Offensive Technologies ('OT')

Course: Offensive Technologies (5384OFTE6Y)
Teacher: Jeroen van Beek
Lab-TAs: Vincent Breider, Roy Vermeulen
Dates: 29 March - 27 May 2021, on Mondays and Thursdays
Time: starting at 10.00 Amsterdam time
Contact: teachers.ot{at}os3.nl or j.c.vanbeek{at}uva{dot}nl

Schedule

Date Subject Sheets Lab assignment Videos
Mon 29 March Introduction + Intrusion Detection Systems idsLab1: Introduction & IDS DEFCON - The Full Documentary
Thu 01 April Physical Security physical See lab 1 Elevator hacking Modchips of the StateSix Landscapes
Mon 05 April N/A: Easter Monday
Thu 08 April Network Security network Lab2: Network Security DNS May Be Hazardous to Your Health
Mon 12 April Database Security db Lab3: Database SecurityHacking and Forensicating an Oracle Database Server
Thu 15 April Application Security application Lab4 Application Security Funky file formats
Mon 19 April Web Application Security webapp
Thu 22 April Project
Mon 26 April Project / Roster free UvA
Thu 29 April Project
Mon 03 May Holidays
Thu 06 May Holidays
Mon 10 May Project
Thu 13 May N/A: Ascension Day
Mon 17 May Project
Thu 20 May Project
Mon 24 May N/A: Whit Monday
Thu 27 May Project Presentations

Lectures

Location

Online @BBB5

Time

Start at 10.00, until lunch.

Lab assignments

After most lectures you'll receive an assignment that contains one or more questions. Work on the assignment in groups of two persons. Document the answers on your personal webpage. Please don't forget to mention your team mate's name.

Location

Online.

Time

Starting after lunch, until 16.00.

Objective

  • Obtaining insight and skills in the subject of 'practical security'

Organization

  • For your project you need to:
    • Find a teammate (2 persons / group)
      • No team mates of previous projects

Deliverables and deadlines

  • All labs finished and documented in logs: deadline 21 April 23:59 Amsterdam time too late = no project = no grade

OT project

Project Pitching

Location

T.B.D.

Time

Starting at 10.00, until 16.00.

Objective

  • Obtaining insight and skills in the subject of 'practical security'
  • Further improving your reporting and presentation skills

Organization

  • For your project you need to:
    • Find a teammate (2 persons / group)
      • No team mates of previous projects
    • Pick / define a subject
    • Write a project proposal and email it to Jeroen
    • Get approval for your project
  • Projects starts on Thu 22 April, every Monday and Thursday except holidays
  • Presentation of your results on 27 May.

Deliverables and deadlines

  • Project proposal: deadline 18 April 23:59 Amsterdam time too late = no project = no grade
  • Project report: deadline 26 May 23.59 Amsterdam time
  • Project presentation: 27 May, planning and location T.B.D.

Requirements for the project proposal

Please answer the following questions in your proposal:

  • What's the subject?
  • What's new / special about your subject?
  • Why M.Sc worthy?
  • Which activities are you planning to do (approach)?
  • Who is doing what in your team?
  • What's your time planning?
  • What resources do you need (connectivity, hardware, …)?
  • Ethical and privacy considerations. If personal information of third parties can (accidentally) be accessed during your project: add a procedures like deletion of project data and responsible disclosure. Also ALWAYS notify Jeroen in case of unforeseen circumstances that are not described in your project proposal.

Have you already got some great ideas before the deadline? Please contact Jeroen, the sooner the better!

Suggestions for this year's projects

  • Obfuscate your search history. Desktop research to find out what mechanisms are used by search engines to track users. Analysis of how to use this knowledge to obfuscate your search history based on documented mechanisms. Implementation of results of analysis to enable users to actually obfuscate / poison their search history. Implementation e.g. as addition / update of previous work @<http://trackmenot.io>.
  • Current state of Domain Fronting: an overview of techniques and current effectiveness.
  • Cobolt Strike beacons are used in many simulated and real attacks. What are the characteristics? How to detect them?
  • Security evaluation of the Whitebox. The Whitebox is a device that protects medical information. One of the components of the Whitebox is a patient portal. Another component is the doctor's certificate protected local interface. Is it possible to exploit weaknesses in these components to gain unauthorized access to the device of sensitive information? Whitebox can provide you with an enrolled test device for your evaluation.
  • Some previous subjects (see below) might be interesting for a 2021 update, since there were significant changes in the landscape. Please contact us if you've got interesting ideas.

Requirements for the presentation

  • Duration is 15 minutes maximum, excluding questions
  • Presentation by both team members

OT Project presentation Schedule

Appraisal

  • Individual appraisal for each team member
  • Proper documentation of the lab assignments must be available on your personal webpage in folder ot, if not no grade!
  • Result is based on the project report (2/3) and the project presentation (1/3)
  • Appraisal of the project report and project presentation are based on:
    • Correctness
    • Completeness
    • Technical level
    • Applicability
    • Structure and orthography

Examples

A list of previous years' reports that were rated as good or very good:

Other previous subjects:

  • Modifying Metasploit Shellcode Decoders to Bypass Static Analysis
  • RDS vulnerabilities implications on xrdp
  • Analysis of Current Urban Wi-Fi Characterization and Security in Amersfoort and Utrecht
  • Folding At Home: Freely Accessible Hardware
  • Don't train the user, improve the technology
  • Penetration Tester vs. Cyber Threat Intelligence: Identifying and Tracking Offensive Operations with Bulk Data
  • Methods for Malware Detection and Prevention on the IPFS Network
  • Agnostic embedding of digital signatures into programs
  • TLS 1.3 Key Share as a Network Covert Channel
  • A Security Evaluation of Open Source Syslog Implementations
  • Passive vulnerability scanning for red team operations in monitored environments
  • Hiding intrusions from Cisco Firepower Threat Defense
  • Detecting weak basic port knocking sequences on systems in the Dutch IPv4 range
  • Security evaluation of Zoom and competing video conferencing tools
  • Security evaluation of a Bluetooth lock
  • Pre-Authentication Detection of SSH Honeypots Cowrie and Kippo
  • A Comparison of Managed Cloud WAF Rules
  • Potential attack vectors and their mitigation for the PrivateTracer COVID-19 contact tracing application
  • Fuzzing for Vulnerabilities in an Open Source Database
  • Security Analysis and Comparison of Open Source Video Conferencing Software
  • NTP as a covert channel
  • Security Audit of the Android Steam Authenticator App
  • Retest Digidentity
  • Security analysis ECU Aprillia RSV4-1000
  • Security analysis of the Airconsole mini
  • Device driver security
  • SkyBell HD smart doorbell security analysis
  • Behavior of APT-Groups
  • Password managers and their vulnerabilities
  • A security analysis of decommissioned Ziggo modems
  • Endomondo Application Security
  • Defeating ransomware by instruction monitoring
  • Exploiting Broadcom’s Wi-Fi Stack
  • Eavesdropping with an optical microphone (laser).
  • Testing current good practices for wiping Android devices and improve weak points.
  • Extracting valuable data from dead Android devices.
  • Eavesdropping on and decrypting of GSM communication using readily available low-cost hardware and free open-source software in practice.
  • Implementing Mimikatz compatible output options (MS crash dump) in DMA physical memory dump tools (e.g. Inception).
  • Identity how wide-spread clickjacking is (by checking missing counter measures) and implement an advanced example to show the impact of such an attack.
  • Development BadUSB-alike attacks for the USB Armory.
  • Shedding a light on publicly known TEMPEST attacks.
  • Modern Honeypot Network assessment.
  • EvilSSD Project.
  • SNMPv3 Covert channels.
  • Canon EOS 6D security evaluation.
  • Reviewing the procedures of Port Knocking.
  • Exploiting Wi-Fi SD cards
  • Heartbleed: how widespread is it?
  • OS3 Network Security Assessment
  • Looking back at Grsecurity
  • Weak key cracking of Android applications
  • GPS-based user tracking using mobile
  • TLS assessment SMTP
  • Keyboard acoustics
  • Firmware access control
  • Web Application Firewalls Evaluation and Analysis
  • Test the Effectiveness of the EMET
  • Comparing the detection rates of freely available attacks using free IDSs
  • Automated Deployment of Secure Services
  • Beyond the puppet
  • PGP good practice
  • Testing the effectiveness of GCC security flags in Debian 6.0
  • IPv6 host discovery
  • ASLR in modern operating systems
  • A Survey on Return-Oriented Programming
  • Security evaluation of out-of-band management devices
  • Attacking Android's pattern & PIN lock
  • Secretly retrieving mobile device clipboard content
  • Testing the effectiveness of the Enhanced Mitigation Experience Toolkit
  • Analysis and replication of 433 MHz device communication
  • Outdated Web Applications: Weakness Detection & Protection
  • ACARS and ADS-B: sniffing sensitive data and spoofing messages
  • Comparing real-life IPv4 and IPv6 network security policies
  • A penetration test of the Pogoplug in-home storage appliance
  • OS3 Network Segmentation
  • Bypassing a network proxy with authentication using covert channels
  • Analysis of the Ziggo TV application
  • Grindr Application Security
  • Security Analysis of GoPro Cameras
  • Security analysis of a wirelessly controlled gate
  • Database SQL Injections Detection & Protection: database firewalling
  • Detecting known IPv4 exploits over IPv6
  • Assessing the security of the ‘E-Thermostaat’ system
  • Metasploit Over Firewire Ownage
  • Analysis of Google’s 2-step Verification
  • Eavesdropping on and decrypting of GSM communication using readily available low-cost hardware and free open-source software in practice
  • Monitoring smartphone malware infections in the wild
  • Personal Data Collection of Android Applications
  • The network security of client-server iPhone applications
  • TCP Established Flooding
  • A comparison of real-life IPv4 and IPv6 network (IPv4 versus IPV6 filtering on the same system)
  • Beating Metasploit with Snort (automatically generate Snort rules from Metasploit Framework payloads)
  • Database Hardening
  • Sniffing and hijacking printer jobs
  • FireWire Attacks Revisited
  • Multiplexing Covert Channels
  • Analysis of TCP/IP backend of RFID access system
  • Penetration testing of open wireless access points
  • Post exploit activity detection (how to detect that a system is hacked?)
  • Hardened keyboard driver (how to detect a hardware PS/2 key logger?)
  • Detecting gateways in a simple way (how to detect unauthorized internet gateways in your corporate network?)
  • iPhoneBankingApps (checking the footprint of iPhone banking apps)
  • RFID (content analysis of RFID cards)
  • Covert channels (testing covert channels in the field)
  • Network traffic analysis for Windows binaries (reconstructing Windows EXEs using an IDS and checking for malware and certificates)
  • CoverDroid (implementing covert channels on an Android smart phone)
  • Passive application version monitoring (passively check for outdated / unknown software versions using network and IDS logs)

This topic does not exist yet

You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”.