Security Assessment and Vulnerability Exploitation

Print
  • Course Code ΨΣ-ΑΦ-806 Type of Course Mandatory [M]
  • Semester 1st Semester FacultyC. Ntantogian
  • ECTS Credits 7,5

Objective

The main objective of this hands-on course is to provide practical experience for conducting in-depth security assessments and exploitation. The students will spend the majority of the course time in practical lab scenarios, to learn methodologies, techniques and tools to perform comprehensive vulnerability assessment and penetration testing. The course includes a “Capture The Flag” contest, where students put the acquired exploit writing skills to test in a real world environment. Finally, the open research issues in this area are highlighted.

Upon completion of this course, the students will be able to:

  • Understand various aspects of computer architecture and its importance for software security.
  • Design and write their own custom shellcode in assembly language to bypass defensive technologies.
  • Analyse and evaluate source code to find new vulnerabilities and exploit them.
  • Apply practical skills of penetration testing techniques as well as post-exploitation to pivot through an IT infrastructure.
  • Utilise a variety of open source and well-known security tools in industry.
  • Create their own exploits and security tools and utilise them in attack vectors.
  • Understand the current research trends and assess their impact in the forthcoming years.

Course Contents

  • Introduction to the Linux Operating System. Basic Bash shell commands and security tools. Introduction to C and Python programming language.
  • Hardware-software interface. Number representation, assembly language, memory management, the operating-system process model.
  • Memory corruption and exploitation based on stack overflows in Linux and Windows operating systems.
  • Understanding and writing shellcodes. Encoding techniques to evade antivirus/IDS.
  • Privilege Escalation in Linux and Windows and mobile platforms (IOS and Android).
  • Source code auditing. Fuzzing techniques to discover bugs and vulnerabilities.
  • Advanced memory corruption exploitation. Return to Libc attacks, heap overflows, integer overflows. OS security defenses.
  • Vulnerability assessment and Penetration testing. Social Engineering.
  • Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte (2007): The Shellcoder’s Handbook, Discovering and Exploiting Security Holes. Wiley.
  • Jon Erickson (2008): Hacking, The Art of Exploitation, 2nd Edition. No Starch Press.
  • Course Notes.

 

10K students