Hands-On Exploit Development for Beginners
4-6 PM, Moscone West 2009
Participants will hack into a series of vulnerable servers and get onto Winners boards. Instead of using tools, you will create your own attacks. The easier challenges require nothing but a Web browser: command injection and SQL injection. The harder challenges require a Kali Linux virtual machine and exploit buffer overflows at the binary level.
PrerequisitesThe first few projects are easy, even for beginners. For the later projects, familiarity with C, Python, and assembly code is helpful but not required.
Equipment Students Will Need to BringParticipants need a computer with Kali Linux or some other Linux, such as Ubuntu, either in a virtual machine or locally. I will have a few loaner computers for students who don't have a usable computer.
Reference Book"The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q Buy from Amazon
LecturesReal Hacking (key)
Data Breaches: Real and Imaginary (ppt)
Security at Colleges
NETLAB password insecurity
The lectures are in Keynote and HTML formats.
Basic SQLCodeCademy SQL Lesson
SQL Injection Attack and DefenseInstalling SQLol
SQLi: Attacking with Havij and Defending with Input Filtering
Exploiting SQLi with sqlmap
Fixing MySQL with Parameterized Queries
Games and CybercompetitionsPassword Guessing Games
Revised 2-14-16 3:13 pm