requirement
  • Related reading (not required):
    DEFCON 19: Christopher Cleary - Operational Use of Offensive Cyber
    Mandiant - APT1 Report
  • Lecture 18: Social Engineering


    The first portion of this video is a continuation of the previous lecture on cyber warfare. Afterwards, this lecture offers a new spin on social engineering - by staring with fundamental psychological flaws in the human brain, and discussing how they can be exploited...

    Resources:
  • [Lecture Slides]
  • No required reading this time


  • Week 10 (Metaspl0it):

    Lecture 19: Metasploit


    This lecture covers the metasploit framework, its interfaces, basic usage, and some of its utilities, along with a brief discussion of the social-engineering toolkit (SET)...

    Resources:
  • [Lecture Slides]
  • No required reading
  • Related reading (not required):
    Metasploit Megaprimer videos from www.securitytube.net

  • MIDTERM

    No video for this class...


    The midterm was at this point, covering lectures 1-16.


    Week 11 (Post Exploitation and Forensics):

    Lecture 20: Meterpreter and Post Exploitation


    This lecture starts by finishing the SET discussion from last time, covers Windows access-tokens, then delves into meterpreter and post exploitation...

    Resources:
  • [Lecture Slides]
  • Required reading:
    Read 0x640 up to 0x670 in HAOE
    DEFCON 19: Covert Post-Exploitation Forensics With Metasploit
  • Related reading (not required):
    Carlos Perez (darkoperator) -- Tactical Post Exploitation
  • Lecture 21: Volatility and Incident Response:


    This lecture covers an overview of Incident Response and delves into Volatility and memory analysis..

    Resources:
  • [Lecture Slides]
  • Required reading:
    Skim chapter 10 in CHR

  • Week 12 (Physical Security):

    Midterm / Homework recap (no lecture)

    No video for this class...


    The lecture was sacrified for administrative things like reviewing the midterm, homeworks, and term project expectations.

    Resources:
  • Instructor's statement about term project expectations
  • Term Project Implementation-project Paper Rubric
  • Term Project Research-project Paper Rubric
  • Term Project Presentation Rubric
  • Lecture 22: Physical Security Workshop: Lockpicking, USB mischief, and BacNET/SCADA system security

    This class was an open workshop, thus there is no video for it...


    This lecture covers physical security, with a hands-on workshop on lockpicking, along with a simultaneous discussion of USB-related-mischief, building hacking (BacNET / SCADA) ....

    Resources:
  • [Lecture Slides]

  • Week 13 (Malware / Student Presentations):

    Lecture 23: Advanced Malware Techniques

    No video for this class...


    The lecture slides have been emailed out to the students, and will not be posted online.

    Student Presentations Begin

    No video for this class, nor the rest of the semester...


    At this point, the course lectures have concluded. The remainder of the semester is taken up by student presentations on their term projects


    Week 14-15 (Student Presentations):

    (No lectures)



    ^^back to top^^

    This work is licensed under a Creative Commons license.