Week 1: Hack Night Showcase
This is an introduction session to the Hack Night curriculum, this session tries to give an overview of what rest HN sessions is to be followed. More importantly, it also gives the
ethics necessary to keep in mind when you learn something as powerful as your going to do now. Next, we will cover various types of disclosure that hackers have followed since
Week 2: Code Auditing
This session will cover Code Auditing. Code Auditing an application is the process of analyzing application code (in source or binary form) to uncover vulnerabilities that attackers
might exploit. By going through this process, you can identify and close security holes that would otherwise put sensitive data and business resources at unnecessary risk.
Topics that will be covered are Identifying Architectural, Implementation and Operational vulnerabilities.
This is a workshop session, we will present you with some applications that are intentionally vulnerable. Your job is to audit the source code and find vulnerabilities in them. Test
the skills that you have learned last week to efficiently go over the process of auditing applications.
Week 5: Web Hacking Workshop
In this session, we will be using some intentionally vulnerable web applications and will them to identify and analyze the top ten vulnerabilities commonly found in the web applications You will be going through the steps of busticating a real site and throwing a fire sale using freely available tools.
Week 6: Reverse Engineering
This session is about Reverse Engineering. Most of the software we use everyday is closed source. You don't have the liberty to look at the source code, at this point we need to analyze the available compiled binary. But, reversing a binary is no easy task but can be done with the proper methodology and the right tools. This is exactly what two of world's best reverser's are going to teach you.
Week 7: Reverse Engineering WorkshopPicking up from previous session, we will present you with an application which has no source code. Your job is to understand what the application is doing and figure out any loopholes present in that application. You'll use tools like IDA that Alex Sotirov demonstrated in the last lecture to analyze the binary and get a complete understanding of the application.
Week 8: Introduction to x86In this session we will cover x86: Architecture, Assembly, Applications & Alliteration. Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation. 50% of the time will be spent learning Windows/Linux tools and analysis of simple programs.
Week 9: Introduction to x86 (contd.)
This is a continuation from last week's session, we will once again cover x86: Architecture, Assembly and Applications. Topics covered are basic assembly instructions, calling conventions, stack and stack frames. Once this is done, we will do live debugging of a simple application and analyze the aforementioned topics. 50% of the time will be spent learning Windows/Linux tools and analysis of simple programs.
Week 10: x86 Split-Workshop
Picking up from the last week's session, we will continue to explore the world of x86. This is going to be a workshop were we will write programs at assembly level. Once, we get familiar to basic x86 instructions we will switch to analyzing a real application and try to get high level understanding of what the application is doing. The goal would be to get familiar with calling conventions, stack and stack frames.
Week 11: Exploiting Memory Corruption
In this week's session, we will go over some advanced concepts related to computer security. Dino Dai Zovi will go over various memory errors that an application can cause often leading to catastrophic results. Topics that will be covered are various memory errors like buffer overflows, uninitialized variables, use after free etc and how we can use them to take control of an application. We will also look at exploitation mitigation that your current OS implements, it's not 1988 anymore. Finally, we will look at some bypassing techniques on the mitigation's.
Week 12: Exploiting Memory Corruption WorkshopPicking up from the last session, we will do a live exploitation of a vulnerable program. We will go through all the steps that Dino explained in his lecture to write a control flow hijacking exploit and take over the program. Once we are done with the 1990's style exploitation, we will re-compile the program with modern mitigation technologies and look at various techniques used to bypass these mitigation's.
Week 13: Post-ExploitationIn this week, we will cover post-exploitation. Post-exploitation is the stage in the intrusion kill chain wherein the attacker uses persistence techniques after the victim's system is compromised to maintain his presence on the machine. In addition the attacker also wants his presence to be hidden, this includes evading antivirus software, covering his/her tracks, etc. We will look at various techniques used by attackers to achieve the aforementioned goals.
Week 14: Fuzzing
In this, the last session of Hack Night. We will be going over Fuzzing and later have a short discussion on what you can do to continue improving your skills. Fuzzing is a black box software testing technique, which consists of finding implementation bugs by manipulating input data sent to an application automatically. We will go over different types of fuzzing, various methods used for fuzzing, and finally the process of "smart" fuzzing.
Hack Night >