We were inspired by the Hack-Night project and thus, decided to run a similar sobering introduction to offensive security on every Wednesday's lunch at 12:00 pm. The course duration is expected to be around 1 hour and is Open to Anyone who shares passions for learning technology.
Location: O1.608, International University
Hack Zer0s intentionally aims to gear up students who have little background knowledge (almost 0) with practical skills on the field of the cyber security. By the end of the course, each student is expected to have a good understanding of the related topics, including Code Auditing, Vulnerability Exploiting, Cryptography, Forensic.
A wide range of technical contents shall be covered quickly for students to have a general picture of how vulnerabilities can be exposed and trending in Vulnerabilities Disclosure during 10 weeks. The general structure of this long seminar will be given at below (and may subject to change). As we progress, we will unlock the topic that will be covered in the week and attendees will be notified by email.
[x] Week 1: Introduction to Cyber Security
- Trending in Vulnerabilities Disclosure. Slides
- Introduction to Penetration Testing Cycle. Slides
- Demo: Exploiting a Wordpress blog. Video
[x] Week 2: Source Code Auditing (7/10/2015)
- Introduction to Common Weakness Enumaration(CWE). Slides
- Memory Corruption. (C knowledge is recommended but not required) Slides
- Detecting the issue of Software Defects before Hackers strike. Slides
- Demo: Using SonarQube for secure coding practices throughout the software development lifecycle. Video
[x] Week 3: Guide To CTF
- Jeopardy: Rules & Challenges. Slides
- Demo: Manual Error-based SQL injection vs Automated SQLmap (SQL knowledge is recommended but not required).Video
- SQL Injection Guide HTML
[x] Week 4: Web Security, Part 1
- Web Fundamental Concept (HTTP Protocol, Session, Cookies)Slides
- Common Web Vulnerabilities Discussion & Pentesting MethodologySlides
- Demo: Manual Error-based SQL injection vs Automated SQLmap (SQL knowledge is recommended but not required).Video
- Demo: Compromise victim's browser using Stored XSS Exploiting framework BeEfVideo
[x] Week 5: Web Security, Part 2
- Same-Origin Policy Explanation)Slides
- Demo: Cross origin resource sharing.Video
- A4 - Cross-site Request Forgery Explanation Slides
- A5 - Insecure Direct Object Reference Explanation Slides
- Demo: Parameter Manipulation Video
[x] Week 6: Reverse Engineering Slides
- Understand the standard memory layout of running processes on the x86 architecture
- Identify buffer overflows and related memory-based vulnerabilities in C programs, such as those based on format strings
- Construct a simple exploit of a buffer overflow. (Project)
- Understand how exploits can inject remote code, and perform other security compromises
[x] Week 7: Shell CodingSlides
- How a machine code can be injected to alter a program flow. Very often, you would want to inject a code that it allows us to open up the remote shell, and this common hacking technique is well-known as obtaining the shell code, which is very interesting : )
- Understand general compiling process of a C program, including Compiling, Assembling, Linking & Loader.
- You will be introduced with new terminology such as Machine code, Object File, Debugger, Semantic Analysis ...and you will meet them again in the future when we do Compiler or Computer Architecture.
Speaker: Dr. Tran Manh Ha, Nguyen Hoang Minh.