Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
2011-2012:courses:ot:start [2012/05/29 22:27]
jvbeek
2011-2012:courses:ot:start [2013/03/30 21:16] (current)
jvbeek
Line 1: Line 1:
-====== Offensive Technologies 2011-2012 ====== 
- 
- 
- 
- 
- 
- 
- 
 ===== Offensive Technologies ('​OT'​)====== ===== Offensive Technologies ('​OT'​)======
  
Line 15: Line 7:
 |  Contact: | j.c.vanbeek{at}uva{dot}nl ​                       | |  Contact: | j.c.vanbeek{at}uva{dot}nl ​                       |
  
- +Please refer to [[https://www.os3.nl/2012-2013/courses/​ot/​start]] for latest versions.
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
-==== OT lectures ==== +
-=== Schedule === +
-^     ​Date ​             ^ Subject ​                                                      ^ Sheets ​          ^ Lab assignment ^                                     +
-|     Mon 02 April      | Introduction + Intrusion Detection Systems ​                   |{{2011-2012:courses:​ot:​ids.pdf|ids}} ​                 |{{2011-2012:​courses:​ot:​ot_lab_assignment_1.pdf|#​1}} ​               |             +
-|     Thu 05 April      | Physical security ​                                            ​|{{2011-2012:​courses:​ot:​physical.pdf|physical}} ​                 |{{2011-2012:​courses:​ot:​ot_lab_assignment_2.pdf|#​2}}| ​            +
-|<​del>​Mon 09 April</del>| <​del>​Easter Monday</del> ​                                     |<​del>​N/​A</​del> ​   |<​del>​N/​A</​del> ​ |             +
-|     Thu 12 April      | Network security ​                                             |{{2011-2012:​courses:​ot:​network.pdf|network}} ​                 |{{2011-2012:​courses:​ot:​ot_lab_assignment_3.pdf|#​3}}| ​            +
-|     Mon 16 April      | Database security ​                                            ​|{{2011-2012:​courses:​ot:​database.pdf|database}}|{{2011-2012:courses:​ot:​ot_lab_assignment_4.pdf|#​4}} ​               |             +
-|     Thu 19 April      | Web application security ​                                     |                  |N/A             ​| ​            +
-|     Mon 23 April      | Application security ​                                         |{{2011-2012:​courses:​ot:​app.pdf|app}} ​                 |{{2011-2012:​courses:​ot:​ot_lab_assignment_6.pdf|#​6}} ​               |             +
-|     Thu 26 April      | Project ​                                                      |N/A               ​|N/​A ​            ​| ​            +
-|<​del>​Mon 30 April</​del>​|<​del>​May Holiday</​del> ​                                        ​|<​del>​N/​A</​del> ​   |<​del>​N/​A</​del> ​ |             +
-|<​del>​Thy 03 May</​del> ​ |<​del>​May Holiday</​del> ​                                        ​|<​del>​N/​A</​del> ​   |<​del>​N/​A</​del> ​ |             +
-|     Mon 07 May        | Project ​                                                      ​|N/​A ​              ​|N/​A ​            ​| ​            +
-|     Thu 10 May        | Project ​                                                      ​|N/​A ​              ​|N/​A ​            ​| ​            +
-|     Mon 14 May        | Project ​                                                      ​|N/​A ​              ​|N/​A ​            ​| ​            +
-|     Thu 17 May        | Project ​                                                      ​|N/​A ​              ​|N/​A ​            ​| ​            +
-|     Mon 21 May        | Project ​                                                      ​|N/​A ​              ​|N/​A ​            ​| ​            +
-|<​del>​Thu 24 May</​del> ​ |<​del>​Fiber Day</​del> ​                                          ​|<​del>​N/​A</​del> ​   |<​del>​N/​A</​del> ​ |             +
-|     Fri 25 May        | Project ​                                                      ​|N/​A ​              ​|N/​A ​            ​| ​            +
-|<​del>​Mon 28 May</​del> ​ |<​del>​Whit Monday</​del> ​                                        ​|<​del>​N/​A</​del> ​   |<​del>​N/​A</​del> ​ |             +
-|     Thu 31 May        |Project presentations ​                                         |N/A               ​|N/​A ​            ​| ​            +
-=== Location === +
-OS3 lab. +
- +
-=== Time === +
-Lectures ​start at 10.15. The day will end at 16.00. +
- +
-=== Assignments === +
-After most lectures you'll receive an assignment that contains one or more questions. Work on the assignment in groups of two persons. Document the answers on your personal webpage. Please don't forget to mention your team mate's name. +
- +
-==== OT project==== +
-=== Objective === +
-  * Obtaining insight and skills in the subject of '​practical security'​ +
-  * Further improving your reporting and presentation skills +
- +
-=== Organization === +
-  * OT course starts on 2 April +
-  * For your research project you need to: +
-    * Find a teammate (2 persons / group) +
-      * No team mates of previous projects +
-    * Pick / define a subject +
-    * Write a project proposal and email it to j.c.vanbeek{at}uva{dot}nl +
-    * Get approval ​for your project +
-  * Projects starts on 26 April, every Monday and Thursday except holidays +
-  * Presentation of your results on 31 May +
- +
-=== Deliverables and deadlines === +
-  * Research proposal, deadline 22 April 2011 23:59 Amsterdam time +
-  * Logs of lab assignments finished and online, deadline 26 April 23:59 Amsterdam time +
-  * Presentation,​ 31 May, starting at 10.00 in the OS3 lab +
-  * Research report, deadline 29 May 23.59 Amsterdam time +
- +
-=== Requirements for the proposal === +
-Please answer the following questions in your proposal: +
-  * What's the subject? +
-  * What's new / special about your subject? +
-  * Why M.Sc worthy? +
-  * Which activities are you planning to do (approach)?​ +
-  * Who is doing what in your team? +
-  * What's your time planning? +
-  * What resources do you need (connectivity,​ hardware, ...)? +
- +
-=== Requirements for the report === +
-  * Management summary +
-    * Summary of introduction +
-    * Most important findings +
-    * One or two pages +
-  * Introduction +
-    * See proposal and make sure that your approach is included here +
-  * Detailed findings and recommendations:​ results of your activities +
-  * References +
- +
-=== Requirements for the presentation === +
-  * Duration is 30 minutes in total, reserve 10 minutes for questions +
-  * Presentation by both team members +
- +
-=== Appraisal === +
-  * Individual appraisal for each team member +
-  * Proper documentation of the lecture assignments must be available on your personal webpage in folder ot, if not no grade! +
-  * Result is based on the report (50%) and the presentation (50%) +
-  * Appraisal of the report and presentation are based on: +
-    * Correctness +
-    * Completeness +
-    * Technical level +
-    * Applicability +
-    * Structure and orthography +
- +
-=== Last years' projects === +
-  * A comparison of real-life IPv4 and IPv6 network (IPv4 versus IPV6 filtering on the same system) +
-  * Beating Metasploit with Snort (automatically generate Snort rules from Metasploit Framework payloads) +
-  * Database Hardening +
-  * Sniffing and hijacking printer jobs +
-  * FireWire Attacks Revisited +
-  * Multiplexing Covert Channels +
-  * Analysis of TCP/IP backend of RFID access system +
-  * Penetration testing of open wireless access points +
-  * Post exploit activity detection (how to detect that a system is hacked?) +
-  * Hardened keyboard driver (how to detect a hardware PS/2 key logger?) +
-  * Detecting gateways in a simple way (how to detect unauthorized internet gateways in your corporate network?) +
-  * iPhoneBankingApps (checking the footprint of iPhone banking apps) +
-  * RFID (content analysis of RFID cards) +
-  * Covert channels (testing covert channels in the field) +
-  * Network traffic analysis for Windows binaries (reconstructing Windows EXEs using an IDS and checking for malware and certificates) +
-  * CoverDroid (implementing covert channels on an Android smart phone) +
-  * Passive application version monitoring (passively check for outdated / unknown software versions using network and IDS logs) +
-  * Snorting Metasploit (Metasploit versus Snort: what's detected?)+

This topic does not exist yet

You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”.