Differences between revisions 21 and 40 (spanning 19 versions)

CPTR 542 Advanced Network Security

This page provides hints, insights and direction for the graduate class in Network Security. As a graduate class I am not interested in just teaching you how to use tools to exploit systems. I also want you to be able to research new methods to exploit and protect systems. Consequently you will find a balance between learning about tools and known techniques and pushing the boundary to extend those techniques and create new tools for exploits and defense. Because of this, research is a big part of this class. As we look at existing tools, we'll discuss what it does, how it works, and how to extend the functionality and research possibilities related to what we are learning.

/NotesForNextClass

Weekly Routine

Current Events Discussion / Research presentations (Keep it short!)
Retrospective on previous assignment/work.
Discuss/Lecture/Demonstrations of Upcoming Chapter(s)
Discuss upcoming assignment.

Current Events

All students are required to present the following:

Give a short overview of two security news items from the last week (keep it short!)
There will be a google docs document on eClass for this.

Research Resources

Graduate Research Assignment

Graduate students must write two papers and present research reviews each week.

Presenting Research Reviews of Peer-Reviewed Papers

Each week I would like graduate students to present a summary of a peer reviewed conference paper from an ACM/IEEE/Springer conference (You may also use other notable security conferences). Most topics are your choice, but you should pick papers related to your chosen topic to write on (see next). These should only be 10 minutes max including discussion. One presentation must introduce a new attack or attack technique. One presentation must deal with privacy issues inside the US. The other papers are up to you. You may choose to do the required topics during any regular class, however I recommend that you do them near the beginning.

Writing your own Research Paper

Graduate students must write two papers:

Your first paper should be a survey paper that analyzes current and historically significant research of your particular topic and makes recommendations about use.
Your second paper should be an implementation of a previously unimplemented idea or extension/application of some area you found interesting in your first paper.

Ideas:

You might implement a method of attach to provide new proof of concept code
Research specific activities related to personal privacy compromised by companies or governments that may be illegal in other countries or protected by the US constitution
Vulnerability monitoring system based on OSVDB and nvd.nist.gov – Create a system that monitors installed list of programs and alerts to new vulnerabilities listed in the above databases. This may be used as a tool to attack or defend systems.
An aspect of hacking, such as code-security analysis techniques and tools for various languages.
Report on a penetration test performed for a real (off-campus) company. This requires professor approval, so make sure to get it before you embark on a real pentest.

Homework Assignments

Last year we used a different book that focused on Penetration Testing theoretical over practical. In 2021 we are using a book that focuses on the practical over the theoretical

Research:
1. Use peer reviewed articles in ACM/IEEE etc., to find the conditions necessary to "more easily" attack the RSA algorithm. What known attacks exist against RSA?
2. Determine if there exists known attacks against AES. Do we consider AES to be secure?
3. What attacks exist against hash algorithms? What algorithms are not considered secure?
Install Kali on your system. Let me know if you need a virtual machine for this. Write a planning and scope document that covers the issues from Chapter 1 including rules of engagement (ROE). Make sure to cover all your bases for this document. You may collaborate to write this document as a class. The ultimate target is brain2.scotnpatti.com (this server)
Use the techniques covered in Chapter 2 to
1. RECON both cs.southern.edu and scotnpatti.com - make sure you follow the Rules of Engagement (ROE) agreed upon in the previous assignment.
2. Find a willing personal target and profile that person to discover what you can about them online.
3. Document what you find organized into three reports one for cs.southern.edu, one for scotnpatti.com and one for the "victim" who agreed to be used in (b). Turn in these documents online in eclass.
Using the enumeration techniques from Chapter 3
1. Enumerate the machine targets available for exploitation and any information collected.
2. Enumerate separately any network hardware available for exploitation.
3. Be ready to discuss enumeration avoidance techniques
Using the tools we are studying from Chapter 4-5, try to exploit something from the allowed target list in our pentest plan and bring proof of your exploit. What remediation is needed. If you are unable to exploit make sure to systematically document everything you have tried. We will need this later in our report!
Think of a tool to solve a common problem, something that would be useful to an administrator and write a vulnerable tool. Show how to exploit it using one of the automated techniques from the chapter.
Write a report for your client on what you found. I will ask what tools you used for reporting, and proof that you were able to break into systems. If you have questions, I will give you time to ask in class. Make sure to give a detailed penetration test report of vulnerabilities found, exploits performed, proof of exploits and remediation recommendations etc.
To date you should have been able to find some sort of way into the system in the ROE and perhaps created your own administrator account, stolen files, or changed web pages. You must now fix what you broke, changed or pilfered, and then try to Cover your tracks.

Homework assignments are given on https://eclass.e.southern.edu

Common Vocabulary and Acronyms

MITM = Man in the middle
Monitize = to convert into monitary value i.e. money.
ROE = Rules of Engagement

Entertaining Links

Buffer Overflow example
/BufferOverFlowExample from book
/BufferOverFlowSolution for Book
Nice discussion of Salting
Netcraft - shows information history of a site, interesting
Dr. A's Kioptrix 1 solution including adding a root user.

-  ⇤ ← Revision 21 as of 2013-10-17 18:57:50 → 
  Size: 6229
  Editor: 71-87-249-142
  Comment:
+   ← Revision 40 as of 2021-08-18 23:10:52 → ⇥
  Size: 7837
  Editor: 71
  Comment: Course Changed Name
-Deletions are marked like this.
+Additions are marked like this.
 Line 1:
-= CPTR 541 =
+## page was renamed from AdvancedNetworkSecurity
= CPTR 542 Advanced Network Security =
-Line 5:
+Line 6:
+{{https://images-ext-1.discordapp.net/external/92E0ySO0WvM8_OJJCZhqcBK1ss899tLWoUNBLs43HH8/https/imgs.xkcd.com/comics/voting_software.png}}

/NotesForNextClass
-Line 6:
+Line 11:
+. Current Events Discussion / Research presentations (Keep it short!)
 1. Retrospective on previous assignment/work.
 1. Discuss/Lecture/Demonstrations of Upcoming Chapter(s)
 1. Discuss upcoming assignment.
-Line 7:
+Line 16:
-. Current Events Discussion
 1. Research presentations 
 1. Retrospective on previous assignment/work. 
 1. Discuss Chapter
 1. Discuss upcoming assignment.
+== Current Events ==
All students are required to present the following:

 * Give a short overview of two security news items from the last week (keep it short!)
 * There will be a google docs document on eClass for this.
-Line 14:
+Line 23:
- * [[http://www.pentest-standard.org/index.php/Main_Page|PTES - Penetration Testing Execution Standard (Our book loosely follows this)]]
+ * [[http://www.pentest-standard.org/index.php/Main_Page|PTES - Penetration Testing Execution Standard]]
-Line 19:
+Line 27:
-When doing research it helps to know where to look. [[http://www.ieee-security.org/TC/SP-Index.html|Dr. Gu]] does a nice job of rating security conferences that you might want to research from. IEEE S & P and ACM's Conference on Computer and Communications Security top the list and are good candidates to watch.
+== Graduate Research Assignment ==
-Line 21:
+Line 29:
-== Research Assignment ==
+Graduate students must write two papers and present research reviews each week.
-Line 23:
+Line 31:
-=== Presenting Peer-Reviewed Papers ===

Each period I would like you to present a summary of a peer reviewed conference paper from an ACM/IEEE/Springer conference (You may also use other notable security conferences). Most topics are your choice, but you should pick papers related to your chosen topic to write on (see next). These should only be 10 minutes max including discussion. One presentation must introduce a new attack or attack technique. One presentation must deal with privacy issues inside the US. The other papers are up to you. You may choose to do the required topics during any regular class.
+=== Presenting Research Reviews of Peer-Reviewed Papers ===
Each week I would like ''graduate students'' to present a summary of a peer reviewed conference paper from an ACM/IEEE/Springer conference (You may also use other notable security conferences). Most topics are your choice, but you should pick papers related to your chosen topic to write on (see next). These should only be 10 minutes max including discussion. One presentation must introduce a new attack or attack technique. One presentation must deal with privacy issues inside the US. The other papers are up to you. You may choose to do the required topics during any regular class, however I recommend that you do them near the beginning.
-Line 28:
+Line 35:
+Graduate students must write two papers:
-Line 29:
+Line 37:
-. Your first paper should be a survey paper that analyzes current and historically significant research of your particular topic and makes recommendations about use. 
 1. Your second paper should be an implementation of a previously unimplemented idea or extension/application of some area you found interesting in your first paper.
+. Your first paper should be a survey paper that analyzes current and historically significant research of your particular topic and makes recommendations about use.
 1. Your second paper should be an implementation of a previously unimplemented idea or extension/application of some area you found interesting in your first paper.
-Line 33:
+Line 41:
-Line 35:
+Line 44:
- * Vulnerability monitoring system based on OSVDB and nvd.nist.gov – Create a system that monitors installed list of programs and alerts to new vulnerabilities listed in the above databases. This may be used as a tool to attack or defend systems. 
 * An aspect of hacking, such as  code-security analysis techniques and tools for various languages.
+ * Vulnerability monitoring system based on OSVDB and nvd.nist.gov – Create a system that monitors installed list of programs and alerts to new vulnerabilities listed in the above databases. This may be used as a tool to attack or defend systems.
 * An aspect of hacking, such as  code-security analysis techniques and tools for various languages.
 * Report on a penetration test performed for a real (off-campus) company. This requires professor approval, so make sure to get it before you embark on a real pentest.
-Line 39:
+Line 49:
-. Research: 
    a. Use peer reviewed articles in ACM/IEEE etc., to find the conditions necessary to "more easily" attack the RSA algorithm. What known attacks exist against RSA? 
    a. Determine if there exists known attacks against AES. Do we consider AES to be secure? 
    a. What attacks exist against hash algorithms? What algorithms are not considered secure?
+{{{#!wiki comment
Last year we used a different book that focused on Penetration Testing theoretical over practical. In 2021 we are using a book that focuses on the practical over the theoretical
 1. Research:
  a. Use peer reviewed articles in ACM/IEEE etc., to find the conditions necessary to "more easily" attack the RSA algorithm. What known attacks exist against RSA?
  a. Determine if there exists known attacks against AES. Do we consider AES to be secure?
  a. What attacks exist against hash algorithms? What algorithms are not considered secure?
-Line 46:
+Line 57:
-    a. RECON both cs.southern.edu and scotnpatti.com - make sure you follow the Rules of Engagement (ROE) agreed upon in the previous assignment. 
    a. Find a willing personal target and profile that person to discover what you can about them online. 
    a. Document what you find organized into three reports one for cs.southern.edu, one for scotnpatti.com and one for the "victim" who agreed to be used in (b). Turn in these documents online in eclass.
+  a. RECON both cs.southern.edu and scotnpatti.com - make sure you follow the Rules of Engagement (ROE) agreed upon in the previous assignment.
  a. Find a willing personal target and profile that person to discover what you can about them online.
  a. Document what you find organized into three reports one for cs.southern.edu, one for scotnpatti.com and one for the "victim" who agreed to be used in (b). Turn in these documents online in eclass.
-Line 50:
+Line 61:
-    a. Enumerate the machine targets available for exploitation and any information collected.
    a. Enumerate separately any network hardware available for exploitation. 
    a. Be ready to discuss enumeration avoidance techniques
 1. Exploit something from the allowed target list in our pentest plan and bring proof of your exploit. What remediation is needed. 
 1. Your goal this week is to attack OwnCloud/moin - successfully if possible. I will specify a server for you to attack.
 1. Think of a tool to solve a common problem, something  that would be useful to an administrator and write a vulnerable tool. Show how to exploit it using one of the automated techniques from the chapter.
+  a. Enumerate the machine targets available for exploitation and any information collected.
  a. Enumerate separately any network hardware available for exploitation.
  a. Be ready to discuss enumeration avoidance techniques
 1. Using the tools we are studying from Chapter 4-5, try to exploit something from the allowed target list in our pentest plan and bring proof of your exploit. What remediation is needed. If you are unable to exploit make sure to systematically document everything you have tried. We will need this later in our report!
 1. Think of a tool to solve a common problem, something  that would be useful to an administrator and write a vulnerable tool. Show how to exploit it using one of the automated techniques from the chapter.
-Line 57:
+Line 67:
-. To date you should have been able to find some sort of way into the system in the ROE and perhaps created your own administrator account, stolen files, or changed web pages. You must now fix what you broke, changed or pilfered, and then try to Cover your tracks.
+. To date you should have been able to find some sort of way into the system in the ROE and perhaps created your own administrator account, stolen files, or changed web pages. You must now fix what you broke, changed or pilfered, and then try to Cover your tracks.
}}}

Homework assignments are given on https://eclass.e.southern.edu
-Line 60:
+Line 73:
-Line 64:
+Line 76:
-Line 67:
+Line 78:
+ * [[http://insecure.org/stf/smashstack.html|Buffer Overflow example]]
 * /BufferOverFlowExample from book
 * /BufferOverFlowSolution for Book
 * [[http://crackstation.net/hashing-security.htm|Nice discussion of Salting]]
 * [[http://toolbar.netcraft.com/site_report|Netcraft - shows information history of a site, interesting]]
 * Dr. A's [[/Kioptrix1Solution|Kioptrix 1 solution]] including adding a root user.
-Line 68:
+Line 85:
- * [[http://insecure.org/stf/smashstack.html|Buffer Overflow example]]
 * [[http://crackstation.net/hashing-security.htm|Nice discussion of Salting]]
+== Vulnerability Databases ==
 * [[http://nvd.nist.gov|National Vulnerability Database]]
 * [[http://cve.mitre.org/find/index.html|Common Vulnerabilities and Exposures (CVE)]]
 * [[http://www.rapid7.com/db/‎|Rapid7 Vulnerability Database]]
 * [[http://osvdb.org/‎|Open Source Vulnerability Database]]
 * [[http://www.securityfocus.com/vulnerabilities|Symantec Vulnerability Database]]
 * [[http://secunia.com/community/advisories/historic/|Secunia Vulnerability List]]

Diff for "OffensiveSecurity"