Hands-On Exploit Development for Beginners4-6 PM, Moscone West 2009Sam Bowne |
Workshop DescriptionParticipants will hack into a series of vulnerable servers and get onto Winners boards. Instead of using tools, you will create your own attacks. The easier challenges require nothing but a Web browser: command injection and SQL injection. The harder challenges require a Kali Linux virtual machine and exploit buffer overflows at the binary level. PrerequisitesThe first few projects are easy, even for beginners. For the later projects, familiarity with C, Python, and assembly code is helpful but not required.Equipment Students Will Need to BringParticipants need a computer with Kali Linux or some other Linux, such as Ubuntu, either in a virtual machine or locally. I will have a few loaner computers for students who don't have a usable computer.Reference Book"The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q Buy from Amazon |
ProjectsEasy
Intermediate
Hard |
LecturesReal Hacking (key)Data Breaches: Real and Imaginary (ppt) Bitcoin (key) Security at Colleges NETLAB password insecurity
The lectures are in Keynote and HTML formats. |
Other ProjectsBasic SQLCodeCademy SQL LessonSQL Injection Attack and DefenseInstalling SQLolSQLi: Attacking with Havij and Defending with Input Filtering Exploiting SQLi with sqlmap Fixing MySQL with Parameterized Queries Games and CybercompetitionsPassword Guessing GamesPicoCTF Bandit Challenges CTFTime |
Revised 2-14-16 3:13 pm