WASTC Summer Faculty Development Weeks
Cybersecurity Update for 2023

June 19-23, 2023

Sam Bowne

Scoreboard · Submit Flags


To join the class:

Machine Learning

Every technical product is now incorporating machine learning at an explosive rate. But most people, even those with strong technical skills, don't understand how it works, what its capabilities are, and what security risks come with it. In this workshop, we'll make machine learning models using simple Python scripts, train them, and evaluate their value. Projects include computer vision, breaking a CAPTCHA, deblurring images, regression, and classification tasks. We will perform poisoning and evasion attacks on machine learning systems, and implement deep neural rejection to block such attacks.

No experience with programming or machine learning is required, and the only software required is a Web browser. We will use TensorFlow on free Google Colab cloud systems.

All materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.

Monday: Digital Forensics

Forensic investigations are essential for law enforcement and incident response, to determine what actions have been performed on a digital device or network. We will use Autopsy, Wireshark, Velociraptor, and other tools to collect and analyze evidence from Windows systems, smartphones (Android and iOS), and network traffic.

Tuesday: Attack Techniques

Covers essential skills for penetration testing, including command-line operations, SQL injection, port scanning, packet crafting, password cracking, using and developing Metasploit modules, and more.

Wednesday: Malware Analysis

Analyze Windows malware in detail, using static and dynamic methods to find malicious behavior. We will use Process Explorer, Ollydbg, Windbg, IDA Pro, API Monitor and other tools to inspect EXEs, DLLs, and .NET executables.

Thursday: Hacking Android Devices

Examine the Android operating system and apps in detail, to find security flaws including poor encryption, logging confidential data, and command injection. Reverse-engineer Android apps and modify them, injecting Trojan code. We will use Android Studio, adb, Burp, Jadx, Frida, and other tools to reveal the internals of apps and modify their functions.

Friday: Violent Python

Use Python 3 to code simple attacks including port scanning, brute-force logins, password cracking, cryptography of many kinds, simple machine learning, and simulated quantum computing.

Last Updated: 6-18-23