Workshop Structure
A live CTF scoreboard will be running so participants can compete to solve challenges. The instructor will briefly explain the principles and demonstrate the attacks, but workshop participants will spend most of their time performing hands-on projects. Complete instructions will guide participants through beginning projects, and a series of challenges of escalating difficulty are presented to encourage each participant to progress to their appropriate level of accomplishment. This way, novices can gain awareness of the tools, techniques, and results of each activity, and more advanced participants can delve deeply into the details. Our goal is to make sure each participant learns useful, new things in their area of interest.
All materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends. Participants are encouraged to add these projects into their own classes.
Prior Knowledge
Participants should be familiar with networking and security at the CompTia Network+ and Security+ level. Some experience writing code in any language is helpful for the Secure Coding portion.
Technical Requirements
Participants should have a computer with broadband Internet and at least two screens. They should also have a credit card to apply for free cloud server hosting.
Topics
Machine Learning
Covers machine learning functionality, attacks and defenses. We'll attack public Large Learning Models with prompt injection, and make custom machine learning models with Python. We'll create various models including linear regression, polynomial regression, and Support Vector Machines, train them, and evaluate their performance. Projects include computer vision, breaking a CAPTCHA, deblurring images, regression, and classification tasks. We will perform poisoning and evasion attacks on machine learning systems, and implement deep neural rejection to block such attacks. We will use TensorFlow and SecML on free Google Colab cloud systems.
Hacking Mobile Devices
Examine the Android and iOS operating system and apps in detail, to find security flaws including poor encryption, logging confidential data, and command injection. Reverse-engineer Android apps and modify them, injecting Trojan code. We will use Android Studio, adb, Burp, Jadx, Frida, and other tools to reveal the internals of apps and modify their functions.
Malware Analysis
Analyze Windows malware in detail, using static and dynamic methods to find malicious behavior. We will use Process Explorer, Ollydbg, Windbg, IDA Pro, API Monitor and other tools to inspect EXEs, DLLs, and .NET executables.
Exploit Development
Learn how to take control of Windows and Linux servers running vulnerable software. We begin with easy command injections and SQL injections, and proceed through binary exploits incuding buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.
After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data.
We will exploit 32-bit and 64-bit Intel systems, and also ARM-based systems. We will examine modern Windows defenses in detail and how to defeat them, including ASLR, DEP, stack cookies, and SEHOP.
Secure Coding
Learn how to find vulnerabilities in code and fix them. First we will discuss threat analysis and how to prioritize risks using the STRIDE model and the CVSS scoring system. Then participants will examine insecure apps written in PHP, NodeJS, and C. They will use three methods to find flaws: static analysis (scanning source code), dynamic analysis (scanning a running app), and manual testing. We will use several free vulnerability scanning tools, including SonarQube, Codacy, Semgrep, Snyk, and Nessus. They will then fix those flaws and prove that the app is no longer vulnerable.
Securing Critical Infrastructure
Operational Technology (OT) is hardware and software that controls physical processes like factories and power plants. These processes are far more efficient when networked services monitor, control, and automate them, but also are exposed to network attacks. The primary OT protocols, such as Modbus and DNP3, are decades old and lack security features. This workshop covers the risks of OT installations and how to secure them.
|