This lecture covers the course Intro, syllabus review, distinction between hacking vs. penetration testing, ethics discussion, course motivation, threat models and some of the basics.

Resources:

[Lecture Slides]

Required reading:
0x200 up to 0x260 (HAOE)

What you absolutely need to know about secure coding in C. C is everywhere.

Resources:

[Lecture Slides]

Reading: 0x260 up to 0x280 (HAOE)

What you absolutely need to know about secure coding in C. C is everywhere.

Resources:

[Lecture Slides]

Required reading:
0x280 up to 0x300 (HAOE) and 0x350 up to 0x400

Suggested reading:
Understanding Integer Overflow in C/C++

Integer Undefined Behaviors in Open Source Crypto Libraries

Auditing C Code, basic tips / strategies / and exercises

Resources:

[Lecture Slides]

Reading: article on file i/o security

MLK Day Holiday

Intro to Vulnerability Research topics and the Permissions spectrum.

Resources:

[Lecture Slides]

Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email).

Resources:

[Slides (pdf)]

[Slides (pptx)]

Class RE Exercises (Archive)

Guest lecturer Mitch Adair will lead a two day RE workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. Meet in the lecture room prepared (See email).

Coverage of Fuzzing techniques for SDL, VR, and other applications.
[Slides]

[No class video, see slides!]

[Midterm Review Slides]

[no video for this class]

PART 1:


PART 2:

There are two videos for this lecture. The first half is a wrap up of fuzzing topics. The second half the beginning of the exploit development lectures.

Resources:

[Fuzzing Slides]

[Exploitation Slides]

Second lecture in the exploit development lecture series. Covering the very very basics of exploitation. Concept of ret2libc is covered, examples with basic exit() shellcode, and some position-independent basic shellcode.

Resources:

[Slides]

Reading:
Read 0x500 up to 0x540 in HAOE (Writing shellcode)
Read 0x6A0 up to 0x700 in HAOE

Third lecture in the exploit development lecture series. Coverage of heap and format string exploition (with demos), as well as exploit mitigations (ASLR, NX/DEP, stack cookies, EMET, etc...)

Resources:

[Slides]

Reading:
Read 0x680 up to 0x6A0 in HAOE

This lecture covers an overview of networking concepts and network security concepts. Topics covered: Wireshark, Nmap, nc, Hubs vs switches vs routers, manufacturer default logins / backdoors... ARP & dns (dnssec), proxies, weak IP vs strong IP model (RFC 1122)

Resources:

[Lecture Slides]

Required reading:
Read 0x400 up to 0x450 in HAOE.

Related reading (not required):
Defcon 18 - How to hack millions of routers- Craig Heffner

Resources:

[Slides]

Reading:
Read 0x450 up to 0x500 in HAOE(27 pages)
Read 0x540 up through 0x550 in HAOE(11 pages)
Read Chapter 1 in WAHH (15 pages)

[Video on Wireshark coming soon]

Its a bit shorter than other videos as the class time is split between this lecture and a wireshark/tcpflow demo. This lecture addresses some of the big picture with the topics covered so far, and moves into web application security topics, as well as a very basic demo using BurpSuite as a HTTP Proxy.
Resources:

[SLIDES]

Required Reading:

Chapters 2-3 in WAHH

OWASP Top 10

Related Reading:

PHP: A Fractal of Bad Design

Coverage of SQLi, XSS, Metacharacter Injection, OWASP top 10, and demos.
Resources:

[Slides]

Required Reading:
Reading: Chapters 9 of WAHH

Related Reading:
Advaned SQLi

Resources:

[SLIDES]

Required Reading:

"SSL and the future of Authenticity"

Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL

Read Chapter 10 in WAHH

This class was two lectures in one. In the web application 104 lecture we cover topics like WAF, and IDS and how to evade them - which leads into the exploit development 104 lecture. In the exploit dev 104 section we cover topics like networking shellcode, polymorphic shellcode / encoders, and the methodology for defeating IDS/WAF.
Resources:

[Slides]

Required Reading:
Reading: Chapters 12 of WAHH
Chapter 0x550 in HAOE

Related Video: (IDS/IPS Detection, Evasion, VOIP hacking)

ROP Lecture:

This lecture covers ret2libc, return chaining, ROP, how calling conventions affect ROP, how ROP is used to defeat DEP, how ASLR affects ROP, how to defeat ASLR to enable ROP, stack pivoting, and etc... This lecture is just the concepts, next time is the demos.

Resources:

[Slides]

Reading:

ROPC blog post part 1

Devin Cook presented a recap of all the exploitation techniques covered thusfar and lectured on ROP and presented demos on ROP exploitation. Lastly defenses against ROP were discussed.
Resources:

[Slides]

Required Reading:
ROPC part 2 blog post

This lecture covers the Metasploit framework. Resources:

[Slides]

[No video / lecture]

Post exploitation, Windows authentication / tokens, and pivoting techniques are covered. Demos of SET, Meterpreter, and etc are shared. Resources:

Slides]

Old video covering Volatility and performing forensic analysis on hacked machines.
Resources:

[Slides]

Wrapping up the course, revisiting old topics: stack cookies and going in depth on how they are bypassed, covering the SSL bugs, digitally signed malware, and then the big picture. Resources:

[Slides]