Offensive Technologies ('OT')

Course: Offensive Technologies (5384OFTE6Y)
Teacher: Jeroen van Beek
Dates: 28 March - 26 May 2016, on Mondays and Thursdays
Time: starting at 10.15 Amsterdam time
Books: none
Contact: j.c.vanbeek{at}uva{dot}nl

OT lectures

Schedule

Date Subject Sheets Lab assignment Videos
Mon 28 March Easter Monday N/AN/AN/A
Thu 31 March Introduction + Intrusion Detection Systems introids #1 N/A
Mon 04 April Physical security physical #2 BadUSBElevator HackingCar Dealer Takedown24 Karat Caper
Thu 07 April Network security network #3 DNS May Be Hazardous to Your HealthWeaponizing Your Pets
Mon 11 April Database security database #4 Hacking and Forensicating an Oracle Database Server
Thu 13 April Application security app #5 Funky file formats
Mon 18 April Webapp security webapp N/A N/A
Thu 21 April Project N/A N/A N/A
Mon 25 April Project N/A N/A N/A
Thu 28 April Project N/A N/A N/A
Mon 02 May Holiday N/AN/AN/A
Thu 05 May Ascension Day N/AN/AN/A
Mon 09 May Project N/A N/A N/A
Thu 12 May Project N/A N/A N/A
Mon 16 May Whit Monday N/AN/AN/A
Thu 19 May Project N/A N/A N/A
Mon 23 May Project (optional) N/A N/A N/A
Thu 26 May Project presentations please be in at 10.00, last in = first presentation N/A N/A N/A

Location

OS3 lab.

Time

Lectures start at 10.15. The day will end at 16.00.

Assignments

After most lectures you'll receive an assignment that contains one or more questions. Work on the assignment in groups of two persons. Document the answers on your personal webpage. Please don't forget to mention your team mate's name.

OT project

Objective

  • Obtaining insight and skills in the subject of 'practical security'
  • Further improving your reporting and presentation skills

Organization

  • OT course starts on 28 March
  • For your research project you need to:
    • Find a teammate (2 persons / group)
      • No team mates of previous projects
    • Pick / define a subject
    • Write a project proposal and email it to Jeroen
    • Get approval for your project
  • Projects starts on TODO, every Monday and Thursday except holidays
  • Presentation of your results on 26 May

Deliverables and deadlines

  • Research proposal, deadline 17 April 23:59 Amsterdam time
  • Logs of lab assignments finished and online, deadline 21 April 23:59 Amsterdam time
  • Research report, deadline 27 May 23.59 Amsterdam time
  • Presentation, 26 May, starting at 10.00 in the OS3 lab
  • Corrections for lab assignments (if applicable for your team), deadline 29 May 23.59 Amsterdam time.

Requirements for the proposal

Please answer the following questions in your proposal:

  • What's the subject?
  • What's new / special about your subject?
  • Why M.Sc worthy?
  • Which activities are you planning to do (approach)?
  • Who is doing what in your team?
  • What's your time planning?
  • What resources do you need (connectivity, hardware, …)?
  • Ethical and privacy considerations. If personal information of third parties can (accidentally) be accessed during your project: add a procedures like deletion of project data and responsible disclosure. Also ALWAYS notify Jeroen in case of unforeseen circumstances that are not described in your project proposal.

Requirements for the presentation

  • Duration is 15 minutes in total, without possible questions
  • Presentation by both team members

Appraisal

  • Individual appraisal for each team member
  • Proper documentation of the lecture assignments must be available on your personal webpage in folder ot, if not no grade!
  • Result is based on the report (2/3) and the presentation (1/3)
  • Appraisal of the report and presentation are based on:
    • Correctness
    • Completeness
    • Technical level
    • Applicability
    • Structure and orthography

For more inspiration, you'll find the subjects of previous years' projects below:

Last years' projects

  • Eavesdropping with an optical microphone (laser).
  • Testing current good practices for wiping Android devices and improve weak points.
  • Extracting valuable data from dead Android devices.
  • Eavesdropping on and decrypting of GSM communication using readily available low-cost hardware and free open-source software in practice.
  • Implementing Mimikatz compatible output options (MS crash dump) in DMA physical memory dump tools (e.g. Inception).
  • Identity how wide-spread clickjacking is (by checking missing counter measures) and implement an advanced example to show the impact of such an attack.
  • Development BadUSB-alike attacks for the USB Armory.
  • Shedding a light on publicly known TEMPEST attacks.
  • Modern Honeypot Network assessment.
  • EvilSSD Project.
  • SNMPv3 Covert channels.
  • Canon EOS 6D security evaluation.
  • Reviewing the procedures of Port Knocking.

Older projects

Subject Authors Report
Exploiting Wi-Fi SD cards Connor Dillon & Stavros Konstantaras
Heartbleed: how widespread is it? Jan-Willem Selij & Leendert van Duijn
OS3 Network Security Assessment Kim van Erkelens & Peter Bolhuis
Looking back at Grsecurity Eddie Bijnen & Mike Berkelaar
Weak key cracking of Android applications Cedric Van Bockhaven & Sharon Gieske
GPS-based user tracking using mobile Hristo Dimitrov & Guido Pineda Reyes
TLS assessment SMTP Magiel van der Meer& Sean Rijs
Keyboard acoustics Esan Wit & Thijs Houtenbos
Firmware access control Jan Laan & Niels van Dijkhuizen
Web Application Firewalls Evaluation and Analysis Andreas Karakannas & George Thessalonikefs
Test the Effectiveness of the EMET Bas Vlaszaty & Hoda Rohani
Comparing the detection rates of freely available attacks using free IDSs Azad Kamaliroosta & Joris Claassen
Automated Deployment of Secure Services Anastasios Poulidis & Daniel Cabaca Romao
Tindr stalker mode Eric van den Haak & Joey Dreijer
Beyond the puppet Ioannis Grafis & Mick Pouw
PGP good practice Sebastian Carlier
  • Testing the effectiveness of GCC security flags in Debian 6.0
  • IPv6 host discovery
  • ASLR in modern operating systems
  • A Survey on Return-Oriented Programming
  • Security evaluation of out-of-band management devices
  • Attacking Android's pattern & PIN lock
  • Secretly retrieving mobile device clipboard content
  • Testing the e ectiveness of the Enhanced Mitigation Experience Toolkit
  • Analysis and replication of 433 MHz device communication
  • Outdated Web Applications: Weakness Detection & Protection
  • ACARS and ADS-B: sniffing sensitive data and spoofing messages
  • Comparing real-life IPv4 and IPv6 network security policies
  • A penetration test of the Pogoplug in-home storage appliance
  • OS3 Network Segmentation
  • Bypassing a network proxy with authentication using covert channels
  • Analysis of the Ziggo TV application
  • Grindr Application Security
  • Security Analysis of GoPro Cameras
  • Security analysis of a wirelessly controlled gate
  • Database SQL Injections Detection & Protection: database firewalling
  • Detecting known IPv4 exploits over IPv6
  • Assessing the security of the ‘E-Thermostaat’ system
  • Metasploit Over Firewire Ownage
  • Analysis of Google’s 2-step Verification
  • Eavesdropping on and decrypting of GSM communication using readily available low-cost hardware and free open-source software in practice
  • Monitoring smartphone malware infections in the wild
  • Personal Data Collection of Android Applications
  • The network security of client-server iPhone applications
  • TCP Established Flooding
  • A comparison of real-life IPv4 and IPv6 network (IPv4 versus IPV6 filtering on the same system)
  • Beating Metasploit with Snort (automatically generate Snort rules from Metasploit Framework payloads)
  • Database Hardening
  • Sniffing and hijacking printer jobs
  • FireWire Attacks Revisited
  • Multiplexing Covert Channels
  • Analysis of TCP/IP backend of RFID access system
  • Penetration testing of open wireless access points
  • Post exploit activity detection (how to detect that a system is hacked?)
  • Hardened keyboard driver (how to detect a hardware PS/2 key logger?)
  • Detecting gateways in a simple way (how to detect unauthorized internet gateways in your corporate network?)
  • iPhoneBankingApps (checking the footprint of iPhone banking apps)
  • RFID (content analysis of RFID cards)
  • Covert channels (testing covert channels in the field)
  • Network traffic analysis for Windows binaries (reconstructing Windows EXEs using an IDS and checking for malware and certificates)
  • CoverDroid (implementing covert channels on an Android smart phone)
  • Passive application version monitoring (passively check for outdated / unknown software versions using network and IDS logs)
  • Snorting Metasploit (Metasploit versus Snort: what's detected?)

Have you already got some great ideas:

  • Contact Jeroen

This topic does not exist yet

You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”.