Security 2014/2015

These classes are coordinated by Professor André Zúquete. If you look for the slides, bibliography or other information, please check professor’s André Zúquete webpage.

This page contains the practical contents of the security course.

Topics

  1. ARP Spoofing: slides, guide, support files

  2. Cross Site Scripting: slides, guide

    • Page with several attacks: here
    • Page with information regarding the victims: here
    • URL Encoding tool: here
  3. Buffer Overflow: slides, guide, support files

  4. Symmetric Cryptography: guide, support files

  5. Asymmetric Cryptography: guide

  6. Smart Cards and PKCS11: guide, slides

  7. PAM: Pluggable Authentication Modules guide, slides

  8. Confinement in Linux Systems guide

  9. Secure Storage guide

  10. SQL Injections guide, slides

Virtualbox Image

You can find a Linux image that is prepared for the execution of these guides. Download it here (mirror), uncompress the file and use it as an hard disk for you virtual machine. To uncompress the image, use some software like 7zip or bunzip2 directly:

bunzip2 Security.vdi

The image was created in Virtualbox using a 32bit Ubuntu guest template. 512MB of RAM should be more than enough for command line tools and LXDE. Using WebScarab may require 1024MB of RAM.

Due to differences in the USB support, it is preferable to use the Virtualbox software available at the official website. The USB extension pack is required and should be installed.

This image already contains: Apache, Mysql, PHP, phpmyadmin, GCC-4.6, GDB, WebScarab, Java, netcat, python-scapy, cherrypy, and the software for the portuguese Citizen Card.

To have the @ character being displayed please execute:

xmodmap -e "keycode 108=ISO_Level3_Shift"

You can make these changes permanent by adding the previous line to .bashrc

Login is root or security, password is always security. For MySQL you can use root both as login and password

In the image provided, the password used for identifying users in the SQL table users_salt is admin, user1, user2, etc….

In order to speed up disk access, check the option Use Host I/O Cache in the SATA controller settings of the virtual machine.

Do not update the software present as it may introduce some discrepancies in relation to the laboratory guides.